Consortium conference 13 july 2012 operational developments
Download
1 / 16

Consortium Conference 13 July 2012 Operational Developments - PowerPoint PPT Presentation


  • 89 Views
  • Uploaded on

Consortium Conference 13 July 2012 Operational Developments. Ian Lehmann Chief Operations Officer London Grid for Learning. LGfL 2.0 Network. LGfL 2.0 Network Design. LGfL 2.0 firewall delivers. Standard Networks: Admin Curriculum Optional Networks VC VOIP Wireless.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Consortium Conference 13 July 2012 Operational Developments' - gordy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Consortium conference 13 july 2012 operational developments

Consortium Conference 13 July 2012Operational Developments

Ian Lehmann

Chief Operations Officer

London Grid for Learning


Lgfl 2 0 network
LGfL 2.0 Network


Lgfl 2 0 network design
LGfL 2.0 Network Design


Lgfl 2 0 firewall delivers
LGfL2.0 firewall delivers

Standard Networks:

  • Admin

  • Curriculum

    Optional Networks

  • VC

  • VOIP

  • Wireless


Lgfl 2 0 option 1 mip firewall rules
LGfL 2.0 Option 1 MIP/Firewall Rules

Allow Out

80

443

3389

UDP 53

FTP

WAIS

1433

UDP 1194

8443

Blackberry

22

23

TCP 53

SIP

IPSEC NAT-T

Ranger Outpost

Allow In

80

443

FTP

WAIS

UDP 1194

8080

143

110

993

995

22

TCP/UDP 53

SIP

IPSEC NAT-T

Ranger Outpost

Deny Out

25

110

143

993

995

Deny In

25

135

139

587

Wont work will not NAT

FTPS

GRE

ESP

AH

Refer to LGfL

3389

Large Range

PPTP


LGfL Security Guidance

Information, guidance and safeguards on

the use of remote access products

Web based remote access categories

Head Teacher authorisation

Two-factor authentication (USO-OTP)

LGfL USO-Authenticated Log Me In

RDP Gateway Service


Option 2
Option 2

OPTION 2 – Public IP addresses with school’s own managed firewall

This option is suitable where a school would wish to have total control and responsibility for network security.   LGfL will supply the school with a quantity of public IP addresses for use on its firewall. The quantity of IP addresses supplied will be based on the current and expected usage.  All firewall policies and Network Address Translation (NAT) are the responsibility of the school.


Lgfl 2 0 option 2
LGfL 2.0 Option 2


Option 21
Option 2

  • Does not have MIPS or firewall rules on LGfL 2.0 firewall.

  • Access to all LGfL 2.0 services where possible.

    • VMB Network Statistic Portal instead of on LGfL support site. (1 day course)

    • No Email relay & No outgoing MailProtect without conforming to port 25 rules. (See next slide.)


Option 2 mail server
Option 2 Mail Server

If a school based mail server is hosted on Option 2 which means it has a public IP, it can receive and post email on port 25 going to and from the Internet given the schools firewall rules allows it to and the schools dns server points the mx records to the school based mail server.

After the schools domain is configured on the LGfL email content control, If the school wants to use LGfL email content control for incoming scanning, it changes the schools dns server to point the mx records at the LGfL email content control. The LGfL email content control then delivers to the school based mail server via its public IP address.

The schools dns controls which way mail is delivered into the school. The school based mail server and the schools firewall control the mail route out of the school.


Lgfl 2 0 option 2 advantages
LGfL 2.0 Option 2 Advantages

  • Complete control over all ports interacting with the internet.

  • No waiting for firewall ports & MIP configuration.

  • Closest thing to ‘Raw Internet’.

  • There is only one return path from the internet.

  • Maybe easier transtion for LGfL1 Option 2 schools.


Lgfl 2 0 option 2 disadvantages
LGfL 2.0 Option 2 Disadvantages

  • Complete exposure of all ports interacting with the internet and other Option 2 LGfL schools.

  • Attack Bandwidth from other schools will be the smallest of bandwidth of both schools.

  • Attack Bandwidth from the internet will be the bandwidth of the school.

  • Restricted access over Janet UK due to Janet UK policy.


LGfL MailProtect 2.0

  • Protection against email borne threat including:

  • Viruses

  • Spam

  • Pornography

  • Phishing and Denial of Service attacks

  • Hosted on resilient, fault tolerant servers within the core LGfL 2.0 infrastructure

Services for the London Grid for Learning community provided by:


LGfL MailProtect 2.0

  • View a log of scanned messages

  • See details of emails blocked by MailProtect

  • Release ‘false positives’ (

  • Add trusted senders to a personal ‘allow’ list

  • Opt in/or out of daily ‘spam digest’ emails

  • Nominated Contacts, with appropriate permissions, can perform tasks on behalf of their users

Services for the London Grid for Learning community provided by:


LGfL MailProtect 2.0

Services for the London Grid for Learning community provided by:


LGfL 2.0….more than just broadband

Option 2

Services for the London Grid for Learning community provided by:


ad