1 / 15

Packet Filtering or How to Protect the COE Network

Packet Filtering or How to Protect the COE Network. A Very Brief Case Study of How We Got Where We Are Today James Carras Electronic & Computer Services 16 October 2003. The First Comprehensive COE Network. Ethernet Network of the Late 1980’s Installed at College Expense

melyssa-jennings
Download Presentation

Packet Filtering or How to Protect the COE Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Packet Filtering or How to Protect the COE Network A Very Brief Case Study of How We Got Where We Are Today James Carras Electronic & Computer Services 16 October 2003

  2. The First Comprehensive COE Network • Ethernet Network of the Late 1980’s • Installed at College Expense • Ethernet Not Token Ring • Flat Design With No COE Routing • Limited Bridges • Thick Wire, Coax and Terminal Wiring

  3. Original Network Topology

  4. Major Upgrade in the Mid 90’s at College Expense • University-Wide ATM Backbone • Installed COE ATM Backbone with Routing at Buildings • Some Internal Building Switching • Internal Distribution Remains Unchanged

  5. ATM Network Topology

  6. Major Upgrade in 2000’s and Today • University Transition to Gig Backbone and Change In Expense Model • University Funded Building Wiring Upgrade to UTP • COE Backbone Eliminated By Individual University Backbone Connections • Switched Ethernet Installed as Buildings rewired by the University • 25 Buildings and 17 Routers

  7. Present Network Topology

  8. COE Packet Filtering • Packet Filtering Used to Control COE Network Operations • Started When First Building Routers Installed • Extensive Shared Media Inside Buildings • Routers Provided Control Points

  9. First Generation Routers • ATM / Ethernet • Extensive Filtering • Input/Output • Allowed 100 Filters • Did Not Filter at Wire Speed • Reason for Replacement : Router Designed for 10Mb Operations

  10. Second Generation Routers (Now) • Ethernet / Fast Ethernet • Wire Speed Filtering • Advertised with Extensive Filtering • Enterprise Grade Wire Speed Routing

  11. Reality • Installed Configuration Has Limited Filtering • Complicated Filter Configuration • Does Work At Wire Speed • Very Efficient Routing Engine

  12. Present COE Packet Filtering • Block Compromised Systems • Special Purpose Filters • Example : • Blaster – Early Blocking of TFTP Minimize Complete Infection

  13. Present University Packet Filtering • Ingress/Egress Filtering on each Backbone Interface • Block Ports 135, 137 – 139 and 445 at University Boundary • Blocking Port 135 on University Dial-Up Connections

  14. Today’s Situation • Compromise’s Have Dramatically Decrease With University Packet Filtering • COE is Installing PIX Firewalls Ahead of Routers to Provide Flexible Filtering • COE has on average 3000 Active Systems at a time with 2/3 MS operating system

  15. Summary of How We Got Here • Money and Users • COE Installed Network because University would not pay • Budgets Decrease • Departmental Control of Academic/Research Computing • University Wiring Upgrade • Staffing Limitations • User’s access to computers

More Related