Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
1
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1
R&E campus networks
Jean-Marc UzéLiaison R&E Networks and Institutions,
EMEA
TNC2007, Copenhagen, May 23rd, 2007
2Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Top 3 Key Challenges in Universities1. Security in R&E campus
• A Constant Noise Level• Why is Malware so common?• Why is Malware so prevalent on campus?• Who is responsible ?
2
3Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Constant Noise Level
VirusesSpy-WareMalicious usersScript Kiddies WormsSpam
Your IT staff has to deal with it everyday
4Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Why is Malware so common?Because its so easy…and fun.
3
5Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Why is Malware so prevalent on campus? (1)
Universities generally have:• Very open usage policy for the network• Limited resources focused on prevention and evangelization• Little desire to take steps which stifle creativity or the free exchange of ideas• Uncontrolled set of end-systems, applications, anti-virus, with many laptops
crossing the “border” everyday• Distributed servers in the campus, under different responsibilities, difficult to
coordinate a global security policy
Students generally have: • High intelligence• Motivation / Fun• Lots of free time• Few have bad intentions or just an “underground” fascination
6Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Campus are good platforms for hackers• Easy to penetrate
• Open usage policy (trust -> untrust)
• High speed connection to Internet (Gb/s)
• Perfect platform to attack Internet
Campus provide efficient content delivery platform• Some are public ( e.g. news)
• Universities promote free expression, many servers
• High speed connection to Internet (Gb/s)
• Perfect platform to distribute illegal content
Why is Malware so prevalent on campus? (2)
4
7Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Who is responsible ?NRENs, Regional networks and MANsare just transit providers• They don’t create or host any content,
they don’t have the role of filtering
• They don’t connect end-users
Universities host• End-users and end-systems so potential malicious sources
• Content, so potential illegal content, viruses, worms, etc…
So in the R&E chain, who is the most responsible for security issue ? … The head of the university…
8Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Top 3 Key Challenges in Universities1. Security in R&E campus2. Advanced R&E Services
5
9Copyright © 2005 Juniper Networks, Inc. www.juniper.net
10 Gb/s IP/MPLS backbone with Juniper T640s, M160s, M40s
4 x 10 Gb/s to North America
Dark fiber and WDM optical and SDH technology
Connecting 34 European Countries and 30 National R&E Networks
European connectivity to over 3000 R&E institutions
Advanced Services:IPv6Premium IPMulticast v4 + v6Best EffortLess Than Best EffortLayer 2 VPN
GEANT2 / Dante
Multicast
IP Premium
VPN
IPv6
10Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Juniper Networks supports EumedConnect
JuniperM10i
IT
JuniperM10i
CY
6
11Copyright © 2005 Juniper Networks, Inc. www.juniper.net
The end users: Universities and Research Labs the key role for network services
NationalNationalRENREN
CommodityCommodityInternetInternet
RegionalRegionalRENREN
GigaPoPsGigaPoPsRENREN
MetropolitanMetropolitanRENREN
GEANTGEANTPan EuropeanPan European
RENREN
REN = Research & Education Network
End to End services start in the End to End services start in the Universities and Research LabsUniversities and Research Labs
Multicast
IP Premium
VPN
IPv6
Multicast
IP Premium
VPN
IPv6
Multicast
IP Premium
VPN
IPv6
Multicast
IP Premium
VPN
IPv6 Multicast
IP Premium
VPN
IPv6
UniversitiesUniversities& Research Labs& Research Labs
Supercomputer CentersSupercomputer Centers
(NRN) Exchange Points
Multicast
IP Premium
VPN
IPv6
Multicast
IP Premium
VPN
IPv6
Multicast
IP Premium
VPN
IPv6
Multicast
IP Premium
VPN
IPv6
12Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Assurance vs. Security
Advanced Network Services for High Demanding Applications• Multicast, IPv6, CoS, VPN …
The problems :• Reliable infrastructure
• For both commodity traffic and High Demanding Applications (multiple communities). At the same time being stable and state of the art.
• Security without compromise• Security solutions and/or policies
often kill performances, GRID applications, IPv6, multicast etc…
7
13Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Top 3 Key Challenges in Universities1. Security in R&E campus2. Advanced R&E Services3. Mobility and AAA issue
14Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Mobility and AAA issueThe campus population is diverse and complex• Researchers, Teachers, Students, Administration, Private companies, etc…
• Some use High Demanding Applications (e.g. GRID, Distance learning etc…)
• Some content is critical (administration, genomic database etc…)
• Usage Policy is not enough to control the end-user
• Diversified end-point systems, including private laptops
• Many move from one campus to another, nationally, internationally, for one day up to several months
What can be do to control the flows within the campus and between the campus and external networks ?• For sure the single border firewall approach is becoming obsolete.
8
15Copyright © 2005 Juniper Networks, Inc. www.juniper.net
The Balancing Act
Promote free expression and exchange of ideas
Protect the infrastructure which enables the exchange
16Copyright © 2005 Juniper Networks, Inc. www.juniper.net
Thank You