Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 2006Common Solutions Group1 Network Based Security Looking at the future of university networking…

Published bySarah Walker Modified over 8 years ago

Similar presentations

Presentation on theme: "January 2006Common Solutions Group1 Network Based Security Looking at the future of university networking…"— Presentation transcript:

1 January 2006Common Solutions Group1 Network Based Security Looking at the future of university networking…

2 January 2006Common Solutions Group2 CSG Network/Subnet Poll (1) Asked on –Ednog (ednog@puck.nether.net)ednog@puck.nether.net –Netguru http://security.internet2.edu/docs/internet2-salsa-topics-advanced-network-management-200511.html –Virtnet Heard from (in no particular order): –Berkeley, Columbia, UBuffalo, Stanford, UCLA, VT, Cornell, Yale, Duke, CMU, Northwestern, Colorado, UMich

3 January 2006Common Solutions Group3 CSG Network/Subnet Poll (2): Complicated technical issues – VLans, VLans, everywhere… History of subnetting for manageability –Smaller broadcast domains –Tracking addresses for abuse Future of subnetting for service differentiation –Traffic isolation for real and imagined safety –Differential firewall policy (users, services, multi-tier web services) –Pre-auth,.1x for vlan assignment, quarantine subnets –Isolated subnets for customer firewalling –Infrastructure devices - no need for remote access –Address preservation, RFC1918 (NAT-ed and not) –Networking ‘for-fee’

4 January 2006Common Solutions Group4 CSG Network/Subnet Poll (3) A few more issues –Spanning tree isn’t “a fun thing” –Vlans != subnets –Some campus trunks – mostly avoided –Need tools for VLAN management –Lots of ‘not-so-smart’ devices –Edge security is preferred, defense in depth is necessary –Need lots of tools – particular with dynamics –Didn’t ask the vpn question… –Didn’t ask the lambda question…

5 January 2006Common Solutions Group5 Asking a little differently… How many of you now, or in future will: Offer more than one class of network connectivity? Require VPN’s for remote access to many apps? Require network admission control (pre-access)? –For wired –For wireless Offer (or allow) subnet firewalls? Offer dedicated lambdas?

6 January 2006Common Solutions Group6 Stanford Governance Pressure University enterprise risk management Internal Audit & Info Security Officer External Audit of Systems Faculty Governance Committee Administrative Governance Committee

7 January 2006Common Solutions Group7

8 January 2006Common Solutions Group8 Key UW-Madison Strategies Deploy a three-zone network with clear standards and policies for each zone Build relationships and understanding between central net-admins, department net-admins, and other campus interests Empower (training and tools) department net- admins to manage things that are important to them using a powerful set of web-based network monitoring and administration tools

9 January 2006Common Solutions Group9 AANTS: Authorized Agent Network Tool Suite Loosely-coupled set of web-based utilities for network administration Tools are team-developed in-house, optimized toward local networking practices, driven by user need About 244 trained network administrators across campus Allow users (campus LAN administrators and network engineers) to manage network devices, change device configurations, troubleshoot, inspect traffic data, coordinate with users, and perform other network management tasks

Download ppt "January 2006Common Solutions Group1 Network Based Security Looking at the future of university networking…"

Similar presentations

Network Systems Sales LLC

Network Systems Sales LLC
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Introducing Campus Networks

Introducing Campus Networks
IPv6 Planning and Implementation at PSU.  1986 – PSU gets Class B network (128.118.0.0) & 5 Class C networks 192.5.157-.161  1988 – Department of Computer.

IPv6 Planning and Implementation at PSU.  1986 – PSU gets Class B network ( ) & 5 Class C networks  1988 – Department of Computer.
Network+ Guide to Networks, Fourth Edition

Network+ Guide to Networks, Fourth Edition
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.

Property of the University of Notre Dame Navigating the Regulatory Maze: Notre Dame’s PCI DSS Solution EDUCAUSE Midwest Regional Conference March 17, 2008.
Secure Computing Network

Secure Computing Network
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.
Sharepoint 2007  An integrated suite of server capabilities can help improve organizational effectiveness by providing various processes.  Provides.

Sharepoint 2007  An integrated suite of server capabilities can help improve organizational effectiveness by providing various processes.  Provides.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Sample Diagram.

Sample Diagram.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Network Devices BY JACKSON HARDESTY. Hubs  Hubs are a now outdated way of sending signals at layer 2 compared to switches.  Hubs are used primarily.

Network Devices BY JACKSON HARDESTY. Hubs  Hubs are a now outdated way of sending signals at layer 2 compared to switches.  Hubs are used primarily.
Chapter 14 Managerial issues in networking. Overview Network design Network management – Hardware – Software Technology standards Role of government and.

Chapter 14 Managerial issues in networking. Overview Network design Network management – Hardware – Software Technology standards Role of government and.
........ Network discovery Multi- server mgmt (MSM) Visibility & audit.. Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses.

Network discovery Multi- server mgmt (MSM) Visibility & audit.. Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses.

Similar presentations

Ads by Google