Fences Make Good Neighbors Monitoring Academic Networks at the Port Level Educause Security Conference April 4, 5 2005 Washington DC David LaPorte / Kevin.

Slides:



Advertisements
Similar presentations
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Advertisements

A Survey of Network Access/Admissions Control Security Practices in Higher Education H. Morrow Long Director, Information Security Yale University Educause.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.
NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Wi-Fi Structures.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Agenda Academic Issues Perimeter & Internal Security
All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Luc Billot Security Consulting Engineer
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Course 201 – Administration, Content Inspection and SSL VPN
Enabling Authentication & Network Admission Control Steve Pettit.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
000000_1 Confidential and proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.
Virtual Company Group 8 Presentation Date: June /04/2017
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.
Implementing Network Access Protection
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 14: Configuring Server Security Compliance
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
University of Montana - Missoula Adam Ormesher & Chase Maier.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 11: Remote Access Fundamentals
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
Module 8: Configuring Network Access Protection
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Resnet Enhancements and Directions Part 1, Bruce Campbell, Information Systems and Technology.
Configuring Network Access Protection
Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.
Module 11: Designing Security for Network Perimeters.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Security fundamentals Topic 10 Securing the network perimeter.
Chapter 4: Implementing Firewall Technologies
Module 10: Windows Firewall and Caching Fundamentals.
7.4 Update - ISE Session.
Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.
ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.
Kevin Watson and Ammar Ammar IT Asset Visibility.
Security fundamentals
Network Admission Control: A Survey of Approaches Educause 2008
Implementing Network Access Protection
Securing the Network Perimeter with ISA 2004
Network Access Control
Intrusion Detection system
Introduction to Network Security
Network Access Control
What’s New In WatchGuard Wi-Fi Cloud v8.6
Presentation transcript:

Fences Make Good Neighbors Monitoring Academic Networks at the Port Level Educause Security Conference April 4, Washington DC David LaPorte / Kevin Amorin Harvard University Angelo Bravos Judson College

1 Topics  Overview of the problems/needs  Solutions –Bradford CampusManager –PacketFence  Questions

2 Network (In)security  Perimeter security –Firewalls, IDS, IPS, Router ACLs –“Hard on the outside soft on the inside” –Leads to complacency  60-80% of attacks originate from systems on the internal network (behind the firewall) –VPN –Wireless –Dial-up

3 Internal Network Protection/Control  Mirage Networks (ARP)  qRadar (ARP)  Wholepoint (ARP)  RNA networks (ARP)  Tipping Point (inline)  Etc..  Cisco (NAC)  Trend Micro (NAC)  Symantec (NAC)  Microsoft (NAP Q2-2005)  Juniper (TNC)  Foundry Networks (TCC)  Internal Network Security Funding 2004 –More then $80M ($13M Sept)

4 Academic Issues  Network Environment –Worms –Bot nets –DMCA –Policy violations NATs p2p applications  Identity –Who owns an infected/offending system?  Support –Do you want to be manning the helpdesk on move-in day?

5 Academic Needs Academic IT departments need better monitoring and control of network clients and devices, and a way to better enforce usage policies and security.

6 Academic Needs - Clients  Dealing with Hosts with no antivirus  Better Client Management for all users accessing the network (Direct & Wireless)  Better client management for Dorms and open labs  Enforcing acceptable usage policy  Identifying roamers  Denying/restricting service to certain groups  Restricting certain applications, chat, p2p, gaming

7  Better management of different equipment: Cisco, HP, 3Com, Enterasys, Packeteer, Nortel, Alcatel  Better Internet and Intranet bandwidth management  Enable and disable ports  Port-based VLAN switching  Discover network devices and connectivity  Alarm and notify on network events  Detection of Multi-Access Points  DHCP Application Server Management Academic Needs – Network management

8 Overview of Campus Manager

9 With Campus Manager the IT department can  Improve Client Management ::  Force registration of all users accessing the network (Direct & Wireless) Port based Registration  Improve the Helpdesk Interface  Enforce a usage policy such as Windows updates and anti- virus protection  Quarantine Unregistered and non-compliant Network Users  Identify who is accessing the Network and Locate Network Users  Control chatting, gaming, and file sharing  Restrict / Deny an individual User or Groups of Users  Enforce Preferred VLAN Switching and Dynamic VLAN Assignment  Audit Trail of Current and Historical Network Access  Automate Client / User Management Tasks

10 With Campus Manager the IT department can  Improve Network Management:  Cisco, HP, 3Com, Enterasys, Packeteer, Nortel, Alcatel  Internet and Intranet bandwidth management  Enable and disable ports  Port based VLAN switching  Discover network devices and connectivity  Keep track of network wiring information  Monitor network health  Alarm and notify on network events  Multi-Access Point Detection  DHCP Application Server Management  Configure Network device  Audit trail of network events  Automate network management tasks

11

12

13

14

15

16

17

18

19

20

21

22

23 What is PacketFence  Open-source network registration and worm mitigation solution –Co-developed by Kevin Amorin and David LaPorte GUI developed by Randy Heins, UIS NOC –Captive portal Intercepts HTTP sessions and forces client to view content Similar to Bluesocket –Based on un-modified open-source components

24 Features  Network registration –Register systems to an authenticated user LDAP, RADIUS, POP, IMAP…anything Apache supports –Force AUP acceptance –Stores assorted system information NetBIOS computer name & Web browser user-agent string Presence of some NAT device –Stores no personal information ID->MAC mapping only –Above data can provide a rough system inventory –Vulnerability scans at registration scheduled/ad hoc

25 Features  Worm mitigation –Behavioral and signature-based detection –Optional isolation of infected nodes Implemented but not deployed –Self-remediation Empower users Provides remediation instruction specific to infection  Network “inoculation” –Preemptively detect and trap vulnerable hosts

26 Features  Remediation –Requires signature-based detect –Provides user context-specific remediation instructions –Redirection to the captive portal via Proxy via Firewall pass-through –Helpdesk support number if all else fails

27 Inline  Security bottleneck –immune to subversion  Fail-closed  Performance bottleneck  Single point of failure  May not be necessary/preferable –academia

28 Passive  Fail-open solution –Preferable in academic environment  No bandwidth bottlenecks  Network visibility –Hub, monitor port, tap  Easy integrating – no changes to infrastructure –plug and play (pray?)  Manipulates client ARP cache –“Virtually” in-line

29 ARP Manipulation Man In the Middle (MiM) ARP poisoning

30 Detection (optional)  Traffic analysis –Anomaly based –Signature based –Time based  Snort with small signature set & portscan  Any signature and/or anomaly based detection tool can be used (“glue” will be necessary)

31 Implementations  All current deployments are “passive” mode  Several residential networks and 2 schools –~7076 systems –~3934 registrations –~225 violations Nachi / Sasser,Agobot,Gaobot,etc / IRC bots

32 Coming Soon…  Static IP/ARP Detection  DHCP Combat  Queue-based Violation/Registration  Independent components  Isolation mechanisms –DHCP Change DHCP scope (reserved IP with enforcer gateway) Change DNS server to resolve all IP’s to Enforcer –Switch port manipulation Change VLAN to isolation network Disable port

33 In Closing  PacketFence –Open-source –Passive deployment “plug and play” no infrastructure changes needed –Proactive and reactive remediation –Extremely configurable

34 In Closing – Campus Manager  An all-in-one management solution  Provides managed network access to all clients  Manages and controls wireless network access  Enforces a campus wide network usage policy  Reduces the time to - Locate users - Take action on network access violations - Detect network problems - Troubleshoot network problems - Configure network devices  Delegates client management to network operators and helpdesk personnel  Vendor independent solution  Passive management system on the network  Comprehensive integrations with vendor solutions  Reallocate IT staff from building management solutions to managing the network services

35

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.