Asia's Source for Enterprise Network Knowledge

Sunday, April 30th, 2017

Secure Your Apps

Right security postures: A tale of two universities

 Cyber security risks related to BYOD and cloud-driven shadow IT are high for institutions of higher learning managing the demands of students, teaching staff as well as external stakeholders.

The student population whom they serve are predominantly digital-savvy millennials, use diverse devices to access courseware and campus resources as well as a whole gamut of risky social media, gaming and entertainment apps.

On the other hand, digitalization is bringing about sweeping changes in the education sector. The internet is now the principal enabling mechanism by which academic staff and students interact, cross-fertilize ideas and make learning happen. Like in other sectors, universities are migrating workloads to the cloud. They are optimizing their operations and utilizing more technologies and applications to transform how learning is received and delivered.

Finding the right security posture

Even as the interplay between applications become more complex, the rapid rise of the Internet of Things (IoT) and the resulting increase in backend data workload are putting tremendous pressure on networks. The recent massive DDoS attacks on Dyn, for example, took advantage of thousands of compromised IoT devices to create a botnet.

The risk of a similar attack is high in a university campus given the ubiquity and diversity of mobile devices used for new modes of learning and engagements. So, universities have to focus on achieving the right cybersecurity posture to ensure a stable and secure IT infrastructure amidst these new trends.

Armed with core experience and a business centered on applications, F5 is helping to transform the education sector by optimizing the delivery of apps and safeguarding networks, apps and users from sophisticated threats. This is illustrated in how two universities, among many others, have increased efficiency and security with F5 solutions.

Both the University of Tsukuba in Japan and the University of Technology Sydney (UTS) are multi-campus tertiary institutions and they sought more robust security to address challenges associated with outdated legacy systems and the lack of integration and scalability among existing solutions.

Tsukuba needed the capacity for its DNS servers to scale for heavy loads and to monitor and interpret any intrusive network activity, while UTS needed to replace and consolidate its aging and limited core load balancing, web application firewall (WAF) and remote virtual private network (VPN) services – each provided by a different vendor – onto a single platform.

Unified defense, better security

Tsukuba had installed the F5 BIG-IP 7200v into the pathway that handled all access from outside its campuses. This condensed the operations of multiple firewall equipment at the network edge into a single unit. Prior to deploying F5, each domain had its own separate DNS server; all academic divisions were required to administer and manage their own network. With all functions now going through a unified system, policy controls and traffic management improved, while exposure to vulnerabilities was drastically reduced.

“We were seeing more DoS and DDoS attacks,” said Dr Akira Sato, associate professor at the Faculty of Engineering, Information and Systems, of the University of Tsukuba Academic Computing and Communications Center. “To guard against them, we needed a [security] measure at the application level, such as the one F5 offers.”

The installed BIG-IP 7200v handled the maximum throughput of 40 Gbps, providing a safe margin from the influx of external packets while simultaneously load balancing server traffic. The hardware runs F5’s BIG-IP Advanced Firewall Manager (AFM), which provides a static measure at the IP address level, and the F5 WAF services within BIG-IP Application Security Manager (ASM), which detect and prevent DDoS attacks closest to applications.

Optimized for security

At UTS, existing point solutions lacked automation, high availability and appropriate security and required specialist IT administrator skills. “We had limited web application firewall services in place and in today’s world that was a risky position for a university to be in – and also a key driver for the deployment,” said Steve McEwan, IT technical services manager at the university.

F5 professional services engineers worked closely with the UTS infrastructure team to transform its IT infrastructure into an integrated, secured and scalable platform. The consolidation enabled UTS to optimize its IT network and implement cybersecurity policy for high availability, balanced security posture and seamless user access to applications and data.

The F5 BIG-IP ASM, for example, protects UTS’s web services, mitigates threats, and provides DDoS protection for the network, DNS, SSL and application layers. After the consolidation of remote access VPN services into F5 BIG-IP Access Policy Manager (APM), UTS also centralized control over users’ access to the network, applications, and the devices and locations from which users can access those applications.

“We consolidated a lot of old infrastructure into the new platform provided by F5,” said McEwan. “We have less products to manage, less maintenance, less support needed, and more meaningful tasks for our staff, which is of great benefit to us.”

Like UTS, Tsukuba has also benefited from the centralized management and improved security. “By taking advantage of the various BIG-IP security features, we have better protection for our network and we have fewer administrators involved,” commented Dr. Sato. “Since the programmable BIG-IP platform has various security features and capabilities, there are opportunities to add functionality and intelligence to raise the level of security even higher.”

With the benefits gained, Tsukuba and UTS have strengthened their overall security posture and be well poised to leverage innovative, technology-driven pedagogy in the digital age.

This is a QuestexAsia feature commissioned by F5 Networks Asia Pacific.