INDUSTRY

Higher Education

CHALLENGE

Gain visibility into network to safely enable application access, heighten security and support big increase in user base

BACKGROUND

The University is a small campus of intercultural leadership development, where a diverse population of over 2,500 students representing over 70 countries live, study and work together. The education involves intellectual learning and career preparation, as well as moral, ethical and spiritual enrichment.

ALL IS WELL OR IS IT?

A small in-house IT staff manages the technology that fuels the educational and spiritual mission of The University. The schools network consisted of 156 virtual servers running VMware, Cisco Adaptive Security Appliances (ASA) firewalls, numerous appliances and web filtering from Websense. This mix of networking and security technologies supported the activities of 2,750 student users, and over 500 researchers and support staff accessing a variety of applications including social media. The Universitys network seemed fairly stable. We didnt have glaring performance issues, but our data center seemed to be using more internet bandwidth then it should, says Kat, Systems and Network Analyst, IT Infrastructure. Our firewall looked like Swiss Cheese. The firewall had more ports open than needed to be and there were rules that had been there for years. No one had time to clean up the mess.

WHAT YOU DONT KNOW CAN HURT YOU

The Universitys firewalls were not up for renewal for another year, so alternative solutions were not under consideration. That all changed quickly, however, when the university told Kat to prepare his infrastructure to support 2,250 more students a nearly 50 percent increase. That drove us to look at our existing security environment and to fix the issues with our servers, says Kat. An evaluation of the schools current security environment was launched. We were surprised, says Kat. A host of transparent, previously unknown security risks and security compromises, such as lots of open connections, had taken root.

LEARNING WHAT YOU DONT KNOW

On top of this, BitTorrent and other malware were eating up network resources. Student users were unwittingly engaging in activities that invite BitTorrent and other risks, explains Kat. Kat estimates that 25-30 percent of The Universitys one gigabyte Internet connection was being used by unapproved sources. They also noted a degradation in network performance due to server side traffic on their switches and routers. The cumbersome manageability of The Universitys current firewalls posed another issue. Creating acceptable usage rules was extremely time-consuming, and enforcement was ineffective, given rules were port-based. The audit revealed we had over 2,800 rules, most of which were unenforceable, says Kat. If a rule wasnt working, a new one was written and another port opened. This was laborious, inefficient and created vulnerabilities.

THE DIRECTIVE: MAKE SECURITY ROCK SOLID

Faced with an imminent influx of additional users, and armed with new information about the vulnerability and misuse of its network, action was imperative. The mandate from above is to get our network ready and make security rock solid, says Kat. We had to get visibility into our network to see what was really going in and out to regain control. In the process, we had to gain more efficiencies to support the dramatic expansion in our student body. To achieve these goals, the university decided to redesign its IT security infrastructure based on a zero trust model with a next-generation firewall as the linchpin. Under this plan, all servers are being moved into a new data center design and assigned a virtualized server zone. This would protect the server from other zones, as well as internal and external access. An important criteria for the firewall was it had to be application-based versus port-based, says Kat. It had to tell us what applications were truly being allowed to and from our network. We used the information to help us decide which apps to allow or disallow, making it easier to build a secure network.

TRUE APPLICATION-LEVEL VISIBILITY

In addition, University resources were being misused. Several servers were hosting game servers, while others had social media and backdoors implanted. A handful of servers were completely taken over. One server was a launching point for attacks, Kat says. We had lost control over several web servers and application servers. Penetrations into the network had been happening for months or longer. Our existing firewalls had so many ports open that hackers were able to own the DMZ. Our network was compromised and open to squatters. The firewall should enable The University to extend protection over all types of traffic, applications, and threats to remote users. The University plans to implement decryption.

HACKING OFF THE HACKERS

Assume that once things are locked down, the hackers and squatters will try to fight back and prove they have more control. They will became more aggressive in their attacks, changing IP addresses, bouncing off other servers and using more aggressive exploit tools.

The University will evaluate three vendors. We will only look at those who claimed to have a next-generation firewall, says Kat.

Hint: Reference the Gartner's Magic Quadrant for Enterprise Network Firewalls and a minimum of 3 demo sites.

Hint: search - online firewall demo

Compare and contrast products and make a recommendation for a product(s) to specify along with an estimated cost. You solely are responsible for the product specification and your continued employment is dependent on your selection. Write a no fluff management summary (min 3ish pages) that will convince management to spend the money.