Network Security: Stand & Deliver

Click here to receive your FREE subscription to Campus Technology

Home > Network Security: Stand & Deliver

Features

Network Security: Stand & Deliver

9/26/2006

By Matt Villano

Behind the DShield

LET’S SAY YOU’RE A NETWORK ADMINISTRATOR and your perimeter defenses have just been breached. No doubt you’re unhappy about the situation, you’re wondering how it happened, and you’re wishing you could see how many times the same thing has happened to other schools across the country on the same day your own system was hit. Enter DShield.

DShield is a free open source service that provides a platform for users of firewalls to share intrusion information. Officially launched in 2000, the site received substantial support from security training pros The SANS Institute, and has become the data collection engine behind the SANS Internet Storm Center.

The site provides a color-coded map of the world, with pie charts for each continent, outlining the most commonly attacked ports and the most frequent types of attacks on each port. The charts present the information as a percentage of a whole. In this fashion, users can see which parts of the world are experiencing the greatest number of attacks at a given time.

In the academic environment, colleges and universities can implement localized versions of DShield on their own campuses. At Virginia Polytechnic Institute and State University, for instance, technologists gather attack data from firewalls on campus and publish a similar map (here). Randy Marchany, director of the school’s IT Security Lab, says the school is using this technology as an early warning system, and notes that he relies on the system to see if certain sections of campus are being targeted, and to see which of these sections is reflecting the most intense scan patterns.

“It’s sort of like looking at a weather map,” he says. “I know, for instance, that a front in St. Louis will get here in two days, and that information can be really useful under the right circumstances.”

“We haven’t had any kind of virus outbreak on our network since we started using it,” she says, noting that the product has been running for about a year. “Another benefit: Our users appreciate being told that they have these issues—issues that will affect the security of their machines.”

IT officials at Colby-Sawyer College (NH) are embracing similar strategies to secure the inside of their network, but because the college operates on a limited budget, officials have turned to less expensive technologies. In fact, Scott Brown, information security analyst at the 1,000-student school, says the department recently put forth a concerted effort to ditch all of its big-name security vendors and embrace innovative, off-the-beaten-path companies.The effort replaced a popular antivirus product with software called Nod32 from ESET; it also involved a trio of new products from PA-based developer/reseller Classic Networking.

The first of these products, Classic Networking’s own Client Assessment Tool (CAT), scans remote computers to make sure they comply with all of the school’s latest security policies. Next, a tool called the ResNet Policy Manager from MSI Software provides the school with the ability to register users and enforce the school’s policy for Windows Updates, antivirus and anti-spyware efforts, and more. Completing Colby-Sawyer’s new triad is the NitroGuard intrusion prevention system (IPS) from NitroSecurity, which uses a correlation engine to identify security threats within the network and isolate anomalous network activity before problems can occur.

“While we spent hours configuring our system under the old approach, our new solutions take care of almost everything automatically,” says Brown. “That each of these products can retrieve information from the others is a great benefit.”

Protecting E-mail

Because so many security threats travel via e-mail, one of the best ways to secure a network is to make certain that e-mail is safe. In the interest of simplifying management and cost, many schools handle this by opting for unified threat management (UTM) appliances from vendors such as Check Point Software Technologies and Internet Security Systems. These tools combine anti-spam and antivirus technologies with firewall, VPN, IPS, and intrusion detection systems (IDS) to provide an all-in-one solution. By and large, they are worthwhile methods of defending e-mail and a variety of other network functions.