Restricted/Limited Access Network project meeting

Monday, March 4, 2013; 3:00 p.m.; AISB-208

Invited

Phil Benchoff, Jacob Dawson, Marc DeBonis, William Dougherty, Peter Franchi, Brian Jones, Ron Keller, Jeff Kidd, Dean Kirstein, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Christine Morrison, Rich Sparrow, Lucas Sullivan

Agenda

1. Review action items from 20130218 - February 18, 2013 RLAN Project Status Meeting
2. Status Updates
   1. ITSO web form application
      1. Vivian web application test?
   2. Project scope establishes pilot end date of July 1, 2013
   3. Whitelisting/Blacklisting/Firewalling/Intrusion Detection & Prevention?
   4. ISB RLAN connections?
   5. Other status updates?
3. Demonstrate TMG system to see how CSDI is doing blacklisting/whitelisting and filtering (Marc)
4. Open forum
   1. RLAN FAQ, Heard from Susan?

Attended

Phil Benchoff, Jacob Dawson, Marc DeBonis, Brian Jones, Philip Kobezak, Greg Kroll, Steve Lee, Randy Marchany, Rich Sparrow, Lucas Sullivan, Brad Tilley

Meeting Notes

1. Review action items from 20130218 - February 18, 2013 RLAN Project Status Meeting
   1. None
2. Status Updates
   1. ITSO web form application
      1. Being tested. The associated database was "flushed" and so needs to be repopulated.
      2. CNS Ordering & Provisioning can help test. Contact Bill Blevins to arrange testing by O&P.
   2. Project scope establishes pilot end date of July 1, 2013
      1. Note: The pilot end date is July 1, 2013 not August 1, 2013.
   3. Whitelisting/Blacklisting/Firewalling/Intrusion Detection & Prevention?
      1. ITSO has run into problems with whitelisting using Stonesoft. Phillip is working with the Stonesoft R&D people. At this point Phillip says he cannot confirm whether this will work with Stonesoft.
      2. A newer version of "Bond" seems to be working as expected.
      3. Still giving consideration to running DNS inside the RLAN, which will provide another layer of security.
      4. There are questions/doubts about whether a whitelist can be maintained.
   4. ISB RLAN connections?
      1. These are needed by ITSO to help with testing ASAP.
      2. A total of 6 connections have been approved by ITSO. As soon as the web application database is repopulated these orders can proceed.
   5. Other status updates?
      1. The ITSO is ready for the Bursar's office (Melinda West) to be added to the pilot.
      2. The Unified Communications project is testing Virtual Private Network (VPN) connections which seem to be working. Something very similar could be used for the RLAN if needed.
3. Demonstrate TMG system to see how CSDI is doing blacklisting/whitelisting and filtering (Marc)
   1. Marc demonstrated Microsoft Forefront - Threat Management Gateway 2010.
   2. This software was purchased for the CSDI project. There is a per user license cost.
   3. TMGM.mig-dev.w2k-dev.vt.edu
   4. A "farm" of these could be set up and users would have to go through it for access to RLAN.
   5. Randy mentioned that the whitelist and blacklist used by this system should match what the ITSO is using for the RLAN. Marc said he is try to "open it up" to others like the ITSO.
4. Open forum
   1. Tim Rhodes has a few licenses for SPLUNK.
   2. Action item: Greg will contact Susan Brooker-Gross regarding the status of the RLAN FAQ.