University deploys network security

Established in 1874, the University of Adelaide now boasts a student population of more than 20,000. The university has recently replaced its anti-malware system.

Unlike many other Australian universities, in which each faculty has its own IT team, most of the University of Adelaide’s IT infrastructure is centralised — around 85%. This presents the university’s IT department with some unique security challenges.

Lindsay Whitbread, team leader for network operations and mission security, explains: “We have a centrally managed network. All the security services are administered centrally. Anything we do is going to affect the vast majority of computers on the network.”

Under the university’s previous antivirus system, two major virus outbreaks occurred within 12 months. Although the incidents weren’t devastating, they were time consuming for the IT department.

“We had several people working full time on the response for a week or more,” explains Alex Nehmy, information system specialist. “We didn’t have any serious concerns around the loss of confidential data, but we had hundreds of machines affected, which significantly impacted user productivity.”

Whitbread says that all told, the recovery process took about three weeks.

Given the size of the network the IT team manages, and the number of users it accommodates, Nehmy says that virus outbreaks are always going to be a risk.

“People can bring in their home laptops or VPN in and put them on our network,” he says. “This flexibility is something we have to provide for business reasons. But it’s a risk. [The previous system’s vendor] didn’t have protection for the virus that infected us and it was a strain that had been around for a long time. It was a bad news day for them.”

When the licence agreement from the old system expired, Whitbread decided the time was right to rethink host protection. He and his staff reviewed analyst research such as the Gartner Magic Quadrant to get a good feel for the strength of various product offerings. They decided to look more closely at McAfee and three other vendors.

“It was a pretty lengthy selection process,” Whitbread says. “In the end, we chose McAfee for a number of reasons. The capabilities of the server product were quite strong and we wanted to stay with the same vendor for server and desktop. McAfee also had excellent reporting. Overall, it was just a better product than what we had.”

Another factor in McAfee’s favour was the integration between ePolicy Orchestrator (ePO) and Vulnerability Manager. The IT group had been using Vulnerability Manager throughout the tenure of the previous solution, so integration with an existing system was a plus.

The university purchased Total Protection for Endpoint. “We’ve only rolled out ePolicy Orchestrator and VirusScan Enterprise so far,” says Whitbread. “And in the six months that we’ve had VirusScan deployed, there have been no outbreaks.”

The centralised nature of the IT infrastructure has led the IT team to rely on the reporting aspect of ePO.

“When you have 6000 machines on multiple campuses in diverse locations as we do, strong reporting is critical,” Nehmy says. “With ePO, you can report on just about any aspect of the product. For example, if I need to find out the version of the .DAT files those machines are using, I can do it easily — no problem.”

Whitbread also uses ePO to push out product updates and patches. In the past, he used third-party software to patch the previous vendor’s product, but the process rarely went smoothly because of the diverse desktop environment the university supports.

“We can easily push out a patch or a product update,” Whitbread says. “That has been a big win for us. In the past, sometimes product updates went into the ‘too hard’ basket because we couldn’t push them out from a central console. And when updates don’t go out, you’re asking for trouble eventually.”

The team also expects the new system to help with the protection of proprietary data — the important data that researchers and faculty members often carry around on their laptops.

“There is a large volume of valuable research data that resides on our systems, which needs to be protected,” Whitbread says. “Much of this data is shared quite legitimately.

“Our challenge will be to control sharing without having a big impact on users. So we’re looking at protecting the data rather than controlling its distribution. The host data loss prevention product is also integrated with ePO. So that integration could lower our costs and make us more efficient there as well.”