Upload
cecile
View
37
Download
0
Embed Size (px)
DESCRIPTION
Is Your Network Infrastructure Bullet Proof? October 17, 2006. Been with Wake Tech and the ITS team for nearly 11 years Previously in the Private Sector as an Engineer Reliability/Failure Analysis Engineer Test Design Engineer Nearly 23 years of Experience in the Computer Industry - PowerPoint PPT Presentation
Citation preview
Is Your Network Infrastructure Bullet Proof?
October 17, 2006
WAKE TECHINFORMATION TECHNOLOGY SERVICES
My Background• Been with Wake Tech and the ITS team
for nearly 11 years• Previously in the Private Sector as an
Engineer• Reliability/Failure Analysis Engineer• Test Design Engineer• Nearly 23 years of Experience in the
Computer Industry• I Love the Pittsburgh Steelers
WAKE TECHINFORMATION TECHNOLOGY SERVICES
What Makes a NetworkBullet Proof?
• A Good Philosophy & Hard Work
• Hardware That Operates at Wire Speed
• Knowledgeable Personnel Always Looking for Better Ways to Conduct Business
• Continual Monitoring of the Network
• A Simple Security Policy
• Senior Management That Supports It
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Information Technology Services Mission
• The mission of Information Technology Services at Wake Technical Community College is to support Student Learning, Faculty Teaching and College Operations through the use of Information Technology
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Information Technology Services Philosophy
• The most important relationship on campus is that between the Student and the Instructor. Everything else on campus is in support of that relationship.
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Wake Tech’s Network Hardware• Top Layer 5500 for IPS Protection• FATPipe for Continuity of ISP Circuits• Cisco ASA 5540 for Main PIX Plus VPN• Multiple Cisco PIX Engines Throughout the Network• Cisco Routers for WAN and ME Circuits• HP ProCurve Family of Switches for Core Routing
Switch, Intermediate Routing Switches, and Edge Switches
• Currently Replacing HP ProCurve Switches with New HP ProCurve PoE switches in Preparation of VoIP
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Wake Tech’s Core NetworkMCNCMCNC TWCTWC
Top Layer
FAT Pipe
ASA 5540
HP 9315Routing Switch
2 Circuit Connectio
ns
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Top Layer 5500 Intrusion Prevention System Device
MCNCMCNC TWCTWC
Top Layer
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Front Panel View
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Complete Security Report
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Real-Time Blocked & Detected Attacks
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Real-Time Graph of Traffic
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Host Group Screen Allows Custom Policy Definitions
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Rate Based Policy Controls Data Flood Traffic
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Report Table By ServiceCheck Out Yahoo IM
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Top Layer is Delivered with Pre-Defined Rules
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Drilling Down on Rules Shows Individual Network Violations
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Traffic Blocked from ONE Server
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Security Event Filter
WAKE TECHINFORMATION TECHNOLOGY SERVICES
FATPipe WARP Balancer
MCNCMCNC TWCTWC
Top Layer
FAT Pipe
2 Circuit Connectio
ns
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Monitor the Health of IncomingISP Links
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Policy Routing Page
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Add or Edit Policy Rules
WAKE TECHINFORMATION TECHNOLOGY SERVICES
DNS Configuration PageFATPipe has to be the DNS server
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Reverse Mapping Settings Allow Inbound Traffic from Multiple ISP’s to a Single Server
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Internal Static Routes for Public & Private Numbers NEED Defined or the FATPipe Will
Attempt to Route Numbers Externally
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Diagnostics Page Helps Troubleshoot Problems
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Cisco ASA 5540MCNCMCNC TWCTWC
Top Layer
FAT Pipe
ASA 5540
2 Circuit Connectio
ns2
Connections
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Cisco ASA 5540 Initial Screen Displays Valuable Information: Link Status, Bandwidth Usage, Error
Messages, and CPU & Memory Usage
WAKE TECHINFORMATION TECHNOLOGY SERVICES
GUI Configuration Page
WAKE TECHINFORMATION TECHNOLOGY SERVICES
NAT/PAT PolicyConfiguration Page
WAKE TECHINFORMATION TECHNOLOGY SERVICES
VPN Services Configuration Page
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Static Routes MUST Be Setup for Internal Addresses
WAKE TECHINFORMATION TECHNOLOGY SERVICES
All Users, Groups, & Access Levels are Setup by the
Device Administration Page
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Easy Definition of TFTP Server to Load/Store Configurations
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Device Specific Configurations are Done on the Properties Configuration Page
WAKE TECHINFORMATION TECHNOLOGY SERVICES
VPN Setup Wizard Page
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Monitor All Device Activity on a Single Page
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Monitor the Device with Real-Time Graphs
WAKE TECHINFORMATION TECHNOLOGY SERVICES
IP Audit Rules Page. This Feature is Disabled Because of the Top Layer IPS
WAKE TECHINFORMATION TECHNOLOGY SERVICES
For CLI Users: SSH or the Command Line Tool in the ASDM GUI are Available
WAKE TECHINFORMATION TECHNOLOGY SERVICES
HP ProCurve 9315 Routing Switch
MCNCMCNC TWCTWC
Top Layer
FAT Pipe
ASA 5540
HP 9315Routing Switch
2 Circuit Connectio
ns2
Connections
Manage Entire LAN with
PCM+
WAKE TECHINFORMATION TECHNOLOGY SERVICES
HP PCM+ Firmware Update Wizard
WAKE TECHINFORMATION TECHNOLOGY SERVICES
HP ProCurve Devices Page
WAKE TECHINFORMATION TECHNOLOGY SERVICES
IP Route Table
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Other Discussion Topics That NeedNetwork Security
• Desktop Security – Anti-Virus Solutions
• Email Security – Anti-Virus & Anti-Spam Solutions
• Wireless Access for Students – “Sandbox” Solution
• Non-College Computers on Your Network
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Wake Tech’s ITS CrewDr. Darryl McGraw – Chief Information Officer
Leigh Anne Dupree – Director, IT & Help Desk SupportChris Keefer – Director, Systems
Chris Wheeler – Director, Network ServicesTim Nicholson – Manager, Administrative Computing
Dale Weaver – Manager, Web ServicesFred Zahn – Manager, Network Services
Carlos McCormick – Manager, Instructional TechnologiesAlec Woodruff – IT Systems EngineerBuddy Gilmore – IT Voice Engineer
Jason Pickard – Senior Systems AnalystThomas Guettler – Senior IT Analyst
Ernest Youngblood – Help Desk AnalystCary Osborne – IT AnalystFrank Spikes – IT Analyst
Dave Goldstein – IT TechnicianJeremy Blalock – IT Technician
Liz Winfrey – Web Designer SpecialistSusan Fenn – Programmer/Analyst
Amy Murray – Application Support TechnicianCrystal Eatman – Administrative Assistant
Kyle Fescoe – Help Desk Assistant
WAKE TECHINFORMATION TECHNOLOGY SERVICES
Question PeriodAnswers are Optional
Opinions are always Given
Visit Wake Tech:www.waketech.edu
Visit our ITS: its.waketech.edu
My Email: [email protected]