Presentation is loading. Please wait.

Presentation is loading. Please wait.

Icarus: A Revolution in Distributed Security Management Rob Bird, University of Florida Gregory Marchwinski, Red Lambda Inc.

Published byPhebe Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "Icarus: A Revolution in Distributed Security Management Rob Bird, University of Florida Gregory Marchwinski, Red Lambda Inc."— Presentation transcript:

1 Icarus: A Revolution in Distributed Security Management Rob Bird, University of Florida Gregory Marchwinski, Red Lambda Inc.

2 Agenda The Problem The Solution - Icarus Icarus System Architecture Icarus Features Use Case Summary

3 The Problem From the SALSA-Netauth document Strategies for Automating Network Policy Enforcement: “The major security challenge facing university residential networks and other large-scale end-user networks is the thousands of privately owned and unmanaged computers directly connected to an institution's relatively open, high- speed Internet connections. Security policy enforcement is often lax due to a lack of central control over end-user computers and an inability to tie the actions of these computers to particular individuals. A few times a year there are surge events, including the predictable start of each semester and the unpredictable and increasingly frequent reactions to large-scale security incidents, that require massive support intervention.” Current security products lack the sophistication to control & stop P2P networks & defend against mass infection by malware/malusers. Highly Fragmented Network Security & Management marketplace – many point solutions, many appliances, no central architecture, little automation Human intervention is necessary to manage security tasks such as P2P & process vast amounts of data – often overwhelming existing IT Staff members

4 The Solution - Icarus Developed at the University of Florida in December 2002 to automate security and policy enforcement –In production on 10,000 user residential network since 2003 –Now on version 2 Automatically performs policy-based admission control, mitigates P2P networks, complex malware scenarios and manages adherence to university security policy Distributed framework – enables security and network management via three key elements - Neuron Microkernel, Collaborative Grid, Peer Management Console Patent Pending –developed as an open standards middleware collaborative grid system to utilize all connected resources to defend / manage the network Recognized by industry analysts and highlighted in numerous technical publications

5 Icarus System Architecture

6 Product Features Java 5 XML-based policy and messaging architecture allows complex workflow automation via graphical or text editor Lightweight microkernel features component-based architecture which allows third party applications, libraries (Java and C/C++) and scripts (Perl and Python/Jython) to be combined and used as elements in the workflow –EG: Existing UF implementation integrates into network registration, security appliances, network hardware, trouble ticketing, billing, judicial management and captive information portal Allows the easy combination of L2, L3 and L7 detection, isolation, notification and remediation techniques Equally suited to wired or wireless networks Drives behavioral change of students by sending a clear and consistent message –Traffic enforcement cameras vs. Citation by policeman

7 Product Features Extensible solution to management issues such as: –P2P network abuse –Viral and worm attacks –Spam relays - automatically contains –Spyware –Botnets –Outbound malicious behavior such as port scans, exploit scans, etc.

8 Product Features Hierarchical administration levels enables multiple views and span of control via console to reflect organizational boundaries and federated management schemes Ability to quickly change automatic behavior of system via graphical work flow interface or built-in command editor Extensive reporting engine helps generate compliance and exception reports for internal and third party use

9 Product Features

10 Use Case – Icarus @ UF In production since 2003 Automates complete registration, detection, isolation, notification and remediation workflow for P2P, malware and maluser scenarios P2P policy enforcement –No DMCA complaints since 2003 –1 st Offense: 15 minute campus-only restriction –2 nd Offense: 5 day campus-only restriction –3 rd Offense: Refer to judicial affairs –Automatically generates remediation and education content for captive information portal Malware/Maluser policy enforcement –Classful isolation system, different isolation types depending on situation –Automatically generates remediation and education content for captive information portal

11 Use Case – Icarus @ UF Access Level Requires Registration? Destination Restrictions ? Routed?Notes GuestNoYes Allows access to registration and information sites only RestrictedYes Allows access to University resources only QuarantineSpecialYesNoAllows access to local network quarantine resources Black HoleSpecialYesNoUntrunked, Unrouted NormalYesNoYesTypical User Wireless GuestNoYes Allows access to registration and information sites only Wireless Restricted Yes Allows access to University resources only Wireless Quarantine SpecialYesNoAllows access to local network quarantine resources Wireless Normal YesNoYesTypical User TerminatedNo Service Last resort

12 Use Case – P2P @ UF 2003-20042004-20052005-2006 1 st Offense2052948342 2 nd Offense41524542 3 rd Offense564410 Total25231237394 Offender RatesRecidivism Rates Pre-Icarus % of residents using P2P54.67% Post-Icarus % of total residents w/1 st Offense27.64% of 1 st to 2 nd Offense21.01% % of total residents w/2 nd Offense5.81% of 2 nd to 3 rd Offense15.67% % of total residents w/3 rd Offense0.91% of 1 st to 3 rd Offense3.29% *NOTE: Offender and Recidivism Rates do not include 2005-2006

13 Case Study – P2P @ UF

14 Summary Patent-pending technology features fully-distributed collaborative grid architecture for distributed security and network management Architecture designed to enable product enhancements and quick addition / distribution of new modules Easily leverages security tools and methods thereby increasing the value of existing software/system investments P2P Mitigation being deployed in October to early adopters, GA in December Pricing per user per year with extensive educational discount structure In production for over 2.5 years at the University of Florida managing over 10,000 users

15 Questions? Rob Bird – conduit@ufl.educonduit@ufl.edu Greg Marchwinski – greg.marchwinski@redlambda.com greg.marchwinski@redlambda.com Other information: www.redlambda.comwww.redlambda.com

Download ppt "Icarus: A Revolution in Distributed Security Management Rob Bird, University of Florida Gregory Marchwinski, Red Lambda Inc."

Similar presentations

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.

Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.
TANDBERG Content Server January 2008. Organizational Challenges Corporations have struggled in the past:  Achieving unified communications within a global.

TANDBERG Content Server January Organizational Challenges Corporations have struggled in the past:  Achieving unified communications within a global.
Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.
Tom Sheridan IT Director Gas Technology Institute (GTI)

Tom Sheridan IT Director Gas Technology Institute (GTI)
The Business Value of CA Solutions Ovidiu VALEANU Senior Consultant DNA Software – CA Regional Representative.

The Business Value of CA Solutions Ovidiu VALEANU Senior Consultant DNA Software – CA Regional Representative.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.

1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
1 Chapter 7 IT Infrastructures Business-Driven Technology

1 Chapter 7 IT Infrastructures Business-Driven Technology
Supplement 02CASE Tools1 Supplement 02 - Case Tools And Franchise Colleges By MANSHA NAWAZ.

Supplement 02CASE Tools1 Supplement 02 - Case Tools And Franchise Colleges By MANSHA NAWAZ.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

Similar presentations

Ads by Google