Introduction
Most companies and organisations today offer LAN and Internet services to their staff but are faced with significant issues including monitoring and controlling worm and virus activity and high bandwidth usage from the rising recreational use of bandwidth-hogging peer-to-peer applications. These issues combined with an increased dependency on IT can be a challenge for even a small or medium sized company with 100s of users based in a single location but are particularly painful for a University, which has a user population in excess of 14,000, and a large campus network spread over 14 different locations. The NUIG Computer Services department is responsible for delivering a reliable and efficient computing service to students and staff. The need to deploy a solution that would instantly detect and investigate suspicious activity and as a result ensure minimize network downtime and maximize network utilization was an overwhelming requirement for NUIG.
National University of Ireland, Galway
Founded in 1845 (as Queen’s College Galway) with an initial intake, in 1849, of 63 students, NUI Galway is now a thriving institution with over 11,000 students (including students from over 40 countries), taking courses in seven faculties - Arts, Science, Commerce, Engineering, Law, Medicine and Health Sciences, and Celtic Studies. The college has an academic and administrative staff of over 14,000.
The Problem
The NUIG IT administrators faced a number of significant challenges including:
- Large number of users (over 14,000) spread out over multiple locations
- Maximising network efficiency
- A real time visibility into worm and virus activity especially the source of worms attempting to propagate on the network
- Enabling IT staff to make efficient use of their time
- Monitoring internal network activity
- Ensuring the college network is not used illegally, e.g. for downloading and sharing music files. Most colleges have recently received correspondence from IRMA (Irish Recorded Music Association) regarding the legal liability associated with allowing students or staff to download and/or share music.
- Real time monitoring of the huge volume of traffic on the network
- Investigating network performance issues
Background
The Computer Services Department manages the campus network over which all computing services are provided. This network comprises a gigabit cross-campus backbone offering network connections of 10mb, 100Mb or 1000Mb as appropriate. A wireless network with 10 hotspot locations is also available to all users while on campus. The college has over 22 public access PC Suites, located in 14 different locations, comprising 710 PC’s and 58 printers, with 5 locations having 39 PC’s with CDRW capabilities. Coupled with this are 1,000+ PC’s for academic and administrative staff. Maintaining such a vast diverse network is particularly challenging to the computer services organisation.
Client Requirements
Due to the vast nature of their network and the complexity of user numbers, NUIG needed a solution that allowed all traffic to be monitored, validated and if required logged to support forensic activity. Monitoring all internal network traffic in real time for suspicious activity including worms, hacker activity, P2P activity, etc.
- A cost effective, low maintenance, easy to use solution.
- A network traffic analysis engine to provide a useful auditing tool for their IT infrastructure, ensuring they could confidently address any queries during an audit regarding IT security or network usage.
- Real time query and reporting engine.
“We use the system to quickly discover which PC’s may be infected with worms, which in turn helps us validate network utilization and prevent the mail server and college network from becoming overburdened. We were fortunate that we had the system installed on a pilot just before the Sassar worm hit and as a result the effect on our network was negligible. The LAN Guardian system also enables us to detect any illegal P2P activity and which hosts are used for downloading music.”
Ron Owens, Senior Systems Programmer, Computer Services, NUI Galway
The Solution
The Netfort LANGuardian currently deployed in NUIG now allows the Computer Services Department to instantly detect and investigate suspicious activity and validate the college network security and network usage policies. The solution consists of 5 core components :
- Network Intrusion Detection System (NIDS). Utilizes Snort as a detection engine
- Traffic Analysis Engine. Reports network traffic breakdown on a per protocol/port, host, subnet or client/server basis during the specified time period
- Blacklist Web Monitor. Assures the compliance to Internet usage policy
- Email Report Generator. Keeps IT manager informed about all network activity without having to access the system
- Intrusion Protection System. Automatically protect the college network if required
IPS
Now that NUIG has a concise real time visibility into all activity on the college network and have validated the effectiveness of the LANGuardian in helping to immediately detect and report suspicious activity, the college is currently beta testing the recently developed Intrusion Prevention functionality. The ability of the LANGuardian to detect and automatically prevent illegal or suspicious activity lessens the workload on the NUIG computers services staff and ensures 24x7 protection of the college network 365 days a year
