Network Security in Academia: an Oxymoron

1
Network Security in Academia an Oxymoron?

• Terry Gray
• Director, Networks Distributed Computing
• Computing Communications
• University of Washington
• April 8, 1999

2
Contradictions

• Researchers want open access
• Clinicians, administrators want closed access
• Everyone wants fast access
• Almost everyone wears more than one hat
• Traditional network security measures are based
  on physical locality and constrained use

3
Threats

• Probing, Sniffing (when done by foes)
• Denial of Service (DOS)
• Penetration
• Account take-over
• Connection hijacking
• Data Crimes
• Theft/Disclosure
• Corruption/Destruction
• Impersonation/Fraud (e.g. web spoofing)

4
Security is not free

• In fact Security is very expensive
• Costs include
• inconvenience
• reduced performance
• complexity management overhead requiring more
  staff, more time
• Use "Appropriate technology"

5
Threat Sources

• Outsiders
• Insiders
• Outsiders who become insiders
• Insiders who become outsidersgtgt Benign neglect
  is also a threat!

6
Security Perimeters

• Physical/Topological
• site
• subnet
• host
• Logical/Organizational
• consortium or community of interest
• enterprise
• campus
• department
• workgroup
• individual

7
Security Policy

• Defining who can/cannot do what to whom...
• Identification and prioritization of threats
• Identification of assumptions, e.g.
• Security perimeters
• Trusted systems and infrastructure
• Policy drives securitylack of policy drives
  insecurity

8
Security approaches (Guns, Fences, Hounddogs,
Camouflage)

• Network
• Perimeter security (Firewalls, NATs)
• Path isolation (Switches, VPNs, IPsec)
• System
• Host OS security (wrappers, patches, etc)
• Application security (SSH, SSL, Steganography...)
• Other
• Vulnerability detection
• Intrusion detection
• Better development tools and developers!

9
Security Usually Implies Isolation

• Network security network isolation
• (what's wrong with that picture?)
• Physical isolation
• Separate wires/fiber
• low-level multiplexing, e.g. TDM
• Logical isolation
• Access control
• Encryption

10
Defense in Depth

• Security is additive
• No single solution
• Examine cost/benefit of each approach vs. cost of
  security incidents
• Focus first on biggest vulnerabilities
• Then knock off the easy to do items

11
Cost Time Inconvenience

• In order of increasing sys-admin time
• Application security
• Vulnerability intrusion detection
• Path isolation (VPNs)
• Perimeter security (Firewalls)
• Host security
• Incident cleanup (compound frustration!)
• In order of increasing user inconvenience
• Vulnerability intrusion detection
• Application security
• Host security
• Path isolation (VPNs)
• Perimeter security (Firewalls)
• Incident cleanup

12
The Dark Side of Firewalls

• Firewalls are often viewed as a security panacea
• But they dont live up to the hype, because they
• Assume fixed security perimeter
• Give false sense of security
• May inhibit legitimate activities
• May be hard to manage
• Won't stop many threats
• Are a performance bottleneck

13
Assessing the value of Firewalls

• Let
• E of attacks originating outside firewall
• B of external attacks actually blocked
• H Number of hosts to be protected
• P Number of security policies
• Firewall Value E B H / P
• In the limit, P may approach H !
• Must weigh cost of managing v. alternatives

14
Campus Network "Firewalls(Router packet
filtering)

• Criteria
• Low impact on network performance
• High degree of campus consensus no flaming CC!
• Can't reasonably be done at end-systems
• Now
• Prevent source address spoofing
• Other possibilities under consideration

15
Even with Firewalls...

• Bad guys arent always "outside" the moat
• One persons security perimeter is anothers
  broken network
• Organization boundaries and filtering
  requirements constantly change
• Security perimeters only protect against a
  limited percentage of threats must examine
  entire system
• Cannot ignore end-system management
• Use of secure applications is a key strategy

16
Conclusions

• Security "pay now or pay later
• No silver bullets, only thankless effort
• Computer ownership has responsibilities Each
  hacked system is a threat to neighbors
• Organizational boundaries rarely map to physical
  topology
• Suggested security priorities Application gt
  Host gt Path gt Perimeter