INDIANAUNIVERSITYINDIANAUNIVERSITY Indiana University Update Tom Zeller

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

File Server Organization and Best Practices IT Partners June, 02, 2010.

VLANs Virtual LANs CIS 278.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Wireless and Switch Security NETS David Mitchell.

Secure Computing Network

Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.

Electrical and Computer Engineering Vitaly Gordievsky Alex Trefonas Scott Richard Matt Beckford Final Project Review.

UC Davis Vulnerability Scanning and Remediation 2005 Larry Sautter Award UC Davis, Information and Education Technology.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Electrical and Computer Engineering PeopleFinder Vitaly Gordievsky Alex Trefonas Scott Richard Matt Beckford Midway Design Review.

Electrical and Computer Engineering PeopleFinder Vitaly Gordievsky Alex Trefonas Scott Richard Matt Beckford Comprehensive Design Review.

CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Computer Networks IGCSE ICT Section 4.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.

Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Common Devices Used In Computer Networks

Mindwrap inc. Wireless Solutions Presentation. 2 Mobile Access to Corporate Document Repositories Available for the Palm VII and other wireless Palm-OS.

Troubleshooting Windows Vista Security Chapter 4.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

1 TGIF: NetDB for Power Users April 11, 2003 Sunia Yang Networking Systems.

NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.

SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

Resnet Enhancements and Directions Part 1, Bruce Campbell, Information Systems and Technology.

Supporting a Wireless Network By Gareth Ayres.

BeamAuth : Two-Factor Web Authentication with a Bookmark 14 th ACM Conference on Computer and Communications Security Ben Adida Presenter : SJ Park.

NETWORKING COMPONENTS Buddy Steele Assignment 3, Part 1 CECS-5460: Summer 2014.

Minding your business on the internet Kelly Trevino Regional Director October 6,2015.

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.

Campus Network upgrade and Wi-Fi Rollout PHASE 3 - CHANGES & HOW THESE AFFECT USERS.

FriendFinder Location-aware social networking on mobile phones.

FriendFinder Location-aware social networking on mobile phones.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

NETWORKING & SYSTEM UPDATES

Module 6: Network Policies and Access Protection.

ASSIGNMENT 2 Salim Malakouti. Ticketing Website  User submits tickets  Admins answer tickets or take appropriate actions.

Networking Components Assignment 3 Corbin Watkins.

Module 5: Network Policies and Access Protection

BYOD Technical workshop Simon Bright - E2BN Philip Pearce – E2BN.

ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.

Secure Access and Mobility Jason Kunst, Technical Marketing Engineer March 2016 Location Based Services with Mobility Services Engine ISE Location Services.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Isolating and Protecting Devices on the Network A database-driven methodology Tom Zeller June 2008.

Basic Edge Core switch Training for Summit Communication.

Munix Bus WiFi Authentication, Log Management, Internet Security, Content Filter & VPN Service Internet Gateway & Business Intelligence

Network Admission Control: A Survey of Approaches Educause 2008

D-Link Wireless AP with NAP 802.1x solution

C IBM Security QRadar SIEM V7.2.6 Associate Analyst

ETHANE: TAKING CONTROL OF THE ENTERPRISE

Introduction to Networking

Printer Admin Print Job Manager

Network hardening Chapter 14.

6. Application Software Security

Zhihui Sun , Fazhi Qi, Tao Cui

Global One Communications

Presentation transcript:

INDIANAUNIVERSITYINDIANAUNIVERSITY Indiana University Update Tom Zeller

INDIANAUNIVERSITYINDIANAUNIVERSITY First an Ad for NetGuru Meets immediately after I2 Joint Techs Focuses on large campus network issues me at

INDIANAUNIVERSITYINDIANAUNIVERSITY Governance Completed 10 year Strategic Plan Beginning new 10 yr Strategic Plan

INDIANAUNIVERSITYINDIANAUNIVERSITY Governance Completed 10 yr tactical Telecom Plan – Business model considerations – Network edges in surges for new features – Dorm wiring left to natural refurb cycle – $$ for network security on ongoing basis

INDIANAUNIVERSITYINDIANAUNIVERSITY Projects WiFi RFP completed. Upgrade over summer Implementing MPLS – PCI first target

INDIANAUNIVERSITYINDIANAUNIVERSITY Isolating and Protecting Devices on the Network A database-driven methodology Tom Zeller June 2008

INDIANAUNIVERSITYINDIANAUNIVERSITY Purpose Automatically detect special categories of devices and create an appropriate network environment for them

INDIANAUNIVERSITYINDIANAUNIVERSITY Methodology Overview 802.1x on wired and wireless For non-802.1x devices switch proxies using MAC address as username and pw Custom RADIUS server recognized username is a MAC address looks up policy

INDIANAUNIVERSITYINDIANAUNIVERSITY Define Device Categories Work with departments Categories should be easily added Examples: – PCI cash register – Security Camera – Stolen Laptop – RoboDog – Many more

INDIANAUNIVERSITYINDIANAUNIVERSITY Define Policy Action for Each Category VLAN ID Port ACL Access Denied Alert someone (e.g. stolen laptops) Allow only if in a particular building Allow only if network type matches

INDIANAUNIVERSITYINDIANAUNIVERSITY MAC Table Input Web application with granular access to categories – e.g. Only physical plant admins can add cameras API for IDS, scanners, etc to add devices on fly Include date for annual refresh Force building restriction for most categories Restrict to wired or wireless only (or both)

INDIANAUNIVERSITYINDIANAUNIVERSITY Device, Category/Action Tables

INDIANAUNIVERSITYINDIANAUNIVERSITY Link VLAN names to VLAN Numbers VLAN “Quarantine” is different number in different locations

INDIANAUNIVERSITYINDIANAUNIVERSITY RADIUS Logic If username is a MAC address – Don’t authenticate via ADS – Look up in registered device table – If present retrieve policy action and building – If building matches requesting switch Send policy via RADIUS attributes to switch

INDIANAUNIVERSITYINDIANAUNIVERSITY Transparency: The Solution to Complexity Develop web application to allow support personnel to enter MAC address and see what SHOULD have happened (category, building, VLAN, ACL) and/or what ACTUALLY happened (from log file)

INDIANAUNIVERSITYINDIANAUNIVERSITY Need to investigate Trusted Computing Group – Trusted Connect Group – New IF-MAP standard for NW database – Input from multiple sources – Info subscribed by network device Consider intersection between device and user, if any

INDIANAUNIVERSITYINDIANAUNIVERSITY Indiana University Update Tom Zeller