Nestled on an island in the middle of the Bull River, the Calgary Zoo is home to more than 900 animals and 260 species, many in danger of extinction. And up until a few months ago, the zoo’s network infrastructure could easily have been added to the endangered list as well.
“”About 50 per cent
of the network traffic we were getting was some kind of spam,”” says Bob Gebert, the zoo’s manager of information systems. “”It had gotten to the point where e-mail wasn’t even a useful tool anymore.””
The main culprit, says Gebert, was the zoo’s firewall — an older version of a Nortel Networks product that had been donated to the zoo several years ago and had since become out of date. The technology simply wasn’t designed to handle current threats, like viruses circulating through e-mail, he says.
After investigating a number of competing products, Calgary Zoo officials chose to implement a network security infrastructure based on the FortiGate Antivirus Firewall platform from Sunnyvale, Calif.-based Fortinet Inc. Capable of real-time scanning at the edge of a network, the platform uses a proprietary application specific integrated circuit (ASIC) chip designed for high-speed packet reassembly and scanning.
FIREWALL ALSO PROVIDES INTRUSION DETECTION, VPN
As Graham Bushkes explains, the ASIC technology enables the unit to detect and eliminate viruses, worms and other content-based threats at the edge without reducing network performance.
“”The magic is in embedding the instruction sets right in the silicon instead of having them access hard drives and other memory,”” says Bushkes, Fortinet’s country manager for Canada.
In addition to real-time scanning, the firewall platform also includes integrated firewall, content filtering, virtual private networking (VPN), intrusion detection and prevention, and traffic- shaping functions.
One advantage of the technology is that it performs “”automatic self updates”” whenever new threats or vulnerabilities are discovered, says Peter Cam, the zoo’s senior network administrator. While other firewall products require a ping or pull from a database whenever a new anti-virus signature is ready for download, the FortiGate product relies on push technology to automatically send out updates.
“”It’s less maintenance work for me and we’re updated as soon as they discover them,”” says Cam.
For the 150 employees who regularly use the Calgary Zoo’s Ethernet-based TCP/IP network, the upgrade has breathed new life into e-mail, clearing up the clutter and restoring it as a useful communications tool. One unexpected problem, however, was encountered initially when Gebert’s team opted for tight security.
“”We tightened everything up so tight, everybody was on our case because they weren’t getting their e-mail,”” notes Gebert. “”Then we realized this is more like a hospital or medical environment, so a lot of words you would normally block out needed to get through.””
The Calgary Zoo operates as a campus network, with multiple buildings connected via its local-area network. As an added layer of protection against outside threats, it is using six FortiWiFi-60 Antivirus firewalls to secure mobile access throughout the grounds.
For example, several meeting rooms are available for rental to groups who wish to conduct business meetings at the facility, and Gebert receives numerous requests to supply Internet access. “”We didn’t really want that because it meant we had to do virus scans on their PCs — a complicated, messy thing to do,”” he says.
Now that the wireless devices are installed in the rooms, however, the zoo is able to transmit data over an encrypted VPN tunnel. Once data is received at the other end, it’s decrypted, scanned for malicious content in real-time and then passed along into the network. “”We kind of built ourselves a firewall sandwich,”” says Gebert. “”We kept people from the outside out and we kept people from the rooms out.””
While that may be true, the Calgary Zoo continues to run desktop virus scanning software inside its network as a last line of defence. The zoo environment has been “”virus free”” since installing the new firewall platform, but Cam won’t assume it’s airtight.
“”The Fortinet has caught a lot of viruses for us, but what it didn’t catch I don’t know,”” he says. “”I assume it caught 100 per cent, but I wouldn’t be surprised if it only caught 99 per cent.””