network security

Company

LOGO

NETWORK SECURITY

Protecting NSU Technological Assets

Andrea Di Fabio – Information Security Officer

Agenda

1. Security • Internet Connection• Network Devices• Wireless Devices• Firewall and Port Filtering• Encryption and VPN• IDS and IPS• Web Administration• Latest Threats and Attacks• Logs• Physical Security

2. Security Demo• IPS Console• Firewall Management & Logs• Authentication and Users Tracking

3. Supercomputing and Clusters• A Cluster Demo

1. Security • Internet Connection• Network Devices• Wireless Devices• Firewall and Port Filtering• Encryption and VPN• IDS and IPS• Web Administration• Latest Threats and Attacks• Logs• Physical Security

2. Security Demo• IPS Console• Firewall Management & Logs• Authentication and Users Tracking

3. Supercomputing and Clusters• A Cluster Demo

Securing Technological Assets

MISSION Secure and Safeguard NSU Technological

assets from unauthorized use. Insure conformity to NSU policies Proactively prevent system intrusion and

misuse Investigate and respond to threats

Securing The Network

Securing from Outside Attacks

FIREWALL Nokia IP 530 w/ Checkpoint NG AI R55 507 Mbps Firewall Throughput 115 Mbps VPN Throughput 155 Mbps Internet Connection (OC3)


Core SwitchesInternal Network

FIREWALL

External Router

Internal Routerwith ACL

Internet

INTERNAL NETWORKS

COL-ACT-STA-

1 2 3 4 5 6 7 8 9101112HS1 HS2 OK1 OK2 PS

CONSOLE

Connecting Switch

To/From Internet

To/From Internal

To/From Internet

DMZCore Switches

Internal Network

External Routerwith ACL

Internal Router

Internet

INTERNAL NETWORKS

COL-ACT-STA-

1 2 3 4 5 6 7 8 9101112HS1 HS2 OK1 OK2 PS

CONSOLE

Connecting Switch

To/From Internet

To/From Internal

BEFOREThe Firewall

Firewall Phase 1

Core SwitchesInternal Network

FIREWALL

External Router

Internal Routerwith ACL

Internet

INTERNAL NETWORKS

COL-ACT-STA-

1 2 3 4 5 6 7 8 9101112HS1 HS2 OK1 OK2 PS

CONSOLE

Connecting Switch

To/From Internet

To/From Internal

To/From Internet

DMZ

Firewall Phase 2

Enterprise Systems

SecureNetwork

Enterprise Systems

InternalFirewall

Enterprise Systems

InternalFirewall

Securing from All Attacks

Intrusion Prevention System (IPS) TippingPoint UnityOne 2400 #1 IPS System in the market 2 Gbps Wire Speed Throughput ~11,000 Attacks/Exploits Prevention Extensive Reporting


SPAM and EMAIL VIRUS PROTECTION

Spam is: Unsolicited Bulk Email (UBE) Unsolicited means that the recipient has not granted verifiable

permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of

messages, all having substantively identical content. A message is Spam only if it is both Unsolicited and Bulk. How do we Protect from Spam?

BrightMail (a Microsoft Partner) BL and WL Content Filtering


Internet

Routing Master TrendMicro Scanmail

Email Anti-virus

BlackberryServer

Outlook Web Access “Webmail”

(load balanced)

SMTP Gateways (load balanced)

Symantec Anti-Virus DNSBL antispam lists

TrendMicroScanmail

Email Anti-VirusBrightmail spam folder agent

Scan Monitor

Storage Area Network (SAN)

Firewall

`

Mobile UsersBlackberry, PDAs,

laptops

Home Users, remote office users

Norfolk State University Exchange 2000 Email Infrastructure

BrightmailAnti-SPAM

Server

1st Line of DefenseCompliance with SMTP Standards

2nd Line of DefenseAntivirus + Anti-SPAM

3nd Line of DefenseAnti-SPAM

Back-End Exchange Mailbox Servers

4th Line of DefenseAnti-Virus

5th Line of DefenseAnti-Virus + Scan Monitor


InternetNSU

Firewall

`

Wired and WiFi Users,Remote NSU Locations

Mobile Users Blackberry, PDAs, Laptops and Wireless

Web Administration and Caching

Web Cache

NSU NETWORKLAN

1

1

2

1

HIT

HIT

HIT

MISSMISS

MIS

SMISS

INVALID

1. A web access is initiated from the LAN2. A content engine examines the

request for policy compliance.• If the request is valid it forwards

it to the cache• If the request is invalid it returns

a message to the user.The Web Cache intercepts the request

• HIT - If the request is in cache it is served from the cache

• MISS - If the request is not in cache it is forwarded to the internet


Web Administration and CachingBEFORE AFTER

Securing from Inside Attacks

Latest Threats and Attacks

Computer Viruses and Worms

Adware, Spyware, Malware, Phishing, Pharming

Bots, Botnets and Rootkits

Buffer Overflows … attacking the stack

Secure yourself … the power of knowledge.

IP CAMERAS


Wireless Coverage

Residence Halls Green Space – Channel 1 Green Space – Channel 11Residence Halls Green Space – Channel 1 Green Space – Channel 11

Site Survey by Elandia Solutions, Inc.

Wireless Security

802.1X PEAP Authentication with Dynamic VLAN Assignment

Ser

ver

Ne

trw

ork

WiFi Network

Guest Network

Student Network

Faculty Network

1 Kno

ck K

nock

2 Who’s There

LDAP Server

RADIUS Server

4 Hi Bob

5 Here’s The Key

6 Com

e on

this

Networ

k

7

8

3 It’s Bob

Security for the End User

Windows and Office Updates http://windowsupdate.microsoft.com http://office.microsoft.com/en-us/officeupdate

Free Antivirus Avast - http://www.avast.com Avg - http://free.grisoft.com

Free Spyware / Malware Removal MS Anti-Spyware (Beta) - http://www.microsoft.com Adaware - http://www.lavasoftusa.com Spybot S&D - http://www.safer-networking.org

Future Enhancements

Previous Wish-List Physical Security

Biometrics? IP Cameras Access Control

Network Security Network Admission Control (NAC) Virtual Private Network (VPN) Network Intrusion Detection System

(NIDS)

Current Wish-List Physical Security

Biometrics?

Network Security Network Admission Control (NAC) Automatic Policy Enforcement

The power of Agents Virtual Private Network (VPN)

Actively Being tested 2- Factor Authentication

The Human Factor

70% of all threats come from within Tailgating Hot Plug Dialup and VPN Shoulder Surfing Unsecured Wireless Social Engineering

Viruses exploit vulnerable programs, Social engineering exploits Vulnerable People.

Super Computing

Reminder WHEN: 12pm to 1pm WHERE: Room 131 (Same Room) WHO:

Kevin HolmanBlackboard System Support Coordinator

Andrea Di FabioInformation Security Officer and Supercomputing Technology Coordinator

WHAT: Super Computers Clusters The Grid Live Cluster Computing Demo Live examples of applications running on the cluster

network security

Documents

outside attacks spam

wireless security

inside attacks latest

inside attacks ip cameras

attacks computer viruses

web cache

ips system

system intrusion