Presentation is loading. Please wait.

Presentation is loading. Please wait.

Providing secure open- access networks Oliver Gorwits Oxford University Computing Services.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Providing secure open- access networks Oliver Gorwits Oxford University Computing Services."— Presentation transcript:

1 Providing secure open- access networks Oliver Gorwits Oxford University Computing Services

2 Providing secure open-access networks Workshop Outline  Review of the Problem Domain  Designing secure open-access networks  Incl. software and hardware choices  Implementing secure open-access networks  OUCS and Libraries  Q & A

3 Providing secure open-access networks Problem Domain  Summer 2003 : large-scale Internet worms  Widespread laptop use  Catch-22 for software updates  Network security  University business

4 Providing secure open-access networks Statutes and Regulations  ICTC Regulations  Monitoring (4)  Viruses (7.11)  Resources (13.2, 13.3)  JANET Acceptable Use Policy  Non-member use

5 Providing secure open-access networks Designing the Network

6 Providing secure open-access networks Use Cases (1)  Vital!  Humans - Who  Applications - What  Computers - How  Locations – Where & When

7 Providing secure open-access networks Use Cases (2)  OUCS Helpcentre  MS, Antivirus updates  Building visitors  Lectures, Conferences  Larger scale non-full-member  Library Readers – odd services

8 Providing secure open-access networks Network Integration (1)  Cabling and Switch-gear  Mix-in with existing infrastructure  New or refurbished facility  Labelling and Identification  Distribution cables  Port faceplates

9 Providing secure open-access networks Network Integration (2)  IP space  Address and port translation  Hardware Configuration  Backup management  Avoid the replacement-exposure problem

10 Providing secure open-access networks Managing Users  Controlled access  Physical, to the building  Virtual, to the network  Accounting  Open-access means unknown user?  Supervision

11 Providing secure open-access networks Network Access  Firewall rules  Refer to the Use Case  OUCS – restricted  Official service servers only  Transparent HTTP redirect  Default deny in both directions

12 Providing secure open-access networks Basic Topologies  VLANs  Vendor support  NAT  Software or Appliance  DHCP  Client support (MacOS pre-X)

13 Providing secure open-access networks Hardware  Off the shelf appliances  Cisco PIX – DHCP & NAT  Open Source  Linux/*BSD with daemons  Black box solutions  Bluesocket – Web interface

14 Providing secure open-access networks Software  Packet Filtering  iptables / ipfw  Scanning  Commercial  Various - see Google  Non-commercial  nmap, nessus

15 Providing secure open-access networks Implementing the Network

16 Providing secure open-access networks OUCS Visitors Network (1)  Mix-in with existing helpcentre network  VLAN per user into managing devices  Minimum ongoing maintenance  No peer to peer communications  Intended for MS/AV updates and teachers  Restrictive service

17 Providing secure open-access networks OUCS Visitors Network (2) C2950 Helpcentre Distribution Switch Vlan100 VlanTrunk Vlan100 Vlan103 Protected Ports Cisco PIX 515 Backbone

18 Providing secure open-access networks OUCS Visitors Network (3)  Access Control List:  Default deny Incoming and Outgoing  OUCS : NTP, DNS, SMTP, HFS, NNTP, VPN  Also SSH, FTP, POP, IMAP to anywhere  OLIS on the telnet port  Transparent HTTP redirect via OUCS proxy  Minimal accounting; limited availability

19 Providing secure open-access networks Libraries Reader Network (1)  Permissive service due to user requirements  Orthogonal to OUCS service  Large number of (potential) users  Need to pre-register  Multiple sites and networks  No site-local IT support

20 Providing secure open-access networks Libraries Reader Network (2) PC Scanning Station File Server PC Library Protected-Port Switch Library Distribution Switch Firewall Backbone  NFS SMB MAC addresses

21 Providing secure open-access networks Libraries Reader Network (3)  Known limitations:  Possible post-registration infection  Annual registration expiry  Client  Scanning Station incompatibility

22 Providing secure open-access networks Q & A

Download ppt "Providing secure open- access networks Oliver Gorwits Oxford University Computing Services."

Similar presentations

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
IS 247 Introduction to Web Application Development Tim Wu.

IS 247 Introduction to Web Application Development Tim Wu.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
Wi-Fi Structures.

Wi-Fi Structures.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services

1 Installing a Wireless Network for University Members Oliver Gorwits, Roger Treweek Oxford University Computing Services
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.

The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Virtual Company Group 8 Presentation Date: June /04/2017

Virtual Company Group 8 Presentation Date: June /04/2017

Similar presentations

Ads by Google