Petra University Jordan, Asia
Petra University Relies on Cyberoam to Connect Securely
About Petra University, Education
Located in the western part of Amman, Petra University is one of most welcoming universities in Jordan. The University has come a long way in a short amount of time and they currently have about 6000 students. Of these are international students from around 30 countries.
Their main mission is to play a significant role in the progress of their nation through creating and disseminating knowledge & technology and preparing graduates who can contribute positively towards their communities.
Also, their mission is to create an academic, cultural and social environment that develops research opportunities; builds-up the competence of their members; provides active community service, and prepares their students to be capable of creative and critical thinking and life long learning, and are able to compete in the marketplace.
The Petra’s network basically comprised of web and mail servers with no focused doorway security sketch. The university, therefore, needed a gateway firewall to regulate user authentication and access control.
Mr. Mohannad Malhis,
According to Mr. Mohannad Malhis, ICT Director at Petra University, the university was facing the following security and connectivity challenges related to its business activities.
Firewall and IPS
The university network covered student information, training programs, as well as other sensitive information which was under constant threat from spyware, and DoS attacks. It was also significant to put a stop to any incident of communication loss or data tampering due to eavesdropping attacks from outsiders.
Petra University wanted to provide ubiquitous and secure networks to service the exploding demand for wireless access, provide for critical campus LANs, and build out virtualized data centers. “Users, including students, faculty and researchers, administrators, and even lifelong learners, demand that their applications and devices run flawlessly anytime, anywhere.” said Mr. Malhis. The network is a mission critical component of the core academic business of Petra’s university, and it's harder and harder to manage.
There, Mr. Malhis wanted a solution that would control the entire Internet traffic and provide a level of protection from network-based attacks by allowing good traffic and denying bad traffic as defined by a security policy. They need to protect the network against intentional and unintentional intrusion attempts, and Denial of Service attacks.
Controlling Surfing Practices
Petra’s responsibility is to protect students from web-borne threats and to promote safe internet use. The university needed to know who was accessing what sites and as such needed an identity based filter and reporting system that would include the users’ online behavioral audit. Unrestricted access was draining productivity by wasteful Web surfing. Also, the bandwidth usage patterns were seriously affected when user’s turn to bandwidth-hungry applications such as, Music, Video, Social networking & Streaming media. Installing a content filtering solution can eliminate these problems.
The Cyberoam Solution
Petra University looked into a number of security products including Cisco, TrendMicro in order to address their business challenges. The search was on for an appliance which would take care of their all above requirements. So they felt that Cyberoam was the apparent choice. The university then deployed One (1) CR 750ia at the Data Center in their head office in Gateway mode.
The business benefits were as follows:
- Layer 8 Technology – Identity Based Security
Cyberoam UTM’s Layer 8 technology provides a robust network security system which can include a user's human identity as part of the firewall rule matching criteria. It treats user identity as the 8th Layer or the human layer in the network protocol stack, enabling educational institutes to overcome the limitations of conventional UTMs/firewalls which bind security to IP addresses alone. By implementing Layer 8 security in their networks, administrators can gain real-time visibility into the online activity of users while creating security policies based on their usernames.
Mr. Malhis used Cyberoam’s Active Directory (AD) facility to achieve the task of integrating Petra university user’s in the network through a wizard to import users.
- Access and Application Control
Cyberoam UTM’s Stateful Inspection Firewall implements policies based on User Identity in addition to source, destination zone, IP address and application and provides access control over all the Internet traffic.
Stateful inspection firewall and Intrusion Prevention solution guard the LAN and the DMZ network from unauthorized access and intrusion attempts. All applications that tried to access Internet were logged and any un-productive application was blocked. Coupled with Intrusion Prevention module, Cyberoam UTM can counter any Denial of Service attack. Mr. Malhis now felt the network is secure.
- Surfing Control
Cyberoam UTM’s web content filtering feature controls Internet access in the university by blocking inappropriate and unsafe Web content, including phishing and other malware-laden sites. This is done through a constantly updated database of millions of sites divided into 82+ categories including pornography, P2P, entertainment and job search. Moreover, Cyberoam’s identity-based filtering allows sets individual user Internet access policy, surfing quota, time limits and bandwidth restrictions.
- On-Appliance Reporting
"Cyberoam Reporting gives us true insight into what's really going on in our network to ensure that risky traffic and activity doesn't happen anymore," sums up Malhis. In-depth reporting provides the detail needed to understand all activity with real-time logs that show individual user browsing to trends and site specific reports. "The control, visibility and threat prevention capabilities of Cyberoam are unmatched. The cost was right and the benefits quickly justified the cost.” said Mr. Malhis