Lane ESD Technology Services Core Firewall Overview Districts - - PowerPoint PPT Presentation

Lane ESD Technology Services Core Firewall Overview

Districts Behind Firewall

• Blachly
• Creswell
• Crow-Applegate-Lorane
• Fern Ridge
• Junction City
• Lowell
• Mapleton
• Marcola
• McKenzie
• Oakridge
• Pleasant Hill
• Siuslaw
• South Lane

Screened, but exempt from policies

• Bethel
• Lane Community College
• Lane ESD

Netscreen-1000 ISG

Reports

• Lane ESD sent a report to districts with

their respective policies earlier October.

• Any comments or questions around the

reports?

• Are you okay with the method of transfer

and format?

What to include when submitting a policy request?

• Short description
• Source address or source address group
• Destination address or destination address group
• Service (what protocol or port #) or service group
• Action (accept, deny, reject)

To Deny or Reject?

Deny – simply drops packet Reject – drops the packet and sends a TCP reset (RST) segment to the source host for TCP traffic and an ICMP “destination unreachable, port unreachable” message (type 3, code 3) for UDP traffic.

• Do you require a traffic counter or policy log?
• Do you require policy scheduling? Do you need a one time

exception?

Troubleshooting and Monitoring

Traffic Counters

The total number of bytes of traffic to which this policy applies and records the information in historical graphs.

Policy Logs

Device and Support

• Juniper has not issued any notices regarding hardware EOL.
• Juniper has announced the end of engineering and support for

ScreenOS 6.3 on 01/23/2020.

• LESD maintains a support contract with Juniper and keeps up with

firmware upgrades.

• LESD backs up configuration three times a week.
• We send all security level notices to our syslog. Daily log sizes range

from 1.8GB to 2.8GB.

Syslog

• 2014-10-07 09:00:46

Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00012: UDP flood! From 163.41.125.10:1060 to 163.41.62.5:514, proto UDP (zone netsrvs-untrust int ethernet1/3). Occurred 1 times. (2014-10-07 09:00:54)<000>

• 2014-10-07 09:00:46

Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 59.156.126.171:6881 to 163.41.117.203:45433, proto UDP (zone inet-trust int ethernet1/2). Occurred 2 times. (2014-10-07 09:00:54)<000>

• 2014-10-07 09:00:46

Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 93.180.5.26:42378 to 163.41.116.98:53, proto UDP (zone inet-trust int ethernet1/2). Occurred 1 times. (2014-10-07 09:00:54)<000>

• 2014-1
• 2014-10-07 09:00:56" duration=0 policy_id=226 service=udp/port:62563 proto=17 src zone=Global dst zone=Global action=Deny sent=0 rcvd=28

src=1.234.228.119 dst=163.41.3.174 src_port=28247 dst_port=62563 session_id=0 reason=Traffic Denied<000>

• 2014-10-07 09:00:48

Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 202.107.198.250 to 163.41.118.109, proto 1 (zone inet-trust int ethernet1/2). Occurred 1 times. (2014-10-07 09:00:56)<000>

• 2014-10-07 09:00:48

Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 202.107.198.250:1681 to 163.41.118.109:49153, proto UDP (zone inet-trust int ethernet1/2). Occurred 1 times. (2014-10-07 09:00:56)<000>

• 2014-10-07 09:00:48

Local5.Alert 163.41.62.249 core1-fw: NetScreen device_id=core1-fw [Root]system-alert-00008: IP spoofing! From 118.209.38.14:57398 to 163.41.117.151:46342, proto UDP (zone inet-trust int ethernet1/2). Occurred 1 times. (2014-10-07 09:00:56)<000>