Handling network security for a university can be a nightmare for administrators.
One reason for this is the difficulty in distinguishing actual risks from the tens of thousands of network incidents spawned by a bustling digital community.
To effectively address this challenge, Carleton University in Ottawa recently rolled out Deep Security 6 server and application protection software from Ottawa-based Third Brigade Inc.
It was last year that the university first began testing the product on 15 of its more than 150 servers.
The software greatly eases the burden on the institution’s network security team.
“With a typical network intrusion detection system you could get tens of thousands of alerts each day,” noted Jamie Campbell, manager of the information security division at Carleton. “It would be like drinking from a firehouse.”
By contrast, he said, the new software offering only alerts administrators to actual threats, instead of reporting on every network event.
Campbell said many administrators – asked about the current status of the Windows network – would be hard-pressed to “come up with a comprehensive answer at short notice.”
The glut of information makes it virtually impossible for them to discern which events actually pose a real threat, he said.
And therein lies the value of Deep 6.
While it “isn’t a silver bullet”, Campbell said the software does help admins see, at a glance, threats to the university’s most vital network assets.”
It allows administrators to “dial down” the security alerts, he said, covering only the most vital components or areas of the university’s network.
He said that’s a crucial ability given the difference between how corporate security practices differ from those in an educational institution’s network.
In a university, Campbell noted, there’s often a clash between IT’s need to need to have a clear view of network risks, and the university’s need for freedom and flexibility.
“In the corporate world it’s very easy for IT to institute policies such as a ban on USB thumb drive use (for instance). If I were to do that today I would be kicked out the door in a minute.”
With more than 24,000 students and over 2,000 professors and staff members, Carleton is almost a small city.
Use of the university’s IT system not only encompasses educational and administrative functions, but also food management, policing and safety, online training, and even the road building crew – to name a few.
To this you have to add the activities of students, professors and instructors who affect network traffic with research or experiments.
Campbell said it’s often a challenge for security administrators is to distinguish if a certain event is an attack, or just a student scanning the university network as part of an IT experiment or “normal inquisitive behaviour”.
With Deep Security 6, administrators are able to configure the software to scan only for certain types of traffic or network activities.
Rather than cast a wide net “over all our exposure”, the security strategy “concentrates protection on assets of high importance,” Campbell said.
For this kind of security, traditional firewalls and anti-virus software products aren’t enough.
Campbell said he did experiment with other intrusion detection products, but these tended to be harder to manage and failed to adequately dial down event log coverage.
Web-based technologies and online collaboration tools have introduced new risks to the network, according to Peter Evans, vice-president of Internet Security Systems at IBM.
“The firewall is no longer an effective weapon against these attacks,” Evans said in a Webcast.
Many firms, he said, depend on a preponderance of systems to deal with spam, viruses, malware and spyware.
“Some businesses have upwards of 30 different technologies stacked one on top of another, and the number is growing each year.”
Deep Security offers firewall, intrusion protection, integrity monitoring and compliance validation, said Chris Wolf, a senior analyst at The Burton Group, an analyst firm based in Midvale, Utah.
The security software resides on a central server and installs clients on virtual machines and guest operating systems.
Centralizing security avoids having to build separate virtual machine clusters or physical servers, Wolf said, and provides users with greater flexibility.
Carleton University’s Deep Security 6 roll out currently concentrates of the university’s centralized Windows environments, domain controllers and certificate servers, which are categorized as high-risk assets.
However, Campbell talked of plans to extend the service to other departments.
Other attractive features of Deep Security 6, he said, are ease of use and nominal training requirements.
If the service is available to departments with their own IT teams, these teams conduct part of their own network security functions, he said.
This would speed up intrusion detection and threat suppression.
“Rather us telling them there’s a suspicious network activity on their side, they can call us up and inform us they have a security threat.”