Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information Security Metrics


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Information Security Metrics

  1. 1. Zoned Network Overview<br />April 30rd, 2009<br />
  2. 2. Today’s Agenda<br />Zoned network overview (why, when, what)<br />Wired network changes<br />Wireless network changes<br />Why is it important we do this? (needs, benefits, outcomes)<br />Zoned Network Q and A<br />2<br />
  3. 3. What is the Zoned Network<br />A method of diving the current “flat” network into student, staff/faculty, and service zones.<br />A way to ensure that computers and other devices on the network have a known owner and contact<br />Two major efforts – secure wireless (ND-Secure and ND-Guest) and the wired Zoned network.<br />3<br />
  4. 4. Why?<br />CITRA assessment findings<br />Audit findings<br />Better ability to respond to problems<br />Better security for systems<br />4<br />
  5. 5. Wired and Wireless Network Changes<br />Both networks will require authentication.<br />Devices and systems that cannot authenticate are allowed and are provided for.<br />ND-Secure and ND-Guest are available now<br />Wired Zoned Network is being rolled out on a building by building basis.<br />5<br />
  6. 6. Wired Zoned Network Benefits<br />Splits different machine usage profiles into zones that can be properly protected.<br />Ensures that systems have a known owner or contact.<br />Keeps network registrations up to date.<br />Satisfies audit requirements.<br />6<br />
  7. 7. ND-Secure Benefits<br />Adds encryption to the wireless network<br />Notre Dame business and student data is kept safe<br />Satisfies audit and assessment requirements<br />Ensures that we have a contact for systems<br />Helps keep records up to date – Nomad registered systems would stay valid for years.<br />7<br />
  8. 8. What about ND-Guest?<br />Requires authentication<br />In the process of adding a self-service guest account facility<br />Does not provide encryption<br />It is not a trusted campus network<br />Acts much like a hotel room wireless setup<br />8<br />
  9. 9. Zoned Network effects on you<br />Deployment will be per-building, and will be announced in advance.<br />Each building is assessed and documented prior to conversion.<br />Once a semester, systems will have to log in to the network.<br />New systems will have to log in when they come onto the network.<br />9<br />
  10. 10. More detail<br /> – click on the Zoned Network link at the top of the left hand column.<br />A complete FAQ is available at:<br /><br />This will be updated as more questions are asked.<br />10<br />
  11. 11. The Zones<br />User Zones<br />Faculty/Staff<br />Student<br />Guest (Users without NetIDs)<br />Device Zones<br />Campus Services<br />Public Services<br />Infrastructure <br />11<br />
  12. 12. Authentication Options<br />Authentication to the network will occur via one of the following methods<br />Wired<br />Captive Web Portal (Any user, any OS)<br />Cisco Clean Access Agent (Any user, Windows, OS X)<br />Cisco Clean Access Agent with AD for SSO (Fac/Staff Windows ADND Machines)<br />Exemption white-list<br />Wireless<br />802.1x wireless (ND-secure, No Guests, Any OS)<br />Captive Web Portal (ND-guest, Any User, Any OS)<br />Exemption white-list<br />12<br />
  13. 13. How Often?<br />Authentication to the network will occur at predefined dates to minimize impact<br />4 times a year correlating to semester breaks<br />TENTATIVE Dates:<br />Tuesday before fall semester 8/11/2009<br />Tuesday before spring semester 1/5/2010<br />Tuesday before summer  5/18/2010<br />Tuesday before fall semester 8/10/2010<br />Reserve the right for 0-day outbreaks<br />Guests will authenticate every 24 hours<br />13<br />
  14. 14. Campus Rollout<br />Rollout will occur on a building by building basis<br />Configuration is done at the closet switch level<br />Aim to complete all 120+ buildings on campus within 18 months<br />The project team will meet with individual departments or building IT staff to develop detailed timelines<br />14<br />
  15. 15. How can you help?<br />The rollout will require the following information fro each building to minimize transition time:<br />List of known exemptions (servers, door locks, vending machines, etc)<br />List of all network connected printers (and coordination to ensure they are set for DHCP and hosts configured to print by DNS name not IP)<br />List of switches/routers/firewalls that have been deployed<br />Timelines for most convenient opportunities for migration<br />Point of contact defined for the project team to help coordinate migration efforts<br />15<br />
  16. 16. How we can help you!<br />The project team is constantly working on ways to make this transition smoother<br />Please take advantage of the tools currently available to aid in the rollout:<br />ND-secure configuration via AD GPO<br />Cisco Clean Access install via AD GPO<br />Cisco Clean Access install via SMS<br />Standalone Installers for ND-secure and Cisco Clean Access<br />Printer Port Utility for configuring workstations to print via DNS name<br />16<br />
  17. 17. Quick FAQ<br />How will the Cisco Clean Access Agent affect my computer?<br />How do guests get access to the network?<br />Will the zoned network affect the speed of my connection?<br />How do I request an exemption?<br />Are you using the zoned network to monitor what I do on the network?<br />What things are you scanning on my machine?<br />17<br />
  18. 18. What about Nomad?<br />Great question!<br />Nomad will remain as the legacy wireless network for campus until it is determined that the changing landscape of wireless has leveled enough to ensure the majority of wireless devices have migrated to and can leverage the advantages of ND-secure <br />18<br />
  19. 19. Zoned Network Questions?<br />19<br />