UWC goes with Fortinet

"The biggest challenge in improving our security was maximising our limited resources. It meant that we had to find a cost-effective solution with competitive functionality. We found that Fortinet`s suite of appliances was elegantly priced and met our functional requirements." - Anver Natha, Manager: IT Operational Services, University of the Western Cape.

The University of the Western Cape (UWC) was founded in 1959 with 166 students and has since grown to more than 14 000 students based on its main campus in the city of Tygerberg and two satellite campuses in outlying suburbs. The student body is supported by more than 1 500 support and academic staff across its seven faculties and more than 50 academic departments.

UWC has a collapsed backbone network configuration. Fibres carrying data from each of the more than 50 university departments and buildings are collapsed onto a core switch with a number of servers in a centralised data centre. Individual departments are not permitted to have independent servers and security is carried out by UWC`s Information and Communication Services (ICS) Department.

The typical security environment in academic institutions is significantly more complex than in the corporate environment:

* Universities adopt liberal policies with regard to content despite the risks associated with inappropriate or illegal content.
* Academic and student records, and exam data stores need to be protected from intrusions.
* Information requests associated with traffic emanating from academic staff is unusual compared to typical information requests in the corporate environment.

According to Fortinet, "many of today`s threats propagate via Web applications, and therefore can easily bypass e-mail-centric defences against content-based threats. While numerous products are available today that can be used to filter inappropriate content, eliminate viruses and worms, detect network intrusions and prevent access to critical computing assets, the cost of procuring and managing multiple, independent systems stretches the budget limitations of most educational institutions.

As an institution of learning, UWC prioritises spend on its core activity of education. Support functions are therefore challenged with running efficiently with limited resources. To this end, ICS optimises its budgets by automating as many processes and functions as possible without compromising quality. It was under these conditions that the university`s ICS department undertook a project to enhance its security environment during 2004.

ICS was tasked with upgrading its security environment in 2004, and needed to source a solution which could be automated, while highly cost-effective. ICS, in close consultation with its outsource service provider, GijimaAst, explored the available solutions in the market.

"With a large number of universities as reference sites, the university of the Western Cape was able to gauge the effectiveness of Fortinet`s products in this high traffic and complex security environment. Its solutions are proven with implementations in universities the world over including Princeton University and California State University, to name but a few," explains Perry Hutton, Director, Maxtec Peripherals.

Fortinet was identified as the most suitable solution in the market. Its unified threat management (UTM) appliances have the required functionality hardwired which results in lower dependence on human interface reducing resource requirements.

In addition, Fortinet`s licensing model is unique - every appliance carries its own licence without any limitation on the number of users. The model suited UWC`s budgetary constraints by selecting those models which met their capacity needs. This resulted in a cost-effective solution which can be scaled up as their end-user requirements increase.

Two high-end ASIC-accelerated FortiGate 800 appliances were installed centrally in fail-over mode. These FortiGate appliances are integrated with Fortinet`s FortiGuard Subscription Services for Antivirus and Intrusion Prevention to receive automatic updates for anti-virus and intrusion prevention signatures to deliver real-time protection against constantly evolving network threats. While UWC continues to operate a separate firewall, it fully utilises the other functionality offered by the appliances including e-mail, Web and file transfer scanning; anti-virus and built-in intrusion detection and prevention. With the automated functionality of the FortiGate systems, UWC is able to maintain the security of all its end-users with two dedicated security teams who also manage the firewalls.

The results from installing the FortiGate 800`s in UWC`s centralised data centre were excellent. As a result, the university subsequently purchased a smaller FortiGate 300 to assist in diagnosing problems in individual departments. It is used as a roving appliance and temporarily plugged in-line where faults or problems are suspected. In this way analysis of activity in individual departments is possible, for example unusual virus or Trojan activity. The results are used to resolve the issues.

Fortinet`s network-based approach that protects against grayware and spyware - in real-time, has ensured that spyware, which was typically detected and eliminated via host-based systems, has been eliminated at the university`s network edge. This has meant substantial savings to the university in terms of spyware frustration and man-hours spent cleaning up such occurrences.