VolNet2

1. VolNet2 Bill White Network Services

2. Why Volnet2? • Based on the Security Assessment findings • Insecure protocols are widely used • Insecure protocols used on the wireless network for financial transactions • Proliferation of virus activity • Lack of network authentication OIT Fall Staff Meeting

3. Goals for Volnet2 • Provide a layered approach to security • Encourage use of secure protocols and anti-virus software • Apply filtering per port for every customer • Continue anti-spoofing access control in the core • Provide virus and DoS protection at our borders • Continue to filter TCP/UDP ports at our border • Provide a more redundant firewall solution for server sanctuaries and special applications • Upgrade our Wireless infrastructure OIT Fall Staff Meeting

4. Core Upgrades • New supervisor modules provide 10 Gbps core connections • IPv6 will be implemented campus-wide • SNMPv3 supported for secure communications with HP OpenView • Redundant supervisor modules installed on OIT core server switch • Mitigation of DoS attacks on core routers OIT Fall Staff Meeting

5. Intrusion Prevention Systems • Blocks virus-related traffic at wirespeed • Blocks common attacks like DoS • Digital Vaccines are automatically updated (sometimes faster than McAfee) • 2 Gbps throughput • Will be placed on the dorm network between the Internet and the rest of campus • Will be placed on the Faculty/Staff network OIT Fall Staff Meeting

6. Firewalls • New Juniper/Netscreen firewalls were installed November 18 • Firewalls are ASIC based with 12 Gbps performance and can process 1,000,000 concurrent sessions • Can support 24 Gigabit or 72 10/100 ports • Firewalls will support the SAP/IRIS subnet, OIT server segments, and other special projects • Redundancy (core routers via HSRP, firewall chassis via NSRP, interfaces, and new switch redundancy) OIT Fall Staff Meeting

7. Wireless Upgrades • Rogue Access Point detection • 802.1x network authentication for those Operating Systems that support it (gateways used for others) • Encrypted traffic from the client to the AP • “G” kit upgrade will double the capacity • Wireless network will be segmented • The project started on October 1 and ends Jan. 12 OIT Fall Staff Meeting

8. Building Rewires • Buildings that still have COAX cabling will be rewired as originally mandated by the first Volnet project OIT Fall Staff Meeting

9. Edge Switch Upgrades • Can provide 1 Gbps to desktops in high traffic buildings • SNMPv3 supported for secure communications with HP OpenView • Can apply ACLs to every Ethernet port on campus to help control virus activity and machines from becoming the gateway • BPDU Guard to block PCs from bridging wireless and the wired network • 802.1x network authentication can be implemented for those Operating Systems that support it • Can apply per port rate-limiting on P2P applications OIT Fall Staff Meeting

10. Time Line • The wireless upgrade has already started and will finish in December • The Netscreen firewalls were installed this past week • Intrusion Prevention Systems will be installed in January • The new supervisor modules for our core routers will be installed in December • 2 new core nodes will be purchased and installed in June of 2005 OIT Fall Staff Meeting

11. Time Line continued • The edge switch installations will start in November of this year and will take approximately 20 months to complete • Additional firewalls will be installed as required by special security projects • Building rewires will continue for several years OIT Fall Staff Meeting

12. Questions or Concerns • Check the Volnet2 site @ volnet2.utk.edu • Send email to volnet2@utk.edu OIT Fall Staff Meeting