A MultiZone Security Model - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

A MultiZone Security Model

Description:

Stop 'bad' traffic with no impact to 'good' Isolate threats from the community. Control SPAM, Phishing and virus threats. Provide extra layers of protection as needed ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 30
Provided by: JamesM7
Category:

less

Transcript and Presenter's Notes

Title: A MultiZone Security Model


1
A Multi-Zone Security Model
  • David Morton
  • Lori Stevens
  • 17 October 2007

2
Multi-Zoned Security
  • Each Zone plays a role in security of system
  • Layered defenses within each Zone

3
Zones
4
Introduction
The Connector Zone
  • Joins networks together
  • Goals
  • Protect the infrastructure
  • Low latency, high performance is key
  • Traffic is originated elsewhere
  • Connector policies establish rules
  • Examples PNWGP, PacificWave

5
PacificWave Infrastructure
The Connector Zone
6
Pacific Wave Security
The Connector Zone
  • Since Pacific Wave is a layer-2 exchange, it
    cannot directly mitigate and address participant
    behavior above layer-2, such as
  • using BGP-4 for peering
  • routing traffic without an established peering
    agreement
  • generating traffic other than IP
  • Must work together in order to collectively
    mitigate such activities
  • Develop processes and procedures for proper
    escalation in the event of malicious or
    unauthorized activities are discovered
  • Implement policies and protections to
  • Limit the hosts/networks that can manage the
    network devices
  • Make use of token based login or one time
    passwords
  • Limit which network devices (by MAC) can directly
    connect

7
CZ Layered
The Connector Zone
Layered Security
8
Introduction
The Campus Zone
  • Aggregates users to the connector
  • Goals
  • Stop bad traffic with no impact to good
  • Isolate threats from the community
  • Control SPAM, Phishing and virus threats
  • Provide extra layers of protection as needed
  • Mitigate security incidents quickly
  • Minimize the impacts

9
Infrastructure
The Campus Zone
  • 120,000 devices
  • NO PERIMETER FIREWALLS
  • IPS at the core

10
Intrusion Prevention
The Campus Zone
  • Tipping Point IPS
  • Rich rule set to block bad traffic
  • Blocked at least 70 million attacks in 2006
  • Thats nearly 185,000 attacks a day
  • Ability to route some traffic around IPS for
    performance or policy

11
Email Defense Options
The Campus Zone
  • Appliance
  • Easy to setup
  • Simplified maintenance
  • Less flexible
  • Software Solution
  • Often more flexible, extensible to meet needs
  • Separate hardware platform and OS to maintain

12
Spam at the UW
The Campus Zone
  • January daily volume avg 3,040,000 messages,
    76.6 spam
  • August daily volume avg 4,100,000 messages,
    80.1 spam
  • Sept daily volume avg 4,560,000 messages, 88.5
    spam

13
Spam at the UW
The Campus Zone
  • As much spam this year as all mail processed in
    2006 and nearly twice as much total mail as we
    processed from 2003-2005
  • Be prepared for growth!

14
Email-born Viruses at the UW
The Campus Zone
  • 2003 9,375,000 viruses detected in email
  • 2004 20,000,000 viruses in email
  • 2007 2,632,000 viruses
  • Not the threat it once was.

15
UW 2003-2006 Mail Stats
The Campus Zone
16
Network Firewalls
The Campus Zone
  • Two varieties
  • Logical Firewall
  • Subnet Firewall
  • Logical Firewall (self managed)
  • Selectively allows hosts to participate
  • http//staff.washington.edu/corey
  • Subnet Firewall (centrally managed)
  • Gibraltar (linux) or Cisco FW Services Module

17
Incident Response
The Campus Zone
  • Established incident response procedures
  • Automated protections against worms
  • Able to remotely capture network traffic
  • Partner with industry, peers, etc for
    up-to-date intelligence

18
CampZ Layered
The Campus Zone
Layered Security
19
Introduction
The Dorm Zone
  • Student housing
  • Goals
  • Protect Dorms from world
  • And the world from the Dorms )
  • Provide high bandwidth for acedemics, etc
  • Control illegal filesharing
  • Enforce administrative policies (ie no servers)

20
Infrastructure
The Dorm Zone
  • 5,000 residents
  • IPS sandwich
  • Packeteer traffic shaper
  • Firewall policy enforcement

21
DormZ Layered
The Dorm Zone
Layered Security
22
Hosts Defending Against Threats
The User/Host Zone
  • Anti-virus sw is critical to keeping our
    networked-hosts clean
  • configure to update itself automatically
  • use other features such as buffer overflow and
    web (http) browsing protection, where appropriate
  • Stay current on security updates and virus
    definitions/signatures

23
Hosts Defending Against Threats
The User/Host Zone
  • Use complex passwords for critical devices, e.g.
    hosts, routers
  • Use logs to catch attacks or compromises
  • Software to detect inconsistencies
  • Best place for firewall as its easiest to define
    good traffic
  • can be complex to manage

24
Hosts Defending Against Threats
The User/Host Zone
  • Isolation approach
  • Separate services across hosts
  • So one passwd doesnt get you to everything
  • Block services that arent relevant
  • For example, block port 25/tcp to and from all
    hosts that are not mail servers

25
Hosts Defending Against Threats
The User/Host Zone
  • Security is part of everything
  • design, build, implement, and buy
  • Fewer compromises where pervasive layer
    protection implemented

26
DormZ Layered
The User/Host Zone
Layered Security
27
Questions?
David Morton dmorton_at_u.washington.edu 1 (206)
221-7814 Lori Stevens lrs_at_u.washington.edu 1
(206) 685-6227
28
Resources
  • TippingPoint http//www.tippingpoint.com/products
    _ips.html
  • PureMessage http//sophos.com/products/enterprise
    /email/security-and-control/unix/index.html
  • General Security Infohttp//www.securityfocus.co
    m/http//www.sans.org/network_security.phphttp/
    /onguardonline.gov/index.html

29
Questions?
Write a Comment
User Comments (0)
About PowerShow.com