Educause Security Discussion mailing list archives
Re: Network Segmentation
From: "Adam T. Ferrero" <adam () TEMPLE EDU>
Date: Mon, 26 Aug 2019 19:19:19 +0000
We made some sweeping changes this summer that I’m pleased with so far. We had all our different kinds of networks all in our global routing table and we migrated things into purpose built VRFs (staff, student, environmental, alarm, hipaa, etc.). The Palo Alto firewall routes between VRFs superbly. We used to use router ACLs extensively to protect things and now we just use firewall policy. It’s serving us well so far. It’s also all Extreme Network VSP / VOSS platform so we are using shortest path bridging (read that as fabric or software defined ish). It has been awesome to manage (very easy now that it’s in place). Adam From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Matthew Long Sent: Monday, August 26, 2019 1:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Network Segmentation Good Afternoon, We are in the process of developing the next generation of network segmentation for our campuses at the University of Nebraska. I’m looking to better understand how other Universities are implementing network segmentation, role-based access control, and what technologies are being using to accomplish those goals. Please feel free to reach out to me directly if you don’t want to respond to the list. Regards, Matthew Matthew Long, MS Sr. Security Architect University of Nebraska 501 Stadium Dr. Lincoln, Ne 68588-0203 Office: (402) 472-1651<tel:(402)%20472-1651> Matthew.Long () nebraska edu<mailto:Matthew.Long () nebraska edu> [university of nebraska logo lockup with campuses] ‘For time and the world do not stand still. Change is the law of life. And those who look only to the past or the present are certain to miss the future’ ~John F. Kennedy ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Network Segmentation Matthew Long (Aug 26)
- Re: Network Segmentation Adam T. Ferrero (Aug 26)