1 / 45

To block or not to block

To block or not to block. 5 IT Managers share their experiences. Knox Grammar School. Mike Israel – IT Manager. Network Topology. Internal Network. Cisco Switches and Access Points Using VLAN’s Originally no wireless security

walt
Download Presentation

To block or not to block

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. To block or not to block 5 IT Managers share their experiences

  2. Knox Grammar School Mike Israel – IT Manager

  3. Network Topology

  4. Internal Network • Cisco Switches and Access Points • Using VLAN’s • Originally no wireless security • Wireless WPA-TKIP with PEAP authentication. When machine is joined to domain it is issued with a certificate to join the network

  5. Bandwidth Control Packeteer • Provides bandwidth control • Can monitor and control how bandwidth is being used eg. iTunes downloads, max total 5Mbps, any one connection <256kbps • Can designate slices of bandwidth to particular ports protocols • Can block programs and protocols eg, encrypted tunnelling over port 80

  6. Using ACL’s Access Control Lists enable the control of certain VLAN’s to specified servers/addresses/ports/services ACL’s on core router to block student access to servers

  7. Spam and Anti-virus Spam Assassin, Clam AV (free) Spam is detected, marked as spam and delivered to Junk mail folder via Exchange. ClamAV does initial filtering of malware. Trend Micro performs second pass on incoming mail. Symantec Client used on client machines Symantec Client Updates Trend Micro

  8. Filtering - ContentKeeper Can block all unmanaged sites to students which takes care of proxy bypass. Also blocks keyword searches on popular search engines, block protocols (backup to Packeteer) Firewall prevents access to certain IP address ranges on certain ports

  9. ContentKeeper Filtering Groups • Users default to general profile with filtering based on student needs • Staff identified through their login (LDAP) to more open filtering • Pages can be blocked/coached/time of day. All unmanaged sites blocked for students

  10. Web Access Policy • Technology Usage Policy published in school diary and condition to login. Also Year 7 sign when they take delivery of their school laptop • MySpace and Youtube blocked, Facebook OK • Streaming media is limited so as not to clog Internet access

  11. Contact Details Mike Israel Knox Grammar School 7 Woodville Ave Wahroonga Phone (02) 9473 9773 Fax (02) 9473 9759 Email israelm@knox.nsw.edu.au

  12. Danebank Anglican School for Girls John Tuffs – IT Director

  13. Network History • < 2005 Microsoft ISA Firewall + DCHP/DNSwith no E-mail filtering • 2005 – 2008 ISONet HTTP & SMTP filteringISA Firewall + DCHP/DNS • 2008 Cisco ASA Firewall + SONAR filteringWindows server for DHCP/DNS

  14. Danebank Network Layout

  15. Internal Network • HP Procurve Switches • 1 Management VLAN for Procurve Manager • 1 VLAN for the rest • Wireless Access Points using only WEP & MAC security (ie no security)

  16. Antivirus / SPAM / Web Filtering • Symantec System Centre and local clients for AV • SPAM handled by Sonar Appliance – not using challenge option • Filtering handled by Sonar Appliance (Initial install and support provided by Accucom)

  17. Sonar Filtering Groups • IT Staff • General Staff / Teachers • Senior School (7-12) • Junior School (K-6) • Lunch Filter (7-12)

  18. Custom Block Message

  19. Web Access Policy • Internet Acceptable Use policy signed by students • All social networking is blocked • Youtube is blocked to students – teachers can show videos • Streaming media is blocked due to bandwidth constraints

  20. Contact Details John Tuffs IT Director 80-98 Park Rd Hurstville NSW 2220 Phone (02) 9580 1415 Fax (02) 9579 3450 Email john.tuffs@danebank.nsw.edu.au

  21. Security Workshop SCEGGS Darlinghurst

  22. Topology Overview

  23. ISOnet topology

  24. SCEGGS’ Topology

  25. ISOnet: Intrusion Detection • Two layers of Intrusion Prevention using • McAfee IntruShield and TippingPoint. • Both are set to blocking mode for all medium to high threats. • There have been 13,777,987 Exploits blocked…This week! • There have been 1,830,537 policy Violations blocked…This week!

  26. ISOnet: Denial of Service • Peakflow DDoS technology from Arbor Networks. • There have been 1,830,537 policy Violations blocked…This week! • Up to 60% of traffic bound for schools is blocked by ISONet as it is unsolicited. Schools only pay for what they use.

  27. ISOnet: Spam/Av • ISOnet uses a cluster of McAfee and IronPort AV/Spam/Content filter appliances. • Filters based on policies set by individual school • Actions taken by the filter is specified as part of the policy determined by the school • For staff – messages sent to spam@sceggs. This mailbox is searchable by staff through a proxy arrangement. • For students spam messages are dropped

  28. ISONet Policies • Real-time blackhole list (RBL) checking – Identifies whether the IP address is an open relay or spam organisation. • IP Reputation checking – Identifies whether an IP address has been known to send exploits, worms, trojans or sites known to be hacked. • Anti-spoofing verifications – Determines if sender is attempting to forge as an internal address. • All scanning modules listed in the attached document (AV checks, spam checks, content-filtering checks, anti-phishing checks, file filtering, etc.) • Integrity Analysis – Examine header, layout and organisation of the message. • Spam scoring - Positive and negative scoring of emails based on known spam traits. • Bayesian Learning - Custom created spam signatures based on feedback system – false-positive and false-negative verification. • Blacklists and whitelists – customer based trusted and untrusted email senders.

  29. Contact Details Ian Ralph IT Manager – SCEGGS Darlinghurst 215 Forbes St Darlinghurst NSW 2010 Phone (02) 99332 1133 Fax (02) 9332 1858 Web sceggs.nsw.edu.au Email ian@sceggs.nsw.edu.au

  30. Arndell Anglican College Network Security Overview

  31. VLAN’s Low Level VLAN Map

  32. What’s Great About VLAN’s • Allows use of ACL’s • Segments Broadcast Traffic • More Devices

  33. How Does it Translate Into a Physical Layout?

  34. Content Filtering at Arndell • Blacklists - Various Categories Updated Regularly • Scanning of log’s regularly • Students summoned to explain actions • Culture has changed now that students know they will be caught if they do the wrong thing • Internet traffic is forced to content filter dependent on VLAN assignment

  35. Spam and Anti - Virus • Sophos Anti - Virus used across the network • Sophos plug - in for mail server • Spam filtered using Spam Assassin • Blacklist lookups like SORBS

  36. Contact Details Rohan Smith Coordinator IT Services Arndell Anglican College 118 Wolseley Road Oakville NSW 2765 Phone: +61 2 4572 3633 Fax: +61 2 4573 3849 Website: http://www.arndell.nsw.edu.au Email: rohan.smith@arndell.nsw.edu.au

  37. The King’s School Michael Eggenhuizen

  38. The School The King’s School – Some Statistics: • Anglican Church School • Established in 1832 (176 years) • 300 acres in North Parramatta • K-12 Boys School with 1450 Students • 400 Boarders • Multiple Residences on Property

  39. Internet Bandwidth Internet Connection Bandwidth: • 2005 – 2.5Mb ADSL/ISDN • 2006 – 10Mb Ethernet • 2007 – 20Mb Ethernet • 2008 – 50Mb Ethernet • 2009 – 100Mb Ethernet • ISP – The Somerville Group

  40. Internet Access All Staff and Students have Access to: • YouTube, MySpace, FaceBook, ... • Hotmail, Yahoo Mail, Gmail, ... • MSN Messenger, ... • Most if not all Web 2.0 Technologies • Changes to filtering (lead by ICT Services) provide staff and students with a real and relatively unrestricted learning experience

  41. Internet & Email Filtering Filtering is multi-layered: • Email Filtering • Internet Filtering

  42. Network Box Weekly Email Activity (Incoming Average) • Spam (95.5%) - 485,647 • Virus (1.5%) - 7,608 • Delivered (3%) - 15,615 • Total (100%) - 508,870

  43. Network Box Weekly Internet Activity (Average) • URL's Visited - 13,254,949 • URL's Blocked due to Virus Activity - 71 • URL's Blocked due to Policy Rules - 3,326 • Threat Signature Updates - 843 • Internet Download (GB) – 398 • Monthly Internet Download (TB) – 1.6

  44. Contact Details Michael Eggenhuizen Director ICT PO Box 1 Parramatta NSW 2124 Phone (02) 9683 8650 Fax (02) 9683 8565 www.kings.edu.au meggenhuizen@kings.edu.au

More Related