100 likes | 121 Views
Understand the concept of a Science DMZ and how to optimize network security for high-performance scientific applications. Learn about tuning security for performance, including ACLs, network protection, and more. Contact Steve Lovaas for more information.
E N D
Security on a (Science/Research) DMZ Steve Lovaas Colorado State University Westnet: 9 June 2014
What’s THIS Presentation About?The Science or Research DMZ DMZ?
DMZ SecurityFree-for-all? Contradiction? Least secure Actor A The World Agreement: no hostility here No agreement; policing Less secure Actor B Us Most secure
Caveat:DMZ in higher education networks Least secure The World Less secure Us Most secure
Next-Gen or Last-GenOne small step… backwards? PORT SESSION APPLICATION Speed Protection
What Then Shall We Do?Tune for performance, monitor, secure appropriately The Science DMZ: “…a portion of the network, built at or near the campus or laboratory’s local network perimeter that is designed such that the equipment, configuration, and security policies are optimized for high-performance scientific applications rather than for general-purpose business systems or ‘enterprise’ computing.” fasterdata.es.net/science-dmz
Tuning Security for Performance • ACLs for well-defined applications • Separate from campus LAN • No users • Host protection • Port blocking, rootkit detection, log analysis • Network protection • SNMP, flows, IDS, black-hole routing
Questions? Steve Lovaas Steven.Lovaas@ColoState.edu @srlovaas