Restricted/Limited Access Network project meeting

Monday, April 1, 2013; 3:00 p.m.; AISB-208

Invited

Phil Benchoff, Jacob Dawson, Marc DeBonis, William Dougherty, Brian Jones, Ron Keller, Jeff Kidd, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Christine Morrison, Rich Sparrow, Lucas Sullivan

Agenda

  1. Review action items and comments from 20130318 - March 18, 2013 RLAN Project Status Meeting
  2. Testing is done with Stonesoft and DNS – ITSO has worked out a process for generating a network range list and is ready to implement at the ASAs.
  3. The SIEM has had no network connectivity for five days now – does anyone have a time estimate for it coming back online?
  4. Updates on any other RLAN connection requests
  5. Any further testing on whitelisting/blacklisting and the results
  6. RLAN FAQ
  7. RLAN presentation at DCSS
  8. Open Forum

Attended

Phil Benchoff, Jacob Dawson, Brian Jones, Ron Keller, Philip Kobezak, Greg Kroll, Bryant Sparks, Rich Sparrow, Brad Tilley, Lucas Sullivan

Agenda

  1. Review action items and comments from 20130318 - March 18, 2013 RLAN Project Status Meeting
    1. Action item: Phillip will work with Vivian to get the ISB connections approved and test the web application.
      1. Done. System is called IRON. Restricted access to rlan.iso.vt.edu
    2. Action item: The ITSO will get the Bursar's office to use their web application to get the ITSO approval and send an order to CNS Ordering & Provisioning (O&P).
      1. Done. Steve Huff (Bursar's office) connections approved by ITSO.
      2. An issue discussed is how to get portal information back to the ITSO when an approved user needs a new portal installed (new wiring) as part of the RLAN order?
      3. The ITSO requested that these Bursar orders be expedited at no extra cost. The CNS ICR states that there can be up to two weeks from the time of order to finished installation.
      4. CNS requested that the ITSO or Bursar get portal information (as many as possible) back to them ASAP so this can get completed ASAP.
      5. Action item: Phillip will talk with Steve Huff and get portal information for RLAN connections to CNS.
      6. To avoid delays in processing the other connections for the Bursar's office the ITSO will try to get them to active connections in groups or batches instead of just one port at a time.
    3. Action item: Greg will contact Susan to determine the status and if it is finished Greg will send it to Luke so he can run it by the KnowledgeBase team.
      1. Greg contacted Susan and there was an exchange of emails between all interested parties but we're not sure if this is complete.
      2. Action item: Greg will find out the status of FAQ document.
    4. Action item: Details will be worked out between the ITSO and CNS. (Note: domain names for computers on RLAN)
      1. It was discussed and decided that department network liaison will request domain names from hostmaster. Ron will send IP address info to hostmaster.
  2. Testing is done with Stonesoft and DNS – ITSO has worked out a process for generating a network range list and is ready to implement at the ASAs.
    1. ITSO has determined that host based whitelisting does not work, it does, however, work for blacklisting.
    2. ITSO has a script they run to generate a network range list for *. hosts
    3. Departments can further restrict their own users with their own lists
    4. Procedure for requests is as follows:
      1. User requests host to be added.
      2. Host is approved by Department Head.
      3. Host is approved by ITSO.
      4. ITSO script is run to generate IP address list.
      5. ITSO sends list to CNS to update ASA's.
      6. Request goes into the CNS change management system.
      7. One caveat: for this RLAN pilot there may be need for some "emergency" additions.
    5. As an example the Bursar's initial list of 30 domains generated 200 IP address ranges. However, it is hoped that this initial list may cover the needs of several other departments in the pilot.
  3. The SIEM has had no network connectivity for five days now – does anyone have a time estimate for it coming back online?
    1. Ron mentioned that this may be a problem with some new equipment that belongs to Marc DeBonis. Ron hopes to have this fixed tomorrow.
  4. Updates on any other RLAN connection requests
    1. We are working with the Bursar's office to get their configuration established.
  5. Any further testing on whitelisting/blacklisting and the results
    1. Phillip was told that CNS could handle IP address ranges. Phillip will send these to Steve Lee and cc: Ron Keller.
  6. RLAN FAQ
    1. See 1c above. It was decided that the changes made to date are good enough and this should be published.
    2. Randy Marchany will become the owner of this document for update purposes.
  7. RLAN presentation at DCSS
    1. Rich Sparrow will check with Susan.
  8. Open Forum
    1. None
  • No labels