Oregon State University Enterprise Firewall Evolution

553 views
503 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
553
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Oregon State University Enterprise Firewall Evolution

  1. 1. Oregon State University Enterprise Firewall Evolution Network Engineering Chris Giem – Senior Network Engineer Bill Myers Project Website http:// oregonstate.edu /net/firewall/
  2. 2. Oregon State University Enterprise Firewall Evolution <ul><li>Viruses and worms do not play favorites. They are just as happy to run wild on campus as in major corporations </li></ul><ul><li>Enterprise Firewall Evolution </li></ul><ul><li>Oregon State University network security must evolve to meet the current and future needs </li></ul>
  3. 3. Oregon State University Enterprise Firewall Evolution <ul><li>OSU network is extremely accessible by the Internet </li></ul><ul><li>Many at OSU view the services they provide as a greater good and a public asset that should be freely available </li></ul><ul><li>Users want to provide access to their work and to freely collaborate with their peers </li></ul><ul><li>They don't want barriers </li></ul>
  4. 4. Oregon State University Enterprise Firewall Evolution <ul><li>Security is about preserving use of the network rather than creating barriers </li></ul><ul><li>One infected host can bring the entire OSU network down </li></ul><ul><li>Unprotected files can be destroyed and important services severely impaired </li></ul>
  5. 5. Oregon State University Enterprise Firewall Evolution <ul><li>Why are we changing </li></ul><ul><li>Current Firewall Architecture </li></ul><ul><li>New Firewall Architecture </li></ul><ul><li>The Impact to campus </li></ul><ul><li>Timeline </li></ul>
  6. 6. Oregon State University Why are we changing <ul><li>Lessons learned </li></ul><ul><ul><li>Client Requirements </li></ul></ul><ul><ul><li>Operational Requirements </li></ul></ul><ul><ul><li>Scalability Factors </li></ul></ul><ul><li>New Technology </li></ul><ul><ul><li>Virtual Firewall </li></ul></ul><ul><ul><ul><li>Software feature of Cisco Firewall Service Module </li></ul></ul></ul><ul><ul><li>Transparent firewall </li></ul></ul><ul><ul><ul><li>Acts as “bump in the road” that does packet inspection </li></ul></ul></ul><ul><ul><ul><li>Allows Multicast traffic </li></ul></ul></ul>
  7. 7. Oregon State University Current Firewall Architecture Internet Router OSU Network Firewall Router Trusted Subnets Services Subnets
  8. 8. Oregon State University Current Firewall Architecture <ul><li>Consequences </li></ul><ul><ul><li>Network Address Translation </li></ul></ul><ul><ul><ul><li>Difficult to implement for on campus communication </li></ul></ul></ul><ul><ul><li>Does not allow Multicast </li></ul></ul><ul><ul><li>Windows Services </li></ul></ul><ul><ul><ul><li>Experienced difficulties with Windows 9X </li></ul></ul></ul><ul><ul><li>Most of campus unprotected from the Internet </li></ul></ul><ul><ul><li>One size does not fit all </li></ul></ul><ul><ul><ul><li>Policies are large and full of exceptions </li></ul></ul></ul>
  9. 9. Oregon State University Current Firewall Architecture <ul><li>Current groups behind the firewall </li></ul><ul><ul><li>Network Engineering </li></ul></ul><ul><ul><li>Athletics </li></ul></ul><ul><ul><li>Registration and Enrollment </li></ul></ul><ul><ul><li>Milne Computing Center </li></ul></ul><ul><ul><li>Numerous Services including </li></ul></ul><ul><ul><ul><li>Banner </li></ul></ul></ul><ul><ul><ul><li>Parts of Exchange </li></ul></ul></ul><ul><ul><ul><li>Parts of ONID </li></ul></ul></ul><ul><ul><ul><li>Many others </li></ul></ul></ul>
  10. 10. Oregon State University New Firewall Architecture Internet Campus Firewall ResNet Other ResNet VF OSU Network Example VF Example DMZ SHS
  11. 11. Oregon State University New Firewall Architecture <ul><li>Features </li></ul><ul><ul><li>Virtual Firewalls </li></ul></ul><ul><ul><li>Transparent Firewall </li></ul></ul><ul><ul><li>Firewall Resource allocation </li></ul></ul><ul><li>Capacity </li></ul><ul><ul><li>Nominal throughput is 5 Gigabit and is expandable </li></ul></ul><ul><ul><li>50 Virtual Firewalls per Firewall Service Module and expandable to 100 Virtual Firewalls per FSM </li></ul></ul>
  12. 12. Oregon State University Impact to Campus <ul><li>What it means to campus </li></ul><ul><ul><li>No Inbound Connections </li></ul></ul><ul><ul><ul><li>Must use approved gateway (example VPN or Terminal Server) for devices not in a DMZ </li></ul></ul></ul><ul><ul><li>Server Consolidation </li></ul></ul><ul><ul><ul><li>All services accessed from the Internet must be placed in a DMZ </li></ul></ul></ul><ul><ul><li>Understanding Applications’ Communications </li></ul></ul><ul><ul><ul><li>Knowing the TCP / UDP ports to create rules for the firewall </li></ul></ul></ul>
  13. 13. Oregon State University Impact to Campus <ul><li>What it means to campus (cont..) </li></ul><ul><ul><li>Better Protection from the Internet </li></ul></ul><ul><ul><ul><li>Fewer scans, hackers, and virus </li></ul></ul></ul><ul><ul><ul><li>Just ask the groups already behind the firewall </li></ul></ul></ul>
  14. 14. Oregon State University Timeline <ul><li>When? </li></ul><ul><ul><li>Meeting with Colleges / Departments to determine their networking requirements </li></ul></ul><ul><ul><ul><li>April 1 st to June 9 th </li></ul></ul></ul><ul><ul><li>Installation, Monitoring, and Analysis </li></ul></ul><ul><ul><ul><li>June 15th </li></ul></ul></ul><ul><ul><li>Proposed Date for Going Live </li></ul></ul><ul><ul><ul><li>September 7th </li></ul></ul></ul>
  15. 15. Oregon State University Enterprise Firewall Evolution <ul><li>Conclusion </li></ul><ul><ul><li>The new firewall architecture is not a replacement for patching and virus protection </li></ul></ul><ul><ul><li>It will remove most of OSU’s exposure from the Internet </li></ul></ul><ul><li>Email </li></ul><ul><ul><li>[email_address] </li></ul></ul>

×