Network and Systems - University of Glasgow
Download
Report
Transcript Network and Systems - University of Glasgow
Network and Systems
Security
Security Awareness, Risk
Management, Policies and Network
Architecture
What’s all the fuss about
Why is network and systems security
important?
Do we have a problem at Glasgow?
If we do how should we deal with it?
Why is network and systems
security important?
Classic view is to ensure the Integrity,
confidentiality and availability of data
However Security Incidents present other
problems. e.g.
Legal threats – Copyright infringements, DoS
attacks, hacking attempts, Unacceptable content
Wastes valuable resources – Staff time, bandwidth
Bad PR
Do we have a problem at
Glasgow?
YES!
Data leakage – Definite e.g password files SAM
db
System compromise – Definite e.g RootKit,
Blaster, Nachi, MyDoom
Legal threats – Definite e.g various requests to
remove content or investigate system misuse
Resources – Definite e.g 6FTE from CS alone to
deal with RootKit/Blaster and Nachi
Router performance badly affected by external and
internally sourced DoS attacks
So how should we deal with
this problem?
The proposed strategy is as follows;
Produce and maintain Risk register and associated Risk
reduction measures
Agree set of Policies and Guidelines that would address
specific areas of concern
Agree a Network Architecture that would reduce the
exposure of Networked systems and provide Inherent
containment measures
Establish a Computer Incident Response Team to handle
incidents in a structured and coordinated way
Raise awareness of Security issues. Security is not
someone else’s problem it affects everyone and everyone
has a role to play
Risk Register
Information Security working group has
produced a draft Risk register and is
working on costing the Risk reduction
measures
Security Policies and
Guidelines
The Universal Access and Information
Security working groups have produced a set
of draft Policies and Guidelines for
consultation
These are not meant to place unnecessary
barriers in the way of users doing their
legitimate work
They are not tablets of stone but rather
starting points that will evolve and develop
with time and experience
Policies and Guidelines
The general aims of these would be to define
the University’s security requirements with
respect to;
Campus Network
Who can connect
What can and can’t be connected
How do systems connect
What address and name space can be used
What services can be run
What services can be accessed
What security measures should be implemented
Policies and Guidelines
General aims
Network and Systems Monitoring
Informs users of the extent that network activities may be
monitored
Identifies what personnel may be authorised to perform
monitoring functions
Highlights the ethics, procedures and safeguards
employed
Identifies what information may be gathered
Identifies how long information is stored
Outlines the purpose information may be used for
Policies and Guidelines
General aims
Wireless LANs
Establish the rules and support requirements for WLAN
deployments
Prevent (or arbitrate) interference issues between WLAN
deployments
Help safeguard the integrity of the University’s
information technology resources
Ensure that WLAN security and performance issues are
understood
Policies and Guidelines
General aims
Bastion Host
Ensure that critical University servers are managed with
appropriate levels of security
Define the overheads wrt management, operation and security
functions associated with deploying a network server
Identify all network servers and establish their purpose, security
requirements, user base and support staff
Limit the exposure of network servers to those apps that are
critical for their primary purpose
Establish ACLs for specific IP applications. ACLs would restrict
access to specific IP apps to those servers that have been
registered to provide them
Policies and Guidelines
General aims
Guidelines for Systems and Network
Administrators
Defines the roles of system and network administrators
from a network and systems security perspective
Password Policy – Establishes a standard for
The creation of strong passwords
The protection of those passwords
The recommended frequency of change for those
passwords
Proposed Network
Architecture
General Network Architecture Goals
Reduce Network systems exposure
Provide inherent containment measures
How?
Implement server registration process (Bastion
host policy)
Implement client and server nets
Implement security Access Control Lists (ACLs) to
protect client and server nets
Proposed Network
Architecture
(Existing)
Client
Probes
Server
Client
All traffic in/out
Full exposure no containment
Router
probes
Campus Network
Proposed Network
Architecture
(Intermediate)
Server-1
probes
probes
Client
Client
Server-1 traffic in/out – limited exposure Server-1 ACLs)
Client traffic in/out – some containment
Router
Campus Network
Proposed Network
Architecture
(Final)
Bastion
Host
Server-1
Client
Client
probes
ACLs
ACLs
Server-1 Traffic in/out
Targeted exposure and Router
containment
Client Traffic in/out
Containment and limited
exposure
Campus Network
Establish Computer Incident
Response Team (CIRT)
The purpose of the CIRT would be twofold;
Firstly to work with all relevant University
constituents to implement proactive measures
aimed at reducing the risk and or impact of a
computer or network security incident
Secondly to manage, direct and assist University
constituencies in responding to such incidents
when they occur
Raise Awareness of
security Issues
How?
Message is that security affects everyone and
everyone has a role to play
Security events
Role of security coordinator
Like this one
Manage UGCirt
Cirt web site
Security training courses/seminars
Security awareness built into other courses