1 / 46

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education. Charles Benjamin. University of Florida Department of Housing. Resident Housing at UF. University of Florida Campus A 2,000 acre campus Over 49,000 student enrollment

hafwen
Download Presentation

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Being Proactive with Computer Posture AssessmentDepartment of Housing and Residence Education Charles Benjamin

  2. University of FloridaDepartment of Housing

  3. Resident Housing at UF • University of Florida Campus • A 2,000 acre campus • Over 49,000 student enrollment • Department of Housing Residence Education • 45 Undergraduate buildings, 5 GFH villages • Over 8,500 living in Housing • Housing IT • IT Network and Systems • IT Support • IT Application Development

  4. The Housing Network • Ethernet • The DHNet backbone is 10 Gig bps • Two 10 Gig bps connections to UF campus • backbone • Over 10,000 student Ethernet connections • IEEE 802.1x for authentication • Over 90 switches 1/3 Catalyst 6500 • Over 90,000 feet of fiber 12 – 48 count

  5. The Housing Network • Wireless • 346 Wireless Access Points • Support IEEE 802.11 a, g n • 2.4 and 5 Gig Hz radios • 4 WISMs (Wireless Service Module) • WCS (Wireless Control System) • PEAP MSCHAP v2 (Protected Extensible • Authentication Protocol) • IEEE 802.1x for authentication

  6. Network Security • Network • Cisco FWSM on uplinks to campus • Intrusion Detection System (IDS) SourceFire • Network monitoring StealthWatchLancope • Authentication XpressConnectCloudpath • Nessus Tenable • EmployeeComputers • Web Filter Websense • Scan files with Identity Finder • Antivirus VIPRE GFI Software

  7. Why Posture Assessment? • Problem • Student computers were being infected • with malware • Scanning and removing of malware • Disruptive • Potential for loss of data • Time consuming • Solution • Be proactive with posture assessment

  8. Goals with Posture Assessment? • Be proactive rather then reactive to malware • Minimum reconfiguration of network • Minimum disruption to students • Cost

  9. Network Access ControlEvaluation • Cisco • Bradford Networks • Impulse SafeConnect • KIS (Minimum reconfiguration of network • Components (Single appliance for 10,000 users • Cost (Lowest cost of the three • Function (Minimum disruption to students • Contacted other Installations • Florida

  10. Impulse SafeConnectComponents • Policy Enforcer appliance (PE) • DB – MySQL, Webserver – Tomcat, Proxy – Squid • Management Console • Reporting Console • Policy Key • Lite weight program 1.27 M • Router configuration • Authentication Server (RADIUS)

  11. SafeConnect Connection SafeConnect Appliance (Policy Enforcer and Management Console)

  12. Impulse SafeConnectSetup • Configure Housing border router • NetFlow • Policy based routing • SSH connection • Install Policy Enforcer (PE)appliance • Configure authentication server • RADIUS • Configure Policy Groups, Management Console • Device type • Location

  13. Management Console

  14. Reporting Console

  15. Impulse SafeConnectExample of Windows Policy • Policy Key • P2P • Anti-virus • OS updates • Anti-spyware

  16. Impulse SafeConnectConnection Process

  17. Connection ProcessInstalling Policy Key Computer is configured for 802.1X and SafeConnect policy key is installed with XpressConnect Computer authenticates to the network and information is stored in RADIUS

  18. Installing Policy Key • How is the Policy Key installed: • XpressConnect from DHNet webpage • XpressConnect on CD

  19. AuthenticationIEEE 802.1x Authentication Server Supplicant Authenticator 802.1x Radius User Connects Computer Identity Request Uncontrolled Port Identity Response Authentication to Server Authentication to Server Port authorized - access VLAN Port Fail - fail VLAN Authentication Successful / Rejected Controlled Port Data VLAN

  20. Connection ProcessDetection Blocking Switch sends Netflow information to SafeConnect appliance IP Address and browser agent string RADIUS sends accounting information to SafeConnect (start record, IP address, username and MAC address)

  21. Information to Policy Enforcer RADIUS start record NetFlow Information SafeConnect Appliance (Policy Enforcer and Management Console)

  22. Connection ProcessDevice Type • Is the device • a Windows computer or Mac? No The device connects Yes

  23. Is the Policy Key Installed? No SafeConnect sends a message to the network switch to policy route host traffic to the SafeConnect Appliance Policy Key is installed Perform host posture assessment

  24. If Policy Key wasn’t Installedwith XpressConnect Source IP Address added to dynamic ACL SSH Policy Route SafeConnect Appliance (Policy Enforcer and Management Console)

  25. SafeConnect sends a message to the network switch to policy route host traffic to the SafeConnect Appliance Does the host pass posture assessment? No Webpage is displayed with custom message relating to the policy that failed Host is authenticated, posture assessment complete and connected to the DHNet Intranet Student updates host

  26. Impulse SafeConnectWarning • If the Policy Item specifies Warning • The policy key will instruct the browser to display the Warning page • Policy Based Routing isn’t used • The student still has full Internet access • Time limits for warning are set in each item of the PE Policy Groups

  27. Impulse SafeConnectQuarantine • If the Policy Item specifies Quarantine • PE sends Policy Based Routing information to the router via SSH • The students connection is “Quarantined” sent to PE and presented with a webpage of instructions and URLs • Internet access is limited

  28. Management Console

  29. Impulse SafeConnectExample of Windows Policy • Policy Key • Quarantine, Immediate • P2P • Quarantine, Immediate • Anti-virus • Warning 1 Day, Warning 1 Day, Quarantine • OS updates • Warning 1 Day, Warning 1 Day, Quarantine • Anti-spyware • Warning 1 Day, Warning 1 Day, Quarantine

  30. Reporting Console

  31. Real Time Reporting

  32. Anti Spyware

  33. Anti-Virus

  34. P2P

  35. Open Access Per User

  36. SafeConnect History

  37. Impulse SafeConnectGoing Live with Housing NAC • Implemented in phases: • Internal • Summer A 2010 • 570students • Summer B 2010 • 2,680 + 350 = 3,030 students • Fall 2010 • 7,530 + 350 = 7,880 students

  38. The Results are In • After two week • Fall 2009 (before SafeConnect) • 87 Security events • Fall 2010 • 27 Security events • Fall 2009 • 38% of all UF events came from Housing • Fall 2010 • 3% of all UF events came from Housing • After first month 4.5%

  39. Impulse SafeConnectAdd to Posture Assessment • Implemented in phases: • Spring 2011 • Add monitoring Flash and Java updates • SummerA 2011 • Enforce Flash and Java updates • Summer B 2011 • Add GFH Villages 8,500 students

  40. Thank You http://www.resnetsymposium.org/rspm/evaluation/

More Related