Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture

What’s all the fuss about Why is network and systems security important? Do we have a problem at Glasgow? If we do how should we deal with it?

Why is network and systems security important? Classic view is to ensure the Integrity, confidentiality and availability of data However Security Incidents present other problems. e.g. Legal threats – Copyright infringements, DoS attacks, hacking attempts, Unacceptable content Wastes valuable resources – Staff time, bandwidth Bad PR

Do we have a problem at Glasgow? YES! Data leakage – Definite e.g password files SAM db System compromise – Definite e.g RootKit, Blaster, Nachi, MyDoom Legal threats – Definite e.g various requests to remove content or investigate system misuse Resources – Definite e.g 6FTE from CS alone to deal with RootKit/Blaster and Nachi Router performance badly affected by external and internally sourced DoS attacks

So how should we deal with this problem? The proposed strategy is as follows; Produce and maintain Risk register and associated Risk reduction measures Agree set of Policies and Guidelines that would address specific areas of concern Agree a Network Architecture that would reduce the exposure of Networked systems and provide Inherent containment measures Establish a Computer Incident Response Team to handle incidents in a structured and coordinated way Raise awareness of Security issues. Security is not someone else’s problem it affects everyone and everyone has a role to play

Risk Register Information Security working group has produced a draft Risk register and is working on costing the Risk reduction measures

Security Policies and Guidelines The Universal Access and Information Security working groups have produced a set of draft Policies and Guidelines for consultationPolicies and Guidelines for consultation These are not meant to place unnecessary barriers in the way of users doing their legitimate work They are not tablets of stone but rather starting points that will evolve and develop with time and experience The general aim is to define the University’s security requirements with respect to the following areas of concern;

Policies and Guidelines Network Connection Policy Campus Network  Who can connect  What can and can’t be connected  How do systems connect  What address and name space can be used  What services can be run  What services can be accessed  What security measures should be implemented

Policies and Guidelines Monitoring Policy Network and Systems Monitoring Informs users of the extent that network activities may be monitored Identifies what personnel may be authorised to perform monitoring functions Highlights the ethics, procedures and safeguards employed Identifies what information may be gathered Identifies how long information is stored Outlines the purpose information may be used for

Policies and Guidelines Wireless LAN Policy Wireless LANs Establish the rules and support requirements for WLAN deployments Prevent (or arbitrate) interference issues between WLAN deployments Help safeguard the integrity of the University’s information technology resources Ensure that WLAN security and performance issues are understood

Policies and Guidelines Bastion Host Policy Bastion Host Ensure that critical University servers are managed with appropriate levels of security Define the overheads wrt management, operation and security functions associated with deploying a network server Identify all network servers and establish their purpose, security requirements, user base and support staff Limit the exposure of network servers to those apps that are critical for their primary purpose Establish ACLs for specific IP applications. ACLs would restrict access to specific IP apps to those servers that have been registered to provide them

Policies and Guidelines Password Policy & Guidelines for Sys and Net Admins Password Policy – Establishes a standard for The creation of strong passwords The protection of those passwords The recommended frequency of change for those passwords Guidelines for Systems and Network Administrators Defines the roles of system and network administrators from a network and systems security perspective

Proposed Network Architecture General Network Architecture Goals Reduce Network systems exposure Provide inherent containment measures How? Implement server registration process (Bastion host policy) Implement client and server nets Implement security Access Control Lists (ACLs) to protect client and server nets

Proposed Network Architecture (Existing) Client Server Router All traffic in/out Full exposure no containment Campus Network probes Probes

Proposed Network Architecture (Intermediate) Client Server-1 Router Server-1 traffic in/out – limited exposure Client traffic in/out – some containment probes Campus Network Server-1 ACLs

Proposed Network Architecture (Final) Client Server-1 Router Campus Network Server-1 Traffic in/out Targeted exposure and containment Client Traffic in/out Containment and limited exposure Bastion Host probes ACLs

Establish Computer Incident Response Team (CIRT) The purpose of the CIRT would be twofold; Firstly to work with all relevant University constituents to implement proactive measures aimed at reducing the risk and or impact of a computer or network security incident Secondly to manage, direct and assist University constituencies in responding to such incidents when they occur

Raise Awareness of security Issues How? Message is that security affects everyone and everyone has a role to play Security events Like this one Role of security coordinator Manage UGCirt Cirt web site Security training courses/seminars Security awareness built into other courses