Download presentation
Presentation is loading. Please wait.
Published byVictor Hines Modified over 9 years ago
1
Securing Schools Firewalling and Filtering on the Broadband for Schools Network. Liam Kennedy Network Engineer HEAnet Ltd.
2
Broadband for Schools Project Providing free broadband to nearly 4,000 schools. €18m - Funded by TIF and Depts. of Education and Communication. Feb 2004: Plan announced and HEAnet chosen as ISP. Late 2004: Connection and router tenders awarded. Spring 2005: HEAnet build network and interconnect with selected service providers. NCTE support desk set up. Summer 2005 Majority of schools connected and routers installed – Spring 2006: Summer 2006: Scoilnet email service trialled and put into production.
3
Service providers HEAnet Internet Connectivity & Managed Services Network Management and Monitoring Technical Consultancy Second-line support NCTE First-line support Smart Digiweb Irish Broadband BT Last Mile HS Data Solutions School broadband connections Eircom CPE Router Supply and support Connecting pilot schools
6
Schools Update 95% of schools installed 84% of schools have used their connection Peak daily Traffic > 100Mbps Daily Download > 250GB Email service now live
10
3 layers of security
11
Cisco Firewall Services Module Integrated firewall module (blade) for 6500 switch 5.5 Gbps throughput 100,000 connections per second 1 million concurrent connections Runs PIX OS
12
Firewall Inbound
13
Firewall Outbound
14
Fortinet 500Mbps in-line scanning – scalable to higher bandwidths Web Content Filtering Virus & Malware Scanning – HTTP, SMTP, POP3 Anti-Spam IPS Logging and statistics
15
Fortinet: Web Filtering Database of 26 million rated Web Sites 76 Categories 24x7 Managed Service White & Blacklists – override categories Unrated sites blocked (24hr rating) Currently 2 levels of filtering but is capable of giving each school it’s own profile
16
Web filtering – potential problems Mis-categorised sitesBlacklisted and submitted for re-categorisation Anonymous proxiesAre placed in blocked category Google tools: Cache, Translate, Mobile etc. Fortinet can parse original URL and filter. Tunnelling, TOR routing and other cloaking mechanisms Various solutions Not everything on the web can be neatly categorized - manual intervention will always be required.
17
Anti-Virus Well-known ports blocked inbound and outbound by FWSM and 871 HTTP, SMTP, POP3, IMAP scanned by Fortinet Automatic reporting culled from Cymru and Spamcop reports, DNS and Fortinet logs. Schools contacted – problem hosts can be blacklisted.
20
VPN
23
Other Issues: Scoilnet Email Service –Virus and Spam scanned, inbound and outbound P2P and other bandwidth-intensive apps –Can be blocked or rate-limited Acceptable Usage
24
Q&A liam.kennedy@heanet.ie www.ncte.ie www.fortinet.com
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.