Embed Size (px)
Citation preview
Georgia Tech Information Security
Campus Architecture for ECE6612November 2, 2005
Peter N. WanSenior Information Security Engineer
Office of Information Technology, Information Security Directorate
Information Security Architecture - Outline
• InfoSec Architecture diagram
• Network Architecture diagram
• Security Technology
• Policies
• User Awareness Campaign
• Q&A
Information Security Architecture(1)http://www.oit.gatech.edu/information_security/architecture/index.html
Still on Web – 4/23/2008
Information Security Architecture(2)
• Layered Defense in Depth
• Host firewalls and other defensive measures are still important even if there is a network firewall
• Business of the Institute must continue so security must help enable business processes
Network Architecture (1)
Network Architecture (2)
• Border routers receive traffic from Tech ISPs (Cogent, Quest, Level3, Peachnet, SoX/Abilene, etc.)
• Border routers feed traffic to campus gateway routers
• Campus gateway routers feed the campus backbone, where departmental and other routers/firewalls are connected
Campus Security Technology
• Border/Backbone Routers
• Intrusion Prevention Systems (not in production yet)
• Intrusion Detection Systems
• Network Firewalls
• Host-Based Security
Campus Security Technology – Border/Backbone Routers
• Pass traffic only
• Protocols that are not passed over a Wide Area Network (tftp, file sharing, database services, etc.) are blocked by internal firewalls, not ACLs at the border
• “Netflows” are collected at various routers to identify suspicious traffic; content is not examined
Campus Security Technology – Intrusion Prevention Systems
• Two ISS Proventia G1000F intrusion prevention devices were installed at the border of the campus network
• IPSes are designed to be installed in-line, and to provide blocking of traffic that does not meet their security policy (more flexibility than router port filters, which are all-or-none type enforcement)
• “Deep Inspection”
Campus Security Technology – Intrusion Detection Systems
• Campus border traffic is mirrored by a switch to two types of IDSes
• Enterasys Dragon is a signature-based IDS
• Lancope Stealthwatch is an anomaly-based IDS
Example Status from Lancope Stealthwatch
P2P
Worm Activity
Worm Propagation
SPAM Source_Mail RelayComm. With Known Bad Host
-Flood
-Target SYNs
3000-
2000-
1000-
Campus Security Technology – Network Firewalls
• Business Office/Ferst Center incidents emphasized the need for better monitoring/control of certain departments/servers
• Program for deploying firewalls at the connection of departments to the campus network has been progressing
Campus Security Mechanisms – Host-Based Security(1)
• Antivirus software (NAI/McAfee site-licensed for campus)
• Host firewalls (ISS RealSecure Desktop Protector)
• Spyware removal software (no site-licensed packages currently, though Spybot Search & Destroy is free even for university use)
Campus Security Mechanisms – Host-Based Security(2)
• Operating system, application, utility patching very important; use vendor-supplied or 3rd party products (e.g., PatchLink or HFNetChk)
• Activate automatic updates wherever possible (antivirus, spyware remover, operating system); this may not be appropriate for servers
Incident Response
• Many incidents consist of virus/spyware infections, and are handled locally by departments or ResNet/EastNet staff
• A “Sensitive Server Database” records machines which are critical to a unit’s function or which contain sensitive information (classifications per the Data Access Policy); incident response for these type of systems requires more attention
• Some incidents are serious enough to require disk/system forensic examinations
Campus Security Policies
• Federal/State/Local (FERPA, HIPAA, GLBA, Open Records, etc.)
• Campus Network Usage/Security Policy
• Unit Level Network Usage Policies
• Data Access Policy
• Copyrighted Material Usage (DMCA, fair use, etc.)
• Employee/Student Handbooks
User Awareness
• Security awareness tutorial at http://oit.gatech.edu/information_security/education_and_awareness/safe/
• Educational campaign in Fall 2005 Semester with posters, etc.
• Outreach such as talks with classes and other groups
• For more information, please see the OIT-IS page at http://oit.gatech.edu/information_security
Thank You!
• Any Questions?
