“Last fall we purchased TippingPoint’s UnityOne Enhances … · 2006-09-15 · University of...
Transcript of “Last fall we purchased TippingPoint’s UnityOne Enhances … · 2006-09-15 · University of...
University of Colorado at Denver
Enhances Securityat the Point of Intrusion
“Last fall we purchased TippingPoint’s UnityOneIntrusion Prevention Systems (IPS), which wesingle-sourced through Dell. It has really savedus when it comes to screening out worms and viruses.”
Frank Edlin, University of Colorado at Denver, Assistant Vice Chancellor for Computing, Information and Networking Services
FIVE TIPS: PROTECTING YOURCAMPUS NETWORKAs today’s campus networks grow increasingly
complex, it is critical to offer internal and external
protection from cyber threats. Because data can be compromised either from
within or outside your school, IT managers must deploy defense-in-depth, multi-
faceted security solutions. In addition to physical and user security configuration
solutions, Dell offers various network solutions that allow you to enhance
system-level protection. These integrated applications address the demands of
your network at many levels to help you create the ultimate defensible position.
Following are five critical areas that enable protection and constant vigilance
across the network.
Best-of-Breed Intrusion Prevention Systems
Intrusion Prevention Systems are able to inspect all traffic at very deep levels
(through Layer 7) and block malicious traffic at gigabit speeds. The technology
that enables these capabilities has only recently been available with the
creation of high-speed processors and custom ASIC chips. IPS can be placed on
internal or perimeter segments to block cyber threats such as worms, viruses,
Denial of Service attacks and Trojans. They are also remotely updated with
virtual patches that shield newly announced vulnerabilities. Because of its
ability to deeply analyze and classify traffic at the network level, the IPS is
also a network cleansing tool that eliminates malformed packets or controls
non-mission critical applications, such as peer-to-peer file sharing, to protect
bandwidth. Dell partners with TippingPoint for its award-winning IPS solution,
which won the NSS Gold Award in the first-ever multi-vendor, intrusion-
prevention evaluation, www.nss.co.uk/ips.
Anti-Virus and Client-Protection Software
The increased frequency of malicious worms, viruses and other threats require
added security on the client system itself. Perimeter security in the form of fire-
walls and intrusion-detection systems cannot provide sufficient protection. Dell
provides best-of-breed client protection.
Integrated System Protection
LegacySelect Control Capability – a standard feature on Dell OptiPlex
desktops – helps your school quickly transition away from insecure legacy
technologies while retaining some level of legacy support for others.
LegacySelect also gives you the ability to lock down any system’s drives, slots
and ports to help protect its integrity.
Configuration-Change Alerts
Provides notification to IT administrators that a system’s configuration has
been altered.
Firewall and VPN Perimeter Protection
Firewalls are devices that allow you
to filter content, manage Virtual
Private Networks (VPNs), monitor network resource requests, and share Internet
access. Most commonly, a firewall selectively separates an internal network
from the Internet (or other external network). A firewall can also be used to
prevent access to specific computers on the Internet. We recommend that every
network connected to the Internet include a firewall.
Easy as
Click www.dell.com/hied/univbiz or call 1-866-486-4477
Easy as
Click www.dell.com/hied/univbiz or call 1-866-486-4477
Dell and TippingPoint Team Up to Block Viruses
When the University of Colorado at Denver was attacked last fall with a flurry
of software viruses, the immediate result was an all-hands-on-deck emergency.
“We were overwhelmed,” recalls Frank Edlin, Assistant Vice Chancellor for
Computing, Information and Networking Services. “We put six people on full-
time just trying to identify infected machines, isolate them and shut them down,
one by one. We figured that there were about 300 unique users who were
vulnerable, so we dispatched staffers to go out and apply patches. And we
didn’t have the staff to do this on an ongoing basis. Each time a worm came out,
we had to do this all over again. We needed a solution that stopped infections
at the point of intrusion, not after the fact.”
He’s not alone. A long-standing irresistible target to hackers, university
systems are growing increasingly vulnerable to attack. A university’s require-
ment to provide open network access for students often leaves them wide
open to cyber threats. In addition, the number of vulnerabilities and incidents
reported each year is dramatically increasing. Another security barrier for
universities is that they do not physically control all of the hosts on their net-
work, such as notebooks in dormitories. As a result, IT administrators are
“We catch the viruses faster because the inspection vector is narrower.”
Matthias Johnson, University of Colorado at Denver, Principal Systems Administrator
The UnityOne Performance Protection capability helps limit or prevent a student’s ability to consume or distribute copyrighted materials.
implementing a series of diverse and sophisticated checks throughout net-
works to ensure that security is not compromised.
Universities must consider security threats from all directions, both
internal and external. University research environments invest large amounts of
money and time into scientific projects that are vulnerable to potential threats,
creating the need for strategic information assurance planning. In addition, many
campuses now have wireless initiatives, and the trend is quickly becoming main-
stream. Freshmen are often issued notebooks at orientation, and protecting this
investment is more important than ever with the expansion of online curriculum.
Finally, the cost of remediation to cleanse an infected machine or infected net-
work is exorbitant, not to mention the cost of downtime and reduced bandwidth
availability when the network is being hit with worms or viruses.
If such words as Blaster, SoBig, Slammer, and Mydoom – just to name
a few – send a chill up your spine, you are a likely candidate for high-speed
intrusion-prevention products. Intrusion-prevention systems are remotely
updated to shield newly announced vulnerabilities, providing immediate protec-
tion prior to scheduled patching. Because intrusion-prevention systems inspect
traffic more deeply than a firewall, universities can block malicious traffic while
maintaining open access.
“Last fall we purchased TippingPoint’s UnityOne Intrusion Prevention
System (IPS), which we single-sourced through Dell,” says CU-Denver’s Edlin. “It
has really saved us when it comes to screening out worms and viruses. It’s
like a traffic cop that watches the cars come and go without slowing down
the innocent drivers, but prevents a car with a hidden missile launcher from
entering the system.”
Edlin and his colleague, Matthias Johnson, Principal Systems
Administrator, state that TippingPoint’s Intrusion Prevention System is nearly 100
percent effective and stops new worms that try to exploit holes that have not
been patched, as well as stopping derivative worms. “We now have virus
protection [we push out] to users,” says Johnson. “We catch the viruses faster
because the infection vector is narrower. When we discover a worm today,
it’s more often a result of someone taking a computer off campus and bringing
it back infected.”
The University of Colorado at Denver contract was completed through
Dell, which distributes TippingPoint’s products through its software and periph-
erals business. “Dell has provided excellent support for the third-party products,
as well as the Dell servers and workstations that we have purchased from
them,” adds Edlin.
GETTING P2P UNDER CONTROLReclaiming Your Bandwidth
The downloading of copyrighted mate-
rials – from music to software programs
to videos to documents – creates problems
of almost infinite variations: What are the
legal ramifications? Will the entertainment
industry hold the institution liable rather than the
individual? What is the cost to the university? Some studies show that the vast
majority of the available bandwidth on university networks is consumed by
illegal peer-to-peer (P2P) traffic. What are the security implications? Hundreds of
millions of P2P clients have been installed. These applications are potential
conduits for a worm or virus that could incapacitate the network. How much
more effective would the educational mission be if this traffic was limited or
stopped altogether?
Firewalls have proven less effective for P2P challenges. When one
firewall port closes, the P2P programs find another. Switches and routers can be
reconfigured to stop specific sessions, but the peer-to-peer applications merely
“change channels” when faced with a roadblock.
Protection and Traffic Control
UnityOne Intrusion Prevention Systems from
TippingPoint gives you high-level control of
peer-to-peer traffic. The UnityOne Performance
Protection capability helps limit or prevent a
student’s ability to consume or distribute copyrighted materials. UnityOne
throttles or blocks over a dozen known peer-to-peer applications, so you can
instantly reclaim significant amounts of valuable bandwidth.
THE REQUIREMENTS FOR INTRUSION PREVENTION
Sophisticated intrusion-prevention
systems, like TippingPoint’s UnityOne,
are growing in importance. According
to Gartner, Inc., an intrusion-prevention system (IPS) must meet specific cri-
teria: Firewalls and gateway antivirus systems are examples of first-gener-
ation, network-based IPS. However, firewalls primarily operate at the net-
work protocol level, and antivirus systems largely implement simple, reac-
tive (that is, non-real-time), signature-based detection and blocking. A true
network-based IPS must:
• Operate as an in-line network device that runs at wire speeds.
• Perform packet normalization, assembly and inspection.
• Apply rules based on several methodologies to packet streams,
including (at a minimum) protocol anomaly analysis, signature analysis and
behavior analysis.
• Drop malicious sessions – don’t simply reset connections.
To do all this, network-based intrusion prevention must perform deep-
packet inspection of all traffic, and generally must use special-purpose hardware
to achieve gigabit throughput. Software-based approaches that run on general-
purpose servers may be sufficient for small enterprise use, and blade-based
approaches may scale up to some large enterprises. However, for complex
networks running at gigabit rates, Gartner believes that application-specific
integrated circuits and dedicated security processors will be required to perform
deep-packet inspection, and to support blocking at wire speeds.
Easy as
Click www.dell.com/hied/univbiz or call 1-866-486-4477