220 likes | 322 Vues
Campus Firewalling. Dearbhla O’Reilly Network Manager Dublin Institute of Technology. Overview. Context of Firewall for DIT Firewall Experiences Mobile Network with Firewall Where we are now ?. Background to DIT Firewall.
E N D
Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology
Overview • Context of Firewall for DIT • Firewall Experiences • Mobile Network with Firewall • Where we are now ?
Background to DIT Firewall • Presentation in 2000 to IT Group on Firewall role in- Security - Bandwidth - Content (web)
Issues • Security - Educational institutions are prime targets - CPU power, bandwidth, disk space. Attacks - web page, spam, port scans, logon attempts • Bandwidth - Competition for traffic prioritisation and network utilisation • Content - Viewing inappropriate web content, serving content from DIT
Firewall Solutions • Security - Assist in protecting users, information, operation and reputation • Bandwidth - Allow core services run efficiently • Content– Designated Web Servers
D.I.T. HEAnet Perimeter Firewall
Implementation • Deny all and allow approved services • Standard set of services - desktop • Procedure - Internet Service Server Registration Formbased on now Archived JISC Project – Use of Firewalls in Academic Environment.
Firewall Use & Maintenance • Form - List of Ports to/from and Why ? • Server Administrator – Security, Patching, Responsibility. • Head of School/Section – Approves and complies with DIT & HEAnet Policies
Registration Conditions • Any service may be blocked without notice if network & systems staff suspect a security breach • All services are provided for the server specified and should not operate as a proxy • All approvals are subject to review by ISSC • Firewall rule-sets for servers/services will be audited on a regular basis
Experiences • Paper Forms - by User • Firewall Rules are – by Service • ~200 Firewall Rules • Requirement for Rule Management Software • Firewall Rule Maintenance
Maintenance Experience • Logs - mainly used for real-time support • Firewall Maintenance - Backup/Recovery, Log Rotation, Patches, Upgrades etc.
Mobile Network Requirements • Wired & Wireless Connectivity for Student Laptops • Separate Projects starting to address Identity for Staff & Students • Service needed to be provided
D.I.T. HEAnet Mobile Perimeter Firewall
Mobile Network & Firewall • Traffic from mobile network in all sites passes through Bluesocket authentication gateway • Traffic from DIT mobile network into DIT fixed network is filtered through the same ruleset as applies to all external traffic • Traffic from DIT mobile network for external destinations is filtered through the same ruleset as standard outgoing DIT traffic
Mobile Network Access with Timed Firewall Rule
Limitations/New Requirements • Gigabit Ethernet • IPv6 Support • Performance • Reporting/Logging
Procurement Process • Request for Quotes • Based on Requirements • Award Criteria – Quality and Functional Characteristics, Technology, Cost, Supplier – Support, Maintenance, Experience.
Requirements • Functionality & Use of existing system • Technology Updates - IDS - IPS - Deep-packet inspection • Service Availability Options
Thank You& Questions?