© The Association of Independent Schools of NSW To block or not to block 5 IT Managers share their experiences.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Basic Communication on the Internet:
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
(4.4) Internet Protocols Layered approach to Internet Software 1.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Panda GateDefender Performa Your First Line of Defense Product Presentation Name 2008.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewalls and Intrusion Detection Systems
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Firewall Slides by John Rouda
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
1 Enabling Secure Internet Access with ISA Server.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Virtual Company Group 8 Presentation Date: June /04/2017
Combating Abuse Brian Nisbet NOC Manager HEAnet.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.
Cyberoam - Unified Threat Management Unified Threat Management Cyberoam Cyberoam Upgrade Training v9.6 build 16.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
What’s New in WatchGuard XCS v9.1 Update 1. WatchGuard XCS v9.1 Update 1  Enhancements that improve ease of use New Dashboard items  Mail Summary >
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
SETTING UP AN INTERNET NETWORK What you’ll need Your options How does data travel the Internet? Different terminology.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Module 7: Advanced Application and Web Filtering.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Security fundamentals Topic 10 Securing the network perimeter.
Security fundamentals Topic 9 Securing internet messaging.
A Network Security -Firewall Bruce Turin.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Network System Security - Task 2. Russell Johnston.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
S ECURITY APPLIANCES Module 2 Unit 2. S ECURE NETWORK TOPOLOGIES A topology is a description of how a computer network is physically or logically organized.
Security fundamentals
BUILD SECURE PRODUCTS AND SERVICES
TMG Client Protection 6NPS – Session 7.
Module 3: Enabling Access to Internet Resources
HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager
Securing the Network Perimeter with ISA 2004
100% Exam Passing Guarantee & Money Back Assurance
Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.
Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.
Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.
Firewalls Chapter 8.
AbbottLink™ - IP Address Overview
Presentation transcript:

© The Association of Independent Schools of NSW To block or not to block 5 IT Managers share their experiences

© The Association of Independent Schools of NSW Knox Grammar School Mike Israel – IT Manager

© The Association of Independent Schools of NSW Network Topology

© The Association of Independent Schools of NSW Internal Network  Cisco Switches and Access Points  Using VLAN’s  Originally no wireless security  Wireless WPA-TKIP with PEAP authentication. When machine is joined to domain it is issued with a certificate to join the network

© The Association of Independent Schools of NSW Bandwidth Control Packeteer  Provides bandwidth control  Can monitor and control how bandwidth is being used eg. iTunes downloads, max total 5Mbps, any one connection <256kbps  Can designate slices of bandwidth to particular ports protocols  Can block programs and protocols eg, encrypted tunnelling over port 80

© The Association of Independent Schools of NSW ACL’s on core router to block student access to servers Using ACL’s Access Control Lists enable the control of certain VLAN’s to specified servers/addresses/ports/services

© The Association of Independent Schools of NSW Spam and Anti-virus Spam is detected, marked as spam and delivered to Junk mail folder via Exchange. ClamAV does initial filtering of malware. Trend Micro performs second pass on incoming mail. Symantec Client used on client machines Spam Assassin, Clam AV (free) Symantec Client Updates Trend Micro

© The Association of Independent Schools of NSW Filtering - ContentKeeper Can block all unmanaged sites to students which takes care of proxy bypass. Also blocks keyword searches on popular search engines, block protocols (backup to Packeteer) Firewall prevents access to certain IP address ranges on certain ports

© The Association of Independent Schools of NSW ContentKeeper Filtering Groups  Users default to general profile with filtering based on student needs  Staff identified through their login (LDAP) to more open filtering  Pages can be blocked/coached/time of day. All unmanaged sites blocked for students

© The Association of Independent Schools of NSW Web Access Policy  Technology Usage Policy published in school diary and condition to login. Also Year 7 sign when they take delivery of their school laptop  MySpace and Youtube blocked, Facebook OK  Streaming media is limited so as not to clog Internet access

© The Association of Independent Schools of NSW Mike Israel Knox Grammar School 7 Woodville Ave Wahroonga Phone (02) Fax (02) Contact Details

© The Association of Independent Schools of NSW Danebank Anglican School for Girls John Tuffs – IT Director

© The Association of Independent Schools of NSW Network History  < 2005 Microsoft ISA Firewall + DCHP/DNS with no filtering  2005 – 2008 ISONet HTTP & SMTP filtering ISA Firewall + DCHP/DNS  2008 Cisco ASA Firewall + SONAR filtering Windows server for DHCP/DNS

© The Association of Independent Schools of NSW Danebank Network Layout

© The Association of Independent Schools of NSW Internal Network  HP Procurve Switches  1 Management VLAN for Procurve Manager  1 VLAN for the rest  Wireless Access Points using only WEP & MAC security (ie no security)

© The Association of Independent Schools of NSW Antivirus / SPAM / Web Filtering  Symantec System Centre and local clients for AV  SPAM handled by Sonar Appliance – not using challenge option  Filtering handled by Sonar Appliance (Initial install and support provided by Accucom)

© The Association of Independent Schools of NSW Sonar Filtering Groups  IT Staff  General Staff / Teachers  Senior School (7-12)  Junior School (K-6)  Lunch Filter (7-12)

© The Association of Independent Schools of NSW Custom Block Message

© The Association of Independent Schools of NSW Web Access Policy  Internet Acceptable Use policy signed by students  All social networking is blocked  Youtube is blocked to students – teachers can show videos  Streaming media is blocked due to bandwidth constraints

© The Association of Independent Schools of NSW John Tuffs IT Director Park Rd Hurstville NSW 2220 Phone (02) Fax (02) Contact Details

© The Association of Independent Schools of NSW Security Workshop SCEGGS Darlinghurst

© The Association of Independent Schools of NSW Topology Overview

© The Association of Independent Schools of NSW ISOnet topology

© The Association of Independent Schools of NSW SCEGGS’ Topology

© The Association of Independent Schools of NSW ISOnet: Intrusion Detection  Two layers of Intrusion Prevention using  McAfee IntruShield and TippingPoint.  Both are set to blocking mode for all medium to high threats.  There have been 13,777,987 Exploits blocked…This week!  There have been 1,830,537 policy Violations blocked…This week!

© The Association of Independent Schools of NSW ISOnet: Denial of Service  Peakflow DDoS technology from Arbor Networks.  There have been 1,830,537 policy Violations blocked…This week!  Up to 60% of traffic bound for schools is blocked by ISONet as it is unsolicited. Schools only pay for what they use.

© The Association of Independent Schools of NSW ISOnet: Spam/Av  ISOnet uses a cluster of McAfee and IronPort AV/Spam/Content filter appliances.  Filters based on policies set by individual school  Actions taken by the filter is specified as part of the policy determined by the school  For staff – messages sent to This mailbox is searchable by staff through a proxy arrangement.  For students spam messages are dropped

© The Association of Independent Schools of NSW ISONet Policies  Real-time blackhole list (RBL) checking – Identifies whether the IP address is an open relay or spam organisation.  IP Reputation checking – Identifies whether an IP address has been known to send exploits, worms, trojans or sites known to be hacked.  Anti-spoofing verifications – Determines if sender is attempting to forge as an internal address.  All scanning modules listed in the attached document (AV checks, spam checks, content-filtering checks, anti-phishing checks, file filtering, etc.)  Integrity Analysis – Examine header, layout and organisation of the message.  Spam scoring - Positive and negative scoring of s based on known spam traits.  Bayesian Learning - Custom created spam signatures based on feedback system – false-positive and false-negative verification.  Blacklists and whitelists – customer based trusted and untrusted senders.

© The Association of Independent Schools of NSW From Outside: SCEGGS Policy SettingStatusSeverityConfiguration Detail (Action) Anti-spamEnabledMedium When spam identified: Refuse original data and return a rejection code Forward the original to Anti-virusEnabledHigh When identified: Attempt to clean If cleaning fails replace content with an HTML alert and quarantine the original Anti-PhishingEnabled When identified: Forward the original to CompliancyDisabled- Corrupt ContentEnabled When corrupt content detected: Replace the content with an HTML alert Encrypted ContentEnabled When encrypted content detected: Allow through File FilteringDisabled- HTML SettingsDisabled- Mail SettingsDisabled- Mail Size FilteringDisabled- When the message is larger than kilobytes: Refuse the original data and return a rejection code Deliver a notification to the sender Protected ContentEnabled- When protected content is detected: Allow through Enabled- When a denial of service protection limit is exceeded: Replace the content with an HTML alert Enabled- When signed content is detected: Allow changes to break signed Enabled- When content identified: Allow through Enabled- When content identified: Allow through Enabled- When content identified: Allow through Enabled- When content identified: Allow through Enabled- When content identified: Allow through Enabled- When content identified: Allow through Enabled- When content identified: Allow through Enabled- When content identified: Allow through Enabled- When content identified: Allow through

© The Association of Independent Schools of NSW Ian Ralph IT Manager – SCEGGS Darlinghurst 215 Forbes St Darlinghurst NSW 2010 Phone (02) Fax (02) Web sceggs.nsw.edu.au Contact Details

© The Association of Independent Schools of NSW Arndell Anglican College Network Security Overview

© The Association of Independent Schools of NSW VLAN’s Low Level VLAN Map

© The Association of Independent Schools of NSW What’s Great About VLAN’s  Allows use of ACL’s  Segments Broadcast Traffic  More Devices

© The Association of Independent Schools of NSW How Does it Translate Into a Physical Layout?

© The Association of Independent Schools of NSW Content Filtering at Arndell  Blacklists - Various Categories Updated Regularly  Scanning of log’s regularly  Students summoned to explain actions  Culture has changed now that students know they will be caught if they do the wrong thing  Internet traffic is forced to content filter dependent on VLAN assignment

© The Association of Independent Schools of NSW Spam and Anti - Virus  Sophos Anti - Virus used across the network  Sophos plug - in for mail server  Spam filtered using Spam Assassin  Blacklist lookups like SORBS

© The Association of Independent Schools of NSW Rohan Smith Coordinator IT Services Arndell Anglican College 118 Wolseley Road Oakville NSW 2765 Phone: Fax: Website: Contact Details

© The Association of Independent Schools of NSW The King’s School Michael Eggenhuizen

© The Association of Independent Schools of NSW The School The King’s School – Some Statistics:  Anglican Church School  Established in 1832 (176 years)  300 acres in North Parramatta  K-12 Boys School with 1450 Students  400 Boarders  Multiple Residences on Property

© The Association of Independent Schools of NSW Internet Bandwidth Internet Connection Bandwidth:  2005 – 2.5Mb ADSL/ISDN  2006 – 10Mb Ethernet  2007 – 20Mb Ethernet  2008 – 50Mb Ethernet  2009 – 100Mb Ethernet  ISP – The Somerville Group

© The Association of Independent Schools of NSW Internet Access All Staff and Students have Access to:  YouTube, MySpace, FaceBook,...  Hotmail, Yahoo Mail, Gmail,...  MSN Messenger,...  Most if not all Web 2.0 Technologies  Changes to filtering (lead by ICT Services) provide staff and students with a real and relatively unrestricted learning experience

© The Association of Independent Schools of NSW Internet & Filtering Filtering is multi-layered:  Filtering Filtering  Internet FilteringInternet Filtering

© The Association of Independent Schools of NSW Network Box Weekly Activity (Incoming Average)  Spam (95.5%) - 485,647  Virus (1.5%) - 7,608  Delivered (3%) - 15,615  Total (100%) - 508,870

© The Association of Independent Schools of NSW Network Box Weekly Internet Activity (Average)  URL's Visited - 13,254,949  URL's Blocked due to Virus Activity - 71  URL's Blocked due to Policy Rules - 3,326  Threat Signature Updates  Internet Download (GB) – 398  Monthly Internet Download (TB) – 1.6

© The Association of Independent Schools of NSW Michael Eggenhuizen Director ICT PO Box 1 Parramatta NSW 2124 Phone (02) Fax (02) Contact Details

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.