View
215
Download
3
Category
Preview:
Citation preview
Georgia Tech Information Security
Campus Architecture for ECE6612November 2, 2005
Peter N. WanSenior Information Security Engineer
Office of Information Technology, Information Security Directorate
Information Security Architecture - Outline
• InfoSec Architecture diagram
• Network Architecture diagram
• Security Technology
• Policies
• User Awareness Campaign
• Q&A
Information Security Architecture(1)http://www.oit.gatech.edu/information_security/architecture/index.html
Still on Web – 4/23/2008
Information Security Architecture(2)
• Layered Defense in Depth
• Host firewalls and other defensive measures are still important even if there is a network firewall
• Business of the Institute must continue so security must help enable business processes
Network Architecture (1)
Network Architecture (2)
• Border routers receive traffic from Tech ISPs (Cogent, Quest, Level3, Peachnet, SoX/Abilene, etc.)
• Border routers feed traffic to campus gateway routers
• Campus gateway routers feed the campus backbone, where departmental and other routers/firewalls are connected
Campus Security Technology
• Border/Backbone Routers
• Intrusion Prevention Systems (not in production yet)
• Intrusion Detection Systems
• Network Firewalls
• Host-Based Security
Campus Security Technology – Border/Backbone Routers
• Pass traffic only
• Protocols that are not passed over a Wide Area Network (tftp, file sharing, database services, etc.) are blocked by internal firewalls, not ACLs at the border
• “Netflows” are collected at various routers to identify suspicious traffic; content is not examined
Campus Security Technology – Intrusion Prevention Systems
• Two ISS Proventia G1000F intrusion prevention devices were installed at the border of the campus network
• IPSes are designed to be installed in-line, and to provide blocking of traffic that does not meet their security policy (more flexibility than router port filters, which are all-or-none type enforcement)
• “Deep Inspection”
Campus Security Technology – Intrusion Detection Systems
• Campus border traffic is mirrored by a switch to two types of IDSes
• Enterasys Dragon is a signature-based IDS
• Lancope Stealthwatch is an anomaly-based IDS
Example Status from Lancope Stealthwatch
P2P
Worm Activity
Worm Propagation
SPAM Source_Mail RelayComm. With Known Bad Host
-Flood
-Target SYNs
3000-
2000-
1000-
Campus Security Technology – Network Firewalls
• Business Office/Ferst Center incidents emphasized the need for better monitoring/control of certain departments/servers
• Program for deploying firewalls at the connection of departments to the campus network has been progressing
Campus Security Mechanisms – Host-Based Security(1)
• Antivirus software (NAI/McAfee site-licensed for campus)
• Host firewalls (ISS RealSecure Desktop Protector)
• Spyware removal software (no site-licensed packages currently, though Spybot Search & Destroy is free even for university use)
Campus Security Mechanisms – Host-Based Security(2)
• Operating system, application, utility patching very important; use vendor-supplied or 3rd party products (e.g., PatchLink or HFNetChk)
• Activate automatic updates wherever possible (antivirus, spyware remover, operating system); this may not be appropriate for servers
Incident Response
• Many incidents consist of virus/spyware infections, and are handled locally by departments or ResNet/EastNet staff
• A “Sensitive Server Database” records machines which are critical to a unit’s function or which contain sensitive information (classifications per the Data Access Policy); incident response for these type of systems requires more attention
• Some incidents are serious enough to require disk/system forensic examinations
Campus Security Policies
• Federal/State/Local (FERPA, HIPAA, GLBA, Open Records, etc.)
• Campus Network Usage/Security Policy
• Unit Level Network Usage Policies
• Data Access Policy
• Copyrighted Material Usage (DMCA, fair use, etc.)
• Employee/Student Handbooks
User Awareness
• Security awareness tutorial at http://oit.gatech.edu/information_security/education_and_awareness/safe/
• Educational campaign in Fall 2005 Semester with posters, etc.
• Outreach such as talks with classes and other groups
• For more information, please see the OIT-IS page at http://oit.gatech.edu/information_security
Thank You!
• Any Questions?
Recommended