1 / 21

NETWORK SECURITY

NETWORK SECURITY. Protecting NSU Technological Assets. Andrea Di Fabio – Information Security Officer. Agenda. Security Internet Connection Network Devices Wireless Devices Firewall and Port Filtering Encryption and VPN IDS and IPS Web Administration Latest Threats and Attacks Logs

Rita
Télécharger la présentation

NETWORK SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NETWORK SECURITY Protecting NSU Technological Assets Andrea Di Fabio – Information Security Officer

  2. Agenda • Security • Internet Connection • Network Devices • Wireless Devices • Firewall and Port Filtering • Encryption and VPN • IDS and IPS • Web Administration • Latest Threats and Attacks • Logs • Physical Security • Security Demo • IPS Console • Firewall Management & Logs • Authentication and Users Tracking • Supercomputing and Clusters • A Cluster Demo

  3. Securing Technological Assets MISSION • Secure and Safeguard NSU Technological assets from unauthorized use. • Insure conformity to NSU policies • Proactively prevent system intrusion and misuse • Investigate and respond to threats

  4. Securing The Network

  5. Securing from Outside Attacks FIREWALL • Nokia IP 530 w/ Checkpoint NG AI R55 • 507 Mbps Firewall Throughput • 115 Mbps VPN Throughput • 155 Mbps Internet Connection (OC3)

  6. Securing from Outside Attacks

  7. Securing from All Attacks Intrusion Prevention System (IPS) • TippingPoint UnityOne 2400 • #1 IPS System in the market • 2 Gbps Wire Speed Throughput • ~11,000 Attacks/Exploits Prevention • Extensive Reporting

  8. Securing from Outside Attacks SPAM and EMAIL VIRUS PROTECTION • Spam is: Unsolicited Bulk Email (UBE) • Unsolicited means that the recipient has not granted verifiable permission for the message to be sent. • Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content. • A message is Spam only if it is both Unsolicited and Bulk. • How do we Protect from Spam? • BrightMail (a Microsoft Partner) • BL and WL • Content Filtering

  9. Securing from Outside Attacks

  10. Securing from Outside Attacks • A web access is initiated from the LAN • A content engine examines the request for policy compliance. • If the request is valid it forwards it to the cache • If the request is invalid it returns a message to the user. • The Web Cache intercepts the request • HIT - If the request is in cache it is served from the cache • MISS - If the request is not in cache it is forwarded to the internet

  11. Securing from Outside Attacks Web Administration and Caching BEFORE AFTER

  12. Securing from Inside Attacks Latest Threats and Attacks • Computer Viruses and Worms • Adware, Spyware, Malware, Phishing, Pharming • Bots, Botnets and Rootkits • Buffer Overflows … attacking the stack • Secure yourself … the power of knowledge.

  13. Securing from Inside Attacks

  14. Securing from Inside Attacks IP CAMERAS

  15. Site Survey by Elandia Solutions, Inc. Wireless Coverage

  16. Wireless Security 802.1X PEAP Authentication with Dynamic VLAN Assignment

  17. Security for the End User Windows and Office Updates • http://windowsupdate.microsoft.com • http://office.microsoft.com/en-us/officeupdate Free Antivirus • Avast - http://www.avast.com • Avg - http://free.grisoft.com Free Spyware / Malware Removal • MS Anti-Spyware (Beta) - http://www.microsoft.com • Adaware - http://www.lavasoftusa.com • Spybot S&D - http://www.safer-networking.org

  18. Future Enhancements Previous Wish-List • Physical Security • Biometrics? • IP Cameras • Access Control • Network Security • Network Admission Control (NAC) • Virtual Private Network (VPN) • Network Intrusion Detection System (NIDS) Current Wish-List • Physical Security • Biometrics? • Network Security • Network Admission Control (NAC) • Automatic Policy Enforcement • The power of Agents • Virtual Private Network (VPN) • Actively Being tested • 2- Factor Authentication

  19. The Human Factor • 70% of all threats come from within • Tailgating • Hot Plug • Dialup and VPN • Shoulder Surfing • Unsecured Wireless • Social Engineering • Viruses exploit vulnerable programs, Social engineering exploits Vulnerable People.

  20. Super Computing • Reminder • WHEN: 12pm to 1pm • WHERE: Room 131 (Same Room) • WHO: • Kevin Holman Blackboard System Support Coordinator • Andrea Di Fabio Information Security Officer and Supercomputing Technology Coordinator • WHAT: • Super Computers • Clusters • The Grid • Live Cluster Computing Demo • Live examples of applications running on the cluster

  21. Q&A

More Related