Network Security and Applications

The EDUCAUSE/Internet2 Computer and Network Security Task Force (STF) provides a focal point for the academic community to join together to strengthen the ability of the higher education sector to respond to growing threats to information security and to protect the privacy of our community members. This strategic plan is intended to set forth a vision for the higher education community and provide a concise roadmap to guide the efforts of the STF. This roadmap emphasizes continuous and evolutionary community investment in converting our understanding of risks and issues into solutions based on effective practices, as well as the urgent need to build the national capability across the higher education sector to respond quickly and effectively as a community to new threats and vulnerabilities.

When discussing video surveillance with campus police and IT departments at various schools and universities, I frequently hear an undercurrent of distrust between the two groups.

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. This report seeks to answer the following questions;

• Who is behind data breaches?
• How do breaches occur?
• What commonalities exist?
• Where should mitigation efforts be focused?

PCI compliance can be daunting, particularly in a university network environment. Notre Dame chose a data center within a data center approach to simplify compliance and minimize integration issues. This project includes implementing the data center, a virtual network to support point-of-sale devices, and related operational procedures.

This report outlines the secure development methods and integrity controls currently used by SAFECode members to deliver high-assurance systems to government and commercial customers.

Community updates from EDUCAUSE/Internet2 Security Task Force, InCommon, OpenScience Grid, Research and Education Networking Information Sharing and Analysis Center (REN-ISAC), TeraGrid, and the U.S. Department of Energy Computer Incident Advisory Capability.

Science and engineering projects are creating "virtual organizations" with participants from around the world. The rules and conventions of virtual organizations and their means of achieving success are evolving every day. In this session, we will explore the security challenges of virtual organizations. Grid security technologies and policy will be discussed to develop guidelines for strengthening security in virtual organizations.

System trustworthiness is needed for security, reliability, survivability, safety, and for many application areas such as critical infrastructures, robust networking, and high-integrity elections. Trustworthiness ultimately requires many changes in the way systems are developed today. Being respectful of privacy needs requires further care. This talk considers a variety of approaches that can enhance system trustworthiness, sensible system development practices, and a system-oriented view toward achieving the desired changes.

Most computer security problems arise from buggy code. It seems clear that writing large, bug-free programs is and will remain beyond our abilities. We propose a different goal: protecting what really matters. On e-commerce sites, the web server is primarily a front end for a database. Protecting the latter is much more important than protecting the former. Doing this properly requires a different approach to overall system architecture.

This presentation will outline the planning and implementation of an MPLS-based enterprise network at UNCG. It will cover some background, requirements and goals, and proposed and implemented network architecture. Migration strategies employed will also be addressed. Additionally, an overview of the subset of MPLS technologies that are suitable for the enterprise will be covered including MPLS VPN V4, Label Distribution Protocol (LDP), OSPF, and BGP.