Overview

The UT Knoxville campus network installed during the VolNet project is a state of the art network supporting more that 45000+ users. As part of the mission statement "To continue to provide a world class network for use by the faculty, staff and students at the University of Tennessee, Knoxville", we are now taking a step towards VolNet2- a secure VolNet.

VolNet2 - a secure VolNet - has come about as the result of a campus security assessment that was conducted January 2003 - April 2003. The report from that assessment listed findings and recommendations for all aspects of security for the campus community.

Initial Thrust:

VolNet was designed prior to the events of September 11, 2001. Since then there has been a growing concern to add additional layers of security to VolNet. While security was not a primary focus on the VolNet design it was certainly in the top ten list of requirements. Since 2001 it has, naturally, been bumped up in importance. Since that date, many groups have been taking prudent measures to secure areas on the campus network. Antivirus software has been purchased for the entire campus community and measures have been put in place so that this product is automatically updated on all desktops as necessary. Filtering has been applied to the central email servers to discard potential problems before they reach the campus network. Firewalls have been strategically placed in front of critical systems to add to the protection that these systems need. Intrusion Detection Devices have been purchased to proactively detect breaches of security. And Volnet2 - a Secure Volnet - has been designed.

Procurement:

Procurement started with a preliminary design followed by a review of vendor capabilities through an RFP process. Network Services developed the RFP requirements specifications. The requirements were developed with the idea of providing more features to users of the data network, better management of devices, and added security to the Network. The design also took into consideration the recommendations of the security group. The specifications which went through a very competitive RFP process in the Fall of 2004. Each vendor was asked to send equipment for evaluation and was required to provide on-site assistance for answering any questions.

VolNet2 will include the following:

• An upgrade of the current network equipment.
• Additional security per port.
• The application of Access Control Lists (ACL) per port to prevent infection of viruses and the application of ACLs to prevent an end-user or a desktop from inadvertently stealing the building gateway address.
• Prevention of end-users inadvertently bridging the wired and wireless networks.
• Installation of Intrusion Prevention Systems to detect viruses and malicious traffic before coming on to campus.
• The upgrade of the wireless network to the 802.11g standard and the implementation of 802.1x security.
• The continuation of rewiring buildings with legacy cabling.
  

In order to meet these objectives the following needs to be done:

• Core Upgrade: IPv6, Multicast, 10-Gig ready
• Edge Upgrade: GigE to the Desktop
• Upgrade Firewalls
• Upgrade Wireless to 11g
• Building Rewires