1 / 12

UW Madison Campus Network Security Strategy Campus Firewall Service

UW Madison Campus Network Security Strategy Campus Firewall Service. Rick Keir DoIT Network Services keir@doit.wisc.edu. UW Madison Campus Firewall Project Outline. Project history Design Service Virtualization Security Domains Deployment and Integration Support Models

marty
Download Presentation

UW Madison Campus Network Security Strategy Campus Firewall Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UW Madison Campus Network Security StrategyCampus Firewall Service Rick Keir DoIT Network Services keir@doit.wisc.edu

  2. UW Madison Campus Firewall Project Outline • Project history • Design • Service Virtualization • Security Domains • Deployment and Integration • Support Models • Design highlights/caveats • Next steps

  3. Project History • R&D effort started on enterprise scale security systems • Campus-wide firewall technology identified as needing major attention • Analysis of solutions came up largely empty • Departments needed to purchase and run their own firewall infrastructure

  4. Project History (cont) • Vendors now scaling products to multi-gigabit speeds • DoIT Network Engineers surveyed market, met and argued with various vendors • Cisco FWSM product “ripened” in 2004 • Evaluation, testing, and more testing • FWSM software passed DoIT evaluation process last month • Results discussed with campus IT groups

  5. Service Virtualization • Virtualization allows multiple separate instances to exist in the same chassis • We use virtualization today for VLANs • With the FWSM, we can have multiple firewall instances on the same physical hardware

  6. Design • Security Domains • Ability to separate “chunks” of department networks into domains. • Server DMZ’s, Client Networks, etc. can be defined by building, or more generically by VLAN • Through VLAN magic, hosts can optionally be in different security domains, but on the same Level 3 segment.

  7. Security Domains (department example) • A firewall instance per security domain • Security domains can be placed in collaborative and centralized XXI buildings.

  8. Support Models • Collaborative Administration • Targeted at collaborative customers • Tools for easier administration • Supported through the NOC. • Centralized Administration • Targeted at collaborative and centralized customers • Pick from a “security menu” of options, such as client network, server DMZ, etc. • Supported through the NOC for AA’s, primary TP’s • Supported through the Helpdesk / Desktop Support if there is no department admin

  9. Deployment and Integration • Does campus want Opt-In or Opt-Out? • Integration into AANTS • Active/Passive HA model • Customer provisioning: • Deployment scenarios engineered to meet individual customer network needs • Consultation with Network Engineers • In many cases, D-Day style deployment can be avoided

  10. Demand can be met Campus security posture will improve, even for those without network admins Security Domains Scalable deployment Manageable network support Routed Core more resilient Deployment won’t happen overnight Security Domains may mean renumbering for some Multiple fw’s to admin may mean more work Support for legacy protocols ends Support for cross-campus L2 networks largely ends Design Highlights & Caveats

  11. Next Steps • Pilot Program • More discussion and feedback from campus • Campus buy-in and go ahead • Development of tools, support procedures, SLAs, training program, hardware deployment, etc. • Policies must be created

  12. UW Madison Campus Network Security Strategy -- Campus Firewall Project Questions?Rick Keirkeir@doit.wisc.edu

More Related