Download presentation
Presentation is loading. Please wait.
Published byMagdalene Morgan Modified over 9 years ago
1
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin
2
University of Florida Department of Housing
3
Resident Housing at UF University of Florida Campus A 2,000 acre campus Over 49,000 student enrollment Department of Housing Residence Education 45 Undergraduate buildings, 5 GFH villages Over 8,500 living in Housing Housing IT IT Network and Systems IT Support IT Application Development
4
The Housing Network Ethernet The DHNet backbone is 10 Gig bps Two 10 Gig bps connections to UF campus backbone Over 10,000 student Ethernet connections IEEE 802.1x for authentication Over 90 switches 1/3 Catalyst 6500 Over 90,000 feet of fiber 12 – 48 count
6
The Housing Network Wireless 346 Wireless Access Points Support IEEE 802.11 a, g n 2.4 and 5 Gig Hz radios 4 WISMs (Wireless Service Module) WCS (Wireless Control System) PEAP MSCHAP v2 (Protected Extensible Authentication Protocol) IEEE 802.1x for authentication
9
Network Security Network Cisco FWSM on uplinks to campus Intrusion Detection System (IDS) SourceFire Network monitoring StealthWatch Lancope Authentication XpressConnect Cloudpath Nessus Tenable Employee Computers Web Filter Websense Scan files with Identity Finder Antivirus VIPRE GFI Software
10
Why Posture Assessment? Problem Student computers were being infected with malware Scanning and removing of malware Disruptive Potential for loss of data Time consuming Solution Be proactive with posture assessment
11
Goals with Posture Assessment? Be proactive rather then reactive to malware Minimum reconfiguration of network Minimum disruption to students Cost
12
Network Access Control Evaluation Cisco Bradford Networks Impulse SafeConnect KIS (Minimum reconfiguration of network Components (Single appliance for 10,000 users Cost (Lowest cost of the three Function (Minimum disruption to students Contacted other Installations Florida
13
Impulse SafeConnect Components Policy Enforcer appliance (PE) DB – MySQL, Webserver – Tomcat, Proxy – Squid Management Console Reporting Console Policy Key Lite weight program 1.27 M Router configuration Authentication Server (RADIUS)
14
SafeConnect Connection SafeConnect Appliance (Policy Enforcer and Management Console)
15
Impulse SafeConnect Setup Configure Housing border router NetFlow Policy based routing SSH connection Install Policy Enforcer (PE)appliance Configure authentication server RADIUS Configure Policy Groups, Management Console Device type Location
16
Management Console
17
Reporting Console
18
Impulse SafeConnect Example of Windows Policy Policy Key P2P Anti-virus OS updates Anti-spyware
19
Impulse SafeConnect Connection Process
20
Connection Process Installing Policy Key Computer is configured for 802.1X and SafeConnect policy key is installed with XpressConnect Computer authenticates to the network and information is stored in RADIUS
21
Installing Policy Key How is the Policy Key installed: XpressConnect from DHNet webpage XpressConnect on CD
22
Authentication IEEE 802.1x User Connects Computer Identity Request Identity Response Authentication to Server Authentication Successful / Rejected Authentication to Server Port authorized - access VLAN Port Fail - fail VLAN Radius802.1x SupplicantAuthenticato r Authentication Server Data VLAN Uncontrolled Port Controlled Port
23
Connection Process Detection Blocking Switch sends Netflow information to SafeConnect appliance IP Address and browser agent string RADIUS sends accounting information to SafeConnect (start record, IP address, username and MAC address)
24
Information to Policy Enforcer SafeConnect Appliance (Policy Enforcer and Management Console) NetFlow Information RADIUS start record
25
Connection Process Device Type Is the device a Windows computer or Mac? The device connects No Yes
26
Is the Policy Key Installed? SafeConnect sends a message to the network switch to policy route host traffic to the SafeConnect Appliance Perform host posture assessment Policy Key is installed No
27
If Policy Key wasn’t Installed with XpressConnect SafeConnect Appliance (Policy Enforcer and Management Console) SSH Policy Route Source IP Address added to dynamic ACL
28
Does the host pass posture assessment? SafeConnect sends a message to the network switch to policy route host traffic to the SafeConnect Appliance Host is authenticated, posture assessment complete and connected to the DHNet Intranet Webpage is displayed with custom message relating to the policy that failed No Student updates host
29
Impulse SafeConnect Warning If the Policy Item specifies Warning The policy key will instruct the browser to display the Warning page Policy Based Routing isn’t used The student still has full Internet access Time limits for warning are set in each item of the PE Policy Groups
30
Impulse SafeConnect Quarantine If the Policy Item specifies Quarantine PE sends Policy Based Routing information to the router via SSH The students connection is “Quarantined” sent to PE and presented with a webpage of instructions and URLs Internet access is limited
34
Management Console
35
Impulse SafeConnect Example of Windows Policy Policy Key Quarantine, Immediate P2P Quarantine, Immediate Anti-virus Warning 1 Day, Warning 1 Day, Quarantine OS updates Warning 1 Day, Warning 1 Day, Quarantine Anti-spyware Warning 1 Day, Warning 1 Day, Quarantine
36
Reporting Console
37
Real Time Reporting
38
Anti Spyware
39
Anti-Virus
40
P2P
41
Open Access Per User
42
SafeConnect History
43
Impulse SafeConnect Going Live with Housing NAC Implemented in phases: Internal Summer A 2010 570 students Summer B 2010 2,680 + 350 = 3,030 students Fall 2010 7,530 + 350 = 7,880 students
44
The Results are In After two week Fall 2009 (before SafeConnect) 87 Security events Fall 2010 27 Security events Fall 2009 38% of all UF events came from Housing Fall 2010 3% of all UF events came from Housing After first month 4.5%
45
Impulse SafeConnect Add to Posture Assessment Implemented in phases: Spring 2011 Add monitoring Flash and Java updates Summer A 2011 Enforce Flash and Java updates Summer B 2011 Add GFH Villages 8,500 students
46
Thank You http://www.resnetsymposium.org/rspm/evaluation/
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.