|
|
Josh Ward
Security Engineer
jward@uoregon.edu
Recognizing that many departments on campus lack the necessary staff to properly maintain a departmental firewall or other security appliances, Network Services recently began offering managed security services to the campus community. Now you can get professional assistance to help keep your departmental computers and data secure and safe.
The first step in a managed firewall deployment is identifying the assets that need protection. Network Services can help each department quantify the following things:
Once assets requiring protection are quantified, Network Services will assist you in selecting the best hardware and software to keep you safe. Depending on your needs and budget, we can specify and purchase firewall hardware, virtual private network (VPN) hardware, Intrusion Prevention System (IPS) products, or any other security device that is indicated. Depending on your needs, Network Services can build a secure network with the same redundancy as the campus network.
By using our managed security services, you also leverage our relationships with security vendors. We manage everything -- including purchasing, deploying, maintaining software, and maintaining hardware.
After all of the necessary equipment to protect your department is procured, we work closely with local administrators to formulate the best security policy for you. This includes protocol analysis for each of your servers to determine what access is needed for the "least-access" principal to apply. This involves deploying the most restrictive policies that will allow you to continue operating.
After the policy is selected, we prototype and tune the rules in-place on the firewall or IPS without interrupting normal network operation. This ensures a smooth transition into a more secure network infrastructure. During this final deployment phase, local administrators are also involved to ensure that no critical services were overlooked during the initial inventory of servers.
Network security is only as strong as its weakest link. If someone breaks into a server exposed through the firewall, that server may be used to "leap-frog" into other servers or workstations with sensitive information. Network Services can work with your employees to help increase overall knowledge about electronic security. By working with local administrators we can help to make them aware of attack vectors. This will ensure that they are aware of any exposure to the Internet and understand what measures should be employed to mitigate threats.
Network Services staff continue to involve themselves in the security operations of your group. We conduct ongoing meetings with local department administrators to ensure that the firewall, VPN, and IPS policies continue to meet your operational needs. We make sure that the software on your deployed security devices is up-to-date and properly configured.
In addition to the ongoing policy and maintenance services we offer, we can provide local administrators with vulnerability reports. We have dedicated hardware that will probe servers protected by our security devices to determine if, despite the installed protection, servers may still be vulnerable to a specific exploit. We will work with the local administrators to mitigate any vulnerabilities discovered by our scanning.
Most users on campus know that the Internet is no longer a safe place. We must be vigilant and protect ourselves at all times. While it's safe to say that users understand the hostile nature of the Internet, many lack the knowledge to protect themselves. By using our services to help make your network more secure, you can provide additional layers of protection to your user population.
If you'd like to further discuss our service offerings, please email security@uoregon.edu. Include a brief description of your needs and we'll see what we can do to help. Pricing for our security services varies depending on the complexity of the deployment. For specific pricing information, contact Network Services Director Dale Smith (dsmith@uoregon.edu).