Presentation is loading. Please wait.

Presentation is loading. Please wait.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services."— Presentation transcript:

1 NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services

2 Outline A Brief History Past Tools and Solutions What is NetPass? How Does NetPass Work? What Will NetPass Become?

3 A Brief History Pre-2003 –Relatively few virus/worm outbreaks –Quickly contained –Slowly increasing frequency And then……

4 History - Winter 2003 MS SQL Slammer Worm –Aggressive scanning on TCP Port 1434 –<30 infected hosts crippled over half the network –Still quickly contained

5 History - Summer/Fall 2003 Blaster Worm –Exploited DCOM RPC hole –Scanned on TCP port 135 Welchia Worm –Patched Blaster DCOM hole –Scanned on TCP ports 135 and 80 –Opened backdoor port 707 –Aggressive ICMP pinging to find hosts

6 History - Winter 2004 Email Viruses –SoBig –Beagle –NetSky –Backdoors used for spam proxying!

7 History - Spring 2004 Sasser Worm –Exploited LSASS hole –Scanned on TCP port 445 Gaobot/Agobot –Rise of the Botnet –IRC command/control channel –Scanned for previous worm backdoors –Denial of Service attacks swamp Internet connectivity

8 Past Tools and Solutions Turning Off Ports –Disruptive to users –No easy self-fixing or information provided –Machine can move Disabling NetIDs –Very disruptive

9 Past Tools and Solutions NUSA –Allowed tech support admins to receive automated reports and reactivate ports NetReg –Associated NetID with MAC address via DHCP –Rudimentary port scanning

10 Limitations of NetReg Relied on DHCP for quarantining Still had to shut off ports Problem machines could move ports to regain connectivity

11 What is NetPass? Layer 2 quarantine Selective access Host-based registration –Associate NetID with MAC address Vulnerability/Infection scanning Per-event per-network self-remediation instructions Integration with other systems

12 How Does NetPass Work? General Principles –All ports default to QUAR network –Same DHCP server, DNS server, and IP addresses for QUAR and UNQUAR networks –Traffic routing depends solely on QUAR/UNQUAR switch port assignment –Access allowed to certain Web sites Windows Update, Symantec, etc.

13 NetPass Network Diagram DHCP Server Internet!! 199.74.105.23 ResNet Computer Switch Router 199.74.105.1 VLAN 200 NetPass Server 199.74.105.1 VLAN 100 External IP 165.124.51.8 UNQUAR VLAN 200 QUAR VLAN 100

14 NetPass User Experience User Connects Scan Pass Scan? Already Scanned? User Disconnects Move to QUAR Remediate No Yes Log In No Move to UNQUAR Yes

15 Additional Capabilities PQUAR - Permanent Quarantine –Used instead of shutting off ports PUNQUAR - Permanent Unquarantine –Used for manually registered devices

16 Interesting Situations Cookies required Machine must source network traffic soon after bringing up Ethernet link –Effect: user must launch web browser to force NetPass to recognize the machine Firewalls –Scan can take up to 1 minute

17 Interesting Situations Hublet/Switchlet –NetPass sees multiple MAC addresses –All MAC addresses will have to be registered before port will be moved to UNQUAR Router or NAT device –NetPass will only see 1 MAC address –If client machines move to other ports, they will have to be scanned again

18 NetPass Administration https://netpass.ittns.northwestern.edu/Admin/ Must connect to VPN from dorms first All Rescons and SC cons should have access to QuarControl and Manual Registration Note: with great power comes great responsibility! Remember to log out!!!

19 NetPass Futures Snort IDS integration –Automatic QUAR on suspicious network traffic Software client integration –More accurate than external scanning –Eliminates firewall problem

20 Questions? netpass@ittns.northwestern.edu kohster@northwestern.edu http://www.nessus.org/ http://www.squid.org/ http://www.it.northwestern.edu/student-support/netpass/

Download ppt "NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services."

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Application Guide For Mesh AP – MAP-3120

Application Guide For Mesh AP – MAP-3120
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services.

April 11, Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services.
UNITS meeting September 30, 2004 Network Security Roger Safian

UNITS meeting September 30, 2004 Network Security Roger Safian
Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.

Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Your Network Security Babelfish a.k.a. Security Event Actionable Log Parser Mike Halsall & Graeme Connell ©, Michael T. Halsall, 2006.

Your Network Security Babelfish a.k.a. Security Event Actionable Log Parser Mike Halsall & Graeme Connell ©, Michael T. Halsall, 2006.

Similar presentations

Ads by Google