volnet2 bill white network services. september 20, 2004oit fall staff meeting why volnet2? based on...
TRANSCRIPT
![Page 1: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/1.jpg)
VolNet2
Bill White
Network Services
![Page 2: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/2.jpg)
September 20, 2004 OIT Fall Staff Meeting
Why Volnet2?
• Based on the Security Assessment findings• Insecure protocols are widely used• Insecure protocols used on the wireless network
for financial transactions• Proliferation of virus activity• Lack of network authentication
![Page 3: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/3.jpg)
September 20, 2004 OIT Fall Staff Meeting
Goals for Volnet2
• Provide a layered approach to security • Encourage use of secure protocols and anti-virus software• Apply filtering per port for every customer• Continue anti-spoofing access control in the core• Provide virus and DoS protection at our borders• Continue to filter TCP/UDP ports at our border• Provide a more redundant firewall solution for server
sanctuaries and special applications• Upgrade our Wireless infrastructure
![Page 4: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/4.jpg)
September 20, 2004 OIT Fall Staff Meeting
Core Upgrades
• New supervisor modules provide 10 Gbps core connections
• IPv6 will be implemented campus-wide• SNMPv3 supported for secure communications
with HP OpenView• Redundant supervisor modules installed on OIT
core server switch• Mitigation of DoS attacks on core routers
![Page 5: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/5.jpg)
September 20, 2004 OIT Fall Staff Meeting
Intrusion Prevention Systems
• Blocks virus-related traffic at wirespeed• Blocks common attacks like DoS• Digital Vaccines are automatically updated
(sometimes faster than McAfee)• 2 Gbps throughput • Will be placed on the dorm network between the
Internet and the rest of campus• Will be placed on the Faculty/Staff network
![Page 6: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/6.jpg)
September 20, 2004 OIT Fall Staff Meeting
Firewalls
• New Juniper/Netscreen firewalls were installed November 18
• Firewalls are ASIC based with 12 Gbps performance and can process 1,000,000 concurrent sessions
• Can support 24 Gigabit or 72 10/100 ports• Firewalls will support the SAP/IRIS subnet, OIT
server segments, and other special projects• Redundancy (core routers via HSRP, firewall
chassis via NSRP, interfaces, and new switch redundancy)
![Page 7: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/7.jpg)
September 20, 2004 OIT Fall Staff Meeting
Wireless Upgrades
• Rogue Access Point detection• 802.1x network authentication for those Operating
Systems that support it (gateways used for others)• Encrypted traffic from the client to the AP• “G” kit upgrade will double the capacity• Wireless network will be segmented• The project started on October 1 and ends Jan. 12
![Page 8: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/8.jpg)
September 20, 2004 OIT Fall Staff Meeting
Building Rewires
• Buildings that still have COAX cabling will be rewired as originally mandated by the first Volnet project
![Page 9: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/9.jpg)
September 20, 2004 OIT Fall Staff Meeting
Edge Switch Upgrades
• Can provide 1 Gbps to desktops in high traffic buildings
• SNMPv3 supported for secure communications with HP OpenView
• Can apply ACLs to every Ethernet port on campus to help control virus activity and machines from becoming the gateway
• BPDU Guard to block PCs from bridging wireless and the wired network
• 802.1x network authentication can be implemented for those Operating Systems that support it
• Can apply per port rate-limiting on P2P applications
![Page 10: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/10.jpg)
September 20, 2004 OIT Fall Staff Meeting
Time Line
• The wireless upgrade has already started and will finish in December
• The Netscreen firewalls were installed this past week
• Intrusion Prevention Systems will be installed in January
• The new supervisor modules for our core routers will be installed in December
• 2 new core nodes will be purchased and installed in June of 2005
![Page 11: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/11.jpg)
September 20, 2004 OIT Fall Staff Meeting
Time Line continued
• The edge switch installations will start in November of this year and will take approximately 20 months to complete
• Additional firewalls will be installed as required by special security projects
• Building rewires will continue for several years
![Page 12: VolNet2 Bill White Network Services. September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols](https://reader036.vdocuments.us/reader036/viewer/2022082506/56649f035503460f94c1773a/html5/thumbnails/12.jpg)
September 20, 2004 OIT Fall Staff Meeting
Questions or Concerns
• Check the Volnet2 site @ volnet2.utk.edu
• Send email to [email protected]