Remediating Violated Customers

Latest Version

The latest version would be pushed up to Slideshare.

References

The following are useful whitepapers, specifications, articles, and other resources that would help operators get internal support, design, deploy, and implement a remediation tool kit.

 

 

What is a Walled Garden? http://en.wikipedia.org/wiki/Walled_garden_(media)

Violated Customers

Many SPs Already has Walled Gardens Deployed – It is their Self Provisioning System

Many SPs have deployed a walled garden system to scale their provisioning teams – allowing consumers to get equipment from the corner computer stores.

How To Deploy Cost Effective Wall Gardens

• MAAWG BEST PRACTICES FOR THE USE OF A WALLED GARDEN Criteria for Exit and Entry, Remediation and Subscriber Education

• Cisco’s 2005 “Phase 0” Techniques for Quaranting Customers into a Walled Garden to assist in their recovery. ftp://ftp-eng.cisco.com/SP-Security/Quarantine/QuaWhitePaper8.pdf

Open Source Vendor Neutral Tools

• NetPass is a vendor-neutral network environment for quarantining clients identified as being out of compliance with your network policy. http://netpass.sourceforge.net/

How To Whitepaper and Presentations

• Life on a University Network: An Architecture for Automatically Detecting, Isolating, and Cleaning Infected Hosts

Eric Gauthier, Boston University http://www.nanog.org/mtg-0402/gauthier.html

• Cisco’s 2005 “Phase 0” Techniques for Quaranting Customers into a Walled Garden to assist in their recovery. ftp://ftp-eng.cisco.com/SP-Security/Quarantine/QuaWhitePaper8.pdf

• Deploying Network Access Quarantine Control, Part 1 Jonathan Hassell 2004-08-04 http://www.securityfocus.com/infocus/1794

• Deploying Network Access Quarantine Control, Part 2 Jonathan Hassell 2004-08-30 http://www.securityfocus.com/infocus/1799

• EDUCAUSE 2007 Security Architecture Design http://www.educause.edu/SecurityArchitectureDesign/1261 Aim: Strengthen the security of your infrastructure by designing security into it and creating control points from which computers can be maintained, where network traffic can be filtered and monitored, and where problematic segments of the network can be detached from the rest to protect the majority.

• Quarantining DHCP clients to reduce worm infection risk, Paul Blackburn http://www.giac.org/certified_professionals/practicals/gsec/3472.php

• Spam Zombies And Inbound Flows To Compromised Customer Systems http://darkwing.uoregon.edu/~joe/zombies.pdf Joe St Sauver, Ph.D. (joe@uoregon.edu) MAAWG Senior Technical Advisor

• A Hybrid Quarantine Defense Phillip Porras, Linda Briesemeister, Keith Skinner, Karl Levitt, Jeff Rowe, Yu-Cheng Allen Ting

University Quarantine Approaches

Universities have a difficult challenge. Every Fall they must handle a wave of students, faculty, and staff returning to school with their computers. Computer which have unknown security risk. These computers all connect to the campus network infecting and getting infected over the nice high speed infrastructure. Until that infrastructure is stressed to service impact.

• Network Quarantine At Cornell University. Steve Schuster (2005) www.educause.edu/ir/library/powerpoint/CSD4464.pps
• Advantages and Challenges of Network Quarantine Steve Schuster (2005) http://connect.educause.edu/library/abstract/AdvantagesandChallen/41397?time=1189812217
• Rice University http://www.rice.edu/vpit/quarantine.html
• Bucknell University http://www.bucknell.edu/x9973.xml and http://www.bucknell.edu/x9964.xml
• University of Leicester http://www.le.ac.uk/cc/dsss/docs/quad.shtml
• University of Texas at Austin http://resnet.utexas.edu/secure/port_deact.html
• Ohio State University http://cio.osu.edu/policies/mcss.html
• Miami University http://www.units.muohio.edu/mcs/disableddatajacks/index.htm Cool page/tool which list which ports/computers are quarantined.
• University of South Carolina http://uts.sc.edu/network/security/validation/generalFAQ.shtml
• Northwestern University Policy and Enforcement Plan for Unapproved Campus Network Extensions http://www.it.northwestern.edu/policies/extensions.html
• Durham University’s Campus Manager Tool http://www.dur.ac.uk/its/services/ensuite/campusmgr/
• University if Illinois at Urbana Champaign http://www.housing.uiuc.edu/technology/URHnetsecurity/Policies/Quarantine.htm
• University of Cincinnati http://www.uc.edu/UCit/policies/network_connection.html Network Connection Policy
• Shippensburg University http://resnet.ship.edu/quarantine.asp

Example Pages Once a Victim is Inside the Quarantine

• Arizona State University http://www.west.asu.edu/IT/network/security/index.htm
• Marquetet University http://www.marquette.edu/its/strategy/quarantine.shtml
• Brandeis University “So You Were Shut Off From the Network” http://lts.brandeis.edu/techresources/students/shutoff.html
• Westnet http://www.westnet.com.au/internet/about/aisi/

Articles and Whitepapers

• Forrester August 3, 2004 Making Sense Of Network Quarantine by Laura Koetzle, Robert Whiteley http://www.forrester.com/Research/Document/Excerpt/0,7211,35060,00.html

• Study: ISPs should block ‘Net attack ports By Paul Roberts, IDG News Service, 09/08/03 http://www.networkworld.com/edge/news/2003/0908studyisps.html

Vendor Product and Commercial Solutions (needs updating)

• Deepnines http://www.deepnines.com/products/Access_Control.php
• Sandvines (acquired Simplisita) http://www.sandvine.com/
• Bradbord http://www.bradfordnetworks.com/
• Motive http://www.motive.com/
• Cisco/Perfigo http://www.cisco.com/en/US/products/ps6128/index.html
• F-Secure Network Control http://www.f-secure.co.uk/enterprises/products/fsnc.html
• Trend Micro Intercloud http://us.trendmicro.com/us/about/news/pr/article/20070123143622.html
• PerfTech http://www.perftech.com

• TippingPoint Quarantine Protection