network security
DESCRIPTION
TRANSCRIPT
![Page 1: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/1.jpg)
Company
LOGO
NETWORK SECURITY
Protecting NSU Technological Assets
Andrea Di Fabio – Information Security Officer
![Page 2: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/2.jpg)
Agenda
1. Security • Internet Connection• Network Devices• Wireless Devices• Firewall and Port Filtering• Encryption and VPN• IDS and IPS• Web Administration• Latest Threats and Attacks• Logs• Physical Security
2. Security Demo• IPS Console• Firewall Management & Logs• Authentication and Users Tracking
3. Supercomputing and Clusters• A Cluster Demo
1. Security • Internet Connection• Network Devices• Wireless Devices• Firewall and Port Filtering• Encryption and VPN• IDS and IPS• Web Administration• Latest Threats and Attacks• Logs• Physical Security
2. Security Demo• IPS Console• Firewall Management & Logs• Authentication and Users Tracking
3. Supercomputing and Clusters• A Cluster Demo
![Page 3: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/3.jpg)
Securing Technological Assets
MISSION Secure and Safeguard NSU Technological
assets from unauthorized use. Insure conformity to NSU policies Proactively prevent system intrusion and
misuse Investigate and respond to threats
![Page 4: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/4.jpg)
Securing The Network
![Page 5: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/5.jpg)
Securing from Outside Attacks
FIREWALL Nokia IP 530 w/ Checkpoint NG AI R55 507 Mbps Firewall Throughput 115 Mbps VPN Throughput 155 Mbps Internet Connection (OC3)
![Page 6: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/6.jpg)
Securing from Outside Attacks
Core SwitchesInternal Network
FIREWALL
External Router
Internal Routerwith ACL
Internet
INTERNAL NETWORKS
COL-ACT-STA-
1 2 3 4 5 6 7 8 9101112HS1 HS2 OK1 OK2 PS
CONSOLE
Connecting Switch
To/From Internet
To/From Internal
To/From Internet
DMZCore Switches
Internal Network
External Routerwith ACL
Internal Router
Internet
INTERNAL NETWORKS
COL-ACT-STA-
1 2 3 4 5 6 7 8 9101112HS1 HS2 OK1 OK2 PS
CONSOLE
Connecting Switch
To/From Internet
To/From Internal
BEFOREThe Firewall
Firewall Phase 1
Core SwitchesInternal Network
FIREWALL
External Router
Internal Routerwith ACL
Internet
INTERNAL NETWORKS
COL-ACT-STA-
1 2 3 4 5 6 7 8 9101112HS1 HS2 OK1 OK2 PS
CONSOLE
Connecting Switch
To/From Internet
To/From Internal
To/From Internet
DMZ
Firewall Phase 2
Enterprise Systems
SecureNetwork
Enterprise Systems
InternalFirewall
Enterprise Systems
InternalFirewall
![Page 7: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/7.jpg)
Securing from All Attacks
Intrusion Prevention System (IPS) TippingPoint UnityOne 2400 #1 IPS System in the market 2 Gbps Wire Speed Throughput ~11,000 Attacks/Exploits Prevention Extensive Reporting
![Page 8: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/8.jpg)
Securing from Outside Attacks
SPAM and EMAIL VIRUS PROTECTION
Spam is: Unsolicited Bulk Email (UBE) Unsolicited means that the recipient has not granted verifiable
permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of
messages, all having substantively identical content. A message is Spam only if it is both Unsolicited and Bulk. How do we Protect from Spam?
BrightMail (a Microsoft Partner) BL and WL Content Filtering
![Page 9: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/9.jpg)
Securing from Outside Attacks
Internet
Routing Master TrendMicro Scanmail
Email Anti-virus
BlackberryServer
Outlook Web Access “Webmail”
(load balanced)
SMTP Gateways (load balanced)
Symantec Anti-Virus DNSBL antispam lists
TrendMicroScanmail
Email Anti-VirusBrightmail spam folder agent
Scan Monitor
Storage Area Network (SAN)
Firewall
`
Mobile UsersBlackberry, PDAs,
laptops
Home Users, remote office users
Norfolk State University Exchange 2000 Email Infrastructure
BrightmailAnti-SPAM
Server
1st Line of DefenseCompliance with SMTP Standards
2nd Line of DefenseAntivirus + Anti-SPAM
3nd Line of DefenseAnti-SPAM
Back-End Exchange Mailbox Servers
4th Line of DefenseAnti-Virus
5th Line of DefenseAnti-Virus + Scan Monitor
![Page 10: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/10.jpg)
Securing from Outside Attacks
InternetNSU
Firewall
`
Wired and WiFi Users,Remote NSU Locations
Mobile Users Blackberry, PDAs, Laptops and Wireless
Web Administration and Caching
Web Cache
NSU NETWORKLAN
1
1
2
1
HIT
HIT
HIT
MISSMISS
MIS
SMISS
INVALID
1. A web access is initiated from the LAN2. A content engine examines the
request for policy compliance.• If the request is valid it forwards
it to the cache• If the request is invalid it returns
a message to the user.The Web Cache intercepts the request
• HIT - If the request is in cache it is served from the cache
• MISS - If the request is not in cache it is forwarded to the internet
![Page 11: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/11.jpg)
Securing from Outside Attacks
Web Administration and CachingBEFORE AFTER
![Page 12: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/12.jpg)
Securing from Inside Attacks
Latest Threats and Attacks
Computer Viruses and Worms
Adware, Spyware, Malware, Phishing, Pharming
Bots, Botnets and Rootkits
Buffer Overflows … attacking the stack
Secure yourself … the power of knowledge.
![Page 13: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/13.jpg)
Securing from Inside Attacks
![Page 14: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/14.jpg)
IP CAMERAS
Securing from Inside Attacks
![Page 15: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/15.jpg)
Wireless Coverage
Residence Halls Green Space – Channel 1 Green Space – Channel 11Residence Halls Green Space – Channel 1 Green Space – Channel 11
Site Survey by Elandia Solutions, Inc.
![Page 16: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/16.jpg)
Wireless Security
802.1X PEAP Authentication with Dynamic VLAN Assignment
Ser
ver
Ne
trw
ork
WiFi Network
Guest Network
Student Network
Faculty Network
1 Kno
ck K
nock
2 Who’s There
LDAP Server
RADIUS Server
4 Hi Bob
5 Here’s The Key
6 Com
e on
this
Networ
k
7
8
3 It’s Bob
![Page 17: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/17.jpg)
Security for the End User
Windows and Office Updates http://windowsupdate.microsoft.com http://office.microsoft.com/en-us/officeupdate
Free Antivirus Avast - http://www.avast.com Avg - http://free.grisoft.com
Free Spyware / Malware Removal MS Anti-Spyware (Beta) - http://www.microsoft.com Adaware - http://www.lavasoftusa.com Spybot S&D - http://www.safer-networking.org
![Page 18: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/18.jpg)
Future Enhancements
Previous Wish-List Physical Security
Biometrics? IP Cameras Access Control
Network Security Network Admission Control (NAC) Virtual Private Network (VPN) Network Intrusion Detection System
(NIDS)
Current Wish-List Physical Security
Biometrics?
Network Security Network Admission Control (NAC) Automatic Policy Enforcement
The power of Agents Virtual Private Network (VPN)
Actively Being tested 2- Factor Authentication
![Page 19: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/19.jpg)
The Human Factor
70% of all threats come from within Tailgating Hot Plug Dialup and VPN Shoulder Surfing Unsecured Wireless Social Engineering
Viruses exploit vulnerable programs, Social engineering exploits Vulnerable People.
![Page 20: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/20.jpg)
Super Computing
Reminder WHEN: 12pm to 1pm WHERE: Room 131 (Same Room) WHO:
Kevin HolmanBlackboard System Support Coordinator
Andrea Di FabioInformation Security Officer and Supercomputing Technology Coordinator
WHAT: Super Computers Clusters The Grid Live Cluster Computing Demo Live examples of applications running on the cluster
![Page 21: Network Security](https://reader034.vdocuments.mx/reader034/viewer/2022051608/545631f9af79591d5a8bb20c/html5/thumbnails/21.jpg)
Q&A