Campus Firewalling

359 views
326 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
359
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Campus Firewalling

  1. 1. Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology
  2. 2. Overview <ul><li>Context of Firewall for DIT </li></ul><ul><li>Firewall Experiences </li></ul><ul><li>Mobile Network with Firewall </li></ul><ul><li>Where we are now ? </li></ul>
  3. 3. Background to DIT Firewall <ul><li>Presentation in 2000 to IT Group on Firewall role in - Security - Bandwidth - Content (web) </li></ul>
  4. 4. Issues <ul><li>Security - Educational institutions are prime targets - CPU power, bandwidth, disk space. Attacks - web page, spam, port scans, logon attempts </li></ul><ul><li>Bandwidth - Competition for traffic prioritisation and network utilisation </li></ul><ul><li>Content - Viewing inappropriate web content, serving content from DIT </li></ul>
  5. 5. Firewall Solutions <ul><li>Security - Assist in protecting users, information, operation and reputation </li></ul><ul><li>Bandwidth - Allow core services run efficiently </li></ul><ul><li>Content – Designated Web Servers </li></ul>
  6. 6. http://sysinfo.dit.ie/
  7. 7. Perimeter Firewall D.I.T. HEAnet
  8. 9. Implementation <ul><li>Deny all and allow approved services </li></ul><ul><li>Standard set of services - desktop </li></ul><ul><li>Procedure - Internet Service Server Registration Form based on now Archived JISC Project – Use of Firewalls in Academic Environment. </li></ul>
  9. 10. Firewall Use & Maintenance <ul><li>Form - List of Ports to/from and Why ? </li></ul><ul><li>Server Administrator – Security, Patching, Responsibility. </li></ul><ul><li>Head of School/Section – Approves and complies with DIT & HEAnet Policies </li></ul>
  10. 11. Registration Conditions <ul><li>Any service may be blocked without notice if network & systems staff suspect a security breach </li></ul><ul><li>All services are provided for the server specified and should not operate as a proxy </li></ul><ul><li>All approvals are subject to review by ISSC </li></ul><ul><li>Firewall rule-sets for servers/services will be audited on a regular basis </li></ul>
  11. 12. Experiences <ul><li>Paper Forms - by User </li></ul><ul><li>Firewall Rules are – by Service </li></ul><ul><li>~200 Firewall Rules </li></ul><ul><li>Requirement for Rule Management Software </li></ul><ul><li>Firewall Rule Maintenance </li></ul>
  12. 13. Maintenance Experience <ul><li>Logs - mainly used for real-time support </li></ul><ul><li>Firewall Maintenance - Backup/Recovery, Log Rotation, Patches, Upgrades etc. </li></ul>
  13. 14. Mobile Network Requirements <ul><li>Wired & Wireless Connectivity for Student Laptops </li></ul><ul><li>Separate Projects starting to address Identity for Staff & Students </li></ul><ul><li>Service needed to be provided </li></ul>
  14. 15. Perimeter Firewall D.I.T. HEAnet Mobile
  15. 16. Mobile Network & Firewall <ul><li>Traffic from mobile network in all sites passes through Bluesocket authentication gateway </li></ul><ul><li>Traffic from DIT mobile network into DIT fixed network is filtered through the same ruleset as applies to all external traffic </li></ul><ul><li>Traffic from DIT mobile network for external destinations is filtered through the same ruleset as standard outgoing DIT traffic </li></ul>
  16. 17. Mobile Network Access with Timed Firewall Rule
  17. 18. MRTG - Mobile Network Access
  18. 19. Limitations/New Requirements <ul><li>Gigabit Ethernet </li></ul><ul><li>IPv6 Support </li></ul><ul><li>Performance </li></ul><ul><li>Reporting/Logging </li></ul>
  19. 20. Procurement Process <ul><li>Request for Quotes </li></ul><ul><li>Based on Requirements </li></ul><ul><li>Award Criteria – Quality and Functional Characteristics, Technology, Cost, Supplier – Support, Maintenance, Experience. </li></ul>
  20. 21. Requirements <ul><li>Functionality & Use of existing system </li></ul><ul><li>Technology Updates </li></ul><ul><li>- IDS - IPS - Deep-packet inspection </li></ul><ul><li>Service Availability Options </li></ul>
  21. 22. <ul><li>Thank You & </li></ul><ul><li>Questions? </li></ul>

×