Campus Firewalling
Upcoming SlideShare
Loading in...5
×
 

Campus Firewalling

on

  • 419 views

 

Statistics

Views

Total Views
419
Views on SlideShare
419
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Campus Firewalling Campus Firewalling Presentation Transcript

  • Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology
  • Overview
    • Context of Firewall for DIT
    • Firewall Experiences
    • Mobile Network with Firewall
    • Where we are now ?
  • Background to DIT Firewall
    • Presentation in 2000 to IT Group on Firewall role in - Security - Bandwidth - Content (web)
  • Issues
    • Security - Educational institutions are prime targets - CPU power, bandwidth, disk space. Attacks - web page, spam, port scans, logon attempts
    • Bandwidth - Competition for traffic prioritisation and network utilisation
    • Content - Viewing inappropriate web content, serving content from DIT
  • Firewall Solutions
    • Security - Assist in protecting users, information, operation and reputation
    • Bandwidth - Allow core services run efficiently
    • Content – Designated Web Servers
  • http://sysinfo.dit.ie/
  • Perimeter Firewall D.I.T. HEAnet
  •  
  • Implementation
    • Deny all and allow approved services
    • Standard set of services - desktop
    • Procedure - Internet Service Server Registration Form based on now Archived JISC Project – Use of Firewalls in Academic Environment.
  • Firewall Use & Maintenance
    • Form - List of Ports to/from and Why ?
    • Server Administrator – Security, Patching, Responsibility.
    • Head of School/Section – Approves and complies with DIT & HEAnet Policies
  • Registration Conditions
    • Any service may be blocked without notice if network & systems staff suspect a security breach
    • All services are provided for the server specified and should not operate as a proxy
    • All approvals are subject to review by ISSC
    • Firewall rule-sets for servers/services will be audited on a regular basis
  • Experiences
    • Paper Forms - by User
    • Firewall Rules are – by Service
    • ~200 Firewall Rules
    • Requirement for Rule Management Software
    • Firewall Rule Maintenance
  • Maintenance Experience
    • Logs - mainly used for real-time support
    • Firewall Maintenance - Backup/Recovery, Log Rotation, Patches, Upgrades etc.
  • Mobile Network Requirements
    • Wired & Wireless Connectivity for Student Laptops
    • Separate Projects starting to address Identity for Staff & Students
    • Service needed to be provided
  • Perimeter Firewall D.I.T. HEAnet Mobile
  • Mobile Network & Firewall
    • Traffic from mobile network in all sites passes through Bluesocket authentication gateway
    • Traffic from DIT mobile network into DIT fixed network is filtered through the same ruleset as applies to all external traffic
    • Traffic from DIT mobile network for external destinations is filtered through the same ruleset as standard outgoing DIT traffic
  • Mobile Network Access with Timed Firewall Rule
  • MRTG - Mobile Network Access
  • Limitations/New Requirements
    • Gigabit Ethernet
    • IPv6 Support
    • Performance
    • Reporting/Logging
  • Procurement Process
    • Request for Quotes
    • Based on Requirements
    • Award Criteria – Quality and Functional Characteristics, Technology, Cost, Supplier – Support, Maintenance, Experience.
  • Requirements
    • Functionality & Use of existing system
    • Technology Updates
    • - IDS - IPS - Deep-packet inspection
    • Service Availability Options
    • Thank You &
    • Questions?