1 / 13

Security at Line Speed

Security at Line Speed. - Securing Internet2 Networks. Erik Wu, Network Associates Laboratories. Outline. Current State of Internet Security Technology Challenges for Security at Line Speed Research Directions in High-Performance Assurance and Forensics. Increased Attacks. Virus.

lscranton
Télécharger la présentation

Security at Line Speed

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security at Line Speed - Securing Internet2 Networks Erik Wu, Network Associates Laboratories

  2. Outline • Current State of Internet Security • Technology Challenges for Security at Line Speed • Research Directions in High-Performance Assurance and Forensics

  3. Increased Attacks Virus Intrusion Worm SPAM DoS Attack Inside Threat Intrusion

  4. Network Incident Reports are Increasing Source: CMU Computer Emergency Response Team

  5. Rate of Application Vulnerability Identification is Increasing Source: CMU Computer Emergency Response Team

  6. Rate of Infection Spread is Increasing 100,000 80,000 I D n 60,000 e f v 40,000 i c e 20,000 s 0 e c t e d Code Red Nimda Goner Slammer 2,777 6,250 12,500 100,000 Machines Infected per Hour at Peak Source: McAfee AVERT

  7. The Speed Of Attack Accelerates:Slammer Goes Global In 3 Minutes

  8. WebShield VirusScan State of the Security Practice Sniffer SpamKiller

  9. Technology Challenges • Improve performance of network mechanisms • Must match network performance • Packet arrival interval at 10G • 50ns for 64-byte packets • 100ns for 126-byte packets • 200ns for 256-byte packets • Millions of simultaneous traffic flows • Detect attacks • Real-time protocol analysis to understand the context of network traffic • Detect attacks carried in different protocol streams • Response to identified attacks

  10. Technology Challenges • Improve accuracy of network protection mechanisms • Classic issues • Capture traffic at higher line rates • Identify significant patterns in traffic through aggregation & correlation of network events • Extract critical application-level information from network traffic • Present network health, forensics, security information to end-users • Leverage off-line (postmortem) analysis results to improve on-line, real-time analysis processes

  11. Research Directions • Improve both performance and accuracy of network protection mechanisms to secure high-speed networks • Use increasing processor capabilities to • capture packets • handle millions of traffic flows • Develop real-time data mining techniques to identify traffic patterns • High-level protocol analysis and content inspection

  12. Research Directions • Develop effective security policy management for large-scale network security • Abstraction: roles, attributes • Aggregation: treat large sets of network entities identically • Automation: configuration, policy updates • Convert performance cycles to enhance security and availability of applications • Software Virtual Machines • Trusted hardware platforms

  13. Questions?

More Related