Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fences Make Good Neighbors Monitoring Academic Networks at the Port Level Educause Security Conference April 4, 5 2005 Washington DC David LaPorte / Kevin.

Published byCorey Fields Modified over 8 years ago

Similar presentations

Presentation on theme: "Fences Make Good Neighbors Monitoring Academic Networks at the Port Level Educause Security Conference April 4, 5 2005 Washington DC David LaPorte / Kevin."— Presentation transcript:

1 Fences Make Good Neighbors Monitoring Academic Networks at the Port Level Educause Security Conference April 4, 5 2005 Washington DC David LaPorte / Kevin Amorin Harvard University Angelo Bravos Judson College

2 1 Topics  Overview of the problems/needs  Solutions –Bradford CampusManager –PacketFence  Questions

3 2 Network (In)security  Perimeter security –Firewalls, IDS, IPS, Router ACLs –“Hard on the outside soft on the inside” –Leads to complacency  60-80% of attacks originate from systems on the internal network (behind the firewall) –VPN –Wireless –Dial-up

4 3 Internal Network Protection/Control  Mirage Networks (ARP)  qRadar (ARP)  Wholepoint (ARP)  RNA networks (ARP)  Tipping Point (inline)  Etc..  Cisco (NAC)  Trend Micro (NAC)  Symantec (NAC)  Microsoft (NAP Q2-2005)  Juniper (TNC)  Foundry Networks (TCC)  Internal Network Security Funding 2004 –More then $80M ($13M Sept)

5 4 Academic Issues  Network Environment –Worms –Bot nets –DMCA –Policy violations NATs p2p applications  Identity –Who owns an infected/offending system?  Support –Do you want to be manning the helpdesk on move-in day?

6 5 Academic Needs Academic IT departments need better monitoring and control of network clients and devices, and a way to better enforce usage policies and security.

7 6 Academic Needs - Clients  Dealing with Hosts with no antivirus  Better Client Management for all users accessing the network (Direct & Wireless)  Better client management for Dorms and open labs  Enforcing acceptable usage policy  Identifying roamers  Denying/restricting service to certain groups  Restricting certain applications, chat, p2p, gaming

8 7  Better management of different equipment: Cisco, HP, 3Com, Enterasys, Packeteer, Nortel, Alcatel  Better Internet and Intranet bandwidth management  Enable and disable ports  Port-based VLAN switching  Discover network devices and connectivity  Alarm and notify on network events  Detection of Multi-Access Points  DHCP Application Server Management Academic Needs – Network management

9 8 Overview of Campus Manager

10 9 With Campus Manager the IT department can  Improve Client Management ::  Force registration of all users accessing the network (Direct & Wireless) Port based Registration  Improve the Helpdesk Interface  Enforce a usage policy such as Windows updates and anti- virus protection  Quarantine Unregistered and non-compliant Network Users  Identify who is accessing the Network and Locate Network Users  Control chatting, gaming, and file sharing  Restrict / Deny an individual User or Groups of Users  Enforce Preferred VLAN Switching and Dynamic VLAN Assignment  Audit Trail of Current and Historical Network Access  Automate Client / User Management Tasks

11 10 With Campus Manager the IT department can  Improve Network Management:  Cisco, HP, 3Com, Enterasys, Packeteer, Nortel, Alcatel  Internet and Intranet bandwidth management  Enable and disable ports  Port based VLAN switching  Discover network devices and connectivity  Keep track of network wiring information  Monitor network health  Alarm and notify on network events  Multi-Access Point Detection  DHCP Application Server Management  Configure Network device  Audit trail of network events  Automate network management tasks

12 11

13 12

14 13

15 14

16 15

17 16

18 17

19 18

20 19

21 20

22 21

23 22

24 23 What is PacketFence  Open-source network registration and worm mitigation solution –Co-developed by Kevin Amorin and David LaPorte GUI developed by Randy Heins, UIS NOC –Captive portal Intercepts HTTP sessions and forces client to view content Similar to Bluesocket –Based on un-modified open-source components

25 24 Features  Network registration –Register systems to an authenticated user LDAP, RADIUS, POP, IMAP…anything Apache supports –Force AUP acceptance –Stores assorted system information NetBIOS computer name & Web browser user-agent string Presence of some NAT device –Stores no personal information ID->MAC mapping only –Above data can provide a rough system inventory –Vulnerability scans at registration scheduled/ad hoc

26 25 Features  Worm mitigation –Behavioral and signature-based detection –Optional isolation of infected nodes Implemented but not deployed –Self-remediation Empower users Provides remediation instruction specific to infection  Network “inoculation” –Preemptively detect and trap vulnerable hosts

27 26 Features  Remediation –Requires signature-based detect –Provides user context-specific remediation instructions –Redirection to the captive portal via Proxy via Firewall pass-through –Helpdesk support number if all else fails

28 27 Inline  Security bottleneck –immune to subversion  Fail-closed  Performance bottleneck  Single point of failure  May not be necessary/preferable –academia

29 28 Passive  Fail-open solution –Preferable in academic environment  No bandwidth bottlenecks  Network visibility –Hub, monitor port, tap  Easy integrating – no changes to infrastructure –plug and play (pray?)  Manipulates client ARP cache –“Virtually” in-line

30 29 ARP Manipulation Man In the Middle (MiM) ARP poisoning

31 30 Detection (optional)  Traffic analysis –Anomaly based –Signature based –Time based  Snort with small signature set & portscan  Any signature and/or anomaly based detection tool can be used (“glue” will be necessary)

32 31 Implementations  All current deployments are “passive” mode  Several residential networks and 2 schools –~7076 systems –~3934 registrations –~225 violations Nachi / Sasser,Agobot,Gaobot,etc / IRC bots

33 32 Coming Soon…  Static IP/ARP Detection  DHCP Combat  Queue-based Violation/Registration  Independent components  Isolation mechanisms –DHCP Change DHCP scope (reserved IP with enforcer gateway) Change DNS server to resolve all IP’s to Enforcer –Switch port manipulation Change VLAN to isolation network Disable port

34 33 In Closing  PacketFence –Open-source –Passive deployment “plug and play” no infrastructure changes needed –Proactive and reactive remediation –Extremely configurable

35 34 In Closing – Campus Manager  An all-in-one management solution  Provides managed network access to all clients  Manages and controls wireless network access  Enforces a campus wide network usage policy  Reduces the time to - Locate users - Take action on network access violations - Detect network problems - Troubleshoot network problems - Configure network devices  Delegates client management to network operators and helpdesk personnel  Vendor independent solution  Passive management system on the network  Comprehensive integrations with vendor solutions  Reallocate IT staff from building management solutions to managing the network services

36 35

Download ppt "Fences Make Good Neighbors Monitoring Academic Networks at the Port Level Educause Security Conference April 4, 5 2005 Washington DC David LaPorte / Kevin."

Similar presentations

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
A Survey of Network Access/Admissions Control Security Practices in Higher Education H. Morrow Long Director, Information Security Yale University Educause.

A Survey of Network Access/Admissions Control Security Practices in Higher Education H. Morrow Long Director, Information Security Yale University Educause.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.

Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.
NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Wi-Fi Structures.

Wi-Fi Structures.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Agenda Academic Issues Perimeter & Internal Security

Agenda Academic Issues Perimeter & Internal Security
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Luc Billot Security Consulting Engineer

© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Luc Billot Security Consulting Engineer
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Similar presentations

Ads by Google