Network Security

793 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
793
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
51
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • For more information: http://www.microsoft.com/technet/community/columns/cableguy/cg0702.mspx
  • Network Security

    1. 1. NETWORK SECURITY Protecting NSU Technological Assets Andrea Di Fabio – Information Security Officer
    2. 2. Agenda <ul><li>Security </li></ul><ul><ul><li>Internet Connection </li></ul></ul><ul><ul><li>Network Devices </li></ul></ul><ul><ul><li>Wireless Devices </li></ul></ul><ul><ul><li>Firewall and Port Filtering </li></ul></ul><ul><ul><li>Encryption and VPN </li></ul></ul><ul><ul><li>IDS and IPS </li></ul></ul><ul><ul><li>Web Administration </li></ul></ul><ul><ul><li>Latest Threats and Attacks </li></ul></ul><ul><ul><li>Logs </li></ul></ul><ul><ul><li>Physical Security </li></ul></ul><ul><li>Security Demo </li></ul><ul><ul><li>IPS Console </li></ul></ul><ul><ul><li>Firewall Management & Logs </li></ul></ul><ul><ul><li>Authentication and Users Tracking </li></ul></ul><ul><li>Supercomputing and Clusters </li></ul><ul><ul><li>A Cluster Demo </li></ul></ul>
    3. 3. Securing Technological Assets <ul><li>MISSION </li></ul><ul><li>Secure and Safeguard NSU Technological assets from unauthorized use. </li></ul><ul><li>Insure conformity to NSU policies </li></ul><ul><li>Proactively prevent system intrusion and misuse </li></ul><ul><li>Investigate and respond to threats </li></ul>
    4. 4. Securing The Network
    5. 5. Securing from Outside Attacks <ul><li>FIREWALL </li></ul><ul><li>Nokia IP 530 w/ Checkpoint NG AI R55 </li></ul><ul><li>507 Mbps Firewall Throughput </li></ul><ul><li>115 Mbps VPN Throughput </li></ul><ul><li>155 Mbps Internet Connection (OC3) </li></ul>
    6. 6. Securing from Outside Attacks
    7. 7. Securing from All Attacks <ul><li>Intrusion Prevention System (IPS) </li></ul><ul><li>TippingPoint UnityOne 2400 </li></ul><ul><li>#1 IPS System in the market </li></ul><ul><li>2 Gbps Wire Speed Throughput </li></ul><ul><li>~11,000 Attacks/Exploits Prevention </li></ul><ul><li>Extensive Reporting </li></ul>
    8. 8. Securing from Outside Attacks <ul><li>SPAM and EMAIL VIRUS PROTECTION </li></ul><ul><li>Spam is: Unsolicited Bulk Email (UBE) </li></ul><ul><ul><li>Unsolicited means that the recipient has not granted verifiable permission for the message to be sent. </li></ul></ul><ul><ul><li>Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content. </li></ul></ul><ul><li>A message is Spam only if it is both Unsolicited and Bulk . </li></ul><ul><li>How do we Protect from Spam? </li></ul><ul><ul><li>BrightMail (a Microsoft Partner) </li></ul></ul><ul><ul><li>BL and WL </li></ul></ul><ul><ul><li>Content Filtering </li></ul></ul>
    9. 9. Securing from Outside Attacks
    10. 10. Securing from Outside Attacks <ul><li>A web access is initiated from the LAN </li></ul><ul><li>A content engine examines the request for policy compliance. </li></ul><ul><ul><li>If the request is valid it forwards it to the cache </li></ul></ul><ul><ul><li>If the request is invalid it returns a message to the user. </li></ul></ul><ul><li>The Web Cache intercepts the request </li></ul><ul><ul><li>HIT - If the request is in cache it is served from the cache </li></ul></ul><ul><ul><li>MISS - If the request is not in cache it is forwarded to the internet </li></ul></ul>
    11. 11. Securing from Outside Attacks Web Administration and Caching BEFORE AFTER
    12. 12. Securing from Inside Attacks <ul><li>Latest Threats and Attacks </li></ul><ul><li>Computer Viruses and Worms </li></ul><ul><li>Adware, Spyware, Malware, Phishing, Pharming </li></ul><ul><li>Bots, Botnets and Rootkits </li></ul><ul><li>Buffer Overflows … attacking the stack </li></ul><ul><li>Secure yourself … the power of knowledge. </li></ul>
    13. 13. Securing from Inside Attacks
    14. 14. Securing from Inside Attacks IP CAMERAS
    15. 15. Wireless Coverage <ul><li>Site Survey by E landia Solutions, Inc. </li></ul>
    16. 16. Wireless Security 802.1X PEAP Authentication with Dynamic VLAN Assignment
    17. 17. Security for the End User <ul><li>Windows and Office Updates </li></ul><ul><ul><li>http://windowsupdate.microsoft.com </li></ul></ul><ul><ul><li>http://office.microsoft.com/en-us/officeupdate </li></ul></ul><ul><li>Free Antivirus </li></ul><ul><ul><li>Avast - http://www.avast.com </li></ul></ul><ul><ul><li>Avg - http://free.grisoft.com </li></ul></ul><ul><li>Free Spyware / Malware Removal </li></ul><ul><ul><li>MS Anti-Spyware (Beta) - http://www.microsoft.com </li></ul></ul><ul><ul><li>Adaware - http://www.lavasoftusa.com </li></ul></ul><ul><ul><li>Spybot S&D - http://www.safer-networking.org </li></ul></ul>
    18. 18. Future Enhancements <ul><li>Previous Wish-List </li></ul><ul><li>Physical Security </li></ul><ul><ul><li>Biometrics? </li></ul></ul><ul><ul><li>IP Cameras </li></ul></ul><ul><ul><li>Access Control </li></ul></ul><ul><li>Network Security </li></ul><ul><ul><li>Network Admission Control (NAC) </li></ul></ul><ul><ul><li>Virtual Private Network (VPN) </li></ul></ul><ul><ul><li>Network Intrusion Detection System (NIDS) </li></ul></ul><ul><li>Current Wish-List </li></ul><ul><li>Physical Security </li></ul><ul><ul><li>Biometrics? </li></ul></ul><ul><li>Network Security </li></ul><ul><ul><li>Network Admission Control (NAC) </li></ul></ul><ul><ul><li>Automatic Policy Enforcement </li></ul></ul><ul><ul><ul><li>The power of Agents </li></ul></ul></ul><ul><ul><li>Virtual Private Network (VPN) </li></ul></ul><ul><ul><ul><li>Actively Being tested </li></ul></ul></ul><ul><ul><li>2- Factor Authentication </li></ul></ul>
    19. 19. The Human Factor <ul><li>70% of all threats come from within </li></ul><ul><ul><li>Tailgating </li></ul></ul><ul><ul><li>Hot Plug </li></ul></ul><ul><ul><li>Dialup and VPN </li></ul></ul><ul><ul><li>Shoulder Surfing </li></ul></ul><ul><ul><li>Unsecured Wireless </li></ul></ul><ul><ul><li>Social Engineering </li></ul></ul><ul><ul><ul><li>Viruses exploit vulnerable programs, Social engineering exploits Vulnerable People. </li></ul></ul></ul>
    20. 20. Super Computing <ul><li>Reminder </li></ul><ul><ul><li>WHEN: 12pm to 1pm </li></ul></ul><ul><ul><li>WHERE: Room 131 (Same Room) </li></ul></ul><ul><ul><li>WHO: </li></ul></ul><ul><ul><ul><li>Kevin Holman </li></ul></ul></ul><ul><ul><ul><ul><li>Blackboard System Support Coordinator </li></ul></ul></ul></ul><ul><ul><ul><li>Andrea Di Fabio </li></ul></ul></ul><ul><ul><ul><ul><li>Information Security Officer and Supercomputing Technology Coordinator </li></ul></ul></ul></ul><ul><ul><li>WHAT: </li></ul></ul><ul><ul><ul><li>Super Computers </li></ul></ul></ul><ul><ul><ul><li>Clusters </li></ul></ul></ul><ul><ul><ul><li>The Grid </li></ul></ul></ul><ul><ul><ul><li>Live Cluster Computing Demo </li></ul></ul></ul><ul><ul><ul><li>Live examples of applications running on the cluster </li></ul></ul></ul>
    21. 21. Q&A

    ×