Upload
gervase-baker
View
217
Download
0
Embed Size (px)
Citation preview
Security Infrastructure Panel: Implications for Network Engineering
Dave Dittrich, U. Washington Gary Dobbins, Notre Dame Gerry Sneeringer, U. Md - College Park Jack Suess, U. Md. - Baltimore County
Institutional Differences
Big difference in size Big difference in complexity Big difference in degree of centralization Less difference in staffing
Security Concerns
Securing Windows, DoS attacks - wash User practices, policy formation, policy
adherence, vendor products, and security products that scale - ND
Access controls/IDS at Gigabit speed, coordinating decentralized admins, Resnet - UMCP
Increasing security requirements (HIPAA/GLB), disaster recovery and contingency planning, host security - UMBC
Border Security
All but UW use ACL’s, UW is open UMBC implementing border firewalls ND and UMCP are researching firewall
Is there value in border firewalls?
Interior Network Security
Interior firewall for sensitive areas UW uses logical firewall Snort IDS used by all but UW Security VLAN’s being implemented by UMBC VPN available by all
Should security model be 1-size fits all?Who is responsible for interior security?
Wireless Security
All run open wireless networks All encourage VPN UW prototyping UW-only UMCP implementing Veneer UMBC moving to limit unauth wireless
How are campuses architecting wireless?Is authentication critical?
Host Application Security
Cooperation among security, networks, and sysadmins is critical
Host firewalls being used by all All encourage encryption to varying degrees Virus scanning is done to some degree by all
How do you get cooperation among groups?How do you encourage encryption?How do you encourage Host firewalls?
Recent Security Problem and Cause
Discuss a recent or upcoming security problem Windows - poor user passwords SQL Slammer Hacks for spamming, students paid to spam Sendmail buffer overflow
Does security staff handle RIAA or Spam complaints?
How is policy developed?
Questions and URL’s
Campus Security URL’s www.washington.edu/itsecurity Itsecurity.umd.edu www.nd.edu/~ndoit/virusalert www.umbc.edu/oit/security
QUESTIONS???