Upload File

april 11, 20051 implementation of virtual lans for virus containment aaron soto april 11, 2005 in...

  • Home
  • Documents
  • April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services
15
April 11, 2005 1 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services Department

Post on 20-Dec-2015

220 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 1

Implementation of Virtual LANs for Virus Containment

Aaron SotoApril 11, 2005

In partnership with:New Mexico Tech

Information Services Department

Page 2: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 2

Outline

• Problem Statement– What is a VLAN?– How can it help?

• Proposed Solution– Layout– Implications– Details

• Future Expansion

Page 3: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 3

Problem Statement

• Universities are prone to viruses

• PCs are frequently not running AV software

• Staff constantly monitors network traffic

– Ports disabled if viruses are detected

• Students unable to clean / patch PC

– Without Internet, more effort is necessary

– Students frequently frustrated

Page 4: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 4

Background: VLANs

SWITCH

Page 5: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 5

Background: VLANs

SWITCH

SWITCH

Page 6: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 6

Proposed Solution

• Implement two VLANs:

– Default: Quarantined, DHCP

– Secure: Safe, Virus-free, Static IP

• Automated tools can switch VLANs

• Traffic can be redirected/forwarded

– Allow sites like Windows Update, SARC, etc.

– Redirect other traffic to quarantined server

Page 7: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 7

Current Layout

SWITCH 2

SWITCH 1

SWITCH 0

FIREWALL

IN-BUILDING

INTERNET

Page 8: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 8

Proposed Layout: Overview

SWITCH 2

SWITCH 1

SWITCH 0

IN-BUILDING

INTERNET

QUARANTINESERVER

SECURE

DEFAULT

Page 9: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 9

Proposed Layout: In-Building

IN-BUILDING 1 2 3 4 5 6 13 14 15 16 17 18

7 8 9 10 11 12 19 20 21 22 23 24

DEFAULT PACKET

SECURE PACKET

Page 10: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 10

Proposed Layout: Backbone

INTERNET

QUARANTINESERVER

DEFAULT

SECURE

FIREWALL

Page 11: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 11

Proposed Layout: Server

QUARANTINESERVER

DEFAULT

FIREWALL

• DHCP Server

• Apache Web Server

• IP Masquerading (ipChains)

Page 12: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 13

Page 13: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 14

Possible Implications

• Firewall– Forward traffic depending on VLAN tag

• Quarantine Server– Must be frequently re-evaluated to…

Be kept secure from viruses/worms Select valid traffic to forward

– Is not designed to take full load

• Switches– Must have VLAN support

Page 14: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 15

Future Expansion

• Automated Port Activation Requests– Allow students to register with ISD online

Integration with Banner?

• Automated Virus Detection and Quarantine– Detect virus activity and switch VLANs

In progress

• More detailed communications– Specific information / instructions– Would require multiple VLANs

For a later stage

Page 15: April 11, 20051 Implementation of Virtual LANs for Virus Containment Aaron Soto April 11, 2005 In partnership with: New Mexico Tech Information Services

April 11, 2005 16

Implementation of Virtual LANs for Virus Containment

Questions?

Aaron Soto

[email protected]

(505) 835-5945


Redes Lans

Catalogo General LOCTITE 20051

Defining LANs

Lans switchadaspractica3

April 20051 Die Humboldt-Universität zu Berlin im Jahr 2005

Switched and Wireless LANs. 2 Shared media LANs u Limits to Shared Media LANs –FDDI, 100Base-X, 100VG-AnyLAN all shared media LANs v Only one station

Terterian Symposium 20051

L7CN :Connecting LANs,Backbone Networks,and Virtual LANs

VAT Value Added Tax 20051

Cancer Facts 20051

Curriculo Engenharia Elétrica 20051.PDF

Aviation Catalogue Issue5 20051

Gerenciamentopelasdiretrizes 20051

Introduction to Eurocodes March 20051

Ethernet LANs

SPEAR PV RDB Database EPICS Collaboration Meeting April 27, 20051 SPEAR PV RDB Database Clemens Wermelskirchen

Connecting LANs, Backbone Networks, andVirtual LANs · 2012. 6. 26. · CHAPTER 15 Connecting LANs, Backbone Networks, andVirtual LANs LANs do not normally operate in isolation. They

Wireless LANs

Virtual LANs

Data Wisudawan 20051-20102 FKM

LANSERHOF LANS

LANs and WLANs LANs and WLANs1. Network Building Blocks Wired Networks Wireless Networks Using LANs Security Through Encryption LANs and WLANs2

Connecting LANs

00001234566 valentina 6_(135)-20051

Delphi 7 20051

Mobilkommunikation: Drahtlose LANs Drahtlose LANs (3. Teil) 7.0.2 Bluetooth

4/25-27/20051 International Time Series Science Team R. Weller OCO Annual Review April 2005

April 26, 20051 CSE8380 Parallel and Distributed Processing Presentation Hong Yue Department of Computer Science & Engineering Southern Methodist University

Capítulo 15 conexões de lans, redes backbone e lans virtuais

01 Instalare SQL Server 20051

April 27, 20051 Atlas Copco Group Q1 Results April 27, 2005

05 01 PDJ Febrero 20051

Aldo IanniNNN05 April 8, 20051 Status and future prospects of Gran Sasso Aldo Ianni INFN Gran Sasso Laboratory NNN05 Aussois, April 7-9

Radio LANs

Kite Surf in Europe 20051