Sandbox Network Series - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Sandbox Network Series

Description:

Security topics discussion. Backbone Configuration. Border access control lists ... Security Topics Discussion. How much time should the NOC provide for remediation? ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 22
Provided by: michaelv2
Category:

less

Transcript and Presenter's Notes

Title: Sandbox Network Series


1
Sandbox Network Series
2
Network Series Agendas
  • January 26 Campus Backbone Briefing
  • February 23 Network Security Issues
  • March 23 Tools

3
Campus Backbone Briefing
  • Any follow-up questions/comments?

4
Network Security Issues
  • Backbone security configuration
  • Network incident handling
  • Security expectations

5
Tools
  • Status reporting tools
  • Diagnostic tools
  • Performance testing tools
  • Network instrumentation
  • Connectivity
  • Performance

6
Network Security Issues
  • Backbone security configuration
  • Network incident handling
  • Minimum security standards
  • eEye tools update
  • Security topics discussion

7
Backbone Configuration
  • Border access control lists
  • Internal access control lists
  • Backbone data collection

8
Border access control lists (inbound)
  • CERT Advisory CA-2003-20 (except TFTP and
    TCP-135)
  • MS-SQL Slammer
  • Spoofed UCLA sources
  • Smurf attempts
  • RFC 1918, 3330, and Automatic Private IP address
    space

9
Border access control lists (outbound)
  • SoBig
  • CERT Advisory CA-2003-20 (except TFTP)
  • MS-SQL Slammer

10
Internal access control lists
  • Backbone infrastructure ACLd
  • Routing announcements only for delegated address
    space
  • IP packets only from delegated address space

11
Backbone data collection
  • NetFlow statistics
  • Domain Name Service requests
  • Intrusion detection
  • Scanning
  • Darknets

12
NetFlow Data Collection
  • Records collected from core and border devices
  • Access to data highly restricted
  • Used to investigate reported security incidents

13
DNS Logging
  • Records collected from campus DNS servers
  • Access to data highly restricted
  • Will be used to identify hosts with specific
    infections

14
Intrusion Detection
  • Implementation in process
  • Target known infection signatures being sourced
    from campus
  • Will coordinate with OIT and Campus Privacy Board

15
Scanning
  • Ad-hoc scanning for known, high-profile problems
    during crisis situations
  • Regular scanning for targeted problems in the
    future
  • General scanning not on current roadmap

16
Darknets
  • Connection attempts logged and reported to
    departments (coming)

17
Blackhole Routing
  • CTS initiated
  • Department initiated
  • External

18
Incident Response
  • Current practice
  • Implementing formal tracking of incident reports
  • Expect active response from departments
  • Unhandled / repeated problems will be escalated

19
Minimum Security Standards
20
eEye Tools Update
21
Security Topics Discussion
  • How much time should the NOC provide for
    remediation?
  • How should NAT be handled?
  • What data should departments collect to identify
    problems?
  • What are the issues at the edge?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Sandbox Network Series" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!