Download presentation
Presentation is loading. Please wait.
Published byDerick Randall Modified over 9 years ago
1
UW Madison Campus Network Security Strategy Campus Firewall Service Rick Keir DoIT Network Services keir@doit.wisc.edu
2
UW Madison Campus Firewall Project Outline Project history Design –Service Virtualization –Security Domains –Deployment and Integration –Support Models Design highlights/caveats Next steps
3
Project History R&D effort started on enterprise scale security systems Campus-wide firewall technology identified as needing major attention Analysis of solutions came up largely empty Departments needed to purchase and run their own firewall infrastructure
4
Project History (cont) Vendors now scaling products to multi-gigabit speeds DoIT Network Engineers surveyed market, met and argued with various vendors Cisco FWSM product “ripened” in 2004 Evaluation, testing, and more testing FWSM software passed DoIT evaluation process last month Results discussed with campus IT groups
5
Service Virtualization Virtualization allows multiple separate instances to exist in the same chassis We use virtualization today for VLANs With the FWSM, we can have multiple firewall instances on the same physical hardware
6
Design Security Domains –Ability to separate “chunks” of department networks into domains. –Server DMZ’s, Client Networks, etc. can be defined by building, or more generically by VLAN –Through VLAN magic, hosts can optionally be in different security domains, but on the same Level 3 segment.
7
Security Domains (department example) A firewall instance per security domain Security domains can be placed in collaborative and centralized XXI buildings.
8
Support Models Collaborative Administration –Targeted at collaborative customers –Tools for easier administration –Supported through the NOC. Centralized Administration –Targeted at collaborative and centralized customers –Pick from a “security menu” of options, such as client network, server DMZ, etc. –Supported through the NOC for AA’s, primary TP’s –Supported through the Helpdesk / Desktop Support if there is no department admin
9
Deployment and Integration Does campus want Opt-In or Opt-Out? Integration into AANTS Active/Passive HA model Customer provisioning: –Deployment scenarios engineered to meet individual customer network needs –Consultation with Network Engineers –In many cases, D-Day style deployment can be avoided
10
Design Highlights & Caveats Demand can be met Campus security posture will improve, even for those without network admins Security Domains Scalable deployment Manageable network support Routed Core more resilient Deployment won’t happen overnight Security Domains may mean renumbering for some Multiple fw’s to admin may mean more work Support for legacy protocols ends Support for cross-campus L2 networks largely ends
11
Next Steps Pilot Program More discussion and feedback from campus Campus buy-in and go ahead Development of tools, support procedures, SLAs, training program, hardware deployment, etc. Policies must be created
12
Questions? Rick Keir keir@doit.wisc.edu UW Madison Campus Network Security Strategy -- Campus Firewall Project
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.