Presentation is loading. Please wait.

Presentation is loading. Please wait.

The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting."— Presentation transcript:

1 The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting 28 October 2003

2 security in the post-Internet era : the needs of the many vs. the needs of the few

3 2003: security ”annus horribilis” Slammer Blaster Sobig.F increasing spyware threat attackers discover encryption hints of more “advanced” attacks and let’s not even talk about spam…

4 2003: security-related trends more critical application roll-outs more mobile devices growing wireless use VoIP over 802.11 pilots faster networks new network designs (e.g. lambda) class action lawsuits RIAA subpoenas SEC filings on security?

5 Security Trouble Ticket Trend

6 impact end of an era… say farewell to  the open Internet  autonomous unmanaged PCs  full digital convergence? say hello to  one-size-fits-all (OSFA) solutions  conflict... everyone wants security and max availability, speed, autonomy, flexibility min hassle, cost the needs of the many trump the needs of the few (but at what cost?)

7 consequences more closed nets (bug or feature?) more VPNs (bug or feature?) more tunneling -“firewall friendly” apps more encryption (thanks to RIAA) more collateral harm -attack + remedy worse MTTR (complexity, broken tools) constrained innovation (e.g. p2p voip) cost shifted from “guilty” to “innocent” pressure to fix problem at border pressure for private nets

8 consequences (2) mindset: “computer security” failed, so “network security” must be the answer pressure to make network topology match organization boundaries ”network of networks” evolution  1982: minimum impedance between nets  2003: maximum impedance between nets loss of Network Utility Model  “Heisen/stein” networking...  uncertain and relativistic connectivity

9 metamorphosis: Internet paradigm 1969: “one network” 1983: “network of networks” 199x: balkanization begins 2003: “heat death” begins 2004: paradigm lost?

10 how we lost it: inevitable trainwreck? fundamental contradiction  networking is about connectivity  security is about isolation  vendors sell what users want, not need conflicting roles  the networking guy  the security guy  the sys admin  oh yeah… and the user insecurity = liability  liability trumps innovation  liability trumps operator concerns  liability trumps user concerns

11 observations system administrator view  some prefer local control/responsibility  some prefer central/big-perimeter defense  some underestimate cost impact on others user view  want “unlisted numbers”  want “enough openness” to run apps network operator view  frustration over loss of diagnosability  despair over loss of utility vision  dismay over increasing mgt cost, complexity

12 observations (2) feedback loop:  closed nets encourage constrained apps  constrained apps encourage closed nets tunneling, encryption trends undermine perimeter defense effectiveness isolation strategies are limited by how many devices you want on your desk. roads not taken:  What if windows XP had shipped with its integral firewall turned on?  What if UW had mandated and funded positive desktop control?

13 gray’s defense-in-depth conjecture given N layers of topological device defense… MTTE (exploit) = k * N**2 MTTI (innovation) = k * N**2 MTTR (repair) = k * N**2 NB: there is also “vertical” D-I-D for info/session protection, e.g. IPSEC + SSL… but those equations would look different.

14 never say die goal: simple core, local policy choice how to avoid OSFA closed-net future?  design net for local open or closed choice  pervasive IPSEC  asymmetric connectivity (“unlisted numbers”) combine with tools for “rapid response won’t reverse trend toward closed nets,  but may avoid undesirable cost shifts alternative: only closed nets, policy wars

15 questions? comments?

Download ppt "The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting."

Similar presentations

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.

4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004.

1 University of WashingtonComputing & Communications security in the post-Internet era Terry Gray C&C all-hands meeting 09 March 2004.
University of WashingtonComputing & Communications Network Security Principles & Practice for UW Medicine Terry Gray April 2004.

University of WashingtonComputing & Communications Network Security Principles & Practice for UW Medicine Terry Gray April 2004.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or 415.514-3333 UCSF Campus VPN.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.

University of WashingtonComputing & Communications Ten Minutes on Five Nines Terry Gray Associate VP, IT Infrastructure University of Washington Common.
Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor,

Network Research An Operator’s Perspective Terry Gray University of Washington Associate Vice President, Technology Engineering, C&C Affiliate Professor,
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
University of WashingtonComputing & Communications Networking Update Terry Gray Director, Networks & Distributed Computing University of Washington UW.

University of WashingtonComputing & Communications Networking Update Terry Gray Director, Networks & Distributed Computing University of Washington UW.
University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.

University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.
Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.
Impact of Mobile Technology Tim Nesler CIO and Associate VP for Information Technology Services Santa Fe College League for Innovation 2011 CIO Summit.

Impact of Mobile Technology Tim Nesler CIO and Associate VP for Information Technology Services Santa Fe College League for Innovation 2011 CIO Summit.
CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine

CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine

Similar presentations

Ads by Google