Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan...
-
Upload
opal-payne -
Category
Documents
-
view
215 -
download
3
Transcript of Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan...
![Page 1: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/1.jpg)
Georgia Tech Information Security
Campus Architecture for ECE6612November 2, 2005
Peter N. WanSenior Information Security Engineer
Office of Information Technology, Information Security Directorate
![Page 2: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/2.jpg)
Information Security Architecture - Outline
• InfoSec Architecture diagram
• Network Architecture diagram
• Security Technology
• Policies
• User Awareness Campaign
• Q&A
![Page 3: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/3.jpg)
Information Security Architecture(1)http://www.oit.gatech.edu/information_security/architecture/index.html
Still on Web – 4/23/2008
![Page 4: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/4.jpg)
Information Security Architecture(2)
• Layered Defense in Depth
• Host firewalls and other defensive measures are still important even if there is a network firewall
• Business of the Institute must continue so security must help enable business processes
![Page 5: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/5.jpg)
Network Architecture (1)
![Page 6: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/6.jpg)
Network Architecture (2)
• Border routers receive traffic from Tech ISPs (Cogent, Quest, Level3, Peachnet, SoX/Abilene, etc.)
• Border routers feed traffic to campus gateway routers
• Campus gateway routers feed the campus backbone, where departmental and other routers/firewalls are connected
![Page 7: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/7.jpg)
Campus Security Technology
• Border/Backbone Routers
• Intrusion Prevention Systems (not in production yet)
• Intrusion Detection Systems
• Network Firewalls
• Host-Based Security
![Page 8: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/8.jpg)
Campus Security Technology – Border/Backbone Routers
• Pass traffic only
• Protocols that are not passed over a Wide Area Network (tftp, file sharing, database services, etc.) are blocked by internal firewalls, not ACLs at the border
• “Netflows” are collected at various routers to identify suspicious traffic; content is not examined
![Page 9: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/9.jpg)
Campus Security Technology – Intrusion Prevention Systems
• Two ISS Proventia G1000F intrusion prevention devices were installed at the border of the campus network
• IPSes are designed to be installed in-line, and to provide blocking of traffic that does not meet their security policy (more flexibility than router port filters, which are all-or-none type enforcement)
• “Deep Inspection”
![Page 10: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/10.jpg)
Campus Security Technology – Intrusion Detection Systems
• Campus border traffic is mirrored by a switch to two types of IDSes
• Enterasys Dragon is a signature-based IDS
• Lancope Stealthwatch is an anomaly-based IDS
![Page 11: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/11.jpg)
Example Status from Lancope Stealthwatch
P2P
Worm Activity
Worm Propagation
SPAM Source_Mail RelayComm. With Known Bad Host
-Flood
-Target SYNs
3000-
2000-
1000-
![Page 12: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/12.jpg)
Campus Security Technology – Network Firewalls
• Business Office/Ferst Center incidents emphasized the need for better monitoring/control of certain departments/servers
• Program for deploying firewalls at the connection of departments to the campus network has been progressing
![Page 13: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/13.jpg)
Campus Security Mechanisms – Host-Based Security(1)
• Antivirus software (NAI/McAfee site-licensed for campus)
• Host firewalls (ISS RealSecure Desktop Protector)
• Spyware removal software (no site-licensed packages currently, though Spybot Search & Destroy is free even for university use)
![Page 14: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/14.jpg)
Campus Security Mechanisms – Host-Based Security(2)
• Operating system, application, utility patching very important; use vendor-supplied or 3rd party products (e.g., PatchLink or HFNetChk)
• Activate automatic updates wherever possible (antivirus, spyware remover, operating system); this may not be appropriate for servers
![Page 15: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/15.jpg)
Incident Response
• Many incidents consist of virus/spyware infections, and are handled locally by departments or ResNet/EastNet staff
• A “Sensitive Server Database” records machines which are critical to a unit’s function or which contain sensitive information (classifications per the Data Access Policy); incident response for these type of systems requires more attention
• Some incidents are serious enough to require disk/system forensic examinations
![Page 16: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/16.jpg)
Campus Security Policies
• Federal/State/Local (FERPA, HIPAA, GLBA, Open Records, etc.)
• Campus Network Usage/Security Policy
• Unit Level Network Usage Policies
• Data Access Policy
• Copyrighted Material Usage (DMCA, fair use, etc.)
• Employee/Student Handbooks
![Page 17: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/17.jpg)
User Awareness
• Security awareness tutorial at http://oit.gatech.edu/information_security/education_and_awareness/safe/
• Educational campaign in Fall 2005 Semester with posters, etc.
• Outreach such as talks with classes and other groups
• For more information, please see the OIT-IS page at http://oit.gatech.edu/information_security
![Page 18: Georgia Tech Information Security Campus Architecture for ECE6612 November 2, 2005 Peter N. Wan Senior Information Security Engineer Office of Information.](https://reader036.fdocuments.us/reader036/viewer/2022083005/56649f0d5503460f94c21112/html5/thumbnails/18.jpg)
Thank You!
• Any Questions?