Educause Security Discussion mailing list archives
Re: Internal Network Security
From: Bruce Curtis <bruce.curtis () NDSU EDU>
Date: Fri, 27 Oct 2006 12:50:21 -0500
On Oct 27, 2006, at 8:28 AM, Willis Marti wrote:
I've not had good luck with finding reasonable campus-wide divisions. Most places employ student workers, for example, and let them access student resources from desktops in "administrative" areas. Our approach is to still use border firewalls and IDS, then establish "secure islands" within the campus mostly around servers. Cheers, Willis Marti Associate Director for Networking Computing & Information Services Texas A&M University
At least two Universities have used IPsec rather than separate physical networks or separate vlans. It looks like a much better approach than separate networks, the only hosts that can scan servers are ones that are allowed to connect via naive transport mode IPsec. http://members.microsoft.com/CustomerEvidence/Search/ EvidenceDetails.aspx?EvidenceID=14258&LanguageID=1 https://members.microsoft.com/customerevidence/search/ EvidenceDetails.aspx?EvidenceID=14205&LanguageID=1 http://www.microsoft.com/technet/itsolutions/msit/security/ IPsecdomisolwp.mspx eBook "Security Inside the Perimeter" http://www.apani.com/e-books/pre-registration
Re:Divide it into different networks (either logical or physical, only you and your network people know the best answer to this) and use firewalls in the borders, not just router ACLs. For example: One for students. One for critical info dealing with student data. One for confidential info not student related. Etc. You get the idea. I hope this helps! Antonio Quesada Director of Networking and Computing Services Georgia Gwinnett College 1000 University Center Lane Suite B3800 Lawrenceville, GA 30043 USA 678-407-5093 -----Original Message----- From: Gibbs, Aaron M. [mailto:AMGibbs () ST-AUG EDU] Sent: Thursday, October 26, 2006 6:28 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Internal Network Security I am looking to beef up the network security of the campus infrastructure inside our firewall and IDS/IPS. Are there any suggestions that can be offered to assist me in further securing the network. Aaron M Gibbs Executive Director Center for Information Technology Saint Augustine's College 919-516-4379 (Office) 919-516-4382 (Fax) amgibbs () st-aug edu www.st-aug.edu "Always be a visionary!"
--- Bruce Curtis bruce.curtis () ndsu edu Certified NetAnalyst II 701-231-8527 North Dakota State University
Current thread:
- Internal Network Security Gibbs, Aaron M. (Oct 26)
- <Possible follow-ups>
- Re: Internal Network Security Willis Marti (Oct 27)
- Re: Internal Network Security Antonio Quesada (Oct 27)
- Re: Internal Network Security Bruce Curtis (Oct 27)