Presentation is loading. Please wait.

Presentation is loading. Please wait.

April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services."— Presentation transcript:

1 April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services Department

2 April 11, 20052 Outline Problem Statement –What is a VLAN? –How can it help? Proposed Solution –Layout –Implications –Details Future Expansion

3 April 11, 20053 Problem Statement Universities are prone to viruses PCs are frequently not running AV software Staff constantly monitors network traffic –Ports disabled if viruses are detected Students unable to clean / patch PC –Without Internet, more effort is necessary –Students frequently frustrated

4 April 11, 20054 Background: VLANs SWITCH

5 April 11, 20055 Background: VLANs SWITCH

6 April 11, 20056 Proposed Solution Implement two VLANs: –Default: Quarantined, DHCP –Secure: Safe, Virus-free, Static IP Automated tools can switch VLANs Traffic can be redirected/forwarded –Allow sites like Windows Update, SARC, etc. –Redirect other traffic to quarantined server

7 April 11, 20057 Current Layout SWITCH 2 SWITCH 1 SWITCH 0 FIREWALL IN-BUILDING INTERNET

8 April 11, 20058 Proposed Layout: Overview SWITCH 2 SWITCH 1 SWITCH 0 IN-BUILDING INTERNET QUARANTINE SERVER SECURE DEFAULT

9 April 11, 20059 Proposed Layout: In-Building IN-BUILDING 1 2 3 4 5 6 13 14 15 16 17 18 7 8 9 10 11 12 19 20 21 22 23 24 DEFAULTPACKET SECUREPACKET

10 April 11, 200510 Proposed Layout: Backbone INTERNET QUARANTINE SERVER DEFAULT SECURE FIREWALL

11 April 11, 200511 Proposed Layout: Server QUARANTINE SERVER DEFAULT FIREWALL DHCP Server Apache Web Server IP Masquerading (ipChains)

12 April 11, 200512 Proposed Design: ipChains... # ALLOW NMT WEB REQUESTS THROUGH -A PREROUTING --dst mailhost.nmt.edu -p tcp --dport 110 -j ACCEPT -A PREROUTING --dst externalweb.nmt.edu -p tcp --dport 80 -j ACCEPT -A PREROUTING --dst webmail.nmt.edu -p tcp --dport 80 -j ACCEPT -A PREROUTING --dst webmail.nmt.edu -p tcp --dport 443 -j ACCEPT # IF IT HASN'T BEEN ALLOWED THROUGH ABOVE, CAPTURE IT -A PREROUTING -i eth1 -j DNAT --to-destination 129.138.XXX.XXX # IF IT WAS ALLOWED ABOVE, THEN ROUTE IT THROUGH -A POSTROUTING -p tcp -s 129.138.XXX.XXX/24 -j MASQUERADE...

13 April 11, 200513

14 April 11, 200514 Possible Implications Firewall –Forward traffic depending on VLAN tag Quarantine Server –Must be frequently re-evaluated to…  Be kept secure from viruses/worms  Select valid traffic to forward –Is not designed to take full load Switches –Must have VLAN support

15 April 11, 200515 Future Expansion Automated Port Activation Requests –Allow students to register with ISD online  Integration with Banner? Automated Virus Detection and Quarantine –Detect virus activity and switch VLANs  In progress More detailed communications –Specific information / instructions –Would require multiple VLANs  For a later stage

16 April 11, 200516 Implementation of Virtual LANs for Virus Containment Questions? Aaron Soto asoto@admin.nmt.edu (505) 835-5945

Download ppt "April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services."

Similar presentations

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
Virtual LANs.

Virtual LANs.
Integration of PAP site 17 th July 10. Requirements of PAP SITE  Bandwidth drop  Router  RJ45 cables  Switch  Gateway  Nodes  Ups  9urack.

Integration of PAP site 17 th July 10. Requirements of PAP SITE  Bandwidth drop  Router  RJ45 cables  Switch  Gateway  Nodes  Ups  9urack.
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.

IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.

Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.

Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.
NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.
Scaling Service Requests Linux: ipvsadm & iptoip.

Scaling Service Requests Linux: ipvsadm & iptoip.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Introduction An introduction to the software and organization of the Internet Lab.

Introduction An introduction to the software and organization of the Internet Lab.
Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.

Treaded Case Study Computer Networks 2002 Daire Sheriden Ronan Monaghan Mark Gilmore.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The ProCurve 3500yl/5400zl/6200yl.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The ProCurve 3500yl/5400zl/6200yl.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.

Similar presentations

Ads by Google