Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDUCAUSE & Internet2 Security Professionals Conference The Challenge: Securing a Large Multicampus Network Kirk Kelly – Pima Community College Scott Ferguson.

Published byNoel Skinner Modified over 9 years ago

Similar presentations

Presentation on theme: "EDUCAUSE & Internet2 Security Professionals Conference The Challenge: Securing a Large Multicampus Network Kirk Kelly – Pima Community College Scott Ferguson."— Presentation transcript:

1 EDUCAUSE & Internet2 Security Professionals Conference The Challenge: Securing a Large Multicampus Network Kirk Kelly – Pima Community College Scott Ferguson – Pima Community College April 11, 2006 2:45pm – 3:45pm Denver Ballroom 2 http://www.pima.edu/admin/presentations

2 Outline Who is Pima Community College (PCC) PCC technology infrastructure Specific incident Lessons learned New security devices New network architecture Questions http://www.pima.edu/admin/presentations

3 Pima Community College Located in Tucson, AZ 8 campuses 9 centers Enrollment 61,769 – Credit 13,639 – Noncredit 75,408 – Combined

4 Student Profile Average age: 27 41% ethnic minorities 56% female 69% part-time 68% daytime 25% evening 7% weekends

5 Current Data & Phone Network 15,000 data network connections across the college 7,000 devices connected to the network @ 100/1000mbits Campuses, DO, and MS connected at 1 Gigabit speed via City I-Net Fiber ring Wireless at all locations 2,500+ phone lines across the college Over 70 (IDF/MDF) rooms

6

7 Wiring Closets, Before and After

8 W32/Blaster Announced August 2003 Blaster, Nachi, Welchia Blocked port 135, etc. at the edge Thought antivirus updates were in place No problems first day while others across the Internet are having major problems Day two an infected laptop plugs in Infection spreads quickly and network is shut down

9 The Awakening All services stopped All IT meeting with the Chancellor at 6:00pm 35+ employees worked all night All core systems back online by 1:00pm the following day Some remote sites offline for 2-3 days

10 What Did We Learn? Antivirus updates handled differently at every campus MS patches were way behind Firewalls & routers were underpowered and over tasked (new firewalls installed two months earlier) No way to control or secure campus links Network not segmented Poor communication between command center and staff No HVAC No keys

11 Desktop Antivirus and Updates All computers centralized into two domains McAfee ePolicy Orchestrator WSUS for MS security updates

12 Intrusion Detection? Demo of an Intrusion Detection System (IDS) Visited U of A Discovered an IDS needs constant babysitting Demo of an Intrusion Prevention System (IPS) No more staff on the horizon No central data security position or team

13 Purchase an IPS Decision to purchase IPS Updates Threat Management Center Inline on Internet connection Inline to all WAN links “Wire Speed” packet inspection at gigabit speeds

14

15

16

17

18

19

20

21

22

23

24

25

26 Firewall Needed more horsepower Needed firewall ports to support all WAN links Needed more DMZs Needed more advanced features Purchased new firewalls 24 gig ports Virtual firewalls Redundant boxes for redundant links Processor management

27 Changes to Network Needed multiple DMZs to support a centralized server approach Created a Frame Relay T1 Failover Network Switch to gigabit Network segmentation Redundant Internet connection (BGP with City) Created public access network Wireless rides on public network

28 Additional changes Established a disaster recovery site Payroll and native Banner only Redundant Internet link Re-architected college DNS/DHCP From 10 distributed servers to 4 centralized Chose an appliance solution HA pair for internal, 1 at disaster recovery site, 1 for external DNS

29 Future Clean access type things….. Patch, spyware and antivirus checking Quarantine Goal to provide students access and maintain security Portal, students in LDAP VoIP pilot and phased installation Wireless security Wireless with U of A and City of Tucson Inet tie in

30 Questions? kkelly@pima.edu sferguson@pima.edu

Download ppt "EDUCAUSE & Internet2 Security Professionals Conference The Challenge: Securing a Large Multicampus Network Kirk Kelly – Pima Community College Scott Ferguson."

Similar presentations

M A Wajid Tanveer http://www.IctDirector.com Infrastructure M A Wajid Tanveer http://www.IctDirector.com.

M A Wajid Tanveer Infrastructure M A Wajid Tanveer
Chapter 3: Planning a Network Upgrade

Chapter 3: Planning a Network Upgrade
INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.

INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.
District Information Technology Update Report Late August 2014 Complied By: Stephen Torrey 774-272-2821

District Information Technology Update Report Late August 2014 Complied By: Stephen Torrey
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Network Basics.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Network Basics.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Module CSY3021 Network Planning and Programming RD-CSY3021-08/09 1.

Module CSY3021 Network Planning and Programming RD-CSY /09 1.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Ch.6 - Switches CCNA 3 version 3.0.

Ch.6 - Switches CCNA 3 version 3.0.
SERVER LOAD BALANCING Presented By : Priya Palanivelu.

SERVER LOAD BALANCING Presented By : Priya Palanivelu.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
COS 461: Computer Networks

COS 461: Computer Networks
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.

Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.
Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.

Morris Bennett Altman Director of Network Services Internet Security Officer Queens College, CUNY Are You Exposed? Network Security.
Appalachian State University. Middleware (Identity Mgmt., Netreg, Address Management) Storage and Backup SystemsServer SystemsSecurity SystemsData CenterNetwork.

Appalachian State University. Middleware (Identity Mgmt., Netreg, Address Management) Storage and Backup SystemsServer SystemsSecurity SystemsData CenterNetwork.

Similar presentations

Ads by Google