circuit it conferences update
DESCRIPTION
Circuit IT Conferences Update. Summer 2008. DCN, PACER-Net, & National Gateways. 11 th Anniversary of DCN completion and National Gateways – 10 th for PACER-Net Doubled DCN capacity since 2003 Redundancy for FJC, Notes, CM/ECF, VPN, FAST, PACTS, and court www sites - PowerPoint PPT PresentationTRANSCRIPT
Circuit IT Conferences Update
Summer 2008
50% reduction in Internet usage almost overnight
50% reduction in Internet usage almost overnight
DCN, PACER-Net, & National Gateways• 11th Anniversary of DCN completion
and National Gateways – 10th for PACER-Net
• Doubled DCN capacity since 2003• Redundancy for FJC, Notes,
CM/ECF, VPN, FAST, PACTS, and court www sites
• Secure external connections to DOJ, CALR, FBI, ILS, and FPD
• 25% DCN sites have emergency broadband installed for redundancy
DCN – Circa 2005
Court of Federal ClaimsCourt of International Trade
Computer Security and IndependentTesting Office(AZ)
Systems Deployment and SupportDivision
G
DCN Frame Relay Cloud
T1s
T1T1s
Court HeadQuarters Divisional Office
Circuit Hub
AO
T3
Current DCNConnectivity
raju 10/14/04
T3s
RESTON Gateway
G
LSM Gateway
COSC
T3s
T3
T3
T3
T1
T1
Internet
100mbx2 100mbx2
Current DCN
T1 Lines Per Circuit
28
6755
83
5571
130 124
66
173
102
60
9577
134
164175
87
121
48
241
77
155 163
0
30
60
90
120
150
180
210
240
270
300
330
Circuit [Sites]
T1s P
er
Cir
cu
itActual T1s Feb 2006 Actual T1s May 2008
Internet Traffic (mbps)
0
200
400
600
800
1000
1999 2001 2003 2005 2007 2008
Daily DCN/Gtwy Capacity
Mail, SPAM, and Misc.
• Processing 130 million e-mails monthly from the Internet and another 28 million processed by SDSD for CM/ECF
• ~1% E-mails contain viruses• About 94% is Spam and blocked• Websense software renewed until
2010• BorderManager renewed until 2013
Remote Access
• 19,000 VPN Accounts• ~9,000 unique remote access users
on VPN monthly via gateways• jport.uscourts.gov is 30% of VPN
traffic and exceeding 3,800 unique users per month
• Cache cleaner, host checker, dial-in only at gateways, and network access control
• EOD and ESS Interim Platform
IPv6
• Test network at 5 locations• Test lab at AO• Address plan for /32• 2610:01B0:0000:0000:0000:0000:0000:0000 to
2610:01B0:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF• 7.92281625 × 10 to 28th power
NMF SupportThreshold Notification – Alert of high utilization
MRTG Traffic ChartsCause of Problem
Netflow - Source of high utilization
SolarWinds – Network Performance Management Tool
SolarWinds – Site View
New process in the court was running at an unexpected rate and consuming 36% of available bandwidth for weeks before it was corrected.
50% reduction in Internet usage almost overnight
50% reduction in Internet usage almost overnight
Notice from Chief Judge reminding employees about appropriate use was very effective.
Court Assistance• Ask that courts log into SolarWinds a
couple of times a day just to take a look at your District/Circuit to get a picture of the WAN health
• Our view is national with over 600 DCN routers and 180 Pacernet routers plus the gateway devices.
• Our top 10 trouble/problem sites may not include your location.
• Local court monitoring and notifying the NMF will alert us to an existing problem or potential problem and hopefully result is a more proactive resolution
Security Management Facility
Detection and Containment• Monitoring of IDS and SIMs Correlation
Consoles
• Firewall and port blocks for containment
• Courts notified of detected events
• JASIRC notified
• IDS team support for remediation
DCN
InfectedINTERNET
GOODINTERNETSites
User Visit
• User visits innocuous well known web sites that are infected• Some Infections are introduced by Pop-Up Ads
.
On the Internet Thousands of Sites are Compromised
GATEWAY DEFENSE IN DEPTH STOPS THE MAJORITY OF MALWARE INFECTIONS
DCN UsersInfected sites visited or users are unknowingly redirected toSites advisories found on CERT and SANS advisories
DCN PROTECTION
Some Malware Still Makes it Through to DCN Desktops Courts must keep Desktop Antivirus software up-to-date
Infected DCN users
Local Proactive Actions that can be Taken
o Using WebSense or other secure proxy ( Court Licenses are available for use )
- WebSense makes use of a malware blacklist Titled: “Malicious Websites.”
o Vigilant in Microsoft Security patches and Anti-Virus software updates
o Keep desktop IE Brower patches up-to-date
o Follow Judiciary Guidelines of not using Peer-to Peer-Software and limit the use of browser webmail
PACER PROTECTION
PACER-Net - CISCO SPAVulnerability data available to the courts
Overall internal security posture rating: ABOVE AVERAGE
Weakness-Patching application was not totally effective
-Weak passwords contributed to exposure
- Configuration management requires improvements: -securing applications-strong passwords, and -standardized server and workstation builds
Networx Transitionfrom FTS2001
• Schedule – Award in late 2008 and begin installations in 2009
• Services - • Impact to Court
– New lines– New routers– Travel to remote locations– Access into buildings
What Courts Can Do – Networx Prep
• Most high speed services – DS3/Ethernet require fiber facilities
• At large court HQs sites begin investigating what it would take to bring fiber into your building.
• Does your building have space – power - HVAC in your telco demarc where a fiber mux could be housed
• Do you have a pathway between your demarc and your computer room to support an innerduct run
Questions?