April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services.

Slides:



Advertisements
Similar presentations
1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,
Advertisements

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
Virtual LANs.
Integration of PAP site 17 th July 10. Requirements of PAP SITE  Bandwidth drop  Router  RJ45 cables  Switch  Gateway  Nodes  Ups  9urack.
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.
NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.
Scaling Service Requests Linux: ipvsadm & iptoip.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Introduction An introduction to the software and organization of the Internet Lab.
Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The ProCurve 3500yl/5400zl/6200yl.
Barracuda Load Balancer Server Availability and Scalability.
EAGLE EAGLE - Functionalities Modular Ports : WAN PortSecured Port Twisted PairTwiited PairFX Multi Mode FX Single Mode FX Long Haul 1 RS232 Serial Port.
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.
The Operator Neutral Access At KistaIP. KistaIP ? Is a student dorm with 144 apartments.
COMS W COMS W Lecture 8. NAT, DHCP & Firewalls.
Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
Altai Certification Training Backend Network Planning
Corporate Firewalls and DMZs By Matt Bertram ISQS 6342 (Spring 2003) Professor John Durrett.
INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.
RINGS (ResNet Integrated Next Generation Solution) Educause Security Professionals Conference 2006.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
1 實驗九:建置網路安全閘道器 教師: 助教:. 2 Outline  Background  Proxy – Squid  Firewall – IPTables  VPN – OpenVPN  Experiment  Internet gateway  Firewall  VPN.
Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.
Integrated Management Solutions for Network Access Control and IPAM RT Com USA 10 Millpond Dr., Unit #2 Lafayette, NJ Phone: Fax:
Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.
1 Semester 3 Threaded Case Study Royal Palm A/3B Ip Siu Tik Tsang Man Wu Wai Hung Wong Lai Ting.
The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
1 Network Address Translation (NAT) and Dynamic Host Configuration Protocol (DHCP) Relates to Lab 7. Module about private networks and NAT.
Objectives Blue Color VLAN’s Should reach Message Server from all locations Red Color VLAN’s Should not Reach Message Server In Each L2 Switch Blue Color.
NetTech Solutions Protecting the Computer Lesson 10.
Module 9 Planning and Implementing Monitoring and Maintenance.
Presenter : Weerawardhana J.L.M.N. Department of Computer Engineering, University of Peradeniya.
LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.
1/117 Switch internals Floor SwitchCore Switch L3 Default NSNA port VLAN L2 Filter NSNA default VLANs access Filter per VLAN DHCP Relay Agent DHCP Relay.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
Linux Firewall Iptables.
Routing with Linux 'cause you really love the command line
Configuring Network Devices
SECURE LAB: CREATING A CISCO 3550 VLSM NETWORK
3.1 Types of Servers.
Exploiting Layer 2 By Balwant Rathore.
Network Address Translation (NAT)
CONNECTING TO THE INTERNET
ECE 544: Middlebox lab Abhigyan Sharma.
Containers: The new network endpoint
UTM (Unified Threat Management) Firewalls
3.1 Types of Servers.
Implementing Network Access Protection
Securing the Network Perimeter with ISA 2004
Network Address Translation (NAT)
3.1 Types of Servers.
Introducing To Networking
Chapter 2: Basic Switching Concepts and Configuration
The Stanford Clean Slate Program
Setting Up Firewall using Netfilter and Iptables
Professional Network Services
Virtual LAN VLAN Trunking Protocol and Inter-VLAN Routing
What’s New In WatchGuard Wi-Fi Cloud v8.6
Presentation transcript:

April 11, Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services Department

April 11, Outline Problem Statement –What is a VLAN? –How can it help? Proposed Solution –Layout –Implications –Details Future Expansion

April 11, Problem Statement Universities are prone to viruses PCs are frequently not running AV software Staff constantly monitors network traffic –Ports disabled if viruses are detected Students unable to clean / patch PC –Without Internet, more effort is necessary –Students frequently frustrated

April 11, Background: VLANs SWITCH

April 11, Background: VLANs SWITCH

April 11, Proposed Solution Implement two VLANs: –Default: Quarantined, DHCP –Secure: Safe, Virus-free, Static IP Automated tools can switch VLANs Traffic can be redirected/forwarded –Allow sites like Windows Update, SARC, etc. –Redirect other traffic to quarantined server

April 11, Current Layout SWITCH 2 SWITCH 1 SWITCH 0 FIREWALL IN-BUILDING INTERNET

April 11, Proposed Layout: Overview SWITCH 2 SWITCH 1 SWITCH 0 IN-BUILDING INTERNET QUARANTINE SERVER SECURE DEFAULT

April 11, Proposed Layout: In-Building IN-BUILDING DEFAULTPACKET SECUREPACKET

April 11, Proposed Layout: Backbone INTERNET QUARANTINE SERVER DEFAULT SECURE FIREWALL

April 11, Proposed Layout: Server QUARANTINE SERVER DEFAULT FIREWALL DHCP Server Apache Web Server IP Masquerading (ipChains)

April 11, Proposed Design: ipChains... # ALLOW NMT WEB REQUESTS THROUGH -A PREROUTING --dst mailhost.nmt.edu -p tcp --dport 110 -j ACCEPT -A PREROUTING --dst externalweb.nmt.edu -p tcp --dport 80 -j ACCEPT -A PREROUTING --dst webmail.nmt.edu -p tcp --dport 80 -j ACCEPT -A PREROUTING --dst webmail.nmt.edu -p tcp --dport 443 -j ACCEPT # IF IT HASN'T BEEN ALLOWED THROUGH ABOVE, CAPTURE IT -A PREROUTING -i eth1 -j DNAT --to-destination XXX.XXX # IF IT WAS ALLOWED ABOVE, THEN ROUTE IT THROUGH -A POSTROUTING -p tcp -s XXX.XXX/24 -j MASQUERADE...

April 11,

April 11, Possible Implications Firewall –Forward traffic depending on VLAN tag Quarantine Server –Must be frequently re-evaluated to…  Be kept secure from viruses/worms  Select valid traffic to forward –Is not designed to take full load Switches –Must have VLAN support

April 11, Future Expansion Automated Port Activation Requests –Allow students to register with ISD online  Integration with Banner? Automated Virus Detection and Quarantine –Detect virus activity and switch VLANs  In progress More detailed communications –Specific information / instructions –Would require multiple VLANs  For a later stage

April 11, Implementation of Virtual LANs for Virus Containment Questions? Aaron Soto (505)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.