120 likes | 131 Views
Stay updated on the latest network upgrades and security solutions, including Nortel 8600 upgrades, Shasta replacement update, Fortigate 3600 firewall, Allot NetEnforcer, and more.
E N D
Agenda • Introductions • Nortel 8600 Upgrades • Nortel Designated SE • Shasta Replacement Update • Fortigate 3600 • Allot NetEnforcer • Dorm Students Return… Argh! • Campus Manager? • Question & Answers
Introductions • Name • Title • Location
Nortel 8600 Upgrade • Was running 3.2.1 • Hardware Memory upgraded from 64M to 256M • Software Upgrade to 3.5.3 • Spanning Tree issues at Garnet Valley from misconfig • No other problems • First Upgrade on July 1 and last on July 20th
Nortel Designated SE • Past Tom Desilets, Nortel, Designated Direct Sales • Tim Slattery, CNI, Designated Reseller • Nortel SE, Product specific, available • Gladys Kline – Now Nortel Designated SE • gcornist@nortelnetworks.com • Office 610 370 9838 • Cell 610 698 8282
Shasta Replacement Update • Review conversation issue • Problem areas Widener Academic and Dorms • Lab testing done in June • Dorms cutover in July • Widener Academic cutover in Aug • Still to move : Tech Park, Computer Science, and DCIU Districts
Widener Fortigate 3600 Interfaces 10/100Base-T Ports 1 1000Base-SX Ports (Fiber) 4* 1000Base-T Ports (Copper) 2 System Performance Concurrent sessions 1,000,000 New sessions/second 25,000 Firewall throughput (Gbps) 4Gbps 168-bit Triple-DES throughput (Mbps) 600 Unlimited concurrent users • Policies 50,000 Schedules 256 • Installed in July • Detects, quarantines, and eliminates viruses and • worms in real-time. Scans incoming and • outgoing email attachments (SMTP, POP3, • IMAP), HTTP and FTP traffic including web-based • email, and encrypted VPN tunnels – without • degrading Web performance • Detection and prevention of over 1300 intrusions • and attacks, including DoS and DDoS attacks, • based on user-configurable thresholds. Automatic • updates of IPS signatures from FortiProtect • Network • Processes all Web content to block inappropriate • material and malicious scripts via URL blocking • and keyword/phrase blocking • Industry standard stateful inspection firewall • Industry standard PPTP, L2TP, and IPSec VPN • support • FortiGate units can be deployed in conjuction • with existing firewall and other devices to • provide antivirus, content filtering, and other • content-intensive applications Fortinet FortiGate-3600 – Product of the Year - Gold Award – Enterprise firewall system searchNetworking.com February 2004 A fortress in a box – FortiGate 3600 offers a smorgasbord of security services on one machine FCW.com October 2003
Allot NetEnforcer • Provide Internet access to bandwidth-hungry students without compromising on resources needed for teaching and research--or the business of running a university. Limit P2P music-sharing and non-essential applications at peak hours while guaranteeing bandwidth for mission-critical applications. Create service level agreements (SLAs) for classes of users and offer ISP-style classes of services. Filter Internet content to increase students' and educators' productive use of network resources and to reduce bandwidth contention between "fun" content and research- or work-related applications. Cache redirection software package, enables caching for fast response time Accounting provides browser-based traffic statistics and reports.
Dorm Students Return… Argh! • 'Twas the night before Check-in, when all thro' the campus, Not a creature was stirring, not even a Virus; • Fortigate CPU Maxed out • Allot indicated 128000 conversations • Allot increased to 500000 and recorded 350000 • Dorms disconnected and reconnected one at a time • Isolated to one PC streaming 300000 conversations • Placed Attack Mitigator on Dorm • Found students that did not update windows OS or let anti-virus software expire • Shut down over 150 PC’s to date • Virus/Worms to few to mention… but we will! • Ground Hogs Day!!!!
Campus Manager • Register Network Users • • Import and synchronize user and group information from a network directory server i.e. Active Directory, Novell Directory Services, Sun ONE Directory Server, or any Lightweight Directory Access Protocol (LDAP) system server. • • Import user information from a delimited text file. • Proactively Deal with Unregistered Network Users • • Unregistered users connecting to the network can be denied network access. A typical rollout plan, in single VLAN network environments, is to permit users access for a period of time to allow for user registration and after the specified period of time unregistered users are denied network access. • Identify who is accessing the Network • • A real time view of who is connected to the network. • Locate Network Users • • The ability to locate where a user is currently online or was last online given the user’s first or last name, network address, physical network address, or a physical location. • Connection Based Scanning • • Scan / test network computers and servers as they access the network. • Restrict / Deny an individual Network Access • • Proactively schedule usage policies to restrict or deny network access. React to network access issues on a case-by-case basis and restrict or deny user network access. • Enable / Disable Ports • • Proactively schedule policies to enable and disable ports. React to network access issues on a case-by-case basis and enable or disable ports.
Questions & Answers • Next Meeting Friday Nov 5th