NAC, IDS cure medical school's security woes

UMass Medical School has courses on illnesses, but what happens if the network gets sick? The school has taken steps to ensure that won't happen.

At the UMass Medical School, network security used to be a guessing game combined with a continual firefight.

Things would come up, and IT would react. That's how it went for the Worcester, Mass.-based campus. But things are changing. UMass Medical School recently added two lines of defense to its network to track down, identify and wipe out potential security breaches and troubles; and, using Dragon and Sentinel from Enterasys Networks, UMass Medical now takes pride in its beefed-up security.

"It's a problem with anybody's network," associate CIO Charles Desourdy said about security. "It's always more than you expect when you don't know what's out there."

Now, UMass Medical keeps its network and roughly 6,000 end users -- faculty, staff and students -- safe with Dragon Network Defense, an enhancement to Enterasys' Dragon intrusion detection and prevention suite and part of the vendor's Secure Networks portfolio. With Dragon, Desourdy can detect, isolate and remedy attacks that could potentially cripple the network, he said. Dragon is used in conjunction with the Dragon Security Command Console, which aggregates and analyzes security information from numerous devices while also providing reporting that can span the entire enterprise or focus on a single group of users.

Along with Dragon, UMass Medical also recently deployed Enterasys' latest security product, Sentinel, which offers network access control by preventing unauthorized or compromised devices from getting onto the network. Sentinel uses multiple authentication methods and assesses the threat level of devices attempting to connect. Because Sentinel is agentless, IT does not have to install and maintain the software on every PC on the network.

"This is sort of the last man standing that we have to deal with," Desourdy said.

One thing about UMass, he explained, is that current policy requires users to have a hardware router firewall at home in order to get onto the network. But the policy was tough to enforce because it was hard to prove who had what. In some instances, users had to provide a digital picture of their firewall before they were granted home access.

Now, Sentinel knows whether users are in compliance and can deny them network access if they are not using a hardware router firewall, Desourdy said. It also determines whether the machine has up-to-date anti-virus, spam filters, and other security software before access is granted.

Using Sentinel with Dragon, Desourdy said, gives a lot more than just peace of mind.

"You put it out there and it shows what's going on," he said. "It allows us to take a look and make sure we're clean at the other end."

For more information

Learn about the difference between IDS and IPS

Read about NAC and its potential confusion

Before, security problems were somewhat of an unknown, Desourdy explained. In the past, a user would report slow performance on a PC, and IT would probably discover that a virus or other problem had somehow crept in. Now, he said, those problems can be squashed before they get onto the PC, and if they do manage to slip through, the machine will be checked again before it's allowed onto the network.

Steve Hargis, Enterasys' director of Secure Network solutions, said Dragon can pick out traffic anomalies using behavior-based, deep packet inspection to detect patterns and look for changes, rather than simply looking for bad packets.

Where Dragon is reactive, Sentinel adds a proactive piece to the mix, said Royce Stegman, product manager of network management and security software.

"More things are connecting to the network," he said. "That means more opportunity for something to go awry."

Though Desourdy can't recall any major security breaches or problems before deploying Dragon and Sentinel, he now won't have to worry about the first time.

"We've not had anything happen here," he said, adding that continually deploying security tools is UMass Medical School's mission. "This is just the next phase of our layered approach. We're starting to phase it in."

Dig deeper on Network Access Control

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close