Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 11/21/05 NETWORK PLANNING TASK FORCE FY’06 Final Strategy Meeting.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 11/21/05 NETWORK PLANNING TASK FORCE FY’06 Final Strategy Meeting."— Presentation transcript:

1 1 11/21/05 NETWORK PLANNING TASK FORCE FY’06 Final Strategy Meeting

2 2 Meeting Schedule – FY 2006 ■Summer Planning Sessions (2) ■July 18 ■August 01 ■Fall Focus Groups (2) ■September 19 ■Fall Meetings (6) ■October 03 – Security Priority Setting ■October 17 – Network Priority Setting ■October 31 – Strategic Security Discussions ■November 07 – Network Strategic Discussions ■November 21-Final Strategic Discussions/Summary of needed decisions ■December 5 – Consensus/Prioritization/Rate Setting

3 3 Agenda ■ Security Discussion ■ Scan & Block ■ Edge Filtering ■ Local Firewall Support ■ Proposed Next Version Critical Host & Proposed Services ■ Wireless Rate Proposals ■ 100Mbps Rate Proposals ■ Summary of Needed Decisions

4 4 FY ’06 NPTF Goals ■ Evaluate various CSF funding models. ■ Hold as many rates flat as possible for FY ’07. ■ Depending on outcome of 100Mbps pilots, lower rate in January 2006. ■ Determine new strategic initiatives/directions. ■ Determine which services can be scaled back. ■ Deploy new wireless APs to include capitalization.

5 5 Scan and Block Review (MM) ■Authenticated network access at connection time with: ■Brief scan for compromised and some vulnerabilities ■Optional agent to detect patch level, anti virus ■Quarantine problems, and allow those that “pass” to access the network with deeper scans once connected. To PennNet -OR- Access Network Quarantine and Remediation Network Production Service Network Scanning Server

6 6 Scan and Block (MM) ■Recommendation: ■Deploy a “scan and block” system to help prevent network access by compromised or vulnerable computers. Authenticated wired and wireless network access, with brief scan of hosts for major vulnerabilities at connection time. Quarantine those with problems found, until they can be patched or repaired. Allow those that “pass” the scan to access the network. Schedule deeper scans once connected. ■Planning Assumptions: ■Deploy scan and block for campus wireless networks for those that require it. ■Law, Dental? ■Could be deployed with optional agent. ■Timing is an issue. Scan & Block requires upgraded wireless access points. ■Implementation in the residential system (wired and wireless) Summer, 2006. ■Based on funding.

7 7 Solution Options (MM) ■Estimated Costs ■One-time cost for residential system and some wireless networks, $300,000 (either option) ■$50k ongoing costs to start in FY ‘08 ■Preferred Option : Solution from Lockdown Networks ■http://www.lockdownnetworks.com/http://www.lockdownnetworks.com/ ■Currently working with vendor on key elements, with final go/no-go in mid-December ■Second Option : Locally developed solution ■Needed if Lockdown cannot fully meet requirements ■Large software development project, requiring approximately 1 person-year ■Server hardware to handle scanning/logging ■Third Option : Shared solution ■Exploring options with Cornell in the hope of "sharing" a solution"

8 8 Timeline (MM) ■ Goal of deployment in residential buildings for start of Fall 2007. Could be expanded thereafter. Jul 04 Jan 05 Jul 05 Jan 06 Jul 06 Solutions Design Scan & Block Evaluations Purchase & Integrate, or Build Planned Deployment Initial SUG And ITR Talks NetReg, &.1x pilot

9 9 Edge Filtering (DM) ■Recommendations: ■By July 1, 2006, Block NetBios at PennNet edge, other than in a reserved range of addresses. External traffic bound for Netbios services on all other Penn IP addresses would be blocked. NetBios would be remotely available for machines in the subnet ■and…. ■FY’ 08: Encourage replacement of remote access to NetBios services with functional equivalents that don’t use NetBios – e.g. Exchange Server 2003 RPC over HTTP and new file service options. ■Planning Assumption: ■Requires technical/communications planning and information gathering now. ■School/center support. ■WINS server information necessary ■DHCP ranges ■Windows browsing requires configuration ■Campus-wide communications would need to begin soon.

10 10 Local Firewall Support (DM) ■Recommendations ■ISC to select a recommended firewall product. ■ISC to provide a for-fee firewall consulting service. ■Streamline ISC intake for this service to coordinate with TSS, Networking and Security. Work to improve awareness of ISC’s support for local firewalls. ■Recommend external consultants for fee. ■Implementation Considerations ■Target to implement May, 2006

11 11 Rationale for Distributing Security Responsibility (DM) ■Goal: Find the proper balance of what security services to provide centrally vs. perform locally. ■Planning Assumption: For local services, you may either “do-it- yourself” or hire ISC for-fee. ■Rationale: ■Provide services centrally when they can be most efficiently and effectively done over the network. ■Provide security services locally when it is more effective and efficient to perform them locally. ■Examples: ■Vulnerability and compromise scans be effectively and efficiently performed centrally, except for machines behind firewalls. ■Password cracking can be most effectively and efficiently done locally with host-based password cracking software.

12 12 Proposed Next Version Critical Host & Proposed Services (DM) LOCAL DUTYSUPPORTING ISC PRODUCT/SERVICE By 1/1/07, scan critical hosts behind firewalls for vulnerabilities monthly. Provide training on security scanners – ISS, Nessus, Scanline Provide a for-fee security scanning service By 1/1/07, run password cracking software monthly.Recommend platform-specific cracking software. By 7/1/07, place critical hosts with confidential data behind a firewall. Establish a supported firewall product, matched with for-fee, vendor-provided firewall administrator training. Provide a for-fee firewall consulting service to select and configure a firewall. Publish a list of approved and qualified firewall consulting services. By 7/1/07, implement a program of local Intrusion Detection or Prevention to detect common network attacks promptly. Recommend an intrusion detection product and provide supporting training. By 7/1/07, encrypt confidential data stored on Laptop Computers Recommend encryption tools (e.g. encrypting file systems, PGP) By 7/1/07, all access to Critical Hosts by individuals with Administrator or Root-level privileges must use two- factor authentication. Commit to provide supporting documentation and infrastructure Deploy documentation and infrastructure. Establish two-factor authentication standard Appoint Local Security Officer responsible for coordinating School/Center SPIA, ensuring compliance with local responsibilities. Establish support infrastructure (quarterly meetings, mailing list, training) for Local Security Officers.

13 13 Wireless - Current Status (MP) ■ 400 ISC and school-supported access points. ■ Approximately 20% of campus has wireless connectivity. ■ Have approval for complete College House and Sansom Place wireless installations (500 APs). Live Fall ’06. ■ Discussions currently underway for Wireless in 21 Greek houses. (42 APs) ■ Many large-scale installations pending – New McNeil, Life Sciences, Bennett Hall. ■ By Fall 2006, Penn will have about 50% wireless connectivity.

14 14 Wireless Proposal FY ’07 ■ISC to capitalize access point hardware, using a 3-year depreciation schedule. ■Deploy next generation of wireless technology. ■ISC to replace all existing APs under ISC support by the end of FY ’07. ■Costs for hardware depreciation, hardware/software support, staff, etc. will be about $27/month per AP. ■It is currently $27/month without hardware depreciation. ■How is the subsidy working for public wireless IP addresses?

15 15 Public Wireless IP subsidy by school/center

16 16 Wireless Estimated One-time Costs ■Site survey/plan 2 Techs 2hrs ■Equipment config and activation1hr ■vLAN config and testing1hr ■Final survey (2 Techs)1hr ■Documentation & Net Mgmt1 hr ■Total ($55/Hr)6 hrs = $330 ■Wiring (If necessary) $400 ■Enclosure (If necessary) $ 60 ■TOTAL $790 * Building Architecture and Coverage Complexity will affect labor and material costs.

17 17 FY ‘07 Wireless Support Costs (Monthly Fee Per Access Point) ■ Cost Breakdown ■ Hardware depreciation $13 ■ Hardware/software maintenance $ 5 ■ Staff costs per AP $ 9 ■ Sub Total $27 ■ Port charge per AP$6.03 ■ TOTAL$33.03

18 18 High-speed Connectivity for Desktops and Servers ■ School/center needs ■ Increase desktop/server speeds ■ Lower charges for 100 and 1000Mbps connections. ■ Proposed rates 1/1/06 ■ 100Mbps - $2 surcharge instead of $10 ■ One time charge for 10/100 conversions, $20 for software and documentation changes/ administrative changes. (Bulk discount rate TBD.) ■ 1000 Mbps – rate still being developed.

19 19

20 20 Current Status of PennNet Infrastructure ■ Routing core recently upgraded to 10Gig (10,000Mbps) ■ Most buildings at 100Mbps to routing core, a few at 1000Mbps (Blockley, ISC/SEO). ■ Internet bandwidth usage about 700Mbps. ■ All building with 1000Mbps building backbones. ■ Most buildings would need new fiber to get to 1000Mbps ■ 36,000+ desktop connections at 10Mbps (ISC and school supported). ■ 4000 desktop connections at 100Mbps (ISC and school supported). ■ < 50 desktop/server connections at 1000Mbps (ISC and school supported). ■ Approximately 20% of buildings have network redundancy.

Download ppt "1 11/21/05 NETWORK PLANNING TASK FORCE FY’06 Final Strategy Meeting."

Similar presentations

1 Overview Program Goals Laptops Wireless Networking Desktop Management Support Training Pilot Project Timelines Connecting Classrooms Agenda.

1 Overview Program Goals Laptops Wireless Networking Desktop Management Support Training Pilot Project Timelines Connecting Classrooms Agenda.
Chapter 3: Planning a Network Upgrade

Chapter 3: Planning a Network Upgrade
1 NETWORK PLANNING TASK FORCE FY’06 “ Final Session – Setting the Rates” 12/5/05.

1 NETWORK PLANNING TASK FORCE FY’06 “ Final Session – Setting the Rates” 12/5/05.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.

1 10/31/05 NETWORK PLANNING TASK FORCE Information Security.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.

IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.
Prepared: October, 2005 1 Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.

Prepared: October, Ann Garrett, State Chief Information Security Officer Statewide Security Update October 25, 2005 Information Technology Advisory.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CNIL Report April 4 th, 2005. CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.

CNIL Report April 4 th, CNIL Report (Apr 4 th, 2005) Two Major Goals: –Improvement of Instructional Services –Strengthening research IT infrastructure.
NPTF Wireless Discussion. 3/3/20032 Agenda Goals Strategy Current status Future plans Challenges Options.

NPTF Wireless Discussion. 3/3/20032 Agenda Goals Strategy Current status Future plans Challenges Options.
1 NETWORK PLANNING TASK FORCE FY’06 Network Strategic Discussions 11/7/05.

1 NETWORK PLANNING TASK FORCE FY’06 Network Strategic Discussions 11/7/05.
Network Planning Task Force Special Spring Session.

Network Planning Task Force Special Spring Session.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.

1 NETWORK PLANNING TASK FORCE FY’07 “ Setting the Rates” 11/20/06.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
EDUCAUSE Security 2006 Internet John Brown University.

EDUCAUSE Security 2006 Internet John Brown University.
Stanford’s Patch Management Project   Ced Bennett May 17, 2004 Copyright Cedric Bennett 2004. This work is the intellectual property of the author. Permission.

Stanford’s Patch Management Project   Ced Bennett May 17, 2004 Copyright Cedric Bennett This work is the intellectual property of the author. Permission.

Similar presentations

Ads by Google