Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security at Line Speed: Integrating Academic Research and Enterprise Security.

Published byGillian Gray Modified over 8 years ago

Similar presentations

Presentation on theme: "Security at Line Speed: Integrating Academic Research and Enterprise Security."— Presentation transcript:

1 Security at Line Speed: Integrating Academic Research and Enterprise Security

2 Topics Overview – Ken Klingenstein Wireless, Security and Performance: A Tale to Tell – Steve Wallace The needs of the many and the needs of the few – Terry Gray Nextsteps – Charles Yun

3 Acknowledgements National Science Foundation, ANIR Internet2 support staff Program Committee Guy Almes, Jeff Schiller, Ken Klingenstein, Steve Wallace, Charles Yun Terry Gray, fearless and tireless Participants

4 S@LS Workshop 2003 NSF Sponsored workshop, in conjunction with Indiana University, Internet2, the Massachusetts Institute of Technology and the University of Washington. 1.5 day Workshop Held in Chicago, Illinois 12-13 Aug 2003

5 Project Goals Effective practices whitepaper technology oriented, architectural principles and specific recommendations Research agenda suggestions to NSF and any other agencies that might be interested Recommendations for mechanisms for maintenance of the above

6 Workshop Structure and Mechanics Big picture what are the basic tensions and dynamics what are the possible futures Drill downs IPv6, private addresses and NATs, firewalls, IDS Summaries and next steps Practical recommendations Policy requirements Research agenda

7 A Few Thoughts There needs to be some connection with a trust fabric, at several levels of the stack. There are internal and external trust fabrics to consider What does the potential existence of a middleware fabric (directories, authentication, authorization assertions, etc.) mean for the network? What does reemergence of circuit-switched technologies mean for enterprise security? What does development of non-IP transports mean for enterprise security? Performance requirements of research computing are easier to predict than configuration requirements. Configuration requirements range from opening ports to multicast capabilities

8 A few more thoughts How do the requirements of universities for enterprise security compare to those at government labs? How can enterprises work with research funding agencies ti improve the delivery of network services to campus based researchers?

9 Workshop Findings First, and foremost, this is getting a lot harder 2003 seems to mark a couple of turning points New levels of stresses Necessary but doomed approaches There are areas to work in Architectures and technologies Interactions with middleware Education and awareness always a need There is some applied research that would be helpful There are some non-technical issues that need to be worked to achieve real security at real line speed…

10 By “Line Speed”, we really mean… High bandwidth Exceptional low latency, e.g. remote instrument control End-to-end clarity, e.g. Grids Exceptional low jitter, e.g. real time interactive HDTV Advanced features, e.g. multicast

11 Architectures A mix of perimeter defenses, careful subnetting, and desktop firewalls Separation of internal and external servers (e.g. SMTP servers, routers, etc…) Managed and unmanaged desktops Cautions: Cost Traffic loads Diagnostics

12 Integration with middleware Network authentication and authorization Of users Of devices What is done after authentication? Access Scanning Patching Configuration of local firewalls Subnetting Configuration of performance parameters Accommodating distinctive needs of higher education Network mobility Role-based access

13 Applied Research and Research Computing Policy-based firewalls Easier connections of IDS with other enterprise services and systems Unlisted IP addresses – asymmetric connectivity --------------------------------------------------------- Inform research computing environment developers (e.g. Grids) about the real world security issues and approaches being deployed.

14 Non-technical issues Proposals may be funded that haven’t gotten agreements from campus IT on architecture Policies on encryption Policies on permitting new applications (.e.g video) Inconsistencies on what campuses will permit will affect inter- institutional collaborations Trust fabrics need to underpin security Pulling policies from several disparate but applicable sources

Download ppt "Security at Line Speed: Integrating Academic Research and Enterprise Security."

Similar presentations

The Enterprise Guide to Video Conferencing Created using iThoughts [...] [...]

The Enterprise Guide to Video Conferencing Created using iThoughts [...] [...]
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, 2008 ~ndk/apanSIP.pdf.

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Middle Boxes Lixia Zhang UCLA Computer Science Dept Sprint Research Symposium March 8-9, 2000.

Middle Boxes Lixia Zhang UCLA Computer Science Dept Sprint Research Symposium March 8-9, 2000.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.

The Co-mingled Universe of R&E Networking: the reprise Ken Klingenstein Director, Internet2 Middleware and Security Ken Klingenstein Director, Internet2.
1 State of the Network 1 May 2007 Computing Support Meeting Terry Gray Assoc VP, Technology & Architecture C&C.

1 State of the Network 1 May 2007 Computing Support Meeting Terry Gray Assoc VP, Technology & Architecture C&C.
Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Router Configuration for Home Security: Forward your Ports Presenter: Steve Harris SCTE Director Advanced Network Technologies Program Development.

Router Configuration for Home Security: Forward your Ports Presenter: Steve Harris SCTE Director Advanced Network Technologies Program Development.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.

Security Architectures and Advanced Networks Ken Klingenstein Day Job: Middleware Night Job: Network Security.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Similar presentations

Ads by Google