The University of Western Sydney (UWS) has today gone live with a managed Intrusion Detection System (IDS) for its 5000 users.
The UWS has 38,000 students and 3000 staff across six campuses. Its gigabit wireless and fixed network connects more than 5000 Linux, Mac and Windows workstations across the university grounds and in the surrounding campuses.
IT provides and manages network access and offers technical support for UWS staff and students, and handles the central database for human resources.
UWS IT security coordinator Darren Geddes said it will go live over the next few days with a managed Verizon/Cybertrust IDS
"Universities don't want to be denied access to anything and denial-by-exception doesn't work well in that environment, so we need an active IDS to monitor traffic," Geddes said.
The IDS will complement a Network Access Control (NAC) Nortel Tunnel Guard on its wireless Virtual Private Network (VPN), a Juniper firewall, and a CA antivirus.
The wireless NAC validates the security of end-users against a predefined list of trusted antivirus solutions to prevent network infection. Candidates made the list, which initially contained seven different antivirus vendors, based on market share and includes McAffee, CA, Trend Micro, AVG and a number of open-source solutions.
Geddes said the last major virus infection occurred six months ago, however IT isolated the attack within a single zone.
He said the proliferation of different antivirus products and version releases is the biggest challenge with wireless NAC maintenance because it blocks all nodes that do not match the exception list.
"The NAC works reasonably well, but it comes unstuck when two versions of an antivirus solution are stored in separate locations," Geddes said, adding the latest Tunnel Guard update should fix the problem by cross checking against a Nortel database.
The efficiency of a NAC comes down to good management and throughly investigating the requirements to choose the best solution.
Geddes said the roll out will be smooth given the success of a two month trial.
The latest Juniper firewall will be easier to manage locally than the previous version, according to Geddes, because it offers better visibility into the rule sets via an online portal dubbed Gaurdian, and has an inbuilt Intrusion Prevention System (IPS) which he configures to monitor preset alerts.
UWS IT staff will be required to update rule sets and exceptions lists, while Verizon will handle maintenance and patching.
Geddes said the most burning problem is vendor and version compatibility between security log files.
The logs are used by the UWS IT security team to collate data regarding a security breach, including virus infections and hacking attempts. However Geddes said the task takes significantly longer due to interoperability between the files, which requires hours of tedious reading.
"We have to trawl through consolidation of logs from different products, authentication and maintenance controller logs for Windows, and IDS and antivirus logs; it is painful because sometimes we have to cross reference all of them and the vendors keep changing log formats," Geddes said.
He said there is no available solution to the problem.
The network uses Cisco 6500 routers on its core network and a range of Nortel equipment to manage its wireless system.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
D-Link Australia & New Zealand
D-Link is the global leader in connectivity for small, medium and large enterprise business networking. The company is an award-winning designer, developer and manufacturer of networking, broadband, digital electronics, voice and video communication.
To Find out more about D-Link solutions visit www.dlink.com.au
D-Link Australia & New Zealand
Featured Products
-
IP BASED PHONE SYSTEM
D-Link VoiceCenter
D-Link VoiceCenter is an IP based phone system designed to meet the needs of small businesses. D-Link have solely partnered with Microsoft to package Microsoft’s Response Point software to bring you VoiceCenter. For more info on VoiceCenter's products and events please visit: http://voicecenter.dlink.com.au -
AWARD WINNING STORAGE
DNS-343 4-Bay NAS Enclosure
D-Links new 4-bay network attached storage enclosure has just received ZDNet's Editor's Choice award and a rating of 9 out of 10 by Craig Simms from CNET See the review here. The DNS-343 release followed the great success of its smaller sibling the 2-bay DNS-323. Targeted at both the home IT enthusiast and commercial users needing a flexible storage solution the DNS-343 is showing good market performance. -
EVERY BUSINESS NEEDS ONE
DSA-3600 Multi-Service Gateway
Any business that’s serious about networking must consider installing this gateway. Feature rich the DSA-3600 multi-service business gateway is a complete network solution that delivers reliable and cost-effective services to SMB and enterprise branch offices. Perfect for setting up a commercial grade wireless connection for the office the unit is simple and easy to manage. -
WI-FI FOR MOBILE WORK SITES
DIR-451 Mobile 3G Router
Perfect for mobile and temporary work-sites the mobile 3G router quickly and easily can connect your site back to the office. Recently the United States Air Force has used D-Link Mobile 3G routers on its remote base camps to connect soldiers with other Air Force departments, local agencies, friends and families. To see the complete case study click here.
New Products
-
XTREME
N DUO ROUTER -
DIR-855
The highly anticipated simultaneous broadcasting dual band wireless N router has arrived. The DIR-855 is set to make massive waves and take home/SOHO wireless networking to a new generation. Unlike other networking manufacturers who promote dual band the new DIR-855 will provide users simultaneous dual band wireless networks, opening up another range of opportunities for wireless networking. - DUAL BAND USB ADAPTER
DWA-160 Xtreme N USB Wi-Fi
The new dual band wireless N USB adapter is ideal for simultaneous dual band environments. For example in apartment buildings where there are heavily congested 2.4GHz Wi-Fi or at the home stream HD video over the network and making VoIP calls at the same time.
Coming Soon
-
WI-FI ACCESS POINT/BRIDGE
DAP-1522 Xtreme N Duo
A new addition to the Xtreme N family this wireless N access point/bridge effectively doubles available wireless bandwidth. Designed for users looking to get a true wireless connection that can handle multiple High-Definition video streaming throughout the house it can take the home network to a new level. - GOT NAKED DSL
DVA-G3670B ADSL2+ Wireless G VoIP Modem Router
Naked DSL customers now have the perfect feature rich product solution the DVA-G3670B to take advantage of naked DSL features. This ADSL2+ (naked DSL compatible) modem Wireless G router comes with 2 VoIP phone connections and is ideal for the growing market who don't want to pay the unnecessary line rental fee. Ultimately this unit is an ideal all-in-one home network solution and even SOHO small business solution.
Download
- Product Selection Guide Issue 3, 08 (3.2MB PDF)
- D-Lifestyle Magazine Issue 12 (2MB PDF)
- D-Link Power Up Your Business Poster (1.7MB PDF)
Case Studies
- DIR-451 Mobile 3G Router - United States Air Force Case Study (104K PDF)
- IP Based Surveillance - Minneapolis Airport Hangar Case Study (180K PDF)
- Commercial Grade Wireless - Four Points Sheraton Hotel Case Study (300K PDF)
- Business Class Switching - Microsoft Campus Case Study (800K PDF)
- High Bandwidth Networking Solution - Team Emirates New Zealand Case Study (751K PDF)
Whitepapers
D-Link TV
Watch videos about D-Link products and much morehttp://www.dlinktv.com
D-Link Training
Find out more about D-Link products trainings and certification programhttp://training.dlink.com.au
Buying Guides
Buying Guides
