Information Security Metrics
Upcoming SlideShare
Loading in...5

Information Security Metrics






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Information Security Metrics Information Security Metrics Presentation Transcript

  • Zoned Network Overview
    April 30rd, 2009
  • Today’s Agenda
    Zoned network overview (why, when, what)
    Wired network changes
    Wireless network changes
    Why is it important we do this? (needs, benefits, outcomes)
    Zoned Network Q and A
  • What is the Zoned Network
    A method of diving the current “flat” network into student, staff/faculty, and service zones.
    A way to ensure that computers and other devices on the network have a known owner and contact
    Two major efforts – secure wireless (ND-Secure and ND-Guest) and the wired Zoned network.
  • Why?
    CITRA assessment findings
    Audit findings
    Better ability to respond to problems
    Better security for systems
  • Wired and Wireless Network Changes
    Both networks will require authentication.
    Devices and systems that cannot authenticate are allowed and are provided for.
    ND-Secure and ND-Guest are available now
    Wired Zoned Network is being rolled out on a building by building basis.
  • Wired Zoned Network Benefits
    Splits different machine usage profiles into zones that can be properly protected.
    Ensures that systems have a known owner or contact.
    Keeps network registrations up to date.
    Satisfies audit requirements.
  • ND-Secure Benefits
    Adds encryption to the wireless network
    Notre Dame business and student data is kept safe
    Satisfies audit and assessment requirements
    Ensures that we have a contact for systems
    Helps keep records up to date – Nomad registered systems would stay valid for years.
  • What about ND-Guest?
    Requires authentication
    In the process of adding a self-service guest account facility
    Does not provide encryption
    It is not a trusted campus network
    Acts much like a hotel room wireless setup
  • Zoned Network effects on you
    Deployment will be per-building, and will be announced in advance.
    Each building is assessed and documented prior to conversion.
    Once a semester, systems will have to log in to the network.
    New systems will have to log in when they come onto the network.
  • More detail – click on the Zoned Network link at the top of the left hand column.
    A complete FAQ is available at:
    This will be updated as more questions are asked.
  • The Zones
    User Zones
    Guest (Users without NetIDs)
    Device Zones
    Campus Services
    Public Services
  • Authentication Options
    Authentication to the network will occur via one of the following methods
    Captive Web Portal (Any user, any OS)
    Cisco Clean Access Agent (Any user, Windows, OS X)
    Cisco Clean Access Agent with AD for SSO (Fac/Staff Windows ADND Machines)
    Exemption white-list
    802.1x wireless (ND-secure, No Guests, Any OS)
    Captive Web Portal (ND-guest, Any User, Any OS)
    Exemption white-list
  • How Often?
    Authentication to the network will occur at predefined dates to minimize impact
    4 times a year correlating to semester breaks
    TENTATIVE Dates:
    Tuesday before fall semester 8/11/2009
    Tuesday before spring semester 1/5/2010
    Tuesday before summer  5/18/2010
    Tuesday before fall semester 8/10/2010
    Reserve the right for 0-day outbreaks
    Guests will authenticate every 24 hours
  • Campus Rollout
    Rollout will occur on a building by building basis
    Configuration is done at the closet switch level
    Aim to complete all 120+ buildings on campus within 18 months
    The project team will meet with individual departments or building IT staff to develop detailed timelines
  • How can you help?
    The rollout will require the following information fro each building to minimize transition time:
    List of known exemptions (servers, door locks, vending machines, etc)
    List of all network connected printers (and coordination to ensure they are set for DHCP and hosts configured to print by DNS name not IP)
    List of switches/routers/firewalls that have been deployed
    Timelines for most convenient opportunities for migration
    Point of contact defined for the project team to help coordinate migration efforts
  • How we can help you!
    The project team is constantly working on ways to make this transition smoother
    Please take advantage of the tools currently available to aid in the rollout:
    ND-secure configuration via AD GPO
    Cisco Clean Access install via AD GPO
    Cisco Clean Access install via SMS
    Standalone Installers for ND-secure and Cisco Clean Access
    Printer Port Utility for configuring workstations to print via DNS name
  • Quick FAQ
    How will the Cisco Clean Access Agent affect my computer?
    How do guests get access to the network?
    Will the zoned network affect the speed of my connection?
    How do I request an exemption?
    Are you using the zoned network to monitor what I do on the network?
    What things are you scanning on my machine?
  • What about Nomad?
    Great question!
    Nomad will remain as the legacy wireless network for campus until it is determined that the changing landscape of wireless has leveled enough to ensure the majority of wireless devices have migrated to and can leverage the advantages of ND-secure
  • Zoned Network Questions?