Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users,...
Transcript of Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users,...
![Page 1: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/1.jpg)
Mitigation for Common Threats in Higher Education Network Environment using Microsoft NAP
Windows Vista SecurityEnd-of-Class Problem: Executive Presentation
![Page 2: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/2.jpg)
Business issuesSecurity AssessmentEngineering AssessmentOperations AssessmentConclusion
![Page 3: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/3.jpg)
Team membersBarry Randall – U. IowaTom Neese – U. IowaAaron Howard – U. IowaAddam Schroll – PurdueMSFT: Barbara Chung
![Page 4: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/4.jpg)
Thousands of unmanaged machinesHigh infection rateContinuing threat to resources and services
Lost time, services, reputation, resources
Distributed organization
![Page 5: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/5.jpg)
Transient customers makes security a challengeIsolate and remediate hosts at connection time to address these threatsNeed to define the “Network Edge” with Policy, not Topology
![Page 6: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/6.jpg)
UniversityNetwork
Healthy?Examine Host
Network Restriction(Isolate)Remediate
NO
YES
Typical Student PC(unmanaged)
Policy Validation(update continually)
Ongoing Compliance
![Page 7: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/7.jpg)
Team membersAaron HowardAddam Schroll
![Page 8: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/8.jpg)
Worms, Bots, DoS, Zero-Day, Remote Access Users, GuestsContinually these threats occur with varying severity
Increased support, ID theft, confidential data
Serious ongoing threats that continue to consume time and jeopardize network reliability and security
Not all threats can be measured with $$
![Page 9: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/9.jpg)
Worms, Bots, Remote Access Users, GuestsNAP offers network access as an incentive to voluntarily comply with University PolicyRemediation servers allow client to help themselves to required software or patchesClient must meet current Policy requirements before joining networkResulting in Lower risk of wide spread infection
Zero Day VirusBy updating the System Health Policy, only servers with the latest definitions are allowed network access.
![Page 10: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/10.jpg)
NAP does not protect against malicious users or compromised machines
Can a compromised machine trick the NAP agent by posing as healthy?
NAP will protect Vista and XP SP2, other devices will be allowed as exceptions
Exception management is a potential loophole for infected machines
![Page 11: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/11.jpg)
Develop risk management strategyAvoid, Transfer, Mitigate, Accept
Improve host management with user educationImproved threat and vulnerability monitoring
Identify & communicate threats to campus
NAP is a compliance tool not a security toolImprove Network Security
Firewalls, IDS, IPS, Application inspection, deviation analysis
![Page 12: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/12.jpg)
Team MembersBarry RandallTom Neese
![Page 13: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/13.jpg)
Network Access dependent on AD and NAPCreate policy to define network edge
Change of Mindset – expect resistance
Evaluate enforcement methods & exemption methodsDHCP, DNS, 802.1x, IPSEC, RadiusUNIX, PDA, Game Box, Mac OSX, lab equipment
Create procedure to manage exceptionsCreate System Health Policy
May involve using the SHV API Can SHA perform all required checks?
![Page 14: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/14.jpg)
Infrastructure RequirementsAD, DHCP, IPSEC and 802.1X
Client OS level – Vista or XP with SP2Agent (SHA) running on client
![Page 15: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/15.jpg)
Unmanaged student PCsWindows Vista or XP SP2
Vendor or GuestsUser EducationHelp Desk Needs
![Page 16: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/16.jpg)
Build Network Infrastructure for NAP – 1 to 2 yearsImplement 802.1XRestricted Network
Create Network Edge Policy – 6 monthsBuild NAP Infrastructure – 3 to 6 months
Network Policy ServerHealth Certificate ServerDHCP Server
Create Initial System Health Policy – 3 monthsEvaluate Exceptions – 3 to 6 monthsTrain Help Desk – 1 month
![Page 17: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/17.jpg)
Shift to define network edge with policyExceptions
Will others adopt the SHA APIRequire custom code to manage
How to install SHA on Windows XP SP2Third party tool supportResources required to implement NAP
![Page 18: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/18.jpg)
Team MembersTom NeeseBarry Randall
![Page 19: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/19.jpg)
Staff to Develop and Maintain System Health PolicyHelp Desk staff time to help users navigate remediation processUser education on System Health CheckSupport for 24/7 network access needs
![Page 20: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/20.jpg)
How to manage exceptionsJustify resources for a partial solutionContinual maintenance of policiesAdditional layer to troubleshootBuy-in from others on redefinition of Network EdgeEnforcement Strategy
![Page 21: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/21.jpg)
Network Edge is continually changingNeed Policy (NAP) to protect University Network
NAP is built-in to Vista & Longhorn (low $$)Infrastructure costs could be high
Lowers risk of wide-spread network infectionNot a silver bullet, but another layer of security
![Page 22: Mitigation for Common Threats in Higher Education Network ......´Worms, Bots, Remote Access Users, Guests «NAP offers network access as an incentive to voluntarily comply with University](https://reader035.fdocuments.us/reader035/viewer/2022071108/5fe2a9389675c878af06d6b4/html5/thumbnails/22.jpg)
Evaluate risk from unmanaged PCsSeparate by exceptionsCost to manage exceptions
RecommendationsAssess and upgrade network infrastructureAnalyze Risks vs. Cost to deploy NAPWatch for NAP support in other Operating Systems