Security Flaws Prompt Layered Security Network Lockdown
Premier Education Group adopts a defense-in-depth strategy to protect its most valued assets.
With 10,000 students at 27 campuses throughout the northeastern United States, Premier Education Group's IT department has had its share of security issues. Over the years, it has seen just about everything, from students trying to surf inappropriate sites or download music from the Internet, to workstations without updated antispyware and, worse, machines where the antispyware function had been turned off.
These issues have led to an array of problems, including unproductive students and staff as well as very slow network connections.
"If 50 people are listening to music online at one time, it will kill your bandwidth," notes Paul Somogyi, director of MIS for Premier Education Group, a privately owned career training organization based in East Haven, Conn.
By early 2009, it became clear that the school's approach to security was outdated and ineffective. The group decided to overhaul its approach to security by attacking it not only at the workstation level, but at the network and application levels as well.
"We needed security at every layer so we could make sure that nothing inappropriate was happening inside the firewall, and that nothing inappropriate could get in from outside the firewall," Somogyi says.
Premier Education's move to a multilayered security approach is something every organization, regardless of sector or size, must do today to be secure.
"With multilayered security, threats that circumvent controls at one layer can still be stopped by security setup for another layer," says Mark Bouchard, principal consultant at AimPoint Group of Millersville, Md.
Somogyi's team chose a SonicWall unified threat management appliance as its base security solution because it could tackle both the network and the application security layers. Once it was delivered, the group took four months to get it up and running.
It installed one SonicWall NSA 3500 UTM appliance in each of the network rooms at 24 of the campuses, and SonicWall TZ Series appliances at a few of the smaller campuses. In some cases, the new units replaced older SonicWall Pro 3060 security gateways, but many schools had no security gateway at all before the new appliances were installed.
The new UTM appliances serve as the Internet gateway and segment the campus network between staff and students. They provide a firewall, gateway antivirus and antispyware, intrusion prevention, content inspection, and the ability to evaluate Internet traffic based on its value to Premier Education through policies set up by the institution.
The benefits of installing the network security gateways were immediate. The intrusion prevention feature, for example, lets the IT department block viruses, as well as activities that aren't acceptable to the school's educational mission, such as online gaming, instant messaging and social networking. In addition, it allows the IT staff to scan for viruses at the gateway level, so even if a workstation is missing antivirus protection or the protection is out of date, the problem will be caught.
Central management is another benefit. With the SonicWall Global Management System, which was installed on the SonicWall E-Class Universal Management Appliance EM5000, the IT group can centrally manage and deploy SonicWall appliances and security policy configurations. The IT staff can also manage the appliances at all campuses concurrently and make global changes to block or monitor a site.
"It takes a lot of trial and error to get network usage shaped the way we want it," says Ashley Torvinen, Premier Education Group's computer and network support technician. "The central management console allows us to make these changes quickly and efficiently."
Reporting is another major asset of the Global Management System. "It allows us to see who is using the most bandwidth at certain times during the day," Torvinen explains.
The percentage of malware attacks in 2010 that stem from web-based services and applications, up from 4 percent in 2009
Source: Based on analysis at SonicWall's Global Response Intelligence Defense network from July 1, 2009, to June 30, 2010
In one case, the IT team had been notified from its Internet service provider that someone had downloaded copyrighted data from one of its campuses. With these tools, the team was able to quickly identify from which computer the downloading had originated and block the peer-to-peer software being used. With that information, the group was then able to make the proper changes at all campuses to prevent the problem from recurring.
Once the SonicWall equipment was working well, the group tackled the endpoints and servers, turning to antivirus software and server protection.
For workstation security, the IT staff deployed Grisoft's AVG Anti-Virus scanning engine, which prevents users from visiting unsafe websites, as well as offering phishing and firewall protection, regular updates, and remote management.
"We all know that antivirus software is effective only as long as it's kept up to date, and that had been a problem," says Ray Warner, a computer support specialist at Premier Education Group. "With the large number of PCs we have across the organization, the console makes it easy to keep track and update any PCs that have missed the auto-update virus definitions."
For server protection, Premier Education Group installed Trend Micro ServerProtect, which provides real-time antivirus, antispyware and rootkit protection that is manageable by a single console. If ServerProtect finds a problem, it immediately cleans and repairs all servers where the problem has been located.
Now that the institution's multilayer security strategy is complete, the next step is to create a testing lab.
"We want to set up a lab and review and fine-tune the settings for the gateway and workstation protection so all threats are prevented before we implement a new system in our production environment," Somogyi says.
Protection at All Levels
The need for security is a fact of life, and experts say the more, the better. That's especially true today, as threats are growing exponentially at every level and those who seek to harm organizations are getting smarter and more creative. What's more, colleges and universities today have more access points to protect. Finally, regulatory requirements rightly demand ironclad security. All of this means that an organization must protect its assets at every layer, from its network and applications to its data and endpoint devices.
Here is a rundown of how to protect a computing environment at every level:
Network layer: A good place to start protecting your network is with a multifunctional unified threat management appliance. These appliances generally include a firewall, a virtual private network, intrusion prevention and antivirus software, and also can include traffic control, spam and web content filtering.
System layer: At this layer, the concern is with protecting endpoint devices – notebooks, desktops and servers. Endpoint security suites are a good place to start. Typically, they include antivirus, antispyware, network threat protection, a single agent–single management console, antispam and messaging security protection. Another good choice is host intrusion protection, software suites that block unauthorized applications and access and ensure that only trusted applications can execute.
Application layer: Start with multifunction web and e-mail security gateways. These products bundle web filtering, antivirus, malware protection, data loss prevention (DLP) and real-time activity monitoring. For inbound web traffic, it's also important to invest in web application firewalls and potentially a database activity monitoring or database firewall solution as well.
Data layer: For smaller organizations, the data protection provided in an existing web, e-mail or network security gateway might suffice. For larger organizations, consider adding stand-alone DLP technology. These solutions examine all communications traffic, formulas or any data you direct it to identify.