1 / 12
Télécharger la présentation

Enhancements in VolNet2: Strengthening Security and Performance Across the Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VolNet2 Bill White Network Services

  2. Why Volnet2? • Based on the Security Assessment findings • Insecure protocols are widely used • Insecure protocols used on the wireless network for financial transactions • Proliferation of virus activity • Lack of network authentication OIT Fall Staff Meeting

  3. Goals for Volnet2 • Provide a layered approach to security • Encourage use of secure protocols and anti-virus software • Apply filtering per port for every customer • Continue anti-spoofing access control in the core • Provide virus and DoS protection at our borders • Continue to filter TCP/UDP ports at our border • Provide a more redundant firewall solution for server sanctuaries and special applications • Upgrade our Wireless infrastructure OIT Fall Staff Meeting

  4. Core Upgrades • New supervisor modules provide 10 Gbps core connections • IPv6 will be implemented campus-wide • SNMPv3 supported for secure communications with HP OpenView • Redundant supervisor modules installed on OIT core server switch • Mitigation of DoS attacks on core routers OIT Fall Staff Meeting

  5. Intrusion Prevention Systems • Blocks virus-related traffic at wirespeed • Blocks common attacks like DoS • Digital Vaccines are automatically updated (sometimes faster than McAfee) • 2 Gbps throughput • Will be placed on the dorm network between the Internet and the rest of campus • Will be placed on the Faculty/Staff network OIT Fall Staff Meeting

  6. Firewalls • New Juniper/Netscreen firewalls were installed November 18 • Firewalls are ASIC based with 12 Gbps performance and can process 1,000,000 concurrent sessions • Can support 24 Gigabit or 72 10/100 ports • Firewalls will support the SAP/IRIS subnet, OIT server segments, and other special projects • Redundancy (core routers via HSRP, firewall chassis via NSRP, interfaces, and new switch redundancy) OIT Fall Staff Meeting

  7. Wireless Upgrades • Rogue Access Point detection • 802.1x network authentication for those Operating Systems that support it (gateways used for others) • Encrypted traffic from the client to the AP • “G” kit upgrade will double the capacity • Wireless network will be segmented • The project started on October 1 and ends Jan. 12 OIT Fall Staff Meeting

  8. Building Rewires • Buildings that still have COAX cabling will be rewired as originally mandated by the first Volnet project OIT Fall Staff Meeting

  9. Edge Switch Upgrades • Can provide 1 Gbps to desktops in high traffic buildings • SNMPv3 supported for secure communications with HP OpenView • Can apply ACLs to every Ethernet port on campus to help control virus activity and machines from becoming the gateway • BPDU Guard to block PCs from bridging wireless and the wired network • 802.1x network authentication can be implemented for those Operating Systems that support it • Can apply per port rate-limiting on P2P applications OIT Fall Staff Meeting

  10. Time Line • The wireless upgrade has already started and will finish in December • The Netscreen firewalls were installed this past week • Intrusion Prevention Systems will be installed in January • The new supervisor modules for our core routers will be installed in December • 2 new core nodes will be purchased and installed in June of 2005 OIT Fall Staff Meeting

  11. Time Line continued • The edge switch installations will start in November of this year and will take approximately 20 months to complete • Additional firewalls will be installed as required by special security projects • Building rewires will continue for several years OIT Fall Staff Meeting

  12. Questions or Concerns • Check the Volnet2 site @ volnet2.utk.edu • Send email to volnet2@utk.edu OIT Fall Staff Meeting

More Related