Networks ∙ Services ∙ People www.geant.org Fotis Gagadis WISE Workshop, Barcelona.ES Security in Europe’s Research and Education Network GÉANT - Implementing Security at Terabit Speed 20 October 2015 Security Officer Wayne Routly Head of Information & Infrastructure Security
20
Embed
Networks ∙ Services ∙ People Fotis Gagadis WISE Workshop, Barcelona.ES Security in Europe’s Research and Education Network GÉANT - Implementing.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Networks Services People ∙ ∙ www.geant.org
Fotis Gagadis
WISE Workshop, Barcelona.ES
Security in Europe’s Research and Education NetworkGÉANT - Implementing Security at Terabit Speed
Dear NREN, We have detected a CAT. event affecting your network. All the information pertaining to it can be found below: ============= #Start Time: 2015-05-14 01:56:04 UTC#Protocol: UDP#Source IP: x.y.z.t#Target IPs: a.b.c.d#Ports: 60312 #Evidence: Source IP;Source port;Destination IP;Destination port;Protocol;Timestamp;Duration;Transferred;Packets;Flags;Source AS;Destination ASx.y.z.t;a.b.c.d;60312;UDP;2015-05-14 02:56:04.566;0;84500;500;......;36351;766 ============= If you wish to reply to this email please leave the subject unaltered so the ticket can be updated accordingly. If no response is received, this ticket will be automatically closed after 5 working days. Regards, GEANT [email protected] (PGP Key ID: 99833085 / Fingerprint: 3CBF F211 8305 635D 5839 BB27 BA6B F34A 9983 3085)Phone no.: +44 (0)1223 866 140
One event per mail for the most critical eventsDaily report for the less critical and/or “noisy” ones:
• Filter / Block• You can request the Security Team to Filter / Block traffic from and or to a
specific IP and or prefix. Specific port ranges can be included in this block. The OC Security Team will apply this block for a period of time after which you will be given the option to remove the block or have it kept in place.
• Monitor• You can request the OC Security Team to monitor this incident for a specific
period of time. After the time has elapsed and you request the ticket to be closed, the Security team will inform you of all incidents linked to the original ticket if any have been alerted.
• Investigate• You can request the OC Security Team to provide additional information
about the incident. For example, you may require additional flow records for a larger time window.
• Nothing• Ticket closes automatically after 5 working days
Networks Services People ∙ ∙ www.geant.org
Firewall on Demand - Next Generation Firewall FilteringDesigned and Developed by GRnet
BGP Flowspec defined in RFC 5575Layer 4 (TCP and UDP) firewall filters distributed in BGP on both a intra-domain and inter-domain basis
• Benefits• Gives users flexibility; Alternative Use Cases?• AAI
• NREN Credentials to login and stop attacks• Limit Accidental & Damaging blocks
• Automation: Integration with other systems (NSHaRP)
Networks Services People ∙ ∙ www.geant.org
18
Firewall on DemandInterface
Networks Services People ∙ ∙ www.geant.org
1. Take a holistic approach towards defending your network• Understand the risks the organisation faces• Collate, correlate, and automate your capabilities
2. Make changes that have significant impacts• Use tools that radically improve your capabilities• Use tools that provide flexibility
ConclusionsDelivering a Comprehensive & Future-Driven Security Eco-System benefiting the GÉANT Community