Transcript Network-layer Security at UVa

Network-level Security
at UVa
Jim Jokl
Common Solutions Group
January 2006
1
UVaNet Security Logical View
Fire
Wall
Users
Clinical
Network
VPN
Users
Level 3
Zone
Joint
VPN
Internet
Level 1
Backbone
“existing
U.Va.
network”
VPN
Fire
Wall
Level 2
Backbone
“more secure”
Fire
Wall
Fire
Wall
Users
Users
VPN
Fire
Wall
Level 3
Zone
Users
Level 3
Zone
UVa Network Security Summary

Technical






Operates at the network jack level
VLAN-based in wiring closets
Separate routed backbone links (~ building-level subnets)
No inbound connections via firewall allowed to More
Secure network (remote VPN access is available)
Level-3 zones are customized based on user needs
Policy-basis


Requirements for computers on More Secure network
developed via a process with departmental technical
contacts
Management delegated to departmental staff who use
web-based tools to manage ports (speed, duplex, VLAN,
diagnostics, etc)
3
Some Reference URLs

Network-layer security


http://www.itc.virginia.edu/csd/secnet/
IP address space allocation


http://dns.virginia.edu/netsys/dns/ipnets.html
http://dns.virginia.edu/netsys/dns/ipspace.html
4