Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDUCAUSE Security 2006 Internet John Brown University.

Similar presentations


Presentation on theme: "EDUCAUSE Security 2006 Internet John Brown University."— Presentation transcript:

1 EDUCAUSE Security 2006 Internet Security@JBU John Brown University

2 EDUCAUSE Security 2006 John Brown University “John Brown University is a private, Christian university with more than 1,900 students from all over the U.S. and around the world. JBU offers more than 50 undergraduate degrees, including cutting-edge programs such as Digital Media Arts, along with liberal arts programs such as English and history.”

3 EDUCAUSE Security 2006 Campus Population 1200+ undergraduate students  900 on campus 200+ graduate students 400+ Adult Degree Completion Students 350 Faculty and Staff

4 EDUCAUSE Security 2006 Campus Network View

5 EDUCAUSE Security 2006 Campus Computers & Network Computing Infrastructure  300 Computers in Student Labs 3 Open Labs 7 “Specialty” Labs  500 Office Computers  800 Student Computers Network  1 Gbit Fiber Backbone  100 Mbit cat 5 to desktops  About a dozen WiFi (802.11g) “Hotspots”  9 Mbit Fiber to our ISP

6 EDUCAUSE Security 2006 Network Services File and Print Servers Several Web/FTP Servers Exchange Email Server LAN-LAN VPN to 4 Remote Sites Multiple Database Servers AS400 for Administrative Applications

7 EDUCAUSE Security 2006 Our Problems Whatever happens is our fault Server Farm Patch for Vulnerability Packet Filtering Firewall Our Students Bring in Infected Machines Need to protect us from students Need to protect students from each other JBU Clients Patch for Vulnerability Host Based Anti-Virus

8 EDUCAUSE Security 2006 Fall 2003: “That Semester” Nachi and Blaster Worms ( July 2003 ) Infection Vectors - Students moving in to the dorms bring in Infected Machines Network Impact - Spread like wildfire Solution  Disconnect Students from the Network  JBU Staff went to the dorms to scan and patch computers  Not Fun 

9 EDUCAUSE Security 2006 2004 – Access Control Server Automated Scans for vulnerabilities Automated Scans for worm activity Enforce Patch and AV Requirements Reports with Instructions and links to …. Web Site with files  Patches  Virus Scanners Student mostly take care of themselves Much Nicer!  2004 - 2005 - Minimal problems (with Sasser)  2005 – 2006 - It’s not over, yet

10 EDUCAUSE Security 2006 Internet Security – more to do NAT Protects Clients Email Protection helps a lot  Anti-virus scan  Quarantine attachments Enforcing Patches helps a lot Client anti-virus helps a lot, but …  Have to keep up with updates  Not perfect Need to compliment the Host Based Anti-Virus and Access Control Agent Intrusion Detection and Prevention for Zero Day Exploits

11 EDUCAUSE Security 2006 Upgrade & Enhancement Dilemma We had a “Sniffer” Content Filtering Solution  Allows traffic until it categorizes it  Potential to miss traffic in high traffic times Or - it can be installed as a Proxy  Requires Client Configuration  Caused problems with some HTTPS sites Content Filter is Fairly Expensive No budget for Firewall upgrade

12 EDUCAUSE Security 2006 Evaluation Process Integrated Solution for – Firewall, Content Filtering, AV and IDS/IPS Started looking at following solutions  SonicWall  iPolicy Either could be purchased for what we had budgeted for the Web Filter

13 EDUCAUSE Security 2006 We Selected iPolicy We liked both iPolicy  Central Management of multiple firewalls (Separate Firewall and Management Hardware)  Integrated Content Filter uses the SurfControl database  Gartner “Magic Quadrant for Network Firewalls” report was a plus  Higher Bandwidth rating for similar cost  Liked commitment to add services while maintaining performance  Technical people impressed us

14 EDUCAUSE Security 2006 Results We replaced our Firewall and Web Content Filter with one appliance, for a comparable price. Gained IDS/IPS We kept our separate Bandwidth Manager

15 EDUCAUSE Security 2006 Experience Firewall configuration is easy and effective Easy to take care of behavior anomalies like infected client machines generating SMTP traffic Performance – we run with our Internet connection pegged much of the time – performance is not a problem The Web Content Filter works well  Configuration is simple  Filtering is as accurate as it was with SurfControl

16 EDUCAUSE Security 2006 Experience Easy to turn On/Off IDS/IPS signatures Over 2400 signatures  Flood Signatures which still need to be tuned Incoming and Outgoing IDS/IPS can detect and block …  Worm activity  Bot activity

17 EDUCAUSE Security 2006 IDS/IPS: more than buying a box We don’t know all the threats We used iPolicy recommended settings False positives happen  Thresholds for flood/DoS signatures need to be tuned  Some of the alerts are for older vulnerabilities

18 EDUCAUSE Security 2006 Summary We like the iPolicy Product We need to learn more to use it well We really want IDS to be like AV products today  Pretty much install, set and forget  I know – AV is an easier problem We look forward to Virus Scanning of Internet traffic

19 EDUCAUSE Security 2006 Questions http://Faculty.jbu.edu/RTWest


Download ppt "EDUCAUSE Security 2006 Internet John Brown University."

Similar presentations


Ads by Google