190 likes | 333 Views
Information Security Risk Assessment and Plans. NPTF, October 18, 2004. Meeting Objective. Briefly review 2003-2004 objectives Do a reasonableness check on our plans for the next two years prior to costing them out. Security Strategies.
E N D
Information Security Risk Assessment and Plans NPTF, October 18, 2004
Meeting Objective • Briefly review 2003-2004 objectives • Do a reasonableness check on our plans for the next two years prior to costing them out. Version 2.4 10/18/04
Security Strategies • Risk-driven – focus on those opportunities with highest risk reduction bang for the buck. • Make security the default wherever possible. • Achievable, affordable plans. Concrete steps and early deliverables. Extend early successes in subsequent years. • Security-in-depth: prevention, detection, response. • Evaluate a network design and migration strategy that balances availability against security, and capable of supporting broader preventative network security measures. Version 2.4 10/18/04
2003-2004 Activities Version 2.4 10/18/04
Intrusion Detection • A new tool, Arbor Peakflow, allows us to collect and analyze network "flow" info from Penn routers. • This helps us to see lists of • top talkers, • traffic by protocol (web vs email vs p2p vs voice vs video, etc), • traffic by destination service provider (Cogent vs Qwest vs Abilene/Internet2), • and much more. Version 2.4 10/18/04
Intrusion Detection • Peakflow also allows us to identify denial of service (DoS, DDoS) attacks in progress, including sources and protocols, and possible filtering options. • In this role, the ArborPeakflow tools act as a very sophisticated distributed IDS, helping us to do targeting filtering during major network-based attacks. • No dedicated IDS systems needed to be put inline into the network. Netflow data from the routers is used. Version 2.4 10/18/04
2004-2005 Risk Assessment Version 2.4 10/18/04
Proposed Security Plans Version 2.4 10/18/04
Improving Web App Security Version 2.4 10/18/04
Sniffing Version 2.4 10/18/04
New machines arrive on campus Version 2.4 10/18/04
Viruses/Worms Version 2.4 10/18/04
Phishing Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them. Version 2.4 10/18/04
Phishing Version 2.4 10/18/04
Phishing 62-99-200-17.sdsl-line.inode.at Version 2.4 10/18/04
Phishing Version 2.4 10/18/04
Malicious Employee Version 2.4 10/18/04
Patches for Applications Version 2.4 10/18/04
Zero Day Worm Version 2.4 10/18/04