An expanded wireless LAN caused network traffic at Fitchburg State University to explode. To improve network visibility and maintain network security with all the additional traffic, the network management team installed a NetFlow analyzer.
The networking team at the Massachusetts university selected Lancope StealthWatch as a NetFlow analyzer, and set its Enterasys Networks routers to publish NetFlow records to the appliance. The school also installed multiple StealthWatch FlowSensors around campus to gain visibility into infrastructure that does not natively support NetFlow. FlowSensor is an appliance that collects data from hosts and other devices on the network and converts it into NetFlow data. A virtual edition installed on a virtual host can produce NetFlow records for individual vitual machines.
“We have sensors installed on all our virtual boxes and a sensor appliance that is mirroring out traffic from our SAN, our server VLAN and our DMZ,” said Tony Chila, the university’s network manager. “We’re able to dig deeper into that traffic and analyzer up to Layer 4 in the stack, so we’re seeing basically a breakdown of all traffic on the network -- the particular services, ports used, locations and that type of information.”
Expanded wireless LAN coverage was inevitable
Getting a better handle on network traffic became critical when Fitchburg went from having Wi-Fi in common areas and academic buildings to providing 100% wireless in all residence hall areas using a campus-wide 802.11n Enterasys network.
“Our incoming students had never even seen an Ethernet cord,” said Jamie Roger, the university’s director of auxiliary services. “It became painfully apparent that this incoming generation expects wireless to be everywhere.
With the upgrade, students started connecting more than just their laptop to the network. Suddenly smartphones, tablets and gaming systems were also adding to the traffic onslaught, Roger said. As a result, a network that once had 3,000 to 3,500 devices connected at any one time was now exceeding 7,000. Suddenly network capacity management was critical.
NetFlow analyzer helps with capacity management
The traffic visibility afforded by StealthWatch has streamlined the university’s approach to network capacity management and has helped the school avoid a costly and unnecessary infrastructure upgrade.
“The NetFlow analyzer’s daily dashboard reports opened up visibility into our network right up to the CIO level,” Roger said. “In the past, if we were reaching our bandwidth maximum, I would have to go begging and pleading to get additional money to increase bandwidth. Now with all this reporting going up to our CIO, he could see our bandwidth growth over the last several months and he came to me and said, ‘Hey, get a price on increasing bandwidth.’ It made my fight for funding a whole lot easier.”
And when users at a remote building more than a mile off campus started complaining about the poor performance of the 54 Mbps, site-to-site Wi-Fi connection that connected them to the main campus, the IT organization was able to use the NetFlow analyzer to avoid a costly upgrade.
The university had been considering a new $500,000 fiber connection to correct the issue, but Roger and his staff used StealthWatch to establish that the point-to-point Wi-Fi link wasn’t saturated, so they needed to do a little detective work. Ultimately they determined that trees were interrupting the signal of the wireless connection.
“When you looked at the wireless connection it looked fine,” Roger added. “But depending on how the wind blew, it affected the data.”
The improved visibility has also helped the IT organization respond to service problems.
“We can see total internal traffic broken down by protocol and application,” Chila said. “If we see spikes with a large amount of traffic, we can drill into those areas and find out who is basically utilizing this additional bandwidth.”
That means no more placing blanket blame on the network.
“This product allows us to see server response time, network response time, round-trip time and identify where the latency is actually happening. I have a server group of two individuals, so chasing around problems that don’t exist -- we just don’t have time for that,” Roger said.
NetFlow analyzer strengthens PCI compliance, roots out P2P traffic
The StealthWatch NetFlow analyzer has beefed up the university’s compliance efforts, particularly its policies against illicit, peer-to-peer (P2P) file sharing and its audits for the credit card industry’s PCI DSS requirements.
The school blocks all P2P traffic coming in or out of the campus at the Internet circuit via an HP TippingPoint intrusion protection system (IPS), Roger said. The NetFlow analyzer gives network managers a view into internal P2P traffic.
“We have detected [internal P2P traffic] but we’re not currently acting on it,” Roger said. “We haven’t used the StealthWatch product to proactively do anything with P2P, other than try to get a handle on how much it’s happening. We’ve only had the product for five months.”
The NetFlow analyzer also gives Fitchburg State an added layer of PCI compliance assurance, according to Chila.
“We set up a trap [with StealthWatch] where if we see traffic that traverses to that [PCI] network from a subnet or device that is unauthorized, then we get alerted,” Chila said. “We have access lists which clearly define who can get in and who can’t. This is a way to monitor it, if for any reason someone is able to traverse those lines. It shouldn’t happen and it hasn’t happened.”
Let us know what you think about the story; email: Shamus McGillicuddy, News Director.