Moving from Reactive to Proactive – DeepNines and ESU 3

Nate Jackson, Territory Manager

Greg Jackson, Vice President of Technical Services

Martin Rosas, Director of Technical Services

July 23, 2008

• Introduction – Nate Jackson 9:00 – 9:10

• Product “Walk-Thru” – Greg Jackson 9:10 – 12:00

• Lunch 12:00 – 12:30

• Policy Builds – Martin Rosas 12:30 – 3:30

Agenda

A Large Network Solution

ESU 3 provides content filtering to 17 of its 18 membering school districts. The content filtering solution must be able to support at least 17,000 concurrent users with bandwidth speeds of at least 150 Mbps.

Advanced Content Control

ESU 3 requires a solution that has advance content control features – block/filter ports other than port 80; block/filter Google and Yahoo safe searches; block/filter protocols such as: IM, P2P, File Sharing, IRC; and block pop advertising.

Granular Filtering Policies

Each of the participating school districts would like the ability to create filtering policies by directory groups and/or IP addresses.

Robust Proxy Prevention

Students within ESU 3 have been exploiting the existing content filtering/content control portfolio by using circumvention techniques, commonly referred to as remote web proxies. ESU 3 requires robust proxy prevention against anonymous proxies, URL translation servers, and any other circumvention techniques.

Challenges and Needs Challenges and Needs Challenges and Needs Challenges and Needs

ESU 3 Requirements

SolutionSolutionESU 3 has deployed an iTrust suite at each of the 17 participating school district as well as at the ESU 3 central office.

Each iTrust suite includes…Real-time network visibility and monitoringGranular URL filteringDeep Packet InspectionTraffic Shaping/Bandwidth ManagementIntrusion Prevention SystemGateway AVReporting

ESU 3 has deployed an iTrust suite at each of the 17 participating school district as well as at the ESU 3 central office.

Each iTrust suite includes…Real-time network visibility and monitoringGranular URL filteringDeep Packet InspectionTraffic Shaping/Bandwidth ManagementIntrusion Prevention SystemGateway AVReporting

DeepNines iTrust SuiteDeepNines iTrust Suite

Solution

A Large Network Solution

Advanced Content Control

Granular Filtering Policies

Robust Proxy Prevention

A Large Network Solution

•Each of the 17 participating school district as well as the ESU 3 central office has been fitted with an iTrust Suite that fits their network needs.

•The iTrust suite is licensed on bandwidth. This method allows the districts to grow or decrease without having to incur additional charges. Additionally, it ensures that every computer is covered in the event there is an overage on the concurrent sessions subscribed to.

•ESU 3 is licensed for 250 Mbps (to the outside world).

Advanced Content Control

•The DeepNines iTrust suite performs deep packet inspection (DPI, or layer 7) of every packet, port, and protocol both ingress and egress. (over 155 protocols and all 65000+ ports)

•Image searches can be blocked by URL or also by DPI. The breadth of images searches go beyond Google and Yahoo, such as Ask, Alta Vista, etc.

•Protocols such as IM, P2P, etc are not only subject to the iTrust’s URL module but also its DPI engine. The DPI engine leverages industry signatures as well as custom K12 signatures created by DeepNines.

•Pop-ups can be blocked by both the URL and DPI engines.

Challenges and Needs Addressed with DeepNinesChallenges and Needs Addressed with DeepNinesChallenges and Needs Addressed with DeepNinesChallenges and Needs Addressed with DeepNines

Solution

Granular Filtering Policies

•By deploying an iTrust server-appliance at each district, the solution can be deployed behind local network address translation (NAT). Therefore, granular filtering policies (based on Active, E, and/or Open Directories) can be created. For each iTrust server-appliance 64 URL filtering policies can be created.

•The iTrust suite has an aggregate white list, as well as, a white list available for each group as defined by AD, Edir or Open Directory.

Robust Proxy Prevention

•Traffic is inspected by both the URL filter and DPI. The iTrust suite has 100’s of custom proxy signatures which are proprietary to DeepNines. No longer does the website URL need to be known as DPI can tell if it is a proxy by examining layer 7 connections.

•The iTrust suite blocks not only anonymous proxies and URL translation servers, but also Circumventors, Tor’s, SSL based proxies, CGI, PHP, Transparent, SOCK v4 and v5, Gopher, Streaming, Google proxies, host based proxies (ultrasurf, Yourfreedom, Pass1), SSH tunnels, PC Anywhere, etc.

•The iTrust suite provides the most robust proxy protection in the industry, as guaranteed by our customers.

Challenges and Needs Addressed with DeepNinesChallenges and Needs Addressed with DeepNinesChallenges and Needs Addressed with DeepNinesChallenges and Needs Addressed with DeepNines

Solution

Nate Jackson, Territory Managernjackson@deepnines.com(303) 292-2896 office(720) 810-0866 cellRole - Point of escalation for resolution of technical or service

related issues, Renewals, upgrades, etc, quarterly check in meetings.

Tom Knight, Vice President of Salestknight@deepnines.com214.273.6996 ext 220 officeRole – Executive escalation .

Nate Jackson, Territory Managernjackson@deepnines.com(303) 292-2896 office(720) 810-0866 cellRole - Point of escalation for resolution of technical or service

related issues, Renewals, upgrades, etc, quarterly check in meetings.

Tom Knight, Vice President of Salestknight@deepnines.com214.273.6996 ext 220 officeRole – Executive escalation .

Technical ServicesTechnical ServicesTechnical Services Organizationsupport@deepnines.com(866) DEEP9-12

Brett Juergens – Assigned Security Engineerbjuergens@deepnines.com(214) 273-6996 ext 214 officeRole – Technical support.

Wade Dykes – Assigned Security Engineerwdykes@deepnines.com – Technical support(214) 273-6996 ext 234 officeRole – Technical support.

Martin Rosas – Director of Technical Servicesmrosas@deepnines.com214 273-6996 ext 222 officeRole – Point of escalation for resolution of technical or service related issues.

Greg Jackson – Vice President of Technical Servicesgjackson@deepnines.com(214) 273-6996 ext 231 officeRole - Executive escalation.

Technical Services Organizationsupport@deepnines.com(866) DEEP9-12

Brett Juergens – Assigned Security Engineerbjuergens@deepnines.com(214) 273-6996 ext 214 officeRole – Technical support.

Wade Dykes – Assigned Security Engineerwdykes@deepnines.com – Technical support(214) 273-6996 ext 234 officeRole – Technical support.

Martin Rosas – Director of Technical Servicesmrosas@deepnines.com214 273-6996 ext 222 officeRole – Point of escalation for resolution of technical or service related issues.

Greg Jackson – Vice President of Technical Servicesgjackson@deepnines.com(214) 273-6996 ext 231 officeRole - Executive escalation.

Account TeamAccount Team

DeepNines Support Team