ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.

Slides:

Advertisements

Similar presentations

Network Systems Sales LLC

Advertisements

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

Technology Requirements for Online Testing Online Training Module for the Smarter Balanced Assessment.

Wireless and Switch Security NETS David Mitchell.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Firewall Configuration Strategies

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

WAN Technology Overview Lecture 3: Introduction to WAN.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

Barracuda Networks Steve Scheidegger Commercial Account Manager

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Troubleshooting Your Network Networking for Home and Small Businesses.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.

Supporting BYOD Dennis Cromwell Supporting BYOD  CISCO Study – 15B devices capable of connecting to a network by 2015  The Consumerization.

COEN 252 Computer Forensics

Education roaming Secure Wireless Service for Research and Education.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Solutions for BDMHS  JF&C is a highly qualified company that performs a wide variety if technical services in the Chicago land area to business, government.

Module 14: Configuring Server Security Compliance

Module 4: Designing Routing and Switching Requirements.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

1 Presentation_ID © 1999, Cisco Systems, Inc. Cisco All-IP Mobile Wireless Network Reference Model Presentation_ID.

Resnet Enhancements and Directions Part 1, Bruce Campbell, Information Systems and Technology.

Cisco 3 - Switch Perrine. J Page 111/6/2015 Chapter 5 At which layer of the 3-layer design component would users with common interests be grouped? 1.Access.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Wireless Intrusion Prevention System

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Security fundamentals Topic 10 Securing the network perimeter.

Chapter 6: Securing the Local Area Network

Campus Network upgrade and Wi-Fi Rollout REVIEW AND PHASE 3 PROJECT MANAGER TASKS.

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

BYOD Technical workshop Simon Bright - E2BN Philip Pearce – E2BN.

Technology Requirements for Online Testing Training Module Copyright © 2014 American Institutes for Research. All rights reserved.

Windows Vista Configuration MCTS : Advanced Networking.

Practice Test Questions QUESTION 1 Which two actions must you perform to enable and use window scaling on a router? (Choose two.) A. Execute the.

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

Network System Security - Task 2. Russell Johnston.

Technology Requirements for Online Testing Training Module Please refer to the revision log on the last slide of this presentation, updated August.

Introduction Wireless devices offering IP connectivity

Real Exam Questions Answers

Implementing Network Access Protection

Cisco Want to Pass CCNA Cisco Certified Network Associate Exam

Welcome To : Group 1 VC Presentation

2018 Real CompTIA N Exam Questions Killtest

Unit 27: Network Operating Systems

AbbottLink™ - IP Address Overview

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Designing IIS Security (IIS – Internet Information Service)

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

AT&T Firewall Battlecard

Global One Communications

What’s New In WatchGuard Wi-Fi Cloud v8.6

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland

2 ESnet Oak Ridge ORNL

3 Optical Upgrade Phase I

4 Optical Upgrade Phase II

5 Optical Upgrade Phase III

6 ORNL IPv6 Received /44 assignment Continued deployment at DMZs Services – WWW – DNS – New projects Visitor wireless pending

7 ORNL IPv6 Deployment

8 Mobile Device Support Goals Bruce Wilson, policies relating to mobile devices are in the process of being revised ORNL’s strategy for mobile devices (including phones, tablets, and laptops) supports a broader goal of enabling mobility for unclassified work ensuring: – ORNL workers can conduct most research and business tasks from any place and any device – ORNL takes advantage of mobile device capabilities to enable incremental and major changes to research and business methods, including a high degree of portability, persistent connectivity, location awareness, cameras with substantial image processing capabilities, rapidly-evolving “there’s an app for that” ecosystems, security models that reduce many current threat vectors, and a broad range of available devices.

9 Mobile Device Strategy Focus on usability and end-user productivity, while layering security in up front, to ensure that solutions are both user-friendly and secure. Enable secure and user-friendly access to ORNL , files, applications, and web sites for BYO and ORNL devices by procuring and implementing tools to manage access. To the extent possible, these tools should separate business and personal information and enable secure deletion of ORNL data. Develop and revise ORNL applications to enable use from mobile devices (including BYOD). Make a sufficient variety of ORNL-managed mobile devices available to meet core needs; promote the use of BYOD for cases where government-owned devices are not required. Ensure that research projects are able to use and develop mobile solutions to deliver scientific discoveries and technical breakthroughs. Ensure a robust and secure network infrastructure that enables mobility and connectivity for ORNL staff and visitors. Use technology, policy, and training to help users and managers “do the right thing” to protect ORNL information, select cost-effective options, monitor usage, and be compliant with laws and policies.

10 Mobile Device Support Current government owned devices – Blackberry – iPad Employee BYOD – Stipend – Good Evaluating Zen Mobile – More capability – Leverage existing infrastructure

11 Wireless David Wantland Wireless Infrastructure – Cisco wireless controller and mixture of autonomous access points – Tunneled through campus infrastructure – IPS, web proxy Enterprise wireless – ORNL registered devices only – WPA – Future plans with Cisco Identify Services Engine (ISE) Visitor wireless (open) – Non-ORNL devices – Un-validated registration (acceptance page) – Filtered to ORNL, open to Internet – Separate DNS/DHCP servers

12 Wireless Radio Infrastructure Physical wireless implementation is a mixture of controller based and autonomous access points. Currently in the process of migrating all autonomous access points to controller based. Approximately 90% of ORNL’s wireless infrastructure is controller based. Access Points are limited to channels 1,6,11 for b/g radios, no restrictions set on channels for A radios. Cisco Clean Air automatically adjusts channels as needed.

13 Enterprise Wireless Uses WPA with TKIP for authentication and encryption with using ORNL user ids and passwords for authentication. Only ORNL owned machines are allowed on the WPA network. If non ORNL machines are used then they are blocked once they are detected. Currently this block takes place at the Layer-3 switch that routes the WPA network. Currently working on deploying Cisco Identity Services Engine (ISE) throughout both the wired and wireless networks. The ISE will provide machine specific access control lists that will be enforced by the Wireless Controller.

14 Visitor Network For all practical purposes the ORNL visitor network is the network for “BYOD”. Both visitors and employees are allowed to use it. However ORNL owned systems are not allowed on the visitor network. Remote access in to ORNL from the visitor network is currently only provided via Citrix. DNS and DHCP services are distinct systems from the ORNL Enterprise DNS and DHCP. The DNS service is a forward only service that resolves hosts to the same IP address that the general internet would.

15 Visitor Network and IPv6 Currently developing IPv6 support for visitor wireless. Wireless controller can answer Neighbor Solicitation packets on behalf of hosts for IPv6 to MAC entries that it currently has cached. Wireless controller also provides Router Advertisement throttling to prevent routers that are configured with high rates of advertisements.

16 ORNL Wireless

17 Questions ?