The previous session in this campus network design and operations series talked about campus network security and gave a general yet detailed overview on some of the critical pieces. What we're going to do now is look at some of the configuration details of what was discussed in the previous session. Too many campus network operators believe that firewall insertion in the upstream segment will solve all their campus security needs. We learned that in the previous session. We also learned that today's end-user devices have all built-in firewalls that are turned on. Most attacks on today's network infrastructure come from the internal users and their devices. Most viruses and exploits are initiated by users clicking malicious links or opening infected emails and both of these will lead to malicious software being installed. And as we saw firewalls are major bottlenecks in today's high-capacity high-speed campus backbones whether real or future planned. A modern, in other words, 21st century approach to network security needs to consider modern approaches, namely that we protect the critical infrastructure assets of the campus. And firewalls do have a role --we're not saying throw firewalls away. We're saying that firewalls need to be placed where they're going to be most effective. We need strategies that will allow users to do the work, to do the research and get their education. As we learned before, if the campus security devices gets in the way of users doing their work or doing their research or their education they will find other ways to bypass the lack of service from the campus network to the detriment of all. So this presentation is going to look at how we go about securing the campus network, looking at the nitty-gritty details. We're going to look at securing campus network devices. We're going to look at border router filtering. We're going to look at anti-spoofing filters and we'll look at routing security. And we're also going to encourage you to get to know your colleagues. In fact, the anti-spoofing filters and routing security is all covered in a separate video series on learn.nsrc.org called MANRS, the Mutually Agreed Norms for Routing Security and I would encourage all campus administrators to have a look at that video series to discover more detail how campuses can do their part to help secure the global routing infrastructure.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.