Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060

Published byHarold Wiggins Modified over 8 years ago

Similar presentations

Presentation on theme: "Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060"— Presentation transcript:

1 Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060 marchany@vt.edu http://security.vt.edu

2 VT Defense-in-Depth Strategy Layer 1: Blocking Attacks: Network Based Layer 2: Blocking Attacks: Host Based Layer 3: Eliminating Security Vulnerabilities Layer 4: Supporting Authorized Users Layer 5: Tools to minimize business losses

3 Putting the Pieces Together RDWEB – locate any device in our network DSHIELD – Collect Firewall logs SNORT – Sensors monitoring for patterns SAFETYNET – “pull” vulnerability scanner CHECKNET – “push” vulnerability scanner REMEDY – Trouble Ticket system used by Help Desk CENTRAL SYSLOG – collects syslogs

4 IDS Infrastructure Campus Systems VT Dshield Dshield MySQL DB SNORT Base MySQL DB CheckNet Failure DB CheckNet WWW Nessus Scanners SafetyNet MySQL DB Remedy Trouble Ticket System CIRT Help Desk IPS SNORT Sensors Central Syslog Servers

5 VA Tech Defense in Depth Layer 1: Blocking Attacks: Network Based – Network Intrusion Prevention Systems – Discovery and mitigation – Firewalls – Secure Web Filtering – Secure Email, Anti-Spam

6 VA Tech Defense in Depth Layer 2: Blocking Attacks: Host Based – Personal firewalls – Spyware removal – Scan & Block/Quarantine Networks – Antivirus

7 VA Tech Defense in Depth Layer 3: Eliminating Security Vulnerabilities – Vulnerability management & remediation – Patch management – Configuration management – Security configuration compliance – Application security testing

8 Putting the Pieces Together REN-ISAC weather reports Dshield.org IPS Netflows UCONN netreg VSC scanners

9 You Already Belong to a “Dshield” Default setting for Windows XP Personal Firewall sends copies of your firewall logs to http://hackerwatch.org http://hackerwatch.org Why not belong to one that you know about?

10

11 Dshield – Internet Storm Center Internet Storm Center concept was developed after analysts noted that time zones provided an early warning system for some attacks Attacks originating in Asia occurred 12+ hours before hitting North America – People coming to work and logging in their computers

12

13 Dshield Similar to weather reporting infrastructure Mapping probes similar to mapping weather fronts Admins could look at the data real-time and use this info to prepare for an attack Similar to looking at a weather map to prepare for tomorrow’s weather

14 Weather Report vs. Internet Storm Ctr Small sensors in as many places as possible recording basic weather info Regional weather stations providing tech support, summarize and display it for local meteorologists National weather centers summarize and map regional data to provide overall weather picture Small IDS tools send logs to regional/campus site Regional site provides automated support and reporting tools Global Analysis & Coordination Centers provide early warning to network community of impending/ongoing attacks

15 DShield Configuration Hardware – DEC 2650, 2GB RAM, 785GB disk Software – Red Hat Enterprise – Apache WWW server – PHP – MySQL – Dshield base system from Internet Storm Center

16 The Good News, The Bad News Good News Dshield code is already set to do the functions shown later You do some local mods and you’re ready to go Software can handle the load Fairly universal feeds Good reporting tool Bad News Code is hard to get Basic documentation Convincing your environment to feed your dshield Need to tailor firewall configurations Needs an analyst to interpret the results

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38 References http://isc.sans.org http://dshield.org http://dshield.cirt.vt.edu Randy Marchany – VA Tech IT Security Lab – 1300 Torgersen Hall, VA Tech – Blacksburg, VA 24060 – 540-231-9523, marchany@vt.edu

39

40 IDS/IPS States BLOCK NO BLOCK ALERT GOOD NO ALERT BAD GOOD if Failover BAD if not

41 VA Tech Defense in Depth Layer 4: Supporting Authorized Users – ID and access management – File Encryption – Secure communications – PKI – VPN – IPSEC based VPN – SSL VPN – Secure remote access

42 VA Tech Defense in Depth Layer 5: Tools to minimize business losses – Security information management – Business transaction integrity monitoring – Security skills development (training) – Forensic tools – Regulatory compliance tools – Business recovery – Backup

Download ppt "Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
MONITORING THE CONNECTICUT EDUCATION NETWORK Aliza Bailey 10/20/2010.

MONITORING THE CONNECTICUT EDUCATION NETWORK Aliza Bailey 10/20/2010.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
Controls for Information Security

Controls for Information Security
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Similar presentations

Ads by Google