110 likes | 262 Views
CAMPUS NETWORKING & SECURITY UPDATE. Terry Gray 16 Dec 2004. AGENDA. 1. Campus Wireless Initiative 2. Project 172 with NAT 3. TippingPoint Intrusion Prevention System 4. Logical Firewall Enhancements 5. C&C Managed Firewall Services
E N D
CAMPUS NETWORKING & SECURITY UPDATE Terry Gray 16 Dec 2004
AGENDA 1. Campus Wireless Initiative 2. Project 172 with NAT 3. TippingPoint Intrusion Prevention System 4. Logical Firewall Enhancements 5. C&C Managed Firewall Services 6. UTAC Minimum CompSec Standards project 7. Campus Risk Management Assessment
UTAC and Provost Initiative: 3yr roll-out Funded by Provost, Departments, and STF Goals: 24x7 managed wireless infrastructure Consistent access control model Funding model includes ops/upgrade costs Status: Endorsed by UTAC, ATAC, BoD, Provost, etc. Official announcement from Provost in January ATAC setting deployment priorities C&C working on deployment plan Campus Wireless Initiative
Required border router upgrade, now complete Currently in beta with law school and C&C Plan to enable across the net "soon” Phase-out web proxy server? Contact: CustomerCare@CaC Project 172 with NAT
Advantages: Avoids "should we or shouldn't we" block debates TP filters catch all variants of exploit Goals: Not a substitute for proper host management Improve S/N ratio of internal IDS logs Buy time for certain kinds of attacks Outside: dialin, wireless, dorms, & alas, UWB Status: Testing successful (modulo HDD failure) Not yet in final configuration Started blocking spyware this week TippingPoint Intrusion Prevention System
New LFW option: Tiny subnets, one per host, to block or filter intra-workgroup traffic Can use for smallish PPTP VPN deployments Uptime example: 406 days (since OS upgrade) Using bridging variation for med-ctr FW pilot Using same model for C&C-managed firewalls...say what?? Logical Firewall Enhancements
Ironies abound :) Inline subnet-perimeter firewall option Adjunct to LFW and P172 options Goal: meet special security needs while still letting us manage network core end-to-end Anti-goal: still not a substitute for managed hosts Two flavors Basic (one time fee) Custom (monthly fee) Contact: CustomerCare@CaC C&C Managed Firewall Services
UTAC-chartered sub-committee: PASSC, reps from ATAC, OR, FacSenate Builds on: UW Security Policy Only one piece: also need InfoSec std and BPs Audience: Users, Owners, SysAds Initial proposal submitted to UTAC UTAC authorized 30-day campus review UTAC Minimum CompSec Standards
Scope: computing devices (not info) UW-owned or not attached to UW net or connecting to non-public UW resources Essence: host-firewall or equivalent disable unneeded services auto-update if avail, or equivalent active malware mitigation don't install anything that exposes non-pub info Details...
PASS Council initiative Based on workshops led by UW Risk Mgt Office Goal: identify high-likelihood, high-impact risks Biggie: “under-managed” computers Seeking incident data from y’all Contact: passc@u Enterprise Security Risk Assessment