VolNet2 Bill White Network Services

September 20, 2004OIT Fall Staff Meeting Why Volnet2? Based on the Security Assessment findings Insecure protocols are widely used Insecure protocols used on the wireless network for financial transactions Proliferation of virus activity Lack of network authentication

September 20, 2004OIT Fall Staff Meeting Goals for Volnet2 Provide a layered approach to security Encourage use of secure protocols and anti-virus software Apply filtering per port for every customer Continue anti-spoofing access control in the core Provide virus and DoS protection at our borders Continue to filter TCP/UDP ports at our border Provide a more redundant firewall solution for server sanctuaries and special applications Upgrade our Wireless infrastructure

September 20, 2004OIT Fall Staff Meeting Core Upgrades New supervisor modules provide 10 Gbps core connections IPv6 will be implemented campus-wide SNMPv3 supported for secure communications with HP OpenView Redundant supervisor modules installed on OIT core server switch Mitigation of DoS attacks on core routers

September 20, 2004OIT Fall Staff Meeting Intrusion Prevention Systems Blocks virus-related traffic at wirespeed Blocks common attacks like DoS Digital Vaccines are automatically updated (sometimes faster than McAfee) 2 Gbps throughput Will be placed on the dorm network between the Internet and the rest of campus Will be placed on the Faculty/Staff network

September 20, 2004OIT Fall Staff Meeting Firewalls New Juniper/Netscreen firewalls were installed November 18 Firewalls are ASIC based with 12 Gbps performance and can process 1,000,000 concurrent sessions Can support 24 Gigabit or 72 10/100 ports Firewalls will support the SAP/IRIS subnet, OIT server segments, and other special projects Redundancy (core routers via HSRP, firewall chassis via NSRP, interfaces, and new switch redundancy)

September 20, 2004OIT Fall Staff Meeting Wireless Upgrades Rogue Access Point detection 802.1x network authentication for those Operating Systems that support it (gateways used for others) Encrypted traffic from the client to the AP “G” kit upgrade will double the capacity Wireless network will be segmented The project started on October 1 and ends Jan. 12

September 20, 2004OIT Fall Staff Meeting Building Rewires Buildings that still have COAX cabling will be rewired as originally mandated by the first Volnet project

September 20, 2004OIT Fall Staff Meeting Edge Switch Upgrades Can provide 1 Gbps to desktops in high traffic buildings SNMPv3 supported for secure communications with HP OpenView Can apply ACLs to every Ethernet port on campus to help control virus activity and machines from becoming the gateway BPDU Guard to block PCs from bridging wireless and the wired network 802.1x network authentication can be implemented for those Operating Systems that support it Can apply per port rate-limiting on P2P applications

September 20, 2004OIT Fall Staff Meeting Time Line The wireless upgrade has already started and will finish in December The Netscreen firewalls were installed this past week Intrusion Prevention Systems will be installed in January The new supervisor modules for our core routers will be installed in December 2 new core nodes will be purchased and installed in June of 2005

September 20, 2004OIT Fall Staff Meeting Time Line continued The edge switch installations will start in November of this year and will take approximately 20 months to complete Additional firewalls will be installed as required by special security projects Building rewires will continue for several years

September 20, 2004OIT Fall Staff Meeting Questions or Concerns Check the Volnet2 volnet2.utk.edu Send to