1. WINS Monthly Meeting 10/1/2004 WINS Monthly Meeting 10/1/2004

2. Agenda Introductions Introductions Nortel 8600 Upgrades Nortel 8600 Upgrades Nortel Designated SE Nortel Designated SE Shasta Replacement Update Shasta Replacement Update Fortigate 3600 Fortigate 3600 Allot NetEnforcer Allot NetEnforcer Dorm Students Return… Argh! Dorm Students Return… Argh! Campus Manager? Campus Manager? Question & Answers Question & Answers

3. Introductions Name Name Title Title Location Location

4. Nortel 8600 Upgrade Was running 3.2.1 Was running 3.2.1 Hardware Memory upgraded from 64M to 256M Hardware Memory upgraded from 64M to 256M Software Upgrade to 3.5.3 Software Upgrade to 3.5.3 Spanning Tree issues at Garnet Valley from misconfig Spanning Tree issues at Garnet Valley from misconfig No other problems No other problems First Upgrade on July 1 and last on July 20th First Upgrade on July 1 and last on July 20th

5. Nortel Designated SE Past Tom Desilets, Nortel, Designated Direct Sales Past Tom Desilets, Nortel, Designated Direct Sales Tim Slattery, CNI, Designated Reseller Tim Slattery, CNI, Designated Reseller Nortel SE, Product specific, available Nortel SE, Product specific, available Gladys Kline – Now Nortel Designated SE Gladys Kline – Now Nortel Designated SE gcornist@nortelnetworks.com gcornist@nortelnetworks.com gcornist@nortelnetworks.com Office 610 370 9838 Office 610 370 9838 Cell 610 698 8282 Cell 610 698 8282

6. Shasta Replacement Update Review conversation issue Review conversation issue Problem areas Widener Academic and Dorms Problem areas Widener Academic and Dorms Lab testing done in June Lab testing done in June Dorms cutover in July Dorms cutover in July Widener Academic cutover in Aug Widener Academic cutover in Aug Still to move : Tech Park, Computer Science, and DCIU Districts Still to move : Tech Park, Computer Science, and DCIU Districts

7. Widener Fortigate 3600 Installed in July Installed in July Detects, quarantines, and eliminates viruses and Detects, quarantines, and eliminates viruses and worms in real-time. Scans incoming and worms in real-time. Scans incoming and outgoing email attachments (SMTP, POP3, outgoing email attachments (SMTP, POP3, IMAP), HTTP and FTP traffic including web-based IMAP), HTTP and FTP traffic including web-based email, and encrypted VPN tunnels – without email, and encrypted VPN tunnels – without degrading Web performance degrading Web performance Detection and prevention of over 1300 intrusions Detection and prevention of over 1300 intrusions and attacks, including DoS and DDoS attacks, and attacks, including DoS and DDoS attacks, based on user-configurable thresholds. Automatic based on user-configurable thresholds. Automatic updates of IPS signatures from FortiProtect updates of IPS signatures from FortiProtect Network Network Processes all Web content to block inappropriate Processes all Web content to block inappropriate material and malicious scripts via URL blocking material and malicious scripts via URL blocking and keyword/phrase blocking and keyword/phrase blocking Industry standard stateful inspection firewall Industry standard stateful inspection firewall Industry standard PPTP, L2TP, and IPSec VPN Industry standard PPTP, L2TP, and IPSec VPN support support FortiGate units can be deployed in conjuction FortiGate units can be deployed in conjuction with existing firewall and other devices to with existing firewall and other devices to provide antivirus, content filtering, and other provide antivirus, content filtering, and other content-intensive applications content-intensive applications Interfaces 10/100Base-T Ports 1 1000Base-SX Ports (Fiber) 4* 1000Base-T Ports (Copper) 2 System Performance Concurrent sessions 1,000,000 New sessions/second 25,000 Firewall throughput (Gbps) 4Gbps 168-bit Triple-DES throughput (Mbps) 600 Unlimited concurrent users Policies 50,000 Schedules 256 Fortinet FortiGate-3600 – Product of the Year - Gold Award – Enterprise firewall system searchNetworking.com February 2004 A fortress in a box – FortiGate 3600 offers a smorgasbord of security services on one machine FCW.com October 2003

8. Allot NetEnforcer Provide Internet access to bandwidth-hungry students without compromising on resources needed for teaching and research--or the business of running a university. Limit P2P music- sharing and non-essential applications at peak hours while guaranteeing bandwidth for mission- critical applications. Create service level agreements (SLAs) for classes of users and offer ISP-style classes of services. Filter Internet content to increase students' and educators' productive use of network resources and to reduce bandwidth contention between "fun" content and research- or work-related applications. Provide Internet access to bandwidth-hungry students without compromising on resources needed for teaching and research--or the business of running a university. Limit P2P music- sharing and non-essential applications at peak hours while guaranteeing bandwidth for mission- critical applications. Create service level agreements (SLAs) for classes of users and offer ISP-style classes of services. Filter Internet content to increase students' and educators' productive use of network resources and to reduce bandwidth contention between "fun" content and research- or work-related applications. Cache redirection software package, enables caching for fast response time Accounting provides browser-based traffic statistics and reports.

9. Widener Internet Solution

10. Dorm Students Return… Argh! 'Twas the night before Check-in, when all thro' the campus, Not a creature was stirring, not even a Virus; 'Twas the night before Check-in, when all thro' the campus, Not a creature was stirring, not even a Virus; Fortigate CPU Maxed out Fortigate CPU Maxed out Allot indicated 128000 conversations Allot indicated 128000 conversations Allot increased to 500000 and recorded 350000 Allot increased to 500000 and recorded 350000 Dorms disconnected and reconnected one at a time Dorms disconnected and reconnected one at a time Isolated to one PC streaming 300000 conversations Isolated to one PC streaming 300000 conversations Placed Attack Mitigator on Dorm Placed Attack Mitigator on Dorm Found students that did not update windows OS or let anti-virus software expire Found students that did not update windows OS or let anti-virus software expire Shut down over 150 PC’s to date Shut down over 150 PC’s to date Virus/Worms to few to mention… but we will! Virus/Worms to few to mention… but we will! Ground Hogs Day!!!! Ground Hogs Day!!!!

11. Campus Manager Register Network Users Register Network Users Import and synchronize user and group information from a network directory server i.e. Active Directory, Novell Directory Services, Sun ONE Directory Server, or any Lightweight Directory Access Protocol (LDAP) system server. Import and synchronize user and group information from a network directory server i.e. Active Directory, Novell Directory Services, Sun ONE Directory Server, or any Lightweight Directory Access Protocol (LDAP) system server. Import user information from a delimited text file. Import user information from a delimited text file. Proactively Deal with Unregistered Network Users Proactively Deal with Unregistered Network Users Unregistered users connecting to the network can be denied network access. A typical rollout plan, in single VLAN network environments, is to permit users access for a period of time to allow for user registration and after the specified period of time unregistered users are denied network access. Unregistered users connecting to the network can be denied network access. A typical rollout plan, in single VLAN network environments, is to permit users access for a period of time to allow for user registration and after the specified period of time unregistered users are denied network access. Identify who is accessing the Network Identify who is accessing the Network A real time view of who is connected to the network. A real time view of who is connected to the network. Locate Network Users Locate Network Users The ability to locate where a user is currently online or was last online given the user’s first or last name, network address, physical network address, or a physical location. The ability to locate where a user is currently online or was last online given the user’s first or last name, network address, physical network address, or a physical location. Connection Based Scanning Connection Based Scanning Scan / test network computers and servers as they access the network. Scan / test network computers and servers as they access the network. Restrict / Deny an individual Network Access Restrict / Deny an individual Network Access Proactively schedule usage policies to restrict or deny network access. React to network access issues on a case-by-case basis and restrict or deny user network access. Proactively schedule usage policies to restrict or deny network access. React to network access issues on a case-by-case basis and restrict or deny user network access. Enable / Disable Ports Enable / Disable Ports Proactively schedule policies to enable and disable ports. React to network access issues on a case-by-case basis and enable or disable ports. Proactively schedule policies to enable and disable ports. React to network access issues on a case-by-case basis and enable or disable ports.

12. Questions & Answers Next Meeting Friday Nov 5th Next Meeting Friday Nov 5th