Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology
Overview <ul><li>Context of Firewall for DIT </li></ul><ul><li>Firewall Experiences </li></ul><ul><li>Mobile Network with ...
Background to DIT Firewall <ul><li>Presentation in 2000 to IT Group on Firewall role in   -  Security  - Bandwidth  - Cont...
Issues  <ul><li>Security  -  Educational institutions are prime targets - CPU power, bandwidth, disk space.  Attacks - web...
Firewall Solutions <ul><li>Security  - Assist in protecting users, information, operation and reputation </li></ul><ul><li...
http://sysinfo.dit.ie/
Perimeter Firewall D.I.T. HEAnet
 
Implementation <ul><li>Deny all and allow approved services </li></ul><ul><li>Standard set of services - desktop </li></ul...
Firewall Use & Maintenance <ul><li>Form -  List of Ports to/from and Why ?  </li></ul><ul><li>Server Administrator – Secur...
Registration Conditions  <ul><li>Any service may be blocked without notice if network & systems staff suspect a security b...
Experiences <ul><li>Paper Forms - by User </li></ul><ul><li>Firewall Rules are – by Service </li></ul><ul><li>~200 Firewal...
Maintenance Experience <ul><li>Logs  - mainly used for real-time support </li></ul><ul><li>Firewall Maintenance  - Backup/...
Mobile Network Requirements  <ul><li>Wired & Wireless Connectivity for Student Laptops </li></ul><ul><li>Separate Projects...
Perimeter Firewall D.I.T. HEAnet Mobile
Mobile Network & Firewall  <ul><li>Traffic from mobile network in all sites passes through Bluesocket authentication gatew...
Mobile Network Access with  Timed Firewall Rule
MRTG - Mobile Network Access
Limitations/New Requirements  <ul><li>Gigabit Ethernet  </li></ul><ul><li>IPv6 Support </li></ul><ul><li>Performance </li>...
Procurement Process  <ul><li>Request for Quotes </li></ul><ul><li>Based on Requirements </li></ul><ul><li>Award Criteria –...
Requirements <ul><li>Functionality & Use of existing system </li></ul><ul><li>Technology Updates  </li></ul><ul><li>- IDS ...
<ul><li>Thank You & </li></ul><ul><li>Questions? </li></ul>
Upcoming SlideShare
Loading in …5
×

Campus Firewalling

440 views

Published on

  • Be the first to comment

  • Be the first to like this

Campus Firewalling

  1. 1. Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology
  2. 2. Overview <ul><li>Context of Firewall for DIT </li></ul><ul><li>Firewall Experiences </li></ul><ul><li>Mobile Network with Firewall </li></ul><ul><li>Where we are now ? </li></ul>
  3. 3. Background to DIT Firewall <ul><li>Presentation in 2000 to IT Group on Firewall role in - Security - Bandwidth - Content (web) </li></ul>
  4. 4. Issues <ul><li>Security - Educational institutions are prime targets - CPU power, bandwidth, disk space. Attacks - web page, spam, port scans, logon attempts </li></ul><ul><li>Bandwidth - Competition for traffic prioritisation and network utilisation </li></ul><ul><li>Content - Viewing inappropriate web content, serving content from DIT </li></ul>
  5. 5. Firewall Solutions <ul><li>Security - Assist in protecting users, information, operation and reputation </li></ul><ul><li>Bandwidth - Allow core services run efficiently </li></ul><ul><li>Content – Designated Web Servers </li></ul>
  6. 6. http://sysinfo.dit.ie/
  7. 7. Perimeter Firewall D.I.T. HEAnet
  8. 9. Implementation <ul><li>Deny all and allow approved services </li></ul><ul><li>Standard set of services - desktop </li></ul><ul><li>Procedure - Internet Service Server Registration Form based on now Archived JISC Project – Use of Firewalls in Academic Environment. </li></ul>
  9. 10. Firewall Use & Maintenance <ul><li>Form - List of Ports to/from and Why ? </li></ul><ul><li>Server Administrator – Security, Patching, Responsibility. </li></ul><ul><li>Head of School/Section – Approves and complies with DIT & HEAnet Policies </li></ul>
  10. 11. Registration Conditions <ul><li>Any service may be blocked without notice if network & systems staff suspect a security breach </li></ul><ul><li>All services are provided for the server specified and should not operate as a proxy </li></ul><ul><li>All approvals are subject to review by ISSC </li></ul><ul><li>Firewall rule-sets for servers/services will be audited on a regular basis </li></ul>
  11. 12. Experiences <ul><li>Paper Forms - by User </li></ul><ul><li>Firewall Rules are – by Service </li></ul><ul><li>~200 Firewall Rules </li></ul><ul><li>Requirement for Rule Management Software </li></ul><ul><li>Firewall Rule Maintenance </li></ul>
  12. 13. Maintenance Experience <ul><li>Logs - mainly used for real-time support </li></ul><ul><li>Firewall Maintenance - Backup/Recovery, Log Rotation, Patches, Upgrades etc. </li></ul>
  13. 14. Mobile Network Requirements <ul><li>Wired & Wireless Connectivity for Student Laptops </li></ul><ul><li>Separate Projects starting to address Identity for Staff & Students </li></ul><ul><li>Service needed to be provided </li></ul>
  14. 15. Perimeter Firewall D.I.T. HEAnet Mobile
  15. 16. Mobile Network & Firewall <ul><li>Traffic from mobile network in all sites passes through Bluesocket authentication gateway </li></ul><ul><li>Traffic from DIT mobile network into DIT fixed network is filtered through the same ruleset as applies to all external traffic </li></ul><ul><li>Traffic from DIT mobile network for external destinations is filtered through the same ruleset as standard outgoing DIT traffic </li></ul>
  16. 17. Mobile Network Access with Timed Firewall Rule
  17. 18. MRTG - Mobile Network Access
  18. 19. Limitations/New Requirements <ul><li>Gigabit Ethernet </li></ul><ul><li>IPv6 Support </li></ul><ul><li>Performance </li></ul><ul><li>Reporting/Logging </li></ul>
  19. 20. Procurement Process <ul><li>Request for Quotes </li></ul><ul><li>Based on Requirements </li></ul><ul><li>Award Criteria – Quality and Functional Characteristics, Technology, Cost, Supplier – Support, Maintenance, Experience. </li></ul>
  20. 21. Requirements <ul><li>Functionality & Use of existing system </li></ul><ul><li>Technology Updates </li></ul><ul><li>- IDS - IPS - Deep-packet inspection </li></ul><ul><li>Service Availability Options </li></ul>
  21. 22. <ul><li>Thank You & </li></ul><ul><li>Questions? </li></ul>

×