Chair: Simon Cooper, trust and identity services group manager, Jisc.
How to solve the top five network challenges for higher education in 2017
Speaker: Martin Wellsted, regional manager northern territory, Efficient IP.
This session will focus on the new network challenges schools and universities face as competition for enrollment and reputation increases, budgets tighten, and the onslaught of Internet of Things and BYOD continue.
Practical solutions to security, IP address management, and process automation problems will be discussed.
2. Please switch your mobile phones to silent
17:30 -
19:00
No fire alarms scheduled. In the event of an
alarm, please follow directions of NCC staff
Exhibitor showcase and drinks reception
18:00 -
19:00 Birds of a feather sessions
Mention JANET incident in April 2016- if this already happened to JANET, it can happen to you!
Surprisingly, while the entire internet and its overall services such as browsing, emailing, ToIP, or even printing rely on DNS, its infrastructure remains poorly secured and has become one of the most attractive application layer target for hackers and malware. Additionally, Cisco unveiled that 91% of malware uses DNS protocol in some ways such as for establishing communication path with remote CnC server, operating data exfiltration or spreading deeper into targeted networks. It is even more critical for organizations to understand the risks that most used DNS server engine had 11 critical DoS vulnerabilities in 2016.
As a result, 74% of companies have been targeted by DNS attacks at least once in the last 12 months (2016 EfficientIP global DNS Security survey).
DNS services are a foundation of any IT infrastructure. It translates domain names, which can't be easily memorized by humans, to the numerical IP addresses needed for the purpose of computer services and devices worldwide. Today's applications are all IP based. If a DNS server is not responding with the expected performance or if it is completely down, there is no more access to any application! It has a very fast and direct negative impact on customers and the business.
Open service by design: As a consequence of their fundamental role in the IT infrastructure, DNS servers must be accessible to everyone.
Connectionless: DNS protocol is connectionless, making it easier for hackers to launch an attack as it does not require to establish a connection with the targeted device. It can circumvent security system using for instance IP address spoofing for reflection and amplification DoS attacks. Most firewalls cannot efficiently manage and maintain network security with UDP traffic.
Attack target and threat vector: Hackers make use of DNS dual role in the “kill-chain” as either a threat vector (ex: malware use of the DNS protocol to communicate with their remote command and control server) or a direct objective (ex: DoS attack on DNS servers to impact business continuity).
Great attack variety and sophistication: The high variety and sophistication of DNS attacks is a result of the previous points.
The security context around DNS protocol is complex and DNS threats have become more and more sophisticated, combining multiple vectors in a single attack.
Not analysed by 68% of companies: hackers are taking advantage of the inefficiency of traditional security solutions and despite the intensive use of DNS services by malware, more than 68% of companies are not monitoring and analysing DNS traffic. It is a great opportunity for hackers to launch damaging attacks.
Pick a few and explain quickly on how any of these affect the university
Today, there are several methods to protect against the large variety of attacks on the DNS. The most common method is to filter the DNS queries, to eliminate those that are illegitimate and support legitimate traffic. While this works in theory, in practice traditional security solutions are too limited to receive and carefully analyze all requests that are sent. They have not been designed from the ground up to secure DNS services and are not able to handle the dynamic nature of the protocol.
Lack of performance and intelligence can induce serious security limitations and risks, such as business downtime, customer data or intellectual property theft and damaged reputations. Possible impacts are diverse but very concrete, costing as we have seen previously an average of more than $1 million per attack.
IDC, in a recent security survey, concluded that “very little is being done about DNS security and companies feel that the basic protection offered by a firewall is enough. This is a real case of the wrong answer to a real problem.”
A modern DNS security system must be agile enough to adapt its protection mechanisms to mitigate the risk of false positives, while ensuring DNS service integrity and continuity to legitimate clients.
Kings College London implemented a private cloud that enables its students to access a virtual desktop------ http://www.computerweekly.com/feature/BYOD-policy-gives-London-university-users-network-access-flexibility
Oxford overhauls technology to create potential for BYOD use on 100,000+ devices--- http://www.itproportal.com/2014/09/05/oxford-university-embraces-byod-overhauls-ancient-communications-systems/
http://edtechnology.co.uk/Article/byod-is-it-right-for-your-school
Pearson survey—http://www.pearsoned.com/wp-content/uploads/2015-Pearson-Student-Mobile-Device-Survey-College.pdf
SLIDE ORIGINALLY ABOUT-----NetChange includes a network discovery tool, NetChange- IPLocator, to locally or remotely discover, identify and inventory the physical and virtual devices and their connections on your network (IP/MAC/VLAN/Switch/ port/Name). Netchange-IPLocator’s thorough network discoveries provide comprehensive visibility of network resource deployment and usage, delivering unparalleled resource control, from organization scheme and deployment to resources consumption and procurement.
SOLIDserver’s NetChange-IPL provides a route discovery that is dedicated to the network devices routing tables. The NetChange-IPL displays the existing routes on the layer 3 network devices. All the information displayed is retrieved using the SNMP protocol. Each route corresponds to subnet and has a unique IP address and prefix.
Elimination of port wastage
SOLIDserver's discovery process identifies unused switch ports since a time lap. Based on this information it is easy to determine whether switch port can be released or reallocated. This is particularly important in datacenter to avoid overconsumption of Giga Ethernet port to unused servers.
Enable your school----Unified visibility, consistency control & management
-Core network services robustness & availability
-Flexibility & adaptability for greater efficiency
-Streamlined processes & corporate policy enforcement
-Management simplicity with smart automation
-Granular role-based delegation & work flow
Control, automate & streamline---
-Structure & automate subnet splitting in dedicated IP pools with templates
-Control where each IP address type is authorised to be deployed
-Guide non-expert users with “easy-to-use” web interface--- stress this point
Provisioning---
-Templates of provisioning processes modeling & operational business needs ensures unmatched efficiency, simplicity & control
Delegation control---
-Granular role-based delegation with unlimited number of groups
-Control “who, where” and also “what” with object classes
-Activity tracking and auditing with detailed tasks history & powerful search engine
-LDAP, AD, Radius authentication
Boost cloud infrastructure---
----Simplifies and secures resource deployment for instant-start cloud services and cost reduction
-Automated IP and DNS resources assignment for VM provisioning
-Error-free configuration and inventory consistency
-Streamlined deployment with corporate policy enforcement
-Global visibility of virtual infrastructures
-Improved cloud scalability with DDI capacity planning
-High availability of mission-critical DNS & DHCP service
A one of the world’s fastest growing DDI (DNS-DHCP-IPAM) vendors, EfficientIP helps organisations drive business efficiency through agile, secure and reliable network infrastructures.
EfficientIP has continued to expand its reach internationally since its inception in 2004, providing solutions, professional services and 24*7 support all over the world with the help of global business partners. This ensures an efficient and successful deployment to our customers.
EfficientIP is committed to thinking differently about the DDI industry- innovation is in our DNA. Our goal is to create value and efficiency for our customers through heightened security, advanced automation, and greater simplicity. We have launched unique features like network reconciliation management which have today become market best practice standards. We invented the advanced SmartArchitecture™ concept, which upgraded the management of DNS and DHCP from service level to architecture level. Additionally, our unique 360° DNS security solution protects data confidentiality and application access from anywhere at any time.
Institutions across a variety of industries and government sectors worldwide rely on our offerings to assure business continuity, reduce operating costs and increase the management efficiency of their network and security teams.