1 / 15

Salsa Bits: A few things that the analysts aren't talking about...

This article explores overlooked topics in campus security, including DNS security, sector-based security operations, impact of attacks on infrastructure, evolving perimeter defense strategies, and the importance of federated identity management.

jolie-davidson
Download Presentation

Salsa Bits: A few things that the analysts aren't talking about...

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Salsa Bits: A few things that the analysts aren't talking about... December 2006

  2. What analysts are saying is important (and we agree) • Protecting sensitive data • Not just the enterprise data, but the researcher data • Identity management • In higher-ed, there's a lot of business process and policy issues as well as technology • Malware (viruses, worms, spyware, etc.) • Distributed denial of service attacks

  3. What analysts haven't started to talk about yet... • The strategic importance of and expanding reliance on DNS • The value of sector-based security operations and the REN-ISAC • {Spam, DDOS, etc} and its impact on the infrastructure • Evolving firewall management strategies to accommodate advanced applications • Federated identity and leveraging it for access control

  4. Domain Name System (DNS) • DNS is the foundational service of the network; no service works without it. • DNS itself needs better security • Vulnerable to several attacks and can be exploited for other attacks • Remedial steps (e.g. DNSSec) face critical bootstrap and mass adoption value • DNS as the basis for many security enhancements • Spam control mechanisms will leverage it • Federated security services depend on it • EDUCAUSE oversees .edu; chance for higher-ed to lead

  5. Takeaway: Domain Name System (DNS) • Make sure the campus DNS operations are adequately supported; check out www.dnsreport.com • Campus DNS operations should plan to work with applications • Make sure that you’re not part of the problem – filter outgoing spoofed traffic, don't operate open recursive servers, etc...

  6. Sector-based security services • Of the initial sector oriented security analysis centers, the best remaining one is the REN-ISAC • New technical and advisory groups • Today, offers early warning services gleaned from Abilene traffic, identification of botnets, interactions with DHS and vendors, exchanges with other cooperative security efforts • Tomorrow, it could build better analytic tools, inter-realm security exchanges, and other community-based security services

  7. Takeaway: Sector-based security • Make sure your campus is plugged in: • To the REN-ISAC trust community – it is a vehicle for sharing real time security information • To the various lists that discuss sector security issues, e.g. the higher-ed mail admin list, the EDUCAUSE security list • Understand that our distinctive requirements will require common security approaches

  8. Attacks and their impacts on infrastructure • IETF concerns at the amount of unwanted traffic… • Chronic threats – e.g. spam, botnets, etc are dramatically up and more resistant to remedies • Better tuned MS machines have significantly increased the DDOS potentials • Stress the campus infrastructure – mail servers, spam filters, firewalls, etc.

  9. Takeaway: Attacks and their impacts • Harden the infrastructure • High capacity networking links should include high capacity security mechanisms • New retention laws, rise of spam, etc. may change the way we choose to communicate

  10. Evolving perimeter defense strategies • From the network perimeter to defense in depth • The starbucks effect • The internal threats • Push the protection perimeter as close to the edge as feasible • Need to deal with optical bypass • Need to be flexible for different requirements • Credit card requirements can factor in

  11. Evolving perimeter defense tradeoffs • Understand that perimeter defense security tools often involve tradeoffs • VPN – security and opacity • NAT – isolation and loss of collaboration • Firewalls and performance • Additional perimeters increase the complexity of problem diagnosis

  12. Takeaway: Evolving perimeter defense • Be prepared for changes to accommodate team science. Trust-mediated transparency will leverage identity management • Be aware that fundamental network architecture discussions are examining clouds of gated communities vs. a network utility • Mean time to diagnose and support implications • Monitor, audit, non-repudiation • moving beyond forensics to situational awareness and active management

  13. Federated identity • As touted, Identity Management is urgent and important • Federated identity leverages institutional Identity Management in inter-institutional settings • By itself federated identity can provide significant security value. • Enables flexible LOA's, improves privacy, etc. • As a new layer of infrastructure, it can be leveraged to provide new security services • Improved guest access usability and accountability • Privilege management for virtual organizations

  14. Takeaway: Federated Identity • Make sure your campus is coming to grips with IdM • Business owners, data stewards, external constituency services (alumni, facilities management, etc), central IT • Understand the policies, the state transitions and their triggers, the privileges per state, etc • Check out the www.nmi-edit.org/ web site and CAMPS. • Prepare for federation • Internal federations with medical schools, engineering colleges, etc. • Install federating software, e.g. Shibboleth • Identify policy issues and groups to work on them • Understand the value of strategic use of two factor authentication

More Related