Restricted/Limited Access Network project meeting

Monday, March 18, 2013; 3:00 p.m.; AISB-208

Invited

Phil Benchoff, Jacob Dawson, Marc DeBonis, William Dougherty, Peter Franchi, Brian Jones, Ron Keller, Jeff Kidd, Dean Kirstein, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Christine Morrison, Rich Sparrow, Lucas Sullivan

Agenda

  1. Review action items and comments from 20130304 - March 4, 2013 RLAN Project Status Meeting
  2. ITSO web form application complete?
  3. ISB RLAN requests, did ITSO work through the process with Vivian to get these requests approved and ordered?
  4. Are there any other outstanding requests from departments included in the Pilot project?
  5. Are we providing multiple Vlans on a single Ethernet port as the standard configuration for RLAN connections?
    (Native building Vlan AND the RLAN Vlan). This affects CNS's provisioning process.
  6. Any new news about Whitelisting/Blacklisting/Firewalling/Intrusion Detection & Prevention testing?
  7. RLAN FAQ
  8. Open Forum

Attended

Phil Benchoff, Jacob Dawson, Brian Jones, Ron Keller, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Rich Sparrow, Lucas Sullivan, Brad Tilley

Meeting Notes

  1. Review action items and comments from 20130304 - March 4, 2013 RLAN Project Status Meeting
    1. See note #7
  2. ITSO web form application complete?
    1. Done and working. Needs an official URL, e.g., rlan.itso.vt.edu or rlan.security.vt.edu
  3. ISB RLAN requests, did ITSO work through the process with Vivian to get these requests approved and ordered?
    1. Action item: Phillip will work with Vivian to get the ISB connections approved and test the web application.
  4. Are there any other outstanding requests from departments included in the Pilot project?
    1. Randy mentioned that the Bursar's office has already paid CNS over $8000 for 32 RLAN connections that have not been completed yet.
    2. Action item: The ITSO will get the Bursar's office to use their web application to get the ITSO approval and send an order to CNS Ordering & Provisioning (O&P). Rich mentioned that the ITSO will follow up with a phone call to O&P to be sure the order went through.
  5. Are we providing multiple Vlans on a single Ethernet port as the standard configuration for RLAN connections?
    (Native building Vlan AND the RLAN Vlan). This affects CNS's provisioning process.
    1. The plan all along was to use two VLAN's.
    2. Untagged = standard, native building VLAN (a "normal" port), and tagged = RLAN VLAN
    3. Someone mentioned that computers connected to the RLAN must be configured to accept/recognize tagged packets, or in the case of a windows computer, the packet is ignored.
  6. Any new news about Whitelisting/Blacklisting/Firewalling/Intrusion Detection & Prevention testing?
    1. Testing with DNS on the inside of RLAN. Brad reports that host level whitelisting works but it is difficult to maintain. All applications like Symantec, Windows Update, etc. have to be approved and included in the whitelist.
    2. Blacklisting should be easier [than whitelisting].
    3. There was a discussion about how IP addresses will be requested, assigned, and tracked for the RLAN.
    4. After further discussion is was decided that the departmental network liaison will request IP addresses for their machines on the RLAN from HostMaster.
    5. Greg: This was also discussed at December 17, 2012 meeting. See meeting note 2.a.ii 20121217 - December 17, 2012 RLAN Project Status Meeting
    6. It was decided that:
      1. CNS will manage DNS data/info and will handle it like any other IP address request.
      2. The ITSO will manage Whitelist and Blacklist data/info. (RPZ or "Response Policy Zone" data)
  7. RLAN FAQ
    1. It is unknown whether the editing being done by Susan Brooker-Gross (at Jeb's request) was completed.
    2. There may be two versions of this now.
    3. Action item: Greg will contact Susan to determine the status and if it is finished Greg will send it to Luke so he can run it by the KnowledgeBase team.
  8. Open Forum
    1. What if a department wants a domain name for an RLAN computer? It was decided that "RLAN' must be added to the domain name. Action item: Details will be worked out between the ITSO and CNS.
    2. Phillip reported they are having some hardware issues with StoneSoft and that he is working with StoneSoft to resolve.
    3. Brad reported that "thanks to Ron" the ITSO now has RLAN connections in the data center.
  • No labels