When Ryerson University tested a security appliance at the edge of its network, it blocked 21,000 viruses — in a single day.Like many universities, Ryerson is faced with increasing attacks on its campus network, including viruses, spyware and worms. At the same time, it has to provide access to a growing number of multi-platform devices. As a result, the Toronto-based university rolled out more than 40 FortiGateT enterprise security appliances from Fortinet to protect its IT infrastructure.
Educational institutions have the unique challenge of dealing with users — students, teachers and staff — that work with a variety of software, including different versions of Windows, Linux, Mac OS, IBM AIX and Solaris. “We have no control over it because of academic freedom to download software and use whatever they need,” said Larry Lemieux, assistant director of IT support for Ryerson. “Unlike a bank or big private company, we can’t force people to upgrade to Windows 2000.”
The university has 50,000 e-mail accounts for students, faculty, staff and guests, with plans to increase that to 100,000.
It’s also boosting space for e-mail from 5MB to 100MB. “That in itself will increase the load and potential for viruses and malware,” said Lemieux.
The university was already using firewalls to protect its most sensitive data, including payroll and financials. But many of its desktop machines were still vulnerable to attack.
Over the summer holidays, for example, students would use an unprotected computer at home or work and, come September, unknowingly bring viruses, worms and other forms of malware into their dorms, which would spread like wildfire.
More recently, wireless access points have been introduced around campus, opening up the network to more risks.
Firewall manufacturers are evolving toward unified threat management, where they offer a variety of services in one package. “In one box we’re doing the firewall, the anti-virus scanning, the intrusion detection and prevention,” said Graham Bushkes, country manager for Fortinet in Canada.
This allows organizations to scan for malicious content at the edge of the gateway to prevent that content from actually getting in.
“In the case of Ryerson, you’ve got thousands and thousands of students without any control over what sort of protection they have on their individual notebooks,” he said.
Ryerson worked with LCM Security, a supplier of security technologies, to find a solution. “We evaluated a number of products from different companies and ended up with Fortinet because it was the only one that, in addition to the firewall functions, also did anti-virus at wire speed,” said Lemieux.
Ryerson supports gigabit speed for research and real-time applications, such as satellite feeds, broadcasting and voice over IP —and high availability is critical. “We’ve had situations where a student might be doing a test (online) and at the end they go to hit enter to submit their answers and it dies, and they lose their test,” he said.
So the university deployed a cluster of four high-end FortiGate 3600s at the gateway, which scans more than 750 megabits per second, so there’s no performance degradation or latency.
All traffic is scanned and filtered using integrated firewall, antivirus and intrusion prevention technologies.
In addition to e-mail, it also scans, cleans and logs instant messages. Additional FortiGates are deployed throughout campus to protect specific buildings, such as the library.
Ryerson is also evaluating a product from Aruba Wireless Networks for approximately 6,000 connection points around its campus.
This would authenticate all wireless users, and route traffic susceptible to viruses through its central firewall cluster for anti-virus scanning.
Aruba has teamed up with Fortinet to develop an enterprise security architecture that will address security threats caused by wireless technology.
Fortinet also provides real-time signature updates for antivirus, anti-spyware, intrusion detection and prevention, anti-spam and Web content filtering.
Customers purchase some or all of those subscriptions and receive real-time updates when necessary. Fortinet has a team of antivirus engineers around the world, said Bushkes, so once a new signature is created, it’s pushed out to every registered device in less than five minutes.
“If that’s four in the morning, boom, it’s on there,” he said, adding it gives IS managers enough time to get the latest signature for their desktop machines from vendors such as Symantec or McAfee.
“We really need to be thinking of host-based anti-virus as our last line of defence,” said Bushkes. “We really have to prevent it from coming (inside) in the first place.”