1 / 14

uw network security 2003

uw network security 2003. Terry Gray University of Washington Computing & Communications 17 October 2003. UW campus network (backbone). border router. border router. backbone switches. ~ 30 level one routers. subnets (733 total; 150 c&c); over 60,000 live devices.

morag
Télécharger la présentation

uw network security 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. uw network security2003 Terry Gray University of Washington Computing & Communications 17 October 2003

  2. UW campus network (backbone) border router border router backbone switches ~ 30 level one routers subnets (733 total; 150 c&c); over 60,000 live devices

  3. UW campus network (typical subnet) Level One Router • campus subnets are a mixture of • shared 10Mbps • switched 10Mbps • switched 10/100Mbps Aggregation Switch Edge Switch Edge Switch Edge Switch

  4. network facilities

  5. typical core routers

  6. campus network traffic

  7. Pacific Northwest Gigapop • The PNW’s access point to next generation Internets, including Internet2, high performance USA Federal Networks, and high speed commodity Internet • A high speed peering point for regional and international networks • R&D testbed inviting national and international experimentation with advanced Internet-based applications

  8. Pacific Northwest Gigapop national & internat’nl nets Internet2 3 diverse network providers • Internet2 2.5Gbps • (10Gbps upgrade underway) • Three different 1Gbps • connections to the Internet • Multiple gigabits of connections • to other networks 30+ network customers uw border uw border

  9. K20 Network Sites Public Baccalaureate (50) Community/Technical College (73) K-12 (307) Library (65 in process) Independent Colleges (9 approved)

  10. seven security axioms • Network security is maximized when we assume there is no such thing. • Large security perimeters mean large vulnerability zones. • Firewalls are such a good idea, every computer should have one. Seriously. • Remote access is fraught with peril, just like local access. • One person's security perimeter is another's broken network. • Isolation strategies are limited by how many PCs you want on your desk. • Network security is about psychology as much as technology. Bonus: never forget that computer ownership is not for the feint-hearted.

  11. credo • focus first on the edge(perimeter protection paradox) • add defense in depth as needed • keep it manageable • provide for local policy choice... • avoid one-size-fits-all

  12. gray’s defense-in-depth conjecture • MTTE (exploit) = k * N**2 • MTTI (innovation) = k * N**2 • MTTR (repair) = k * N**2where N = number of layers

  13. C&C security activities • logical firewalls • project 172 • network infrastructure protection • reverse IDS (local infection detection) • auto-block; self-reenable • traffic monitoring tools • who/where traceability tools • nebula • proactive probing • honeypots • security operations • training; consulting

More Related