Like every institution of higher learning, the University of Dayton needs to provide open network access to students, faculty, and staff. But as one of the most wired campuses in the country, that openness makes the college especially vulnerable to attacks that bypass the firewall and permeate the network.
All housing at Dayton offers high-speed Internet access, and there are about 10,500 workstations and 283 servers on campus. Our experience with the Code Red virus demonstrated that just five infected machines could overwhelm the core campus router. Before we implemented a more permanent solution, our only valid strategy was to apply patches before a server or workstation was allowed on the network--obviously a labor-intensive process. We also had no way to assess whether the network was infected or under attack.
Peer-to-peer file sharing--popular with students who like to download music and video files--presents additional legal, security, and bandwidth-abuse issues.
One of the fast-emerging areas in information security is automated intrusion prevention. It was clear our patchwork process for deflecting intrusions wasn't working, so late last year we began planning for an automated security initiative to detect suspicious activity and block it. Further, we wanted to easily manage the process using existing staff and install security capabilities for existing and future threats.