Case study: Halesowen College

The college has improved security

As IT leaders are starting to realise, the new generation of tech-savvy users coming into the organisation brings a whole heap of security challenges, forcing many to rethink their approach. At Halesowen College, technical resources director Will Davidson confronts the realities of dealing with young adults who have grown up with the internet on a daily basis.

The college encourages students to enhance their education through the innovative use of technology, rather than restrict what can be done. “Students often have more up-to-date technology than the college and we don’t want to block things and clamp down,” says Davidson. “We let people bring in USB sticks, for example, but we keep things as open as we can through trust –­ backed up by sound monitoring.”

To improve overall visibility of security threats and efficiency in tackling them, the college installed the Sourcefire 3D system in 2008.

Previously, it had used open source intrusion detection software Snort. While Snort provided the ability to monitor its local area network, it did not allow IT to adequately prioritise threats, says Davidson.

Two 3D sensors now monitor the college’s internet connection and its wireless networks to provide visibility of all traffic coming in from outside the campus.

Halesowen also uses Sourcefire RNA (real-time network awareness) to gather network intelligence about the nature of threats.

“The Snort technology is good at spotting threats, but is very response intensive. One of my technicians was spending half his day managing alerts, interpreting threats and filtering out false positives. Sourcefire has saved us 15 hours a week. Its threat analysis and RNA means we are alerted to high priority threats we need to act on in real-time,” says Davidson.

The system has already paid for itself. “We had a SQL injection attack on our web site, but with Sourcefire we responded immediately to prevent spyware infecting PCs. The seven IP addresses behind the attack were identified, their access blocked and all our site’s infected pages were cleaned up in around two hours,” says Davidson.

Sourcefire complements the college’s multi-layered approach to security. “It is important not to rely on one security technology. We have virus checkers on all our 1,700 PCs, automatic patching, and segregated staff and student networks,” says Davidson.