Profile

CommunityPlatform_1350x900.jpg

Andrew Pete

Edit My Profile

My Content

1 to 20 of 29 total

RE: Wired and Wifi network registration and captive portal

Posted By Andrew Pete 01-24-2024 05:54:35 AM
Found In Egroup: Network Management \ view thread
We're using FortiNAC which is used to be Campus Manager/Network Sentry from Bradford Networks. We've built out access for both endpoints, which need access to internal resources, and gaming/IoT devices which only need Internet access.

RE: State of Traffic Shaping

Posted By Andrew Pete 12-12-2023 06:01:54 AM
Found In Egroup: Network Management \ view thread
Guess we are in the minority here. We're using per IP traffic shaping on our Fortigate firewalls. We've run into issues in the past with recreational gaming eating up bandwidth due to large game updates. We've upgraded our core infrastructure so that we have a 20 Gbps link to our ISP for WAN and Internet ...

RE: Endpoint segmentation?

Posted By Andrew Pete 12-04-2023 09:18:42 AM
Found In Egroup: Network Management \ view thread
Ryan, We've been using EAP-TLS for WiFi DOT1X with our domain joined systems for a few years now. I'm happy to add what I can to the TLS portion of the discussion. Andy Andrew Pete, Information Security Architect New England Institute of Technology apete@neit.edu 401-739-5000 ...

RE: Endpoint segmentation?

Posted By Andrew Pete 11-30-2023 05:41:01 AM
Found In Egroup: Network Management \ view thread
I'm interested. Andrew Pete, Information Security Architect New England Institute of Technology apete@neit.edu 401-739-5000 neit.edu

RE: Endpoint segmentation?

Posted By Andrew Pete 11-17-2023 12:34:14 PM
Found In Egroup: Network Management \ view thread
Hey Matt, NEIT has been using FortiNAC longer than I have worked here and before Fortinet bought the product (Formerly Bradford Networks Campus Manager/Network Sentry). I've also had experience with the product at other jobs going back more than 10 years. I haven't really touched much else but ...

RE: Crowdstrike

Posted By Andrew Pete 11-17-2023 12:30:07 PM
Found In Egroup: Cybersecurity \ view thread
Hi Petrus, We are using Crowdstrike here at NEIT. Personally, I have a Microsoft 365 Business Premium subscription which includes Microsoft Defender for Endpoint that I'm using on my endpoints at home. While there are some feature differences between the Business premium and stand alone versions, ...

RE: Endpoint segmentation?

Posted By Andrew Pete 11-16-2023 09:07:24 AM
Found In Egroup: Network Management \ view thread
Hi Mike, We are in the process of a multiyear plan to improve our network segmentation. I re-architected our network so that we have firewalls at the core of each campus network. I'm starting high level by breaking into different VRFs based on device type then tying them to Zones on our firewalls. ...

RE: Crowdstrike

Posted By Andrew Pete 11-16-2023 08:54:18 AM
Found In Egroup: Cybersecurity \ view thread
We switched to Crowdstrike earlier this year from Cylance. We are on the Falcon Enterprise bundle. Happy to discuss any questions.

Data Destruction Tools

Posted By Andrew Pete 10-20-2023 09:34:14 AM
Found In Egroup: Cybersecurity \ view thread
I'm curious what folks are using for data destruction on SSD/NVMe drives. ------------------------------ Andrew Pete Information Security Architect New England Institute of Technology apete@neit.edu ------------------------------

RE: Wireless Guest Access

Posted By Andrew Pete 05-24-2023 01:03:41 PM
Found In Egroup: Network Management \ view thread
We use a self-registration method which generates a username and password. To simplify the onboarding process, we have the workflow populate/present the credentials without verification. Obviously this doesn't stop someone from giving an invalid email address but guests are providing legitimate information. ...

Crowdstrike

Posted By Andrew Pete 01-24-2023 01:17:00 PM
Found In Egroup: Cybersecurity \ view thread
We are at the tail end of evaluating Crowdstrike to replace our current endpoint protection. I'd love to get some feedback from folks that are already using the product. ------------------------------ Andrew Pete Information Security Architect New England Institute of Technology apete@neit.edu ---- ...

RE: GLBA Compliance (Risk Assessment)?

Posted By Andrew Pete 01-20-2023 11:20:49 AM
Found In Egroup: Cybersecurity \ view thread
Our process is very much manual/ad hoc but are in initial discussions with the folks at Salty Cloud (https://www.saltycloud.com/) about their Isora GRC platform. They are geared towards higher ed and their core technology initially came out of The University of Texas.

RE: Password Expiration Guidelines - NIST 800-63 (Remove Periodic Change Requirement unless compromised)

Posted By Andrew Pete 01-18-2023 07:11:00 AM
Found In Egroup: Cybersecurity \ view thread
We recently changed our password expiration in response to this. We chose to try and balance the two schools of thought and went from 90 day expiration to 365 day expiration or whenever suspected of being compromised.

RE: Cisco rec best practice - VMware ESxi /w VPC for load balancing

Posted By Andrew Pete 01-10-2023 07:00:44 AM
Found In Egroup: Network Management \ view thread
We are primarily UCS chassis based so we are using aggregation between our switching and the chassis itself. Our blades are configured with the default load balancing. We do have two standalone hosts that I have configured to use Etherchannel between the host and our switching. I've been doing link aggregation ...

RE: Onedrive synchronization and FERPA data on personal devices

Posted By Andrew Pete 12-06-2022 12:21:15 PM
Found In Egroup: Cybersecurity \ view thread
Conditional Access should be able to achieve this but there are a few requirements. It does require Azure AD Premium P1 or Premium P2 licensing. You would also need a way to differentiate between permitted/prohibited devices which can be done through Intune or Azure AD Hybrid Join. https://learn.mi ...

RE: How often do you patch your network devices?

Posted By Andrew Pete 11-29-2022 01:04:52 PM
Found In Egroup: Cybersecurity \ view thread
Hi Randy, NEIT's academic calendar is based off four 10 week quarters per year with various length breaks in between. We have maintenance blackouts which require additional approval consideration for key weeks during our terms such as weeks 1 (first week), 5 (mid-terms) and 10 (finals). At a high ...

RE: sizing PDUs / IDFs / switches

Posted By Andrew Pete 11-07-2022 02:19:04 PM
Found In Egroup: Network Management \ view thread
Some thoughts on Cisco and power: Specifications like 740W on the 2960X platform refers to the total POE capacity of the switch. In other words this is the maximum total POE draw that the switch can handle. The used power value from the "show power inline" command shows the total POE power consumed. ...

RE: Network Segmentation using VxLAN or VRFs

Posted By Andrew Pete 11-07-2022 10:12:43 AM
Found In Egroup: Network Management \ view thread
Hi Padma, We started deploying VRFs approximately 2 years ago as part of our new network segmentation architecture. All inter-VRF traffic must go through our firewalls and we use a NAC solution to place endpoints on the appropriate segment. This does add more complexity to the network but it's been ...

RE: Feedback: BYOD and Personal Machines

Posted By Andrew Pete 10-31-2022 01:39:06 PM
Found In Egroup: Cybersecurity \ view thread
Hi Michael, We allow the use of BYOD devices by both faculty and staff as not all employees are given enterprise assets. We leverage FortiNAC, formerly Campus Manager/Network Sentry from Bradford Networks, on our entire wireless network and on the wired side in our ResHall and Esports room. Long term ...

Endpoint Protection

Posted By Andrew Pete 10-24-2022 12:28:30 PM
Found In Egroup: Cybersecurity \ view thread
We are in the process of re-evaluating our endpoint protection vendor. I'm curious what vendors are being used at other institutions and what the experience has been with both the management of the solution as well as technical support. ------------------------------ Andrew Pete Information Security ...