1 / 19

Internet Security@JBU

Internet Security@JBU. John Brown University. John Brown University.

fala
Download Presentation

Internet Security@JBU

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Security@JBU John Brown University EDUCAUSE Security 2006

  2. John Brown University “John Brown University is a private, Christian university with more than 1,900 students from all over the U.S. and around the world. JBU offers more than 50 undergraduate degrees, including cutting-edge programs such as Digital Media Arts, along with liberal arts programs such as English and history.” EDUCAUSE Security 2006

  3. Campus Population • 1200+ undergraduate students • 900 on campus • 200+ graduate students • 400+ Adult Degree Completion Students • 350 Faculty and Staff EDUCAUSE Security 2006

  4. Campus Network View EDUCAUSE Security 2006

  5. Campus Computers & Network • Computing Infrastructure • 300 Computers in Student Labs • 3 Open Labs • 7 “Specialty” Labs • 500 Office Computers • 800 Student Computers • Network • 1 Gbit Fiber Backbone • 100 Mbit cat 5 to desktops • About a dozen WiFi (802.11g) “Hotspots” • 9 Mbit Fiber to our ISP EDUCAUSE Security 2006

  6. Network Services • File and Print Servers • Several Web/FTP Servers • Exchange Email Server • LAN-LAN VPN to 4 Remote Sites • Multiple Database Servers • AS400 for Administrative Applications EDUCAUSE Security 2006

  7. Our Problems • JBU Clients • Patch for Vulnerability • Host Based Anti-Virus Whatever happens is our fault • Our Students • Bring in Infected Machines • Need to protect us from students • Need to protect students from each other • Server Farm • Patch for Vulnerability • Packet Filtering Firewall EDUCAUSE Security 2006

  8. Fall 2003: “That Semester” • Nachi and Blaster Worms ( July 2003 ) • Infection Vectors - Students moving in to the dorms bring in Infected Machines • Network Impact - Spread like wildfire • Solution • Disconnect Students from the Network • JBU Staff went to the dorms to scan and patch computers • Not Fun  EDUCAUSE Security 2006

  9. 2004 – Access Control Server • Automated Scans for vulnerabilities • Automated Scans for worm activity • Enforce Patch and AV Requirements • Reports with Instructions and links to …. • Web Site with files • Patches • Virus Scanners • Student mostly take care of themselves • Much Nicer!  • 2004 - 2005 - Minimal problems (with Sasser) • 2005 – 2006 - It’s not over, yet EDUCAUSE Security 2006

  10. Internet Security – more to do • NAT Protects Clients • Email Protection helps a lot • Anti-virus scan • Quarantine attachments • Enforcing Patches helps a lot • Client anti-virus helps a lot, but … • Have to keep up with updates • Not perfect • Need to compliment the Host Based Anti-Virus and Access Control Agent • Intrusion Detection and Prevention for Zero Day Exploits EDUCAUSE Security 2006

  11. Upgrade & Enhancement Dilemma • We had a “Sniffer” Content Filtering Solution • Allows traffic until it categorizes it • Potential to miss traffic in high traffic times • Or - it can be installed as a Proxy • Requires Client Configuration • Caused problems with some HTTPS sites • Content Filter is Fairly Expensive • No budget for Firewall upgrade EDUCAUSE Security 2006

  12. Evaluation Process • Integrated Solution for – Firewall, Content Filtering, AV and IDS/IPS • Started looking at following solutions • SonicWall • iPolicy • Either could be purchased for what we had budgeted for the Web Filter EDUCAUSE Security 2006

  13. We Selected iPolicy • We liked both • iPolicy • Central Management of multiple firewalls (Separate Firewall and Management Hardware) • Integrated Content Filter uses the SurfControl database • Gartner “Magic Quadrant for Network Firewalls” report was a plus • Higher Bandwidth rating for similar cost • Liked commitment to add services while maintaining performance • Technical people impressed us EDUCAUSE Security 2006

  14. Results • We replaced our Firewall and Web Content Filter with one appliance, for a comparable price. • Gained IDS/IPS • We kept our separate Bandwidth Manager EDUCAUSE Security 2006

  15. Experience • Firewall configuration is easy and effective • Easy to take care of behavior anomalies like infected client machines generating SMTP traffic • Performance – we run with our Internet connection pegged much of the time – performance is not a problem • The Web Content Filter works well • Configuration is simple • Filtering is as accurate as it was with SurfControl EDUCAUSE Security 2006

  16. Experience • Easy to turn On/Off IDS/IPS signatures • Over 2400 signatures • Flood Signatures which still need to be tuned • Incoming and Outgoing IDS/IPS can detect and block … • Worm activity • Bot activity EDUCAUSE Security 2006

  17. IDS/IPS: more than buying a box • We don’t know all the threats • We used iPolicy recommended settings • False positives happen • Thresholds for flood/DoS signatures need to be tuned • Some of the alerts are for older vulnerabilities EDUCAUSE Security 2006

  18. Summary • We like the iPolicy Product • We need to learn more to use it well • We really want IDS to be like AV products today • Pretty much install, set and forget • I know – AV is an easier problem • We look forward to Virus Scanning of Internet traffic EDUCAUSE Security 2006

  19. Questions http://Faculty.jbu.edu/RTWest EDUCAUSE Security 2006

More Related