Blocking Cyber Attacks, Increase Bandwidth

  • By Thomas Danford
  • 10/31/03

Founded in 1850, the University of Dayton is the largest, private university in Ohio and one of the top 10 largest Catholic universities in the United States. The university has over 70 academic programs for its 10,000 students, and is one of the most wired campuses in the country. All university housing is connected for high-speed Internet access, and all students are required to own computers.

The Problem
Like most universities, University of Dayton needed to provide open network access to students, faculty and staff. This type of exposure makes it almost impossible to stop attacks, such as Code Red and Nimda that bypass the firewall on port 80 and other well-known ports. In the early stages of the Code Red worm spreading, it was discovered that as few as five infected machines could overwhelm the core campus router. This was further complicated in that there was no way to determine if the network was under attack. The only valid strategy of blocking attacks was to apply patches before a server or workstation—allowed on the network.

Additionally, file sharing is prevalent with students using Peer-to-Peer applications to download copyrighted music and video files. This can cause legal and security risks as well as absorb significant bandwidth. University of Dayton estimates that they received a dozen letters per month threatening legal action for piracy.

The Implementation
The University of Dayton installed TippingPoint Technologies’ UnityOne Intrusion Prevention Appliance, a high-speed intrusion prevention system that blocks malicious traffic and illegal P-to-P files on the network. We immediately viewed attacks being blocked on the security management console’s attack log. Since the implementation in early 2003, the university estimates that more than one million worms, viruses, and attacks have been blocked each month. The Digital Vaccine service, which allows administrators to download new security filters to the system to protect against the latest vulnerabilities, buys administrators additional time to patch their systems.

University of Dayton’s Network Systems and Security Officer Ronnie Wagers said, “The UnityOne gives me peace of mind. I am no longer comfortable with the idea of running our perimeter defense without it.”

The intrusion prevention enables customers to block P-to-P traffic uni-directionally or bi-directionally. The University of Dayton chose to allow students to be able to retrieve shared files from outside the university network, but blocked people outside the university network from retrieving shared files located within the university. With the implementation, reports show over 1 million shared files are blocked per month, augmenting the organization’s bandwidth availability. Results from the University of Dayton show that after blocking P-to-P traffic uni-directionally, bandwidth consumption dropped from a peak of 30Mbps to a low of 17Mbps within the first 30 minutes, giving a 43 percent increase in bandwidth availability.

Value Proposition
Organizations can greatly increase their security and bandwidth availability while reducing the legal risk of piracy by blocking P-to-P file sharing applications. TippingPoint’s Peer-to-Peer Piracy Prevention feature is included in all UnityOne Intrusion Prevention Appliances and Systems. The system performs deep packet inspection through Layer 7, providing immediate protection against known threats and vulnerabilities.

The cost savings from avoiding an attack could easily reach well into the six-figure range. When calculating return on investment from an intrusion prevention solution; administrators should take into account the time required to patch a system and reboot, the time required for emergency patching (the same day as a vulnerability or exploit is published), remediation time, time to test to make sure the machine is fixed, the opportunity cost of what tasks are neglected due to remediation, decreased productivity, overtime charges or outsourced staff expenditures required to fix the infection, and damages caused from the actual attack.

All of these factors would be multiplied by the number of infected machines, which can range into the hundreds or thousands depending on the size of the organization. Our intrusion prevention system has proved to be a good investment.

Featured

  • AI microchip, a cybersecurity shield with a lock, a dollar coin, and a laptop with financial graphs connected by dotted lines

    Survey: Generative AI Surpasses Cybersecurity in 2025 Tech Budgets

    Global IT leaders are placing bigger bets on generative artificial intelligence than cybersecurity in 2025, according to new research by Amazon Web Services (AWS).

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Launches Stand-Alone AI App

    Meta Platforms has introduced a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.

  • laptop displaying a red padlock icon sits on a wooden desk with a digital network interface background

    Reports Highlight Domain Controllers as Prime Ransomware Targets

    A recent report from Microsoft reinforces warnings about the critical role Active Directory (AD) domain controllers play in large-scale ransomware attacks, aligning with U.S. government advisories on the persistent threat of AD compromise.

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Report: AI Shifting from Cloud to PCs

    AI is shifting from the cloud to PCs, offering enhanced productivity, security, and ROI. Key players like Intel, Microsoft (Copilot+ PCs), and Google (Gemini Nano) are driving this on-device AI trend, shaping a crucial hybrid future for IT.