1 / 16

UNITS meeting September 30, 2004

UNITS meeting September 30, 2004. Network Security Roger Safian r-safian@northwestern.edu. Agenda. Our environment Statistics Why these incidents occur What can be done to prevent them Future improvements Questions. Firewalls. Recommending personal firewalls

sterling-channing
Download Presentation

UNITS meeting September 30, 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNITS meetingSeptember 30, 2004 Network Security Roger Safian r-safian@northwestern.edu

  2. Agenda • Our environment • Statistics • Why these incidents occur • What can be done to prevent them • Future improvements • Questions

  3. Firewalls • Recommending personal firewalls • Typically Zone Alarm or XP firewall • Some departments have traditional firewalls • This number is growing • Central IT has a purchasable solution

  4. Optional Router Filters • Block traffic from entering NU’s network • On more than 75% of the network • Use VPN to bypass filters • Ports filtered • MS networking - 135, 137, 138, 139, 445 • Unix NFS & portmapper - 111, 2049 • MS Terminal Services - 3389 • MS SQL – 1433, 1434

  5. Packeteer • Classifies traffic by application • Per application bandwidth partitioning • Mainly P2P • Enforces service level agreements • Research park • Provides detailed flow information • Very limited data lifespan

  6. Flow Data • Statistical data from border router • Sampled – 1 in 100 packets • Source and Destination address • Source and Destination ports • Byte count • Timestamp • Used to produce top 20 reports

  7. Intrusion Detection System • We use two solutions in parallel • StealthWatch • A statistical/anomaly based system • Currently two devices • One at the border the other at 2020 Ridge • Snort • Currently 15 devices

  8. Get Control • Home for NU security and virus warnings • Updated frequently • Has tips on staying secure • Contains instructions on removing viruses • Links to online removal tools • http://www.it.northwestern.edu/security/index.html • http://www.it.northwestern.edu/5steps/

  9. FY 2002/2003 Virus = 1166 Compromised = 727 Total incidents = 3042 9/1/02 – 8/31/03 FY 2003/2004 Virus = 7976 Compromised = 467 Total incidents = 9264 9/1/03 – 8/31/04 Statistics

  10. Why these incidents occur? • Weak Passwords • All machines and accounts need passwords • Use rules similar to the NetID rules • Opening viral attachments • Don’t open unexpected attachments • Only open specific types of extensions • Make sure to look at the LAST extension

  11. Why these incidents occur? (2) • Updates not applied • Ensure Windows update runs automatically • Don’t forget about layered products • Network use • P2P • Be careful when clicking on links

  12. Why these incidents occur? (3) • Out of date anti-viral software • Ensure you install the NU supplied software • Set to update automatically EVERY day • Blended Threats • Multiple attack vectors directed at hosts • Home Networks • Frequently attacked with little monitoring

  13. Why these incidents occur? (4) • Lack of firewall • Even if user has one they don’t understand it • Often installed after the infection • Not a good idea • This is most serious on home networks • Mitigated by routers with NAT

  14. NUSA • Network User Status Agent • Automatic notification • Two events port off and display • Allows authorized users to re-enable ports • Accepts input from other sources • Future use as data correlation agent • Current systems are stand-alone

  15. NetPass • Current system NetReg • Deployed in the dorms • Associates MAC address with NetID • Checks for 3 vulnerabilities • NetPass • Checks for 25 vulnerabilities • Includes self-remediation

  16. Questions? • Contact Information • 1-847-491-4058 • 1-847-467-6662 (NOC 24x7) • security@northwestern.edu • r-safian@northwestern.edu

More Related