1 / 16

Consortium Conference 13 July 2012 Operational Developments

Consortium Conference 13 July 2012 Operational Developments. Ian Lehmann Chief Operations Officer London Grid for Learning. LGfL 2.0 Network. LGfL 2.0 Network Design. LGfL 2.0 firewall delivers. Standard Networks: Admin Curriculum Optional Networks VC VOIP Wireless.

gordy
Download Presentation

Consortium Conference 13 July 2012 Operational Developments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Consortium Conference 13 July 2012Operational Developments Ian Lehmann Chief Operations Officer London Grid for Learning

  2. LGfL 2.0 Network

  3. LGfL 2.0 Network Design

  4. LGfL2.0 firewall delivers Standard Networks: • Admin • Curriculum Optional Networks • VC • VOIP • Wireless

  5. LGfL 2.0 Option 1 MIP/Firewall Rules Allow Out 80 443 3389 UDP 53 FTP WAIS 1433 UDP 1194 8443 Blackberry 22 23 TCP 53 SIP IPSEC NAT-T Ranger Outpost Allow In 80 443 FTP WAIS UDP 1194 8080 143 110 993 995 22 TCP/UDP 53 SIP IPSEC NAT-T Ranger Outpost Deny Out 25 110 143 993 995 Deny In 25 135 139 587 Wont work will not NAT FTPS GRE ESP AH Refer to LGfL 3389 Large Range PPTP

  6. LGfL Security Guidance Information, guidance and safeguards on the use of remote access products Web based remote access categories Head Teacher authorisation Two-factor authentication (USO-OTP) LGfL USO-Authenticated Log Me In RDP Gateway Service

  7. Option 2 OPTION 2 – Public IP addresses with school’s own managed firewall This option is suitable where a school would wish to have total control and responsibility for network security.   LGfL will supply the school with a quantity of public IP addresses for use on its firewall. The quantity of IP addresses supplied will be based on the current and expected usage.  All firewall policies and Network Address Translation (NAT) are the responsibility of the school.

  8. LGfL 2.0 Option 2

  9. Option 2 • Does not have MIPS or firewall rules on LGfL 2.0 firewall. • Access to all LGfL 2.0 services where possible. • VMB Network Statistic Portal instead of on LGfL support site. (1 day course) • No Email relay & No outgoing MailProtect without conforming to port 25 rules. (See next slide.)

  10. Option 2 Mail Server If a school based mail server is hosted on Option 2 which means it has a public IP, it can receive and post email on port 25 going to and from the Internet given the schools firewall rules allows it to and the schools dns server points the mx records to the school based mail server. After the schools domain is configured on the LGfL email content control, If the school wants to use LGfL email content control for incoming scanning, it changes the schools dns server to point the mx records at the LGfL email content control. The LGfL email content control then delivers to the school based mail server via its public IP address. The schools dns controls which way mail is delivered into the school. The school based mail server and the schools firewall control the mail route out of the school.

  11. LGfL 2.0 Option 2 Advantages • Complete control over all ports interacting with the internet. • No waiting for firewall ports & MIP configuration. • Closest thing to ‘Raw Internet’. • There is only one return path from the internet. • Maybe easier transtion for LGfL1 Option 2 schools.

  12. LGfL 2.0 Option 2 Disadvantages • Complete exposure of all ports interacting with the internet and other Option 2 LGfL schools. • Attack Bandwidth from other schools will be the smallest of bandwidth of both schools. • Attack Bandwidth from the internet will be the bandwidth of the school. • Restricted access over Janet UK due to Janet UK policy.

  13. LGfL MailProtect 2.0 • Protection against email borne threat including: • Viruses • Spam • Pornography • Phishing and Denial of Service attacks • Hosted on resilient, fault tolerant servers within the core LGfL 2.0 infrastructure Services for the London Grid for Learning community provided by:

  14. LGfL MailProtect 2.0 • View a log of scanned messages • See details of emails blocked by MailProtect • Release ‘false positives’ ( • Add trusted senders to a personal ‘allow’ list • Opt in/or out of daily ‘spam digest’ emails • Nominated Contacts, with appropriate permissions, can perform tasks on behalf of their users Services for the London Grid for Learning community provided by:

  15. LGfL MailProtect 2.0 Services for the London Grid for Learning community provided by:

  16. LGfL 2.0….more than just broadband Option 2 Services for the London Grid for Learning community provided by:

More Related