net-dev-dec - University of Glasgow

Download Report

Transcript net-dev-dec - University of Glasgow

Campus Network Development
Network Architecture, Universal Access &
Security
Previous Developments
Limited User Consultation
External Funds


UKERNA FDDI LAN Pilot
UKERNA ATM LAN Pilot
Windfall Capital

SHEFC Grants



UMI
MAN Upgrades
Campus Infrastructure
Necessity



Fibre backbone 1990
Building PDS 1995
Router L3 Upgrades 1999
Specific Projects

HODs
Current Developments
Glasgow Grid project





Increased bandwidth for
researchers
(10/100/1000Mbs)
Increased bandwidth for
research servers/clusters
(10/100/1000Mbs)
Implement GRID
Collaboration tools AG-node
SRIF Funded
Priorities set by Research
committee
Grid Rollout









ScotGrid - Kelvin
Glasgow Nesc - Kelvin
Genetics/Bio-informatics
Chemistry
West Medical
Computing Science
Beatson
Garscube – Institute for
comparative medicine
Nano and Opto electronics
Future Developments
More inclusive

Community Model
IS Strategy

SAN

Fibre Channel Network
Topology design and
implementation
SuperJANET Resilience


SRIF/ClydeNET Funded
Joint project with Edinburgh
Impact on Network
Development and
Architecture



Universal Access
Security
Policies
IT Strategy

Implement Network
Architecture
recommendations
Information Strategy – Network
Development
Universal Access Working Group



Identified and Addressed Campus Network specific
requirements
Working Group members consisted of reps from CS, DCS
and Eng
Working Group produced



Final Report including detailed recommendations
Universal Network Access Policy to ensure continued Network
development
Initial draft Policies covering Network and systems security
issues
Universal Access Working Group
Recommendations
The University’s data
communications infrastructure
requires continual investment
The University’s Fibre optic cabling
infrastructure and Building Premisis
Distribution schemes must be
maintained and developed to
ensure that they are capable of
supporting new technologies and
higher data rates
The current working practices
between CS and E&B should
continue
The Replacement cycle for Core
Routers should be four years


Replacement technology must
address performance, QoS,
scaleability and security
Replacement budget estimated to
be 450k
User workstation and Server access
ports should be provided via
dedicated Ethernet switch ports
operating at the most appropriate
speed (10/100/100 Mbs)

It is estimated that a budget of
100K/year over 3 years would be
required to upgrade the many
contention based (10Mbs) ethernet
Hub ports
Universal Access Working Group
Recommendations
Flexible, self provision, network access
facilities should be implemented in
suitable locations


The technology used should be a mixture
of wireless and wired ports
A budget of 50k would be required to
achieve this
Remote access services must be based
on appropriate levels of security

The main RA service should be based on
the central VPN service; complimented
where appropriated by secure serive
specific solutions
A clear message should be given that the
University intends to provide an IP only
backbone routing service by the year
2006
Central support for the University’s
Campus Network Infrastructure should be
the norm
Network and Systems security issues
must be addressed; the group
recommended that Policies covering the
following areas need to be produced







Network connection
Network Monitoring
Bastion Host
Sys and Network Admin guidelines
Wireless LAN
Incident Handling
Acceptable use
Initial Drafts covering some of the above
produced for review
The University’s dependence on the
National SuperJANET network is such
that the University should investigate
ways of adding resilience to the current
provision
Information Strategy – Network
Architecture and Security
Information Security Working Group



Investigating wider Information Security Issues
Working Group members includes reps from IS, DCS Eng,
Physics
Work ongoing



Defining risk assessment methodology; performing initial risk
assessments and establishing risk register
Reviewing and amending draft security policies
Working on Network Architecture recommendations to
compliment security policies
Network Architecture and Security
Goals
Provide a secure environment for network services,
systems and applications and a productive
environment for users
Define the roles and responsibilities associated with
network services, systems and applications security
Handle Computer related security Incidents efficiently
and effectively
How
Provide relevant information for Users, Sys/Net Administrators,
IT support staff, Managers and Visitors
Implement a Network Architecture that:


Reduces network services, systems and applications exposure
Provides Inherent incident containment capabilities
This can be achieved by implementing separate Client and
Server Nets
Produce and implement acceptable and enforceable security
policies
Establish a properly resourced Computer Incident Response
Team (CIRT)
Monitor security policy compliance and effectiveness