1 / 22

Campus Firewalling

Campus Firewalling. Dearbhla O’Reilly Network Manager Dublin Institute of Technology. Overview. Context of Firewall for DIT Firewall Experiences Mobile Network with Firewall Where we are now ?. Background to DIT Firewall.

daxia
Télécharger la présentation

Campus Firewalling

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology

  2. Overview • Context of Firewall for DIT • Firewall Experiences • Mobile Network with Firewall • Where we are now ?

  3. Background to DIT Firewall • Presentation in 2000 to IT Group on Firewall role in- Security - Bandwidth - Content (web)

  4. Issues • Security - Educational institutions are prime targets - CPU power, bandwidth, disk space. Attacks - web page, spam, port scans, logon attempts • Bandwidth - Competition for traffic prioritisation and network utilisation • Content - Viewing inappropriate web content, serving content from DIT

  5. Firewall Solutions • Security - Assist in protecting users, information, operation and reputation • Bandwidth - Allow core services run efficiently • Content– Designated Web Servers

  6. http://sysinfo.dit.ie/

  7. D.I.T. HEAnet Perimeter Firewall

  8. Implementation • Deny all and allow approved services • Standard set of services - desktop • Procedure - Internet Service Server Registration Formbased on now Archived JISC Project – Use of Firewalls in Academic Environment.

  9. Firewall Use & Maintenance • Form - List of Ports to/from and Why ? • Server Administrator – Security, Patching, Responsibility. • Head of School/Section – Approves and complies with DIT & HEAnet Policies

  10. Registration Conditions • Any service may be blocked without notice if network & systems staff suspect a security breach • All services are provided for the server specified and should not operate as a proxy • All approvals are subject to review by ISSC • Firewall rule-sets for servers/services will be audited on a regular basis

  11. Experiences • Paper Forms - by User • Firewall Rules are – by Service • ~200 Firewall Rules • Requirement for Rule Management Software • Firewall Rule Maintenance

  12. Maintenance Experience • Logs - mainly used for real-time support • Firewall Maintenance - Backup/Recovery, Log Rotation, Patches, Upgrades etc.

  13. Mobile Network Requirements • Wired & Wireless Connectivity for Student Laptops • Separate Projects starting to address Identity for Staff & Students • Service needed to be provided

  14. D.I.T. HEAnet Mobile Perimeter Firewall

  15. Mobile Network & Firewall • Traffic from mobile network in all sites passes through Bluesocket authentication gateway • Traffic from DIT mobile network into DIT fixed network is filtered through the same ruleset as applies to all external traffic • Traffic from DIT mobile network for external destinations is filtered through the same ruleset as standard outgoing DIT traffic

  16. Mobile Network Access with Timed Firewall Rule

  17. MRTG - Mobile Network Access

  18. Limitations/New Requirements • Gigabit Ethernet • IPv6 Support • Performance • Reporting/Logging

  19. Procurement Process • Request for Quotes • Based on Requirements • Award Criteria – Quality and Functional Characteristics, Technology, Cost, Supplier – Support, Maintenance, Experience.

  20. Requirements • Functionality & Use of existing system • Technology Updates - IDS - IPS - Deep-packet inspection • Service Availability Options

  21. Thank You& Questions?

More Related