Upload
todd-curtis
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
EDUCAUSE Security 2006
Internet Security@JBU
John Brown University
EDUCAUSE Security 2006
John Brown University
“John Brown University is a private, Christian university with more than 1,900 students from all over the U.S. and around the world. JBU offers more than 50 undergraduate degrees, including cutting-edge programs such as Digital Media Arts, along with liberal arts programs such as English and history.”
EDUCAUSE Security 2006
Campus Population
1200+ undergraduate students 900 on campus
200+ graduate students 400+ Adult Degree Completion Students 350 Faculty and Staff
EDUCAUSE Security 2006
Campus Network View
EDUCAUSE Security 2006
Campus Computers & Network
Computing Infrastructure 300 Computers in Student Labs
3 Open Labs 7 “Specialty” Labs
500 Office Computers 800 Student Computers
Network 1 Gbit Fiber Backbone 100 Mbit cat 5 to desktops About a dozen WiFi (802.11g) “Hotspots” 9 Mbit Fiber to our ISP
EDUCAUSE Security 2006
Network Services
File and Print Servers Several Web/FTP Servers Exchange Email Server LAN-LAN VPN to 4 Remote Sites Multiple Database Servers AS400 for Administrative Applications
EDUCAUSE Security 2006
Our Problems
Whatever happens is our
fault
Server Farm•Patch for Vulnerability•Packet Filtering Firewall
Our Students•Bring in Infected Machines•Need to protect us from students•Need to protect students from each other
JBU Clients•Patch for Vulnerability•Host Based Anti-Virus
EDUCAUSE Security 2006
Fall 2003: “That Semester”
Nachi and Blaster Worms ( July 2003 ) Infection Vectors - Students moving in to the
dorms bring in Infected Machines Network Impact - Spread like wildfire Solution
Disconnect Students from the Network JBU Staff went to the dorms to scan and patch
computers Not Fun
EDUCAUSE Security 2006
2004 – Access Control Server
Automated Scans for vulnerabilities Automated Scans for worm activity Enforce Patch and AV Requirements Reports with Instructions and links to …. Web Site with files
Patches Virus Scanners
Student mostly take care of themselves Much Nicer!
2004 - 2005 - Minimal problems (with Sasser) 2005 – 2006 - It’s not over, yet
EDUCAUSE Security 2006
Internet Security – more to do
NAT Protects Clients Email Protection helps a lot
Anti-virus scan Quarantine attachments
Enforcing Patches helps a lot Client anti-virus helps a lot, but …
Have to keep up with updates Not perfect
Need to compliment the Host Based Anti-Virus and Access Control Agent
Intrusion Detection and Prevention for Zero Day Exploits
EDUCAUSE Security 2006
Upgrade & Enhancement Dilemma
We had a “Sniffer” Content Filtering Solution Allows traffic until it categorizes it Potential to miss traffic in high traffic times
Or - it can be installed as a Proxy Requires Client Configuration Caused problems with some HTTPS sites
Content Filter is Fairly Expensive No budget for Firewall upgrade
EDUCAUSE Security 2006
Evaluation Process
Integrated Solution for – Firewall, Content Filtering, AV and IDS/IPS
Started looking at following solutions SonicWall iPolicy
Either could be purchased for what we had budgeted for the Web Filter
EDUCAUSE Security 2006
We Selected iPolicy
We liked both iPolicy
Central Management of multiple firewalls (Separate Firewall and Management Hardware)
Integrated Content Filter uses the SurfControl database Gartner “Magic Quadrant for Network Firewalls” report
was a plus Higher Bandwidth rating for similar cost Liked commitment to add services while maintaining
performance Technical people impressed us
EDUCAUSE Security 2006
Results
We replaced our Firewall and Web Content Filter with one appliance, for a comparable price.
Gained IDS/IPS We kept our separate Bandwidth
Manager
EDUCAUSE Security 2006
Experience
Firewall configuration is easy and effective Easy to take care of behavior anomalies like
infected client machines generating SMTP traffic
Performance – we run with our Internet connection pegged much of the time – performance is not a problem
The Web Content Filter works well Configuration is simple Filtering is as accurate as it was with SurfControl
EDUCAUSE Security 2006
Experience
Easy to turn On/Off IDS/IPS signatures Over 2400 signatures
Flood Signatures which still need to be tuned
Incoming and Outgoing IDS/IPS can detect and block … Worm activity Bot activity
EDUCAUSE Security 2006
IDS/IPS: more than buying a box
We don’t know all the threats We used iPolicy recommended
settings False positives happen
Thresholds for flood/DoS signatures need to be tuned
Some of the alerts are for older vulnerabilities
EDUCAUSE Security 2006
Summary
We like the iPolicy Product We need to learn more to use it well We really want IDS to be like AV
products today Pretty much install, set and forget I know – AV is an easier problem
We look forward to Virus Scanning of Internet traffic
EDUCAUSE Security 2006
Questions
http://Faculty.jbu.edu/RTWest