Technical Services
Download
Report
Transcript Technical Services
Moving from Reactive to Proactive –
DeepNines and ESU 3
Nate Jackson, Territory Manager
Greg Jackson, Vice President of Technical Services
Martin Rosas, Director of Technical Services
July 23, 2008
Agenda
• Introduction – Nate Jackson
• Product “Walk-Thru” – Greg Jackson
• Lunch
• Policy Builds – Martin Rosas
9:00 – 9:10
9:10 – 12:00
12:00 – 12:30
12:30 – 3:30
ESU 3 Requirements
Challenges and Needs
A Large Network
Solution
ESU 3 provides content filtering to 17 of its 18 membering school districts. The
content filtering solution must be able to support at least 17,000 concurrent
users with bandwidth speeds of at least 150 Mbps.
Advanced Content
Control
ESU 3 requires a solution that has advance content control features –
block/filter ports other than port 80; block/filter Google and Yahoo safe
searches; block/filter protocols such as: IM, P2P, File Sharing, IRC; and block pop
advertising.
Granular Filtering
Policies
Each of the participating school districts would like the ability to create filtering
policies by directory groups and/or IP addresses.
Robust Proxy
Prevention
Students within ESU 3 have been exploiting the existing content
filtering/content control portfolio by using circumvention techniques, commonly
referred to as remote web proxies. ESU 3 requires robust proxy prevention
against anonymous proxies, URL translation servers, and any other
circumvention techniques.
Solution
Solution
DeepNines iTrust Suite
ESU 3 has deployed an iTrust suite at each of the
17 participating school district as well as at the
ESU 3 central office.
A Large Network
Solution
Each iTrust suite includes…
Real-time network visibility and monitoring
Granular URL filtering
Deep Packet Inspection
Traffic Shaping/Bandwidth Management
Intrusion Prevention System
Gateway AV
Reporting
Advanced Content
Control
Granular Filtering
Policies
Robust Proxy
Prevention
Solution
Challenges and Needs Addressed with DeepNines
A Large Network
Solution
•Each of the 17 participating school district as well as the ESU 3 central
office has been fitted with an iTrust Suite that fits their network needs.
•The iTrust suite is licensed on bandwidth. This method allows the districts
to grow or decrease without having to incur additional charges.
Additionally, it ensures that every computer is covered in the event there
is an overage on the concurrent sessions subscribed to.
•ESU 3 is licensed for 250 Mbps (to the outside world).
Advanced Content
Control
•The DeepNines iTrust suite performs deep packet inspection (DPI, or layer
7) of every packet, port, and protocol both ingress and egress. (over 155
protocols and all 65000+ ports)
•Image searches can be blocked by URL or also by DPI. The breadth of
images searches go beyond Google and Yahoo, such as Ask, Alta Vista, etc.
•Protocols such as IM, P2P, etc are not only subject to the iTrust’s URL
module but also its DPI engine. The DPI engine leverages industry
signatures as well as custom K12 signatures created by DeepNines.
•Pop-ups can be blocked by both the URL and DPI engines.
Solution
Challenges and Needs Addressed with DeepNines
Granular Filtering
Policies
•By deploying an iTrust server-appliance at each district, the solution can
be deployed behind local network address translation (NAT). Therefore,
granular filtering policies (based on Active, E, and/or Open Directories)
can be created. For each iTrust server-appliance 64 URL filtering policies
can be created.
•The iTrust suite has an aggregate white list, as well as, a white list
available for each group as defined by AD, Edir or Open Directory.
Robust Proxy
Prevention
•Traffic is inspected by both the URL filter and DPI. The iTrust suite has
100’s of custom proxy signatures which are proprietary to DeepNines. No
longer does the website URL need to be known as DPI can tell if it is a
proxy by examining layer 7 connections.
•The iTrust suite blocks not only anonymous proxies and URL translation
servers, but also Circumventors, Tor’s, SSL based proxies, CGI, PHP,
Transparent, SOCK v4 and v5, Gopher, Streaming, Google proxies, host
based proxies (ultrasurf, Yourfreedom, Pass1), SSH tunnels, PC Anywhere,
etc.
•The iTrust suite provides the most robust proxy protection in the industry,
as guaranteed by our customers.
DeepNines Support Team
Technical Services
Technical Services Organization
[email protected]
(866) DEEP9-12
Brett Juergens – Assigned Security Engineer
[email protected]
(214) 273-6996 ext 214 office
Role – Technical support.
Wade Dykes – Assigned Security Engineer
[email protected] – Technical support
(214) 273-6996 ext 234 office
Role – Technical support.
Martin Rosas – Director of Technical Services
[email protected]
214 273-6996 ext 222 office
Role – Point of escalation for resolution of technical or
service related issues.
Greg Jackson – Vice President of Technical Services
[email protected]
(214) 273-6996 ext 231 office
Role - Executive escalation.
Account Team
Nate Jackson, Territory Manager
[email protected]
(303) 292-2896 office
(720) 810-0866 cell
Role - Point of escalation for resolution of technical or service
related issues, Renewals, upgrades, etc, quarterly check in
meetings.
Tom Knight, Vice President of Sales
[email protected]
214.273.6996 ext 220 office
Role – Executive escalation .