Presentation is loading. Please wait.

Presentation is loading. Please wait.

SALSA-NetAuth Joint Techs Vancouver, BC July 2005.

Published byStephen Cain Modified over 8 years ago

Similar presentations

Presentation on theme: "SALSA-NetAuth Joint Techs Vancouver, BC July 2005."— Presentation transcript:

1 SALSA-NetAuth Joint Techs Vancouver, BC July 2005

2 Agenda  NetAuth background  NetAuth Strategies Document  NetAuth Architecture Documents  Applicability to federated network access environments  What do we do next?

3 SALSA-NetAuth Charter  The SALSA-NetAuth Working Group will consider the data requirements, implementation, integration, and automation technologies associated with understanding and extending network security management related to:  1. Authorized network access (keyed by person and/or system)  2. Style and behavior of transit traffic (declarative and passive)  3. Forensic support for investigation of abuse

4 SALSA-NetAuth Working Group: Initial activities  Investigation of requirements and implementations of network database and registration services in support of network security management; - Complete, Strategies Document  Investigation of extensions to these services to proactively detect and prevent unauthorized or malicious network activity. – Strategies Document, Architecture Documents  Analysis and proposal toward a pilot and eventual implementation to support network access to visiting scientists among federated institutions. – In Progress – Architecture Documents  Analysis of security applications that may result from extending these implementations. – Overarching all activities

5 SALSA-NetAuth Working Group: Roadmap  Outlines the activities of the SALSA-NetAuth working group and all related sub-groups.  Reflects the overall direction of the working group(s) and maintain consistency between the various efforts  SALSA-NetAuth Working Group Roadmap  Christopher Misra, 25 April 2005  http://security.internet2.edu/netauth/#Docs

6 SALSA-NetAuth Working Group: Initial Deliverables  Investigation of extensions to these services to proactively detect and prevent unauthorized or malicious network activity.  Strategies for Automating Network Policy Enforcement  Eric Gauthier, Phil Rodrigues, 20 April 2005  Final draft 200504  http://security.internet2.edu/netauth/#Docs

7 Strategies for Automating Network Policy Enforcement  “(A) Structure and summary of approaches for automating technical policy enforcement as a condition for network access in colleges and universities”  Host isolation into specialized networks  Conditional network access  Initial document  Not the final answer

8 Strategies for Automating Network Policy Enforcement  Preventative policy enforcement reduces  Total number of technical security vulnerabilities  The success of a particular piece of malware or attack technique.  Isolation networks separate compromised and infected hosts  Minimize the spread of infection  Block external access from attackers.  Automated remediation systems have a positive impact on a large number of hosts with a relatively small time investment from computing staff.

9 Strategies for Automating Network Policy Enforcement  The Common Process  Five steps  Registration  Detection  Isolation  Notification  Remediation  Not necessarily in this order.

10 What direction are we focusing current and future energies?  Architecture document(s)  How do we make NetAuth a designed infrastucture versus organic  We need a model to analyze these systems  How do we apply NetAuth systems to federated environments? (like FWNA/eduRoam)  What components implement this architecture

11 Architecture Document  A framework to develop standardized mechanisms and detailed descriptions of how to directly implement policy enforcement using existing devices  NetAuth Architecture for Automating Network Policy Enforcement  Kevin Amorin, Eric Gauthier, July 2005  Draft 03  http://security.internet2.edu/netauth/#Docs

12 Architecture Document – Draft 03  To detail a policy enforcement architecture for network access.  For analysis in both intra-campus and federated environments  A guide for the development of new interoperable solutions.  Draft 04 out hopefully by mid-August

13 Architecture Document – Draft 03  Intended to be flexible, extensible, and interoperable with existing infrastructure  Provide the necessary hooks to accommodate upcoming technologies such as federated authentication and authorization schemes.  Shibboleth, etc.  How networks can implement network access policies even when network configurations and policies change dynamically

14 Policy Determination Process Policy determination is how the network determines whether or not a host is in compliance with network access policy

15 Network States To implement network policy, hosts and networks should move through these states Each time that a new state is entered, the network should follow the policy determination process

16 Components Document  How do we apply the above model to physical (and virtual) network components  Develop use cases and deployment scenarios  Understand interoperability of devices  Initial framework for possible code encouragement/development.  Work in progress

17 How can you help?  Participate in the NetAuth  Working group is open to all members of the Educause / Internet2 community.  Contribute to future documents  This documents are still the beginning of what we hope to accomplish.

18  Homepage  http://security.internet2.edu/netauth/index.html  Draft charter  Mailing list  Additional contacts  Steve Olshansky  Charles Yun  Christopher Misra SALSA-NetAuth Working Group: Volunteers needed

Download ppt "SALSA-NetAuth Joint Techs Vancouver, BC July 2005."

Similar presentations

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.

SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
November 9 1999IPsec Remote Access BOF Washington D.C. November 9 1999.

November IPsec Remote Access BOF Washington D.C. November
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Network Architecture for Automatic Security and Policy Enforcement Internet2 Members Meeting Fall 2005 Eric Gauthier ~ Boston University Kevin Amorin ~

Network Architecture for Automatic Security and Policy Enforcement Internet2 Members Meeting Fall 2005 Eric Gauthier ~ Boston University Kevin Amorin ~
Office of Information Technologies CAMP: Bridging Security and Identity Management Christopher Misra 14 February 2008 Tempe, AZ Protecting Network Assets.

Office of Information Technologies CAMP: Bridging Security and Identity Management Christopher Misra 14 February 2008 Tempe, AZ Protecting Network Assets.
The Knowledge Resources Guide The SUVOT Project Sustainable and Vocational Tourism Rimini, 20 October 2005.

The Knowledge Resources Guide The SUVOT Project Sustainable and Vocational Tourism Rimini, 20 October 2005.
Final Design and Implementation

Final Design and Implementation
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.
The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.

The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.
“Behind the Scenes” of the Enterprise Development Reference Architecture (EDRA) Jonathan Wanagel Microsoft patterns & practices

“Behind the Scenes” of the Enterprise Development Reference Architecture (EDRA) Jonathan Wanagel Microsoft patterns & practices

Similar presentations

Ads by Google