Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004."— Presentation transcript:

1 1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004

2 2 University of WashingtonComputing & Communications AGENDA 1. Campus Wireless Initiative 2. Project 172 with NAT 3. TippingPoint Intrusion Prevention System 4. Logical Firewall Enhancements 5. C&C Managed Firewall Services 6. UTAC Minimum CompSec Standards project 7. Campus Risk Management Assessment

3 3 University of WashingtonComputing & Communications Campus Wireless Initiative UTAC and Provost Initiative: 3yr roll-out Funded by Provost, Departments, and STF Goals: –24x7 managed wireless infrastructure –Consistent access control model –Funding model includes ops/upgrade costs Status: –Endorsed by UTAC, ATAC, BoD, Provost, etc. –Official announcement from Provost in January –ATAC setting deployment priorities –C&C working on deployment plan

4 4 University of WashingtonComputing & Communications Project 172 with NAT Required border router upgrade, now complete Currently in beta with law school and C&C Plan to enable across the net "soon” Phase-out web proxy server? Contact: CustomerCare@CaC

5 5 University of WashingtonComputing & Communications TippingPoint Intrusion Prevention System Advantages: –Avoids "should we or shouldn't we" block debates –TP filters catch all variants of exploit Goals: –Not a substitute for proper host management –Improve S/N ratio of internal IDS logs –Buy time for certain kinds of attacks Outside: dialin, wireless, dorms, & alas, UWB Status: –Testing successful (modulo HDD failure) –Not yet in final configuration –Started blocking spyware this week

6 6 University of WashingtonComputing & Communications Logical Firewall Enhancements New LFW option: Tiny subnets, one per host, to block or filter intra-workgroup traffic Can use for smallish PPTP VPN deployments Uptime example: 406 days (since OS upgrade) Using bridging variation for med-ctr FW pilot Using same model for C&C-managed firewalls...say what??

7 7 University of WashingtonComputing & Communications C&C Managed Firewall Services Ironies abound :) Inline subnet-perimeter firewall option Adjunct to LFW and P172 options Goal: meet special security needs while still letting us manage network core end-to-end Anti-goal: still not a substitute for managed hosts Two flavors –Basic (one time fee) –Custom (monthly fee) Contact: CustomerCare@CaC

8 8 University of WashingtonComputing & Communications UTAC Minimum CompSec Standards UTAC-chartered sub-committee: PASSC, reps from ATAC, OR, FacSenate Builds on: UW Security Policy Only one piece: also need InfoSec std and BPs Audience: Users, Owners, SysAds Initial proposal submitted to UTAC UTAC authorized 30-day campus review

9 9 University of WashingtonComputing & Communications Details... Scope: computing devices (not info) –UW-owned or not –attached to UW net –or connecting to non-public UW resources Essence: –host-firewall or equivalent –disable unneeded services –auto-update if avail, or equivalent –active malware mitigation –don't install anything that exposes non-pub info

10 10 University of WashingtonComputing & Communications Enterprise Security Risk Assessment PASS Council initiative Based on workshops led by UW Risk Mgt Office Goal: identify high-likelihood, high-impact risks Biggie: “under-managed” computers Seeking incident data from y’all Contact: passc@u

11 11 University of WashingtonComputing & Communications Questions/Comments?

Download ppt "1 University of WashingtonComputing & Communications CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004."

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.

Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 

Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 
ITGS: MUST KNOW TERMS NETWORK. Internet Global system of interconnected computer networks that use the standard Internet Protocol Suite (TCP/IP) to serve.

ITGS: MUST KNOW TERMS NETWORK. Internet Global system of interconnected computer networks that use the standard Internet Protocol Suite (TCP/IP) to serve.
1 University of WashingtonComputing & Communications Backgrounder for Policy Discussions on Wireless Terry Gray Director, Networks & Distributed Computing.

1 University of WashingtonComputing & Communications Backgrounder for Policy Discussions on Wireless Terry Gray Director, Networks & Distributed Computing.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
UNITS meeting September 30, 2004 Network Security Roger Safian

UNITS meeting September 30, 2004 Network Security Roger Safian
University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.

University of WashingtonComputing & Communications Recent Computer Security Incidents Terry Gray Director, Networks & Distributed Computing 03 October.
UW Campus Network Upgrade Terry Gray Director, Networks & Distributed Computing University of Washington Oct 12, 1999 -- Internet2 Meeting.

UW Campus Network Upgrade Terry Gray Director, Networks & Distributed Computing University of Washington Oct 12, Internet2 Meeting.
CNIL Report April 4 th, 2005. CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.

CNIL Report April 4 th, CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.
Firewalls As Presented by Brian Dunn. Definition General Protects computer(s) from unauthorized access Types Hardware devices Software programs.

Firewalls As Presented by Brian Dunn. Definition General Protects computer(s) from unauthorized access Types Hardware devices Software programs.
1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004.

1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Similar presentations

Ads by Google