Click here to receive your FREE subscription to Campus Technology
Opinion
The (Campus) Empire Strikes Back
7/1/2008
Network overlay vs. client-based solution. The EECS IT department and the director of IT for EECS, along with some faculty members, evaluated several options and settled on a solution that comprised a network-based NAC appliance and a required NAC client component. The initial solution the IT team selected worked fairly well; however, it was client-based and there were faculty and graduate student concerns about the client: It quickly became clear that installing and deploying clients on a wide variety of platforms was not going to work. The management overhead also appeared to be substantial and complex. In the end, the solution was rejected and we began to think outside the box.
We then became aware of the Botwall solution from FireEye, and abandoned the NAC initiative in favor of targeted protection against stealth malware and botnets for our wireless network. The IT department elected to implement a network overlay solution that would be complementary to our existing IT security infrastructure, without the complex overhead and burden of client installation and maintenance. While the discovery of this new solution may sound simple, it was the creativity of the entire IT department, coupled with important feedback from our users, that led us in a new direction: evaluating current threats, key objectives, and existing resources in a new light. We came to realize that today's threats and attacks are executed with such extreme precision, that more rigorous and meticulous countermeasures would be necessary. We soon found that an overlay solution would allow network managers to a) take full advantage of capabilities within the wireless infrastructure, and b) leverage all the hooks in place to help track and contain devices. The FireEye protection would help us achieve greater security for this infrastructure while providing more automated analysis of malware and botnet activity.
The solution included three chief components: The FireEye Botwall 4000 Series appliances provided network-based anti-malware/anti-botnet protection by utilizing advanced virtual machine analysis of mirrored network traffic. These appliances block, in real time, known malware and previously unknown botnet malware that are autodiscovered using the FireEye virtual machine analysis technology. Next, the GigaVue-MP data access switch from Gigamon Systems provided critical network-traffic data aggregation and replication. The GigaVue-MP replicates traffic from SPAN ports (of border routers, for example) to extend simultaneous support for multiple network monitoring tools such as security analysis at the network edge. Cisco Airespace Wireless LAN Controllers were implemented to securely communicate with access points, to support systemwide wireless LAN applications. In summary, the UC-Berkeley deployment uses FireEye's Botwall appliances to analyze data mirrored from the Gigamon switches and Cisco Airespace controllers, to guard against malware infection on the wireless network.
IN A NUTSHELL...
Network security professionals within higher education face unique challenges in supporting academic freedom while protecting constituents, resources, and data. However, the threats we're seeing are global and the stakes are mounting. Universities have the ability to counter stealth malware attacks with equal force, but we must be vigilant in pursuing advanced technologies designed to outpace the continued evolution of threats. To protect against the latest, zero-day malware requires stronger security than is typically afforded by up-to-date antivirus signatures, the latest patches, or other host-based agents! Universities need targeted anti-malware, anti-botnet solutions that detect and protect against proactive criminal malware activities and rogue traffic, as well as effectively stopping intrusion-- even with machines that may already be infected when they attempt to access the network. With accurate identification of infected machines, network administrators can automate quarantine measures and eliminate unnecessary restrictions of clean student and guest machines. By combining anti-malware solutions with existing security controls, any college or university can create a coordinated and multilayered approach that guards against today's most sinister threats, and provides protection at all entry points including the internet gateway, messaging gateway, endpoint clients, endpoint servers, and the network. The time to launch your selfassessment, evaluation, and solution search is now.
Fred Archibald is network manager for the department of Electrical Engineering and Computer Sciences (EECS) at the University of California-Berkeley.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Emerging Tech Challenges
- Interesting Developments
New projector technologies and features offer improved picture quality, reductions in operation and installation costs, and challenge our ideas about where and how projectors can be used.
- 'N' is for Now!
With final approval of the emerging 802.11n standard tantalizingly close, forward-looking colleges and universities are deploying wireless "n" networks. Here's what you'll need to know for your own "n" initiative.
- Put It Online
- The Argument for Open
Is open source business intelligence software ready for prime time? Our feature contributor offers BI watchers the open source ammunition they've been waiting for.
- CT Briefs
