1 / 24

Securing Schools

Securing Schools. Firewalling and Filtering on the Broadband for Schools Network. Liam Kennedy Network Engineer HEAnet Ltd. Broadband for Schools Project. Providing free broadband to nearly 4,000 schools. €18m - Funded by TIF and Depts. of Education and Communication.

harley
Download Presentation

Securing Schools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SecuringSchools Firewalling and Filtering on the Broadband for Schools Network. Liam Kennedy Network Engineer HEAnet Ltd.

  2. Broadband for Schools Project • Providing free broadband to nearly 4,000 schools. • €18m - Funded by TIF and Depts. of Education and Communication. • Feb 2004: Plan announced and HEAnet chosen as ISP. • Late 2004: Connection and router tenders awarded. • Spring 2005: HEAnet build network and interconnect with selected service providers. NCTE support desk set up. • Summer 2005 Majority of schools connected and routers installed – Spring 2006: • Summer 2006: Scoilnet email service trialled and put into production.

  3. Service providers

  4. Schools Update • 95% of schools installed • 84% of schools have used their connection • Peak daily Traffic > 100Mbps • Daily Download > 250GB • Email service now live

  5. 3 layers of security

  6. Cisco Firewall Services Module • Integrated firewall module (blade) for 6500 switch • 5.5 Gbps throughput • 100,000 connections per second • 1 million concurrent connections • Runs PIX OS

  7. Firewall Inbound

  8. Firewall Outbound

  9. Fortinet • 500Mbps in-line scanning – scalable to higher bandwidths • Web Content Filtering • Virus & Malware Scanning – HTTP, SMTP, POP3 • Anti-Spam • IPS • Logging and statistics

  10. Fortinet: Web Filtering • Database of 26 million rated Web Sites • 76 Categories • 24x7 Managed Service • White & Blacklists – override categories • Unrated sites blocked (24hr rating) • Currently 2 levels of filtering but is capable of giving each school it’s own profile

  11. Web filtering – potential problems Not everything on the web can be neatly categorized - manual intervention will always be required.

  12. Anti-Virus • Well-known ports blocked inbound and outbound by FWSM and 871 • HTTP, SMTP, POP3, IMAP scanned by Fortinet • Automatic reporting culled from Cymru and Spamcop reports, DNS and Fortinet logs. • Schools contacted – problem hosts can be blacklisted.

  13. VPN

  14. VPN

  15. VPN

  16. Other Issues: • Scoilnet Email Service • Virus and Spam scanned, inbound and outbound • P2P and other bandwidth-intensive apps • Can be blocked or rate-limited • Acceptable Usage

  17. Q&A • liam.kennedy@heanet.ie • www.ncte.ie • www.fortinet.com

More Related