GÉANT: A Defense in Depth Approach to Securing a 100 Gb/s Network · 2012-07-12 · connect •...
Transcript of GÉANT: A Defense in Depth Approach to Securing a 100 Gb/s Network · 2012-07-12 · connect •...
connect • communicate • collaborate
GÉANT: A Defense in Depth
Approach to Securing a 100 Gb/s
Network
Wayne Routly, DANTE
Summer 2012 ESCC/Internet2
Joint Techs
San Francisco , July 2012
connect • communicate • collaborate
Agenda
GÉANT : Who What How
Defence in Depth - A Layered Approach
NSHaRP & Netreflex
– Technologies & Services
NfSen
– Community Based Solutions
Splunk
– Commercial Systems
Network Aspects
– Baseline Security Aspects
In Conclusion
2
connect • communicate • collaborate
GÉANT : Who What How
State of the Art Pan-European Network
…..Transit Network….ISP
18 Physical Pops
40 Gb/s links -> 100Gb/s
TB of Data shifted
10 Million+ IPs
100 Workstations
Unusual Traffic
Truly Global
Interconnects
NRENs - 38
Commercial & Commodity Traffic
3
connect • communicate • collaborate
Defence in Depth - A Layered Approach
Independent Layers – Greater Control
Avoid Eggs in Basket Approach - Mix of Technologies
Scalable
connect • communicate • collaborate
NSHaRP
Mechanism to Quickly and Effectively
inform affected users
Adds Value - Serves as an extension to NRENs CERT
An Automated Incident Notification & Handling System
Extends NRENs detection and mitigation capability to GEANT borders
Innovative and Unique - Caters for different types of requirements
Supported with GEANT NOC TTS
connect • communicate • collaborate
NSHaRP - Netreflex
Netreflex 2.5 (2.9)
BGP, IS-IS & Netflow Mashup
– Path Through Network
Anomaly Detection & Alerting
– Diverse Pallet
Ability to create profiles…..lots of profiles
– New Peering's
Expandable Anomaly Type capability
– New Event Types
Can also be used by the NOC
– Traffic Analysis
connect • communicate • collaborate
Netreflex – Anomaly Detection
connect • communicate • collaborate
Netreflex – Anomaly Analysis
connect • communicate • collaborate
NfSen – Netflow Sensor
A graphical web based front end for nfdump.
Display your netflow data: Flows, Packets and Bytes using RRD (Round
Robin Database).
Easily navigate through the netflow data.
Process the netflow data within the specified time span.
Create history as well as continuous profiles.
Set alerts, based on various conditions.
Write your own plugins to process netflow data on a regular interval.
connect • communicate • collaborate
NfSen – Graphing Netflow
Graph Flows from Multiple Routers
View Time Slice / Window
Protocol / Packet / Flows
Analyse Flows (Incidents)
Dimensional
Near Zero Day Analysis
connect • communicate • collaborate
NfSen – Alerting
connect • communicate • collaborate
Splunk – Log Level Analytics
Project Completion September 2012
Provide Visibility of Low “Noise” Events
Non Netflow
Trends
Consolidate Logging
Across Departments
Across Roles
Reporting Aspects
Big Picture
Today vs. Yesterday
connect • communicate • collaborate
Network Layer Protections
IP Network Segmentation
Zones (IPv4 & IPv6)
Standardised Firewall Filters
Rapid Deployment
Security Baseline – Day 1
Access Control
– Radius-Based Authentication
– Restrict Protocols (Management)
Penetration Testing
– Confirm Best Practice
GEANT
DANTE
POR
T 44
3
POR
T 13
9
PO
RT
22
PENETRATION TESTING
connect • communicate • collaborate
In Conclusion
GÉANT : Who What How
Why Defence in Depth?
1st Layer
NSHaRP & Netreflex
2nd Layer
NfSen
3rd Layer
Splunk
4th Layer
Network Layer Protections
connect • communicate • collaborate
Questions?