Cyber Security Update: Identity Services Engine (ISE)

 

Colleagues,

 

As you may be aware the Cyber Security Risk that organisations are facing is increasing by the day. In an effort to counteract this increasing risk a number of initiatives have been undertaken to protect the staff and students of CIT. Thus far some of these initiatives have included:

  1. Creating better awareness among staff and students of the cyber security risks we face
  2. Implementing a new system to proactively manage Operating System patching of CIT owned devices
  3. Upgrading our firewalls to offer additional security measures
  4. Implementing new procedures to proactively manage Anti-Virus updates of CIT owned devices
  5. Implementing Identity Service Engine (ISE – pronounced ICE)
  • ISE is a security solution to ensure that only known and safe devices can connect to CIT’s wired network. NB this does not affect devices connecting to the wireless network.

 

Today I need to update you on item 5 on the list above ISE. We have commenced Phase 2 of ISE and I wanted to give you an update so you understand what will happen next.

 

What does ISE do?

When a device tries to connect to the staff network, ISE determines if the device is a known CIT device. It determines a device as “known”, either by the device having been registered with ISE (e.g. a printer, laptop or an IP phone) or if the device has a logged on user once they have authenticated onto the CIT domain.

  • NB: ISE does not affect the wireless network
  • NB: ISE does not affect any student labs

 

What impact will this have on me?

There should be no impact for you. Extensive work has already been completed to ensure that:

  • all devices have been learned and are known to ISE
  • staff are logging onto the CIT domain
  • NB: This work pertains to staff network ports only and will not be implemented on student ports at this time.
  • If by chance you experience any issues please log a call on Servicedesk and we will work with you to remediate any issues.

 

What are the benefits of ISE?

  • A more secure network for all staff
  • This means that if our laptops are secured from malware and virus infections due to their onboard software, the internal network will be protected
  • This should lead to less risks for staff devices and data, less infections
  • This should also lead to our staff being more protected from cyber security threats

 

Project Status Update

 

Phase

Status

Detail

Phase 1 – Learn Mode

(Authentication Open)

Completed

  1. IT Services will turn on ISE on the staff domain for all departments [COMPLETED]
  2. ISE will remain in ‘LEARN’ mode only, where it will discover all devices and throw back a list for review [COMPLETED]
  3. IT Services will then work through this list with all local technicians to understand those devices connecting to our staff domain [COMPLETED]
  4. IT Services will then propose a policy to be implemented on our staff domain to secure all staff ports [COMPLETED]
    1. This proposal will go to IT Steering for approval before being implemented

Approval to Continue

Completed

  1. On October 10th IT Steering approved the above proposal which was to change all wired network ports to ‘Closed’
    1. This means that if an unknown device were connected to a CIT wired network port ISE would block that unknown device from connecting

Phase 2 – Closed Mode

(Authentication Closed for all STAFF ports)

Completed

  1. Melbourn Building [COMPLETED]
  2. Admin Building [COMPLETED]
  3. F Block [COMPLETED]
  4. G Block [COMPLETED]
  5. Student Centre [COMPLETED]
  6. Tourism Building [COMPLETED]
  7. Library [COMPLETED]
  8. IT Centre [COMPLETED]
  9. Create Building [COMPLETED]
  10. Bishopstown - Main Building – Ground Floor [Commencing week of 20th November]
  11. Other Buildings – [Will be confirmed in a further update]

 

If you experience any unexpected issues please contact the service desk at servicedesk@cit.ie