Chris Webster Office of Information Technology North Carolina State University.

Slides:



Advertisements
Similar presentations
Internet Hardware Connected ‘Servers’ Servers provide: – Web pages – – File downloads.
Advertisements

VLANs Virtual LANs CIS 278.
Challenges and Incidents in Higher Ed. About->Presenter Zach Jansen Information Security Officer, Calvin College.
Overview of Wireless Network Steven Fetcie Infrastructure Manager Information Services.
CAMPUS WIRELESS CONCERNS A Mobility Panel Discussion Andy Voelker - Western Carolina University Sheila Crowe - Montana State University Rebecca Irvin Lee.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
WAN Connectivity The VMO Wide Area Network will extend between all stores, offices, and Lyon, France We have designed a highly redundant network with.
Presented by Serge Kpan LTEC Network Systems Administration 1.
Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
ACACIA Threaded Case Study Seamus Burns Ronan Conaghan Eugene Cullen.
A Guide to major network components
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Wireless UTC Jess Williams Wireless Network Administrator Robbie Reel Network Operations Manager Christopher Howard Senior Network Engineer.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Networking Components Raymond C. Banks LTEC 4550 October 12, 2013.
Effective Customer Service: Exploring the process from beginning to end.
Securing a Wireless Network
Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.
York Secure Scan vs Microsoft Windows Our story and how we dealt with it.
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
Presenters: Chris White – Oregon State University Karl Vollmer – Oregon State University Chris Giem – Oregon State University Traffic Shaping & Quotas.
1 Raiders of the lost Arp Customer A Broadband 1.5 Mbps aDSL ISP Network Edge ISP Network Edge Set-top device converts IP into Video Signal for TV Every.
NETWORKING COMPONENTS By Scott H. Bowers. HUB A hub can be easily mistaken for a switch, physically there are no defining characteristics, both have power.
Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.
Assignment 3: Networking Components LTEC 4550 Jose L Ortiz Jr.
University of Montana - Missoula Adam Ormesher & Chase Maier.
HUB Connects multiple workstations, servers, and other devices to a network. Can be used to connect two or more computers to one network port. Handles.
© Aastra – 2012 SIP-DECT 4.0 RFP 43 WLAN June 2012.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Lecture 1 Internet CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger and Daniel Zappala Lecture 2 Introduction.
Basic Network Gear Created by Alex Schatz. Hub A hub is a very basic internetworking device. Hubs connect multiple machines together and allow them to.
1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.
1 Improving Security Through Automated Policy Compliance Christopher Stevens Director of Network and Technical Services Lewis & Clark College Educause.
Internet2 Spring 2004.pptApril 2004 Napster University Program Elements of Success W. Pence Chief Technology Officer Napster LLC.
NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.
Update on Campus Networks December 2009 Bruce Campbell Director, Network Services Information Systems and Technology.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
Based on work by DoIT Network Services, UW-Madison The Network and the Role of Tools January 6, 2006 Ron Kraemer, Deputy CIO.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Network Components By: Zach Przybilla CECS 5460 Fall 2015.
Campus Wireless Network kitenet Koji OKAMURA Research Institute for Information Technology, Kyushu University.
Supporting a Wireless Network By Gareth Ayres.
NETWORKING COMPONENTS Buddy Steele Assignment 3, Part 1 CECS-5460: Summer 2014.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
Myles Fenton January 2008 Monash Internet service 2008.
Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.
NETWORK COMPONENTS BY REYNALDO ZAMORA. HUB Hubs are devices that serve as the central connection for a network. Its job is to send data from one computer.
Alex Leifheit NETWORKS. NETWORK A number of interconnected computers, machines, or operations. Key Components Network components, Network Architecture,
CRICOS Provider Code: 00113B Internet Traffic Management and Accounting at Deakin University QUESTnet & AARNet Workshop Brisbane – August 2012 Paul Fikkers.
Network Equipment Assignment 3 LTEC 4550 Aaron Whitaker.
Chapter 7 Part 2 Networks. Why would I ever consider a wired network connection over a wireless? – Wireless signals are more susceptible to interference.
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.
Assignment # 3 Networking Components By: Jeff Long.
Securing your Personal Wireless Networks By: Bryan Oxendale.
© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.
Assignment 3 Jacob Seiz. Hub A hub provides a central access point for a network. Through multiple I/O ports a hub can connect multiple Ethernet devices.
Technology and You!.
Direct Deposit Phishing Attack
Networking and Health Information Exchange
Introduction to Networking
Client-Server and Peer to Peer networks
Firewalls Routers, Switches, Hubs VPNs
File Transfer Issues with TCP Acceleration with FileCatalyst
Campus Network ~100 academic/administrative buildings
SurfCFCC Secure Wireless Access For Students, Faculty, and Staff.
Introduction to Networking Security
Presentation transcript:

Chris Webster Office of Information Technology North Carolina State University

About NC State 33,000 students total 23,000 undergraduate students 8,000 graduate students 8,000 faculty and staff Largest of the 16 University of North Carolina schools 12 colleges

Connectivity Typically 2 ports per room Each port connected to 10/100 switch port No wireless coverage is currently provided in the residence hall rooms Campus has a 10Gb/s link to our ISP, who provides connections to: All University of North Carolina system schools Many K-12 schools around North Carolina Internet2 National LambdaRail

Restrictions on access ResNet access control handled with Cisco Clean Access Anyone with an active university computing account can log on (including faculty and staff) No restrictions on what type of devices are connected (computers, IP phones, game consoles)

Traffic management ResNet total bandwidth capped at ~400Mb/s No per-user or per-application bandwidth limit (no traffic shaping) Application restrictions: Outgoing access to SMTP restricted to a ResNet-only SMTP server No access to campus software licensing servers

What can they do? In short, just about anything! Each connected device receives a public IP address Running servers is permitted (except SMTP servers) Students can run their own wireless access points, as long as the APs don’t cause network problems or interfere with University-managed access points

George Casper Bucknell University Library & IT

About Bucknell University 3500 undergrads 150 graduate students 330+ faculty Largest private liberal arts university in US College of Arts & Sciences, College of Engineering, currently working towards a College of Management

Connectivity 1 port/pillow, 1 additional in shared common rooms 10/100 ports Campus-wide wireless coverage* Campus has a 600 Mb/s connection to our ISP Founding member of PennREN * yeah, there’s some dead spots

Restrictions on access ResNet access control handled by ImpulsePoint Safeconnect – applies to anyone connecting from ResNet VLANs or identified as students on wireless Secure wireless (WPA2 Enterprise) requires a University computing account; anyone can use unsecured guest wireless No restrictions on what can connect, though not everything is supported

A Brief History of Bandwidth 1998 – 1.5Mbit 2002 – 3Mbit 2004 – 25Mbit of a T – 70Mbit 2007 – 70Mbit maxed out (Thanks, Charlie the Unicorn!), genesis of RBZ and P2P limits Fall 2007 – 100Mbit Spring 2008 – 2 nd 100Mbit connection from different ISP. Stopped P2P restrictions June 2009 – 600Mbit connection. Raised RBZ limits through the roof

Traffic Management Internet bandwidth is shaped with Packeteer, provides servers a 25% bandwidth guarantee and labs a 25% guarantee Historically, RBZ limited 10GB/down & 3GB/up over 3 days & 10% bandwidth to P2P limit. Wacky hijinx ensued! With the move to 600Mbit, P2P cap was removed and RBZ limits have been raised so high they’ve never been hit Application restrictions: off-campus SMTP, Skype (formerly), some apps are Keyed

What Can They Do? Most things! No limits on number of devices or servers, with the exception of SMTP servers. Occasionally, other servers (the Hub, rooted FTP, RIP) have been shut down on a case by case basis Student owned wireless access points are officially prohibited, but ones that A) use WPA2 and B) don’t broadcast SSID are generally ignored

Paul Morrison Computing Services Coordinator University of Toronto

About U of T Largest University in Canada in Canada’s Largest City 57,200 Undergraduate Students 16,000 Graduate and Medical/Prof Students 20,236 Staff and Faculty 7500 Students in Residence Many Independently Managed Parts, Central Connectivity Provided

About U of T 1 Gb/s Provided to the Internet via an ISP 1 Gb/s Out to Research Network GTANET, ORION, CA*Net, I2 - (not accessible from residence networks) Shared between admin and residence network – either can use entire connection Largely wired 100mb connections in residence rooms

Shaping Strategy Limit Student Connections to the Speed of a Typical Cable-modem Connection 5mbit down/384kbit up 2.9 Gbps UP / 37.5 Gbps DOWN Theoretical Max!! Daily transfer limits of 8GB/16GB No protocol shaping of any kind

Shaper Failure

New Shaper Sandvine Same shaping policies as before, but more capacity and enhanced monitoring and data gathering ability Surprising traffic breakdown results High traffic levels may not be illegitimate content

Legal Differences No DMCA (for now) – Bill C-32 Blank Media Levy and Music Downloading Privacy laws and the absence of lawsuits

Sheila Crowe Montana State University ResNet

About Montana State University Fall 2009 enrollment: 12,764 students 10,840 Undergraduate students 1,924 Graduate students About 3,000 students live on campus in residence halls or apartment-style Family and Graduate Housing About 1,500 staff and faculty

Port per pillow in the residence halls Port per apartment in Family and Graduate Housing Almost ubiquitous wireless access in the residence halls Campus shares 2.4 Gb/s with ResNet 300 Mb/s commodity Internet Lion’s share is Internet2 Connectivity

Homegrown registration system that compares registrant with room/apt assignments Currently working out the details on our wireless registration… – Authenticate or not? – How do we restrict wireless access to residents only? – How we will we track offenders? Restrictions on Access

ResNet users are currently limited to 2.0 Mb/s per connection. Procera PL10K NO Skype! Torrents not blocked but shaped to a “trickle”. Traffic Management

They are pretty limited with a 1.5 Mb/s connection but we still get DMCA complaints (~about 20 per semester). They want to do so much more. Lost customers, especially international students What can they do?