Security Flaws Prompt Layered Security Network Lockdown

With 10,000 students at 27 campuses throughout the northeastern United States, Premier Education Group's IT department has had its share of security issues. Over the years, it has seen just about everything, from students trying to surf inappropriate sites or download music from the Internet, to workstations without updated antispyware and, worse, machines where the antispyware function had been turned off.

These issues have led to an array of problems, including unproductive students and staff as well as very slow network connections.

"If 50 people are listening to music online at one time, it will kill your bandwidth," notes Paul Somogyi, ­director of MIS for Premier ­Education Group, a privately owned career training organization based in East Haven, Conn.

By early 2009, it became clear that the school's approach to security was outdated and ineffective. The group decided to overhaul its approach to security by attacking it not only at the workstation level, but at the network and application levels as well.

"We needed security at every layer so we could make sure that nothing inappropriate was happening inside the firewall, and that nothing inappropriate could get in from outside the firewall," Somogyi says.

Premier Education's move to a multilayered security approach is something every organization, regardless of sector or size, must do today to be secure.

"With multilayered security, threats that circumvent controls at one layer can still be stopped by security setup for another layer," says Mark Bouchard, principal consultant at AimPoint Group of Millersville, Md.

UTM Migration

Somogyi's team chose a SonicWall unified threat management appliance as its base security solution because it could tackle both the network and the application security layers. Once it was delivered, the group took four months to get it up and running.

It installed one SonicWall NSA 3500 UTM appliance in each of the network rooms at 24 of the campuses, and SonicWall TZ Series appliances at a few of the smaller campuses. In some cases, the new units replaced older SonicWall Pro 3060 security gateways, but many schools had no security gateway at all before the new appliances were installed.

The new UTM appliances serve as the Internet gateway and segment the campus network between staff and students. They provide a firewall, gateway antivirus and antispyware, intrusion prevention, content inspection, and the ability to evaluate Internet traffic based on its value to Premier Education through policies set up by the institution.

The benefits of installing the network security gateways were immediate. The intrusion prevention feature, for example, lets the IT department block viruses, as well as activities that aren't acceptable to the school's educational mission, such as online gaming, instant messaging and social networking. In addition, it allows the IT staff to scan for viruses at the gateway level, so even if a workstation is missing antivirus protection or the protection is out of date, the problem will be caught.

Central management is another benefit. With the SonicWall Global Management System, which was installed on the SonicWall E-Class Universal Management Appliance EM5000, the IT group can centrally manage and deploy SonicWall appliances and security policy configurations. The IT staff can also manage the appliances at all campuses concurrently and make global changes to block or monitor a site.

"It takes a lot of trial and error to get network usage shaped the way we want it," says Ashley Torvinen, Premier Education Group's computer and network support technician. "The central management console allows us to make these changes quickly and efficiently."

Reporting is another major asset of the Global Management System. "It allows us to see who is using the most bandwidth at certain times during the day," Torvinen explains.

In one case, the IT team had been notified from its Internet service provider that someone had downloaded copyrighted data from one of its campuses. With these tools, the team was able to quickly identify from which computer the downloading had originated and block the peer-to-peer software being used. With that information, the group was then able to make the proper changes at all campuses to prevent the problem from recurring.

Complete Protection

Once the SonicWall equipment was working well, the group tackled the endpoints and servers, turning to antivirus software and server protection.

For workstation security, the IT staff deployed Grisoft's AVG Anti-Virus scanning engine, which prevents users from visiting unsafe websites, as well as offering phishing and firewall protection, regular updates, and remote management.

"We all know that antivirus software is effective only as long as it's kept up to date, and that had been a problem," says Ray Warner, a computer support specialist at Premier Education Group. "With the large number of PCs we have across the organization, the console makes it easy to keep track and update any PCs that have missed the auto-update virus definitions."

For server protection, Premier Education Group installed Trend Micro ServerProtect, which provides real-time antivirus, antispyware and rootkit protection that is manageable by a single console. If ServerProtect finds a problem, it immediately cleans and repairs all servers where the problem has been located.

Now that the institution's multi­layer security strategy is complete, the next step is to create a testing lab.

"We want to set up a lab and review and fine-tune the settings for the gateway and workstation protection so all threats are prevented before we implement a new system in our production environment," Somogyi says.