From the open range to the corral: taming the wild Internet
Like many universities, in 2017 UC <redacted>'s Internet border was largely open. The end-of-life intrusion prevention system (IPS), our only protection beyond a few router access control lists, was removed when it failed. There was very little to distinguish our campus network from the Internet. We had limited ability to implement east-west controls between campus departments, mostly through router ACLs and distributed firewalls.
This presentation will trace the path that we took from this beginning to functional unified threat management at our border and between networks within the campus. This was not merely a technical achievement. Along the way, we tackled faculty and senior leadership concerns, budgetary challenges, procurement hurdles, IT change management, and campus communications.
Our implementation includes a redundant pair of Palo Alto Networks 7050 UTM devices running threat prevention, malicious URL blocking, and executable sandboxing. We manage the devices as a service implementing customized rules to protect departmental networks. Where required for complex operations, we provide virtual devices to departments to manage their own traffic flows. Since it first became operational in December 2017, the devices have blocked nearly 100,000,000 network threats, nearly 40,000,000 attempts to connect to hostile web sites, and more than 600,000 hostile executable files making the network is a safer place for our students, faculty, and staff.
Rudimentary knowledge of networking is required.