EDUCAUSE & Internet2 Security Professionals Conference The Challenge: Securing a Large Multicampus Network Kirk Kelly – Pima Community College Scott Ferguson – Pima Community College April 11, :45pm – 3:45pm Denver Ballroom 2

Outline Who is Pima Community College (PCC) PCC technology infrastructure Specific incident Lessons learned New security devices New network architecture Questions

Pima Community College Located in Tucson, AZ 8 campuses 9 centers Enrollment 61,769 – Credit 13,639 – Noncredit 75,408 – Combined

Student Profile Average age: 27 41% ethnic minorities 56% female 69% part-time 68% daytime 25% evening 7% weekends

Current Data & Phone Network 15,000 data network connections across the college 7,000 devices connected to the 100/1000mbits Campuses, DO, and MS connected at 1 Gigabit speed via City I-Net Fiber ring Wireless at all locations 2,500+ phone lines across the college Over 70 (IDF/MDF) rooms

Wiring Closets, Before and After

W32/Blaster Announced August 2003 Blaster, Nachi, Welchia Blocked port 135, etc. at the edge Thought antivirus updates were in place No problems first day while others across the Internet are having major problems Day two an infected laptop plugs in Infection spreads quickly and network is shut down

The Awakening All services stopped All IT meeting with the Chancellor at 6:00pm 35+ employees worked all night All core systems back online by 1:00pm the following day Some remote sites offline for 2-3 days

What Did We Learn? Antivirus updates handled differently at every campus MS patches were way behind Firewalls & routers were underpowered and over tasked (new firewalls installed two months earlier) No way to control or secure campus links Network not segmented Poor communication between command center and staff No HVAC No keys

Desktop Antivirus and Updates All computers centralized into two domains McAfee ePolicy Orchestrator WSUS for MS security updates

Intrusion Detection? Demo of an Intrusion Detection System (IDS) Visited U of A Discovered an IDS needs constant babysitting Demo of an Intrusion Prevention System (IPS) No more staff on the horizon No central data security position or team

Purchase an IPS Decision to purchase IPS Updates Threat Management Center Inline on Internet connection Inline to all WAN links “Wire Speed” packet inspection at gigabit speeds

Firewall Needed more horsepower Needed firewall ports to support all WAN links Needed more DMZs Needed more advanced features Purchased new firewalls 24 gig ports Virtual firewalls Redundant boxes for redundant links Processor management

Changes to Network Needed multiple DMZs to support a centralized server approach Created a Frame Relay T1 Failover Network Switch to gigabit Network segmentation Redundant Internet connection (BGP with City) Created public access network Wireless rides on public network

Additional changes Established a disaster recovery site Payroll and native Banner only Redundant Internet link Re-architected college DNS/DHCP From 10 distributed servers to 4 centralized Chose an appliance solution HA pair for internal, 1 at disaster recovery site, 1 for external DNS

Future Clean access type things….. Patch, spyware and antivirus checking Quarantine Goal to provide students access and maintain security Portal, students in LDAP VoIP pilot and phased installation Wireless security Wireless with U of A and City of Tucson Inet tie in

Questions?