WINS WINS Monthly MeetingMonthly Meeting

10/1/200410/1/2004

AgendaAgenda

IntroductionsIntroductions Nortel 8600 UpgradesNortel 8600 Upgrades Nortel Designated SENortel Designated SE Shasta Replacement UpdateShasta Replacement Update Fortigate 3600Fortigate 3600 Allot NetEnforcerAllot NetEnforcer Dorm Students Return… Argh!Dorm Students Return… Argh! Campus Manager?Campus Manager? Question & AnswersQuestion & Answers

IntroductionsIntroductions

NameName TitleTitle LocationLocation

Nortel 8600 UpgradeNortel 8600 Upgrade

Was running 3.2.1Was running 3.2.1 Hardware Memory upgraded from Hardware Memory upgraded from

64M to 256M64M to 256M Software Upgrade to 3.5.3Software Upgrade to 3.5.3 Spanning Tree issues at Garnet Valley Spanning Tree issues at Garnet Valley

from misconfigfrom misconfig No other problemsNo other problems First Upgrade on July 1 and last on First Upgrade on July 1 and last on

July 20th July 20th

Nortel Designated SENortel Designated SE

Past Tom Desilets, Nortel, Designated Past Tom Desilets, Nortel, Designated Direct SalesDirect Sales

Tim Slattery, CNI, Designated ResellerTim Slattery, CNI, Designated Reseller Nortel SE, Product specific, availableNortel SE, Product specific, available Gladys Kline – Now Nortel Designated SEGladys Kline – Now Nortel Designated SE gcornist@nortelnetworks.comgcornist@nortelnetworks.com Office 610 370 9838Office 610 370 9838 Cell 610 698 8282 Cell 610 698 8282

Shasta Replacement Shasta Replacement UpdateUpdate

Review conversation issueReview conversation issue Problem areas Widener Academic and Problem areas Widener Academic and

DormsDorms Lab testing done in JuneLab testing done in June Dorms cutover in July Dorms cutover in July Widener Academic cutover in AugWidener Academic cutover in Aug Still to move : Tech Park, Computer Still to move : Tech Park, Computer

Science, and DCIU DistrictsScience, and DCIU Districts

Widener Fortigate 3600Widener Fortigate 3600 Installed in JulyInstalled in July Detects, quarantines, and eliminates viruses andDetects, quarantines, and eliminates viruses and worms in real-time. Scans incoming andworms in real-time. Scans incoming and outgoing email attachments (SMTP, POP3,outgoing email attachments (SMTP, POP3, IMAP), HTTP and FTP traffic including web-basedIMAP), HTTP and FTP traffic including web-based email, and encrypted VPN tunnels – withoutemail, and encrypted VPN tunnels – without degrading Web performancedegrading Web performance Detection and prevention of over 1300 intrusionsDetection and prevention of over 1300 intrusions and attacks, including DoS and DDoS attacks,and attacks, including DoS and DDoS attacks, based on user-configurable thresholds. Automaticbased on user-configurable thresholds. Automatic updates of IPS signatures from FortiProtectupdates of IPS signatures from FortiProtect NetworkNetwork Processes all Web content to block inappropriateProcesses all Web content to block inappropriate material and malicious scripts via URL blockingmaterial and malicious scripts via URL blocking and keyword/phrase blockingand keyword/phrase blocking Industry standard stateful inspection firewallIndustry standard stateful inspection firewall Industry standard PPTP, L2TP, and IPSec VPNIndustry standard PPTP, L2TP, and IPSec VPN supportsupport FortiGate units can be deployed in conjuctionFortiGate units can be deployed in conjuction with existing firewall and other devices towith existing firewall and other devices to provide antivirus, content filtering, and otherprovide antivirus, content filtering, and other content-intensive applicationscontent-intensive applications

Interfaces10/100Base-T Ports 11000Base-SX Ports (Fiber) 4*1000Base-T Ports (Copper) 2System PerformanceConcurrent sessions 1,000,000New sessions/second 25,000Firewall throughput (Gbps) 4Gbps168-bit Triple-DES throughput (Mbps) 600Unlimited concurrent users •Policies 50,000Schedules 256

Fortinet FortiGate-3600 – Product of the Year - Gold Award – Enterprise firewall system 

searchNetworking.com February 2004

A fortress in a box – FortiGate 3600 offers a smorgasbord of security services on one machineFCW.comOctober 2003

Allot NetEnforcerAllot NetEnforcer

Provide Internet access to bandwidth-hungry students without Provide Internet access to bandwidth-hungry students without compromising on resources needed for teaching and research--or the compromising on resources needed for teaching and research--or the business of running a university. Limit P2P music-sharing and non-business of running a university. Limit P2P music-sharing and non-essential applications at peak hours while guaranteeing bandwidth for essential applications at peak hours while guaranteeing bandwidth for mission-critical applications. Create service level agreements (SLAs) for mission-critical applications. Create service level agreements (SLAs) for classes of users and offer ISP-style classes of services. Filter Internet classes of users and offer ISP-style classes of services. Filter Internet content to increase students' and educators' productive use of network content to increase students' and educators' productive use of network resources and to reduce bandwidth contention between "fun" content and resources and to reduce bandwidth contention between "fun" content and research- or work-related applications.research- or work-related applications.Cache redirection software package, enables caching for

fast response time

Accounting provides browser-based trafficstatistics and reports.

Widener Internet Widener Internet SolutionSolution

Dorm Students Return… Dorm Students Return… Argh!Argh!

'Twas the night before Check-in, when all thro' the campus, 'Twas the night before Check-in, when all thro' the campus, Not a creature was stirring, not even a Virus;Not a creature was stirring, not even a Virus;

Fortigate CPU Maxed outFortigate CPU Maxed out Allot indicated 128000 conversationsAllot indicated 128000 conversations Allot increased to 500000 and recorded 350000Allot increased to 500000 and recorded 350000 Dorms disconnected and reconnected one at a timeDorms disconnected and reconnected one at a time Isolated to one PC streaming 300000 conversationsIsolated to one PC streaming 300000 conversations Placed Attack Mitigator on DormPlaced Attack Mitigator on Dorm Found students that did not update windows OS or let anti-virus Found students that did not update windows OS or let anti-virus

software expiresoftware expire Shut down over 150 PC’s to dateShut down over 150 PC’s to date Virus/Worms to few to mention… but we will!Virus/Worms to few to mention… but we will! Ground Hogs Day!!!!Ground Hogs Day!!!!

Campus ManagerCampus Manager Register Network Users Register Network Users • • Import and synchronize user and group information from a network directory Import and synchronize user and group information from a network directory

server i.e. Active Directory, Novell Directory Services, Sun ONE Directory Server, or server i.e. Active Directory, Novell Directory Services, Sun ONE Directory Server, or any Lightweight Directory Access Protocol (LDAP) system server. any Lightweight Directory Access Protocol (LDAP) system server.

• • Import user information from a delimited text file. Import user information from a delimited text file. Proactively Deal with Unregistered Network Users Proactively Deal with Unregistered Network Users • • Unregistered users connecting to the network can be denied network access. A Unregistered users connecting to the network can be denied network access. A

typical rollout plan, in single VLAN network environments, is to permit users access typical rollout plan, in single VLAN network environments, is to permit users access for a period of time to allow for user registration and after the specified period of for a period of time to allow for user registration and after the specified period of time unregistered users are denied network access. time unregistered users are denied network access.

Identify who is accessing the Network Identify who is accessing the Network • • A real time view of who is connected to the network. A real time view of who is connected to the network. Locate Network Users Locate Network Users • • The ability to locate where a user is currently online or was last online given the The ability to locate where a user is currently online or was last online given the

user’s first or last name, network address, physical network address, or a physical user’s first or last name, network address, physical network address, or a physical location. location.

Connection Based Scanning Connection Based Scanning • • Scan / test network computers and servers as they access the network. Scan / test network computers and servers as they access the network. Restrict / Deny an individual Network Access Restrict / Deny an individual Network Access • • Proactively schedule usage policies to restrict or deny network access. React to Proactively schedule usage policies to restrict or deny network access. React to

network access issues on a case-by-case basis and restrict or deny user network network access issues on a case-by-case basis and restrict or deny user network access. access.

Enable / Disable Ports Enable / Disable Ports • • Proactively schedule policies to enable and disable ports. React to network access Proactively schedule policies to enable and disable ports. React to network access

issues on a case-by-case basis and enable or disable ports. issues on a case-by-case basis and enable or disable ports.

Questions & AnswersQuestions & Answers

Next Meeting Friday Nov 5thNext Meeting Friday Nov 5th