Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

Computing Systems

Computing Systems

Informatics Computing Staff jottings

Recently-completed network security projects

Last year I wrote about a couple of network security projects which were in their early stages of development.  As the last of these has recently completed, I thought it might be useful to summarise their outcomes.

We have had edge filtering in place for a long time, since we ran Solaris on Suns in fact, configured automatically from our machine configuration system (lcfg).  This has proved to be very successful in practice.  Our main edge routers typically reject a couple of million bogus packets per day, though this is still rather less than 0.5% of their total throughput.  We mostly don’t log this in detail, as there’s just too much of it and most of it isn’t very interesting, but we do have a couple of externally-visible machines which log more extensively.  These show several thousand scans per day, mostly for various Microsoft services, against individual IP addresses which have not been in use for several years.

The first of the projects I mentioned was “Scanning for Compromised Machines“.  After some investigation of our own, we learned that the University would be buying in to the ESISS scanning tool.  We now have this in use, regularly scanning all machines (managed and self-managed) with open firewall holes.  This has proved to be reasonably successful, and has thrown up a number of cases for further investigation.  Where these are with self-managed machines, we follow up with the machine’s manager to have any vulnerabilties closed down.

The other project was a pilot Intrusion Detection System.  This was a useful exercise, and the experience gained will certainly be helpful if we do later implement this as a full service, though overall the result was rather less useful than the “Scanning” project for reasons which are listed in more detail in the report.  In summary, though, the reports it produces are rather noisy due to our heterogeneous environment, and the rules we use are a couple of weeks or so behind the leading edge so we tend to hear about (and patch!) vulnerabilities through other routes before they start to show in the reports.  We’ll leave the pilot system running, so long as it doesn’t interfere with the proper functioning of our network, but there would still be quite a bit of work required to bring it up to production standard, and that effort just isn’t available at the moment as a result of the SL7 upgrades and the Appleton Tower decant.

Recently-completed network security projects / Computing Systems by is licensed under a

Posted by

Categories

Uncategorized

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Recently-completed network security projects / Computing Systems by is licensed under a
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel