7. ~ 18.000 Students
~ 1.200 Teachers
1.500 Computers
14 Buildings
Hospital
Laboratories of Biomedical
Agricultural course
4 Campi
+ 40 services for students and Teachers (WEB)
Radio
University TV
8. IT Team - DTI
4 Systems Analysts
5 Technical Support
2 Trainees
3 Shifts (from 07:00 to 23:00)
9. ~ 60 attacks daily (only from our Labs !)
Hundreds of notebooks ( Teachers and Students)
in the network
Physical network grow to fast
Students became more dangerous
10. Improve security for our Network
Restrict access for some Servers
Deploy more services to Students and Teachers
Improve the agility to changes in the Campus
Find the best solution - Security X Cost
Reduce TCO
11. Learn the flow of data in our environment
Documentation and classification of our services,
data and network
12. Deploy Server and Domain Isolation (IPSec) with
Kerberos
Merge Administrative and Student Network in the
same physical network
13.
14.
15.
16. Deploy PKI project
Deploy Wireless network for Students and
Teachers
Change IPSec authentication from Kerberos for
Certificates
- Secundary Benefits -
2-factor authentication (token for Admin access)
Improve security for VPN Access
21. 1. Understand how your data flow in your enviroment
2. Create a Documentation of groups, services, servers and
exemption lists
3. If possible use PKI
4. Create a Project LAB for testing
5. Deploy IPSec with FallBack enable
6. Deploy NAP (reporting mode)
22.
23. Microsoft Developer Network (MSDN)
(Webcasts, Blogs, Chats,
http://microsoft.com/msdn
Microsoft Technet
(Webcasts, Blogs, Chats)
http://microsoft.com/technet
Trial Software e Virtual Labs
http://www.microsoft.com/technet/downloads/trials/default.mspx
http://www.microsoft.com/nap
http://blogs.technet.com/nap/
Case IPSec - http://www.microsoft.com/casestudies/casestudy.aspx?casestudyid=49593
Case NAP - http://www.microsoft.com/brasil/technet/ithero/abril07/default.mspx
Article IPSec - http://www.microsoft.com/technet/community/columns/secmvp/sv0906.mspx