is your network infrastructure bullet proof? october 17, 2006

Is Your Network Infrastructure Bullet Proof?

October 17, 2006

WAKE TECHINFORMATION TECHNOLOGY SERVICES

My Background• Been with Wake Tech and the ITS team

for nearly 11 years• Previously in the Private Sector as an

Engineer• Reliability/Failure Analysis Engineer• Test Design Engineer• Nearly 23 years of Experience in the

Computer Industry• I Love the Pittsburgh Steelers


What Makes a NetworkBullet Proof?

• A Good Philosophy & Hard Work

• Hardware That Operates at Wire Speed

• Knowledgeable Personnel Always Looking for Better Ways to Conduct Business

• Continual Monitoring of the Network

• A Simple Security Policy

• Senior Management That Supports It


Information Technology Services Mission

• The mission of Information Technology Services at Wake Technical Community College is to support Student Learning, Faculty Teaching and College Operations through the use of Information Technology


Information Technology Services Philosophy

• The most important relationship on campus is that between the Student and the Instructor. Everything else on campus is in support of that relationship.


Wake Tech’s Network Hardware• Top Layer 5500 for IPS Protection• FATPipe for Continuity of ISP Circuits• Cisco ASA 5540 for Main PIX Plus VPN• Multiple Cisco PIX Engines Throughout the Network• Cisco Routers for WAN and ME Circuits• HP ProCurve Family of Switches for Core Routing

Switch, Intermediate Routing Switches, and Edge Switches

• Currently Replacing HP ProCurve Switches with New HP ProCurve PoE switches in Preparation of VoIP


Wake Tech’s Core NetworkMCNCMCNC TWCTWC

Top Layer

FAT Pipe

ASA 5540

HP 9315Routing Switch

2 Circuit Connectio

ns


Top Layer 5500 Intrusion Prevention System Device

MCNCMCNC TWCTWC

Top Layer


Front Panel View


Complete Security Report


Real-Time Blocked & Detected Attacks


Real-Time Graph of Traffic


Host Group Screen Allows Custom Policy Definitions


Rate Based Policy Controls Data Flood Traffic


Report Table By ServiceCheck Out Yahoo IM


Top Layer is Delivered with Pre-Defined Rules


Drilling Down on Rules Shows Individual Network Violations


Traffic Blocked from ONE Server


Security Event Filter


FATPipe WARP Balancer

MCNCMCNC TWCTWC

Top Layer

FAT Pipe

2 Circuit Connectio

ns


Monitor the Health of IncomingISP Links


Policy Routing Page


Add or Edit Policy Rules


DNS Configuration PageFATPipe has to be the DNS server


Reverse Mapping Settings Allow Inbound Traffic from Multiple ISP’s to a Single Server


Internal Static Routes for Public & Private Numbers NEED Defined or the FATPipe Will

Attempt to Route Numbers Externally


Diagnostics Page Helps Troubleshoot Problems


Cisco ASA 5540MCNCMCNC TWCTWC

Top Layer

FAT Pipe

ASA 5540

2 Circuit Connectio

ns2

Connections


Cisco ASA 5540 Initial Screen Displays Valuable Information: Link Status, Bandwidth Usage, Error

Messages, and CPU & Memory Usage


GUI Configuration Page


NAT/PAT PolicyConfiguration Page


VPN Services Configuration Page


Static Routes MUST Be Setup for Internal Addresses


All Users, Groups, & Access Levels are Setup by the

Device Administration Page


Easy Definition of TFTP Server to Load/Store Configurations


Device Specific Configurations are Done on the Properties Configuration Page


VPN Setup Wizard Page


Monitor All Device Activity on a Single Page


Monitor the Device with Real-Time Graphs


IP Audit Rules Page. This Feature is Disabled Because of the Top Layer IPS


For CLI Users: SSH or the Command Line Tool in the ASDM GUI are Available


HP ProCurve 9315 Routing Switch

MCNCMCNC TWCTWC

Top Layer

FAT Pipe

ASA 5540

HP 9315Routing Switch

2 Circuit Connectio

ns2

Connections

Manage Entire LAN with

PCM+


HP PCM+ Firmware Update Wizard


HP ProCurve Devices Page


IP Route Table


Other Discussion Topics That NeedNetwork Security

• Desktop Security – Anti-Virus Solutions

• Email Security – Anti-Virus & Anti-Spam Solutions

• Wireless Access for Students – “Sandbox” Solution

• Non-College Computers on Your Network


Wake Tech’s ITS CrewDr. Darryl McGraw – Chief Information Officer

Leigh Anne Dupree – Director, IT & Help Desk SupportChris Keefer – Director, Systems

Chris Wheeler – Director, Network ServicesTim Nicholson – Manager, Administrative Computing

Dale Weaver – Manager, Web ServicesFred Zahn – Manager, Network Services

Carlos McCormick – Manager, Instructional TechnologiesAlec Woodruff – IT Systems EngineerBuddy Gilmore – IT Voice Engineer

Jason Pickard – Senior Systems AnalystThomas Guettler – Senior IT Analyst

Ernest Youngblood – Help Desk AnalystCary Osborne – IT AnalystFrank Spikes – IT Analyst

Dave Goldstein – IT TechnicianJeremy Blalock – IT Technician

Liz Winfrey – Web Designer SpecialistSusan Fenn – Programmer/Analyst

Amy Murray – Application Support TechnicianCrystal Eatman – Administrative Assistant

Kyle Fescoe – Help Desk Assistant


Question PeriodAnswers are Optional

Opinions are always Given

Visit Wake Tech:www.waketech.edu

Visit our ITS: its.waketech.edu

My Email: [email protected]

is your network infrastructure bullet proof? october 17, 2006

Documents