Presentation is loading. Please wait.

Presentation is loading. Please wait.

OARsec 17 Feb 2016 OARnet Agenda 17 Feb 2016 Call to Order & Introductions OARnet Updates Security Operations and Response Standards.

Published byWilla Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "OARsec 17 Feb 2016 OARnet Agenda 17 Feb 2016 Call to Order & Introductions OARnet Updates Security Operations and Response Standards."— Presentation transcript:

1 OARsec 17 Feb 2016 OARnet mbeadles@oar.net

2 Agenda 17 Feb 2016 Call to Order & Introductions OARnet Updates Security Operations and Response Standards Security Best Practices Vendor Updates Wrap up and Future Items

3 OARnet Updates OARnet Authentication Gateway – (Discussed in detail at OARtech) this project, targeted for early March, will provide an authenticated, federated mechanism for OARnet client access to manage, statistics, tools, etc. Discussions continue with Merit Network and a variety of Ohio public organizations on potential of setting up an Ohio Cyber Range using the Michigan model – https://www.merit.edu/cyberrange/ https://www.merit.edu/cyberrange/

4 OARnet Updates Contact security@oar.net security@oar.net

5 OARnet Updates Live map of eduroam/InCommon members in Ohio: – https://www.iamohio.net/members https://www.iamohio.net/members Eduroam (20): – Ashland, Case Western, Cedarville, Cleveland Sate, Columbus State, Denison, Hebrew Union, John Carroll, Kent, Malone, Marshall, Miami, OSU, Ohio, Otterbein, Akron, UC, Dayton, Rio Grande, Zane State* InCommon (24): – BGSU, Case Western, Cedarville, Wooster, Columbus State, Denison, Franklin, Kenyon, Lorain County, Marshall, Miami, Oberlin, Ohio Northern, OSU, Ohio, Owens, Stark State, Akron, UC, Dayton, Findlay, UNO, Rio Grande, Wright State

6 Security Operations and Response Month Count October 15260 November 15202 December 15483 January 16192 February 16 (partial) 109 OARnet Security Incidents by month OARnet Member Confidential – do not distribute

7 Security Operations and Response OARnet Member Confidential – do not distribute

8 Security Operations and Response Distributed Denial-of-Service (DDoS) Attack Stats Largest attack: 18.9Gb/s (January, 2016) Average attack: 1.8Gb/s 67 unique clients have been targets, including all K12 Sample Alert (Alpha Test!) Suspected UDP (D)DoS Attack - Client: Service: INTERNET, Router: - xe-1/0/0.395, ifIndex: 504 UDP: 16.15 Gbps, TCP: 424.44 Mbps, Total: 16.57 Gbps UDP Src Port: 0 53, UDP Dest Port: 0 4444, Destination IP: 64.247.117.58 Also comes with pre-fetched netflow reports and interface statistics (packets, bps, drops, etc) OARnet Member Confidential – do not distribute

9 Security Best Practices DNS RTBH Vendor solutions being explored On-premises vs. cloud “scrubbing” vs. hybrid What can be achieved across consortium depends on funding level Incident & Escalation – Make sure your security contact information for your institution is up to date

10 Security Operations and Response OARnet DNS – 8 servers, 2 different OS’s (secure64 + FreeBSD) – ½ recursive, ½ authoritative – Blind-master setup Contact: Nick Wolff nwolff@oar.net or Support Desk support@oar.netnwolff@oar.netsupport@oar.net

11 RTBH (aka BGP Null Route) Mechanism: – Client sends specific host /32 route to OARnet tagged with appropriate BGP community value 600:99 for Internet 3112:99 for Internet2 – OARnet backbone router sets next hop to discard – Once BGP policy is configured, client can send prefixes without escalating to OARnet Remotely triggered black hole

12 RTBH (aka BGP Null Route) Considerations: – Target IP will not be able to communicate with Internet. (Yes, this may have been the intent...) – However, this may allow the rest of your network to stay up during the attack! Strongly encourage clients to set up RTBH for use when needed Contact: Security@oar.net or Support@oar.netSecurity@oar.netSupport@oar.net

13 Vendor Updates Duo www.duosecurity.comwww.duosecurity.com – Multi-factor authentication – In use (in various phases) at OSU, CWRU, UC, and Kent – Available via Internet2 http://www.internet2.edu/products-services/cloud- services-applications/duo-security/http://www.internet2.edu/products-services/cloud- services-applications/duo-security/ Palo Alto www.paloaltonetworks.comwww.paloaltonetworks.com – Next-generation firewall – In use at a number of institutions – After some discussion of potential arrangements, vendor will not be offering a consortium-wide contract, so contact your preferred reseller if interested Airwatch www.air-watch.com/www.air-watch.com/ – Mobile Device Management, Mobile Security Management – Available through OARnet’s VMWare reseller agreement – Contact your OARnet Client Services rep https://oar.net/services/member_schools_contact https://oar.net/services/member_schools_contact

14 Thank you OARsec

Download ppt "OARsec 17 Feb 2016 OARnet Agenda 17 Feb 2016 Call to Order & Introductions OARnet Updates Security Operations and Response Standards."

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.

RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.

Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Cisco S3 C5 Routing Protocols. Network Design Characteristics Reliable – provides mechanisms for error detection and correction Connectivity – incorporate.

Cisco S3 C5 Routing Protocols. Network Design Characteristics Reliable – provides mechanisms for error detection and correction Connectivity – incorporate.
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 TFN OHECC 2006 Columbus, Ohio Pankaj Shah OARnet Networking Division of OSC.

1 TFN OHECC 2006 Columbus, Ohio Pankaj Shah OARnet Networking Division of OSC.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
Putting the Tools to Work – DDOS Attack 111. DDOS = SLA Violation! ISPCPETarget Hacker What do you tell the Boss? SP’s Operations Teams have found that.

Putting the Tools to Work – DDOS Attack 111. DDOS = SLA Violation! ISPCPETarget Hacker What do you tell the Boss? SP’s Operations Teams have found that.
DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.

DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Load-Balance/Route Policy Advanced Routing. Outline How does it Work – When matching criteria, send via the route What does it Do – 2 real usage examples.

Load-Balance/Route Policy Advanced Routing. Outline How does it Work – When matching criteria, send via the route What does it Do – 2 real usage examples.

Similar presentations

Ads by Google