Tools cover security gauntlet

An accidentally typed URL prompted an Alberta school board to take steps toward increased security flexibility as well as reduced infrastructure complexity, according to Matt Norton, director of technology with Lethbridge School District No. 51 in Lethbridge, Alta.

He said that though the board had defensive technology on its networks (minus content filtering), the inappropriate Web site “started the ball rolling” toward a more centrally managed solution from Fortinet Inc.

Until recently, Telus Corp. managed the school board’s wide area network (WAN). But as Norton’s own staff became more knowledgeable about the technology being used, it “decided to remove pieces of the (Telus) contract” and bring them in-house, he said. This decision not only saved the district money, but also gave it more flexibility to change its network settings as needed, he added.

Lethbridge started searching for a new solution that would cover the security gauntlet, from antispam and antivirus to firewall, virtual private networks and content filtering. The board looked at best-of-breed versus single-vendor solutions and opted for the latter once it factored in cost and ease-of use, Norton said.

For example, the board looked at Cisco Systems Inc.’s firewall solution, but it “only did one thing,” Norton said. N2H2’s content filtering (recently bought by Secure Computing Corp.) was another possible solution, but it was also focused on only one dimension of the school board’s security concerns.

In the end, the board went with Fortinet’s FortiGate 500 with the FortiGuard Web Filtering subscription service. “On paper it sounded fantastic,” he said, adding that a year later he has not changed his mind. The install was relatively seamless, he said. “We had it up and running in less than an hour.”

The content-filtering systems are profile-driven, which is important for a school board that covers kindergarten to grade 12 as well as office staff, Norton said. It has one profile for K to five and another for six to 12 and the office staff.

The subscription service continually updates a list of inappropriate Web sites, such as those deemed pornographic. There are 56 categories for filtering, said Adam Stein, vice-president of Fortinet’s corporate marketing. “You can (filter) down to the individual MAC (media access control) or IP address,” he said. The master ratings database covers over one billion URLs. Signatures, be they viral or content, can be pushed out to FortiGate boxes in a matter of minutes, Stein said.

The FortiGate systems cover the “seven wonders of security,” Stein said: antivirus, firewall, content filtering, VPN, intrusion detection, intrusion prevention and traffic shaping functions. The 15 FortiGate solutions cover the SOHO to telco-carrier market.

The board uses McAfee Inc.’s antivirus solution on desktops and servers, but with Fortinet’s solution on the gateway, virus numbers inside the network have almost “dropped to zero,” Norton said. The school board will continue to keep both solutions because Norton likes using a multi-layer approach, he said.

Lethbridge is just starting to investigate the VPN portion of the solution. Norton did say, however, that Fortinet’s antispam solution was lacking. “That is one [area where] we found that (we) needed more help than the Fortigate solution could provide.”

Though a student could still accidentally type in the wrong URL, Norton said, his team’s ability to react has been greatly improved. If such an event does occur, it is easy to subsequently block the URL from the board’s systems.

Quick Link 050896

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now