REDDnet Vanderbilt Security Overview
Security overview
REDDNet's current security plan maintains a level of security that balances security requirements with the service and academic freedom our users expect. We are capable of enforcing stricter security measures than those outlined in this document should a specific need arise.
Security contacts
The primary contact person for questions about or problems with REDDNet-related security is
Mathew Binkley | Mathew.Binkley@vanderbilt.edu | Phone: (615) 322-5857 |
The secondary contact person is:
Alan Tackett | Alan.Tackett@accre.vanderbilt.edu | Phone: (615) 322-1028 |
Physical security
Core REDDNet hardware at Vanderbilt University is located in Vanderbilt's Network Operations Center (NOC). The NOC command center is staffed 24/7/365 by VU's Information Technology Services (ITS) staff. The facility is secured by card access and access is limited to ITS, VU Management Information Systems staff, and owners of the systems housed in the NOC. All visitors to the NOC must sign in and are under constant video surveillance while inside.
Network security
REDDNet core equipment is secured by a FreeBSD firewall operating as a transparent bridge. As a transparent bridge, the firewall does not have an IP address, and is not detectable from the outside world. All off-campus access is logged to aid in forensic analysis should that proves necessary.
All Vanderbilt core equipment also has IPTables firewalls. Rulesets on both local IPTables and the primary FreeBSD firewall are kept in sync to allow them to perform failover security if one layer should be down. Network traffic is limited by port and by source/destination to only those necessary for proper functioning and monitoring. A complete list of ports opened may be found at:
http://www.reddnet.org/mwiki/index.php/REDDNet_Site_Requirements
OS security
REDDNet monitors CERT, CryptoGram, and other security forums daily for new security errata. We use apt-get to keep all Vanderbilt core hardware up-to-date with security fixes at least once a week (and usually every 1-2 days). All machines are updated as soon as Ubuntu/Debian releases a security update.
When critical vulnerabilities are discovered, we may disable services or install our own custom update until such time as the vendor releases their own update.
Application security
All REDDNet core infrastructure and storage depots are scanned monthly using Nessus to search for potential exploits. Hardware and services are monitored via Nagios and SNMP.