UW Madison Campus Network Security Strategy Campus Firewall Service Rick Keir DoIT Network Services

Slides:

Advertisements

Similar presentations

Impacts of 3 rd Party IaaS on broadband network operations and businesses Prabhat Kumar Managing Partner, i 3 m 3 Solutions.

Advertisements

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Introducing Campus Networks

Guide to Network Defense and Countermeasures Second Edition

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Campus LAN Overview. Objectives Identify the technical considerations in campus LAN design Identify the business considerations in campus LAN design Describe.

Emerging Trends for Jobs in IT Sector & Business IT.

The Power of the Core Service Catalog Michele Morrison and Judy Shandler EDUCAUSE – Tuesday, October 10, 2006.

The Efficient Fabric Presenter Name Title. The march of ethernet is inevitable Gb 10Gb 8Gb 4Gb 2Gb 1Gb 100Mb +

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.

Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

2 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Rates and Billing for New ITS Services Financial Unit Liaison Meeting February 16, 2011 Barry D. MacDougall Information Technology Service.

Data Center and Network Planning and Services Mark Redican IET CCFIT Update Feb 13, 2012.

Next step of e-government.. Importance Foreword Cloud computing  Characteristics  Service  Users  Benefit Challenges in E-government Cloud government.

Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.

Windows Azure Networking & Active Directory Nasir (Muhammad Nasiruddin) Developer Evangelist - Azure Microsoft Corporation

Banking Clouds V International Youth Banking Forum.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.

Chapter 1: Hierarchical Network Design

Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

PCGRID ‘08 Workshop, Miami, FL April 18, 2008 Preston Smith Implementing an Industrial-Strength Academic Cyberinfrastructure at Purdue University.

System Center 2012 Certification and Training May 2012.

An emerging computing paradigm where data and services reside in massively scalable data centers and can be ubiquitously accessed from any connected devices.

Ocean Observatories Initiative Common Execution Infrastructure (CEI) Overview Michael Meisinger September 29, 2009.

AMSI Hosting Options User Panel Discussion Presented by Brian Torney Session 107 Advantages of Self Hosting.

Module 7: Fundamentals of Administering Windows Server 2008.

Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Community Tour 2011 Infrastrutture in evoluzione.

Toolbox Helping You Define Value and Close Business Defining the Value of Desktops-as-a-Service.

For Testbeds TM. Secure, multi-tenant cloud orchestration platform –Turnkey platform for delivering IaaS clouds –Hypervisor agnostic –Massively scalable,

EDUCAUSE 2005 Annual Conference October 19, 2005.

Chapter 5 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.

Based on work by DoIT Network Services, UW-Madison The Network and the Role of Tools January 6, 2006 Ron Kraemer, Deputy CIO.

Remote Access Portal Project Ben Dawson Larry Finn Peter Stickney Ken Vedaa May 7, GC.

Slide 1 Experiences with PerfSONAR and a Control Plane for Software Defined Measurement Yan Luo Department of Electrical and Computer Engineering University.

© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 1 Transforming Server Virtualization with Cisco VN-Link Belmont Chia Consulting System Engineer.

Look, Ma, No Hardware -Stephanie Schossow. Cisco & VMware  September 16, Industry leaders in virtualization Cisco and VMware® announced that they.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Internet Engineering Course Outline. Internet Engineering Course; Sharif University of Technology Aims and Contents To attain necessary skills for handling.

3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.

CISC 849 : Applications in Fintech Namami Shukla Dept of Computer & Information Sciences University of Delaware A Cloud Computing Methodology Study of.

Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.

Virtual Desktop Infrastructure

ICT Mission To facilitate learning, teaching, and research in London South Bank University by providing first class IT infrastructure and services.

MANAGED LAN SERVICES How will you benefit? Managed LAN service  Full LAN service (hardware, operation, other services)  Per-port pricing  International.

21 st Century Network Project Status Approximately 18 months ago work began on the 21st Century Network Project. This project encompasses many facets of.

Steven Adler Enterprise Technology Strategist Microsoft EMEA.

Deploying BI to the Enterprise Toronto Area Users Group Sept Tim Quigg inbusiness solutions.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Hierarchical Network Design Connecting Networks.

1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Network Architecture Characteristics  Explain four characteristics that are addressed by.

Plesk 8 for Linux/UNIX Server Automation SWSOFT GLOBAL HOSTING SUMMIT 2006 Todd L. Crumpler May 30-June 1, 2006.

© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.

Designing Cisco Data Center Unified Fabric

Agenda  What is Cloud Computing?  Milestone of Cloud Computing  Common Attributes of Cloud Computing  Cloud Service Layers  Cloud Implementation.

Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University

SECURITY ZONES.

Welcome! Thank you for joining us. We’ll get started in a few minutes.

AWS. Introduction AWS launched in 2006 from the internal infrastructure that Amazon.com built to handle its online retail operations. AWS was one of the.

IS3120 Network Communications Infrastructure

Infrastructure, Data Center & Managed Services

Based on work by DoIT Network Services, UW-Madison

Your Next LIMS: SaaS or On-Premise? Presented by:

NAV In The Cloud: Exploring Options for a Cloud-based Deployment

Preparing for the Windows 8.1 MCSA

Applying CIM to SD-WAN Weiqiang Cheng, Feng Yang(CMCC)

Presentation transcript:

UW Madison Campus Network Security Strategy Campus Firewall Service Rick Keir DoIT Network Services

UW Madison Campus Firewall Project Outline Project history Design –Service Virtualization –Security Domains –Deployment and Integration –Support Models Design highlights/caveats Next steps

Project History R&D effort started on enterprise scale security systems Campus-wide firewall technology identified as needing major attention Analysis of solutions came up largely empty Departments needed to purchase and run their own firewall infrastructure

Project History (cont) Vendors now scaling products to multi-gigabit speeds DoIT Network Engineers surveyed market, met and argued with various vendors Cisco FWSM product “ripened” in 2004 Evaluation, testing, and more testing FWSM software passed DoIT evaluation process last month Results discussed with campus IT groups

Service Virtualization Virtualization allows multiple separate instances to exist in the same chassis We use virtualization today for VLANs With the FWSM, we can have multiple firewall instances on the same physical hardware

Design Security Domains –Ability to separate “chunks” of department networks into domains. –Server DMZ’s, Client Networks, etc. can be defined by building, or more generically by VLAN –Through VLAN magic, hosts can optionally be in different security domains, but on the same Level 3 segment.

Security Domains (department example) A firewall instance per security domain Security domains can be placed in collaborative and centralized XXI buildings.

Support Models Collaborative Administration –Targeted at collaborative customers –Tools for easier administration –Supported through the NOC. Centralized Administration –Targeted at collaborative and centralized customers –Pick from a “security menu” of options, such as client network, server DMZ, etc. –Supported through the NOC for AA’s, primary TP’s –Supported through the Helpdesk / Desktop Support if there is no department admin

Deployment and Integration Does campus want Opt-In or Opt-Out? Integration into AANTS Active/Passive HA model Customer provisioning: –Deployment scenarios engineered to meet individual customer network needs –Consultation with Network Engineers –In many cases, D-Day style deployment can be avoided

Design Highlights & Caveats Demand can be met Campus security posture will improve, even for those without network admins Security Domains Scalable deployment Manageable network support Routed Core more resilient Deployment won’t happen overnight Security Domains may mean renumbering for some Multiple fw’s to admin may mean more work Support for legacy protocols ends Support for cross-campus L2 networks largely ends

Next Steps Pilot Program More discussion and feedback from campus Campus buy-in and go ahead Development of tools, support procedures, SLAs, training program, hardware deployment, etc. Policies must be created

Questions? Rick Keir UW Madison Campus Network Security Strategy -- Campus Firewall Project