Presentation is loading. Please wait.

Presentation is loading. Please wait.

UNITS meeting September 30, 2004 Network Security Roger Safian

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "UNITS meeting September 30, 2004 Network Security Roger Safian"— Presentation transcript:

1 UNITS meeting September 30, 2004 Network Security Roger Safian r-safian@northwestern.edu

2 Agenda Our environment Statistics Why these incidents occur –What can be done to prevent them Future improvements Questions

3 Firewalls Recommending personal firewalls –Typically Zone Alarm or XP firewall Some departments have traditional firewalls –This number is growing Central IT has a purchasable solution

4 Optional Router Filters Block traffic from entering NU’s network –On more than 75% of the network –Use VPN to bypass filters Ports filtered –MS networking - 135, 137, 138, 139, 445 –Unix NFS & portmapper - 111, 2049 –MS Terminal Services - 3389 –MS SQL – 1433, 1434

5 Packeteer Classifies traffic by application Per application bandwidth partitioning –Mainly P2P Enforces service level agreements –Research park Provides detailed flow information Very limited data lifespan

6 Flow Data Statistical data from border router Sampled – 1 in 100 packets –Source and Destination address –Source and Destination ports –Byte count –Timestamp Used to produce top 20 reports

7 Intrusion Detection System We use two solutions in parallel StealthWatch –A statistical/anomaly based system –Currently two devices One at the border the other at 2020 Ridge Snort –Currently 15 devices

8 Get Control Home for NU security and virus warnings Updated frequently Has tips on staying secure Contains instructions on removing viruses –Links to online removal tools http://www.it.northwestern.edu/security/index.html http://www.it.northwestern.edu/5steps/

9 Statistics FY 2002/2003 –Virus = 1166 –Compromised = 727 –Total incidents = 3042 9/1/02 – 8/31/03 FY 2003/2004 –Virus = 7976 –Compromised = 467 –Total incidents = 9264 9/1/03 – 8/31/04

10 Why these incidents occur? Weak Passwords –All machines and accounts need passwords –Use rules similar to the NetID rules Opening viral attachments –Don’t open unexpected attachments –Only open specific types of extensions –Make sure to look at the LAST extension

11 Why these incidents occur? (2) Updates not applied –Ensure Windows update runs automatically –Don’t forget about layered products Network use –P2P –Be careful when clicking on links

12 Why these incidents occur? (3) Out of date anti-viral software –Ensure you install the NU supplied software –Set to update automatically EVERY day Blended Threats –Multiple attack vectors directed at hosts Home Networks –Frequently attacked with little monitoring

13 Why these incidents occur? (4) Lack of firewall –Even if user has one they don’t understand it –Often installed after the infection Not a good idea This is most serious on home networks –Mitigated by routers with NAT

14 NUSA Network User Status Agent –Automatic notification Two events port off and display –Allows authorized users to re-enable ports –Accepts input from other sources Future use as data correlation agent –Current systems are stand-alone

15 NetPass Current system NetReg –Deployed in the dorms –Associates MAC address with NetID –Checks for 3 vulnerabilities NetPass –Checks for 25 vulnerabilities –Includes self-remediation

16 Questions? Contact Information –1-847-491-4058 –1-847-467-6662 (NOC 24x7) –security@northwestern.edusecurity@northwestern.edu –r-safian@northwestern.edur-safian@northwestern.edu

Download ppt "UNITS meeting September 30, 2004 Network Security Roger Safian"

Similar presentations

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.

Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.

Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.
Northwestern University Information Technology UNITS Quarterly Meeting April 29, 2004 Network Security Roger Safian

Northwestern University Information Technology UNITS Quarterly Meeting April 29, 2004 Network Security Roger Safian
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
LittleOrange Internet Security an Endpoint Security Appliance.

LittleOrange Internet Security an Endpoint Security Appliance.
IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.

IT:Network:Apps.  Security Options  Group Policy  AppLocker  ACL.
Northwestern University Information Technology UNITS meeting February 17, 2005 Network Security – Statistics and Trends Roger Safian

Northwestern University Information Technology UNITS meeting February 17, 2005 Network Security – Statistics and Trends Roger Safian
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
How to Install Norton Internet Security 2005 Stephen Cooke Veronica McCall Carlos Portillo Vernita Rucker Howard Sanders.

How to Install Norton Internet Security 2005 Stephen Cooke Veronica McCall Carlos Portillo Vernita Rucker Howard Sanders.

Similar presentations

Ads by Google