1 / 15

Implementation of Virtual LANs for Virus Containment

Implementation of Virtual LANs for Virus Containment. Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services Department. Outline. Problem Statement What is a VLAN? How can it help? Proposed Solution Layout Implications Details Future Expansion.

kaipo
Download Presentation

Implementation of Virtual LANs for Virus Containment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services Department

  2. Outline • Problem Statement • What is a VLAN? • How can it help? • Proposed Solution • Layout • Implications • Details • Future Expansion

  3. Problem Statement • Universities are prone to viruses • PCs are frequently not running AV software • Staff constantly monitors network traffic • Ports disabled if viruses are detected • Students unable to clean / patch PC • Without Internet, more effort is necessary • Students frequently frustrated

  4. Background: VLANs SWITCH

  5. SWITCH Background: VLANs SWITCH

  6. Proposed Solution • Implement two VLANs: • Default: Quarantined, DHCP • Secure: Safe, Virus-free, Static IP • Automated tools can switch VLANs • Traffic can be redirected/forwarded • Allow sites like Windows Update, SARC, etc. • Redirect other traffic to quarantined server

  7. Current Layout INTERNET IN-BUILDING SWITCH 0 FIREWALL SWITCH 1 SWITCH 2

  8. Proposed Layout: Overview INTERNET IN-BUILDING SWITCH 0 SECURE SWITCH 1 DEFAULT SWITCH 2 QUARANTINESERVER

  9. Proposed Layout: In-Building IN-BUILDING 1 2 3 4 5 6 13 14 15 16 17 18 7 8 9 10 11 12 19 20 21 22 23 24 DEFAULT PACKET SECURE PACKET

  10. Proposed Layout: Backbone INTERNET SECURE FIREWALL DEFAULT QUARANTINESERVER

  11. Proposed Layout: Server FIREWALL • DHCP Server • Apache Web Server • IP Masquerading (ipChains) DEFAULT QUARANTINESERVER

  12. Possible Implications • Firewall • Forward traffic depending on VLAN tag • Quarantine Server • Must be frequently re-evaluated to… • Be kept secure from viruses/worms • Select valid traffic to forward • Is not designed to take full load • Switches • Must have VLAN support

  13. Future Expansion • Automated Port Activation Requests • Allow students to register with ISD online • Integration with Banner? • Automated Virus Detection and Quarantine • Detect virus activity and switch VLANs • In progress • More detailed communications • Specific information / instructions • Would require multiple VLANs • For a later stage

  14. Implementation of Virtual LANs for Virus Containment Questions? Aaron Soto asoto@admin.nmt.edu (505) 835-5945

More Related