Educause Security Discussion mailing list archives

Re: Internal Network Security

From: Bruce Curtis <bruce.curtis () NDSU EDU>
Date: Fri, 27 Oct 2006 12:50:21 -0500


On Oct 27, 2006, at 8:28 AM, Willis Marti wrote:

I've not had good luck with finding reasonable campus-wide divisions.
Most places employ student workers, for example, and let them access
student resources from desktops in "administrative" areas. Our
approach
is to still use border firewalls and IDS, then establish "secure
islands"
within the campus mostly around servers.
Cheers,
 Willis Marti
 Associate Director for Networking
 Computing & Information Services
 Texas A&M University



At least two Universities have used IPsec rather than separate
physical networks or separate vlans.  It looks like a much better
approach than separate networks, the only hosts that can scan servers
are ones that are allowed to connect via naive transport mode IPsec.


http://members.microsoft.com/CustomerEvidence/Search/
EvidenceDetails.aspx?EvidenceID=14258&LanguageID=1

https://members.microsoft.com/customerevidence/search/
EvidenceDetails.aspx?EvidenceID=14205&LanguageID=1


http://www.microsoft.com/technet/itsolutions/msit/security/
IPsecdomisolwp.mspx

  eBook "Security Inside the Perimeter"

http://www.apani.com/e-books/pre-registration

Re:

Divide it into different networks (either logical or physical,
only you
and your network people know the best answer to this) and use
firewalls
in the borders, not just router ACLs.

For example:
One for students.
One for critical info dealing with student data.
One for confidential info not student related.
Etc.

You get the idea.

I hope this helps!

Antonio Quesada
Director of Networking and Computing Services
Georgia Gwinnett College
1000 University Center Lane Suite B3800
Lawrenceville, GA 30043
USA
678-407-5093


-----Original Message-----
From: Gibbs, Aaron M. [mailto:AMGibbs () ST-AUG EDU]
Sent: Thursday, October 26, 2006 6:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Internal Network Security


I am looking to beef up the network security of the campus
infrastructure inside our firewall and IDS/IPS. Are there any
suggestions that can be offered to assist me in further securing the
network.

Aaron M Gibbs
Executive Director
Center for Information Technology
Saint Augustine's College
919-516-4379 (Office)
919-516-4382 (Fax)
amgibbs () st-aug edu
www.st-aug.edu

"Always be a visionary!"



---
Bruce Curtis                         bruce.curtis () ndsu edu
Certified NetAnalyst II                701-231-8527
North Dakota State University

Current thread:

Internal Network Security Gibbs, Aaron M. (Oct 26)
- <Possible follow-ups>
- Re: Internal Network Security Willis Marti (Oct 27)
- Re: Internal Network Security Antonio Quesada (Oct 27)
- Re: Internal Network Security Bruce Curtis (Oct 27)