Thapar University Punjab, India
Cyberoam UTM: Best Internet Security Solution for a HealthyAcademic Environment
About Thapar University, Education

Thapar University (TU) was established in 1956 with the goal of providing undergraduate, postgraduate and doctoral education and guidance in Engineering and Technology, close interaction with industry, and strong emphasis on research. The Thapar University is today recognized among the leading privately managed grant-in-aid engineering institutions of the country.

“Cyberoam’s gateway AV and AS are its most relevant features.We even tried to switch off the AV and AS modules to check their effectiveness. In their absence the unwanted traffic increased to almost 90 to 100%”

Dr. Seema Bawa
Head, CSED,
Thapar University

“We had already tinkered around with self built firewalls, for some time. However, we soon realized that our needs were much larger,” said Dr. Seema Bawa, Head-CSED, TU.

Explaining the need for a secure gateway and Internet control in a technological institute, Dr. Maninder Singh, Assistant Professor and Network Manager, CSED, TU
said, “We needed a security solution and a control mechanism to regulate the Internet usage. Firewall, web filtering, anti-spam and anti-virus solutions were our top priority. Over and above this, we wanted a robust control solution that was identity based and hence could identify the individual users, not just the IP addresses.”

With high-grade resources offered to students and faculty, optimum utilization of these resources, including productive use of Internet bandwidth at all times was critical to supporting the high educational standards set by the university,

Expressing reservation against multiple solutions deployment, Dr. Singh said,“Multiple solutions do not always translate into higher levels of security and better controls. More often than not, multiple solutions involve huge capital and operating expenses. Easy configuration and maintenance were our priority,” he added. One thing more, we already have an existing network of more than 2200 live nodes. We wanted a solution that can blend into our existing network seamlessly and work transparently.We cannot afford to have an alternative focus of managing it.”

The Cyberoam Solution

After scouting the market for a viable solution, TU zeroed in on Cyberoam in 2003.“We purchased a software-based Cyberoam UTM in 2003. Today, we have a Cyberoam 500iUTMappliance deployed in Gateway mode,” said Dr. Bawa.

“Cyberoam’s user-friendliness was proven quite effectively when it blended seamlessly into the existing network,” said Dr. Singh.

At any point in time,TU has almost three thousand (3000) students. Creation of users in Cyberoam required the simple task of importing a CSV file. Cyberoam it self shouldered the responsibility of authentication through automated Single Sign-On. So the administrators were saved from providing a separate authentication server.

Dr. Singh was also able to form the users into groups and assign access controls to the groups. Cyberoam’s identity-based nature, drilled down to reveal the individual user’s identity “Cyberoam’s identity-based reporting not only revealed the facebehind an IP address, but also promoted responsible end-user behavior. It helps us track and isolate errant individuals from such a vast pool of Internet users.” Dr. Singh explained.

He could now selectively provide need-based Internet access and download rights to users. He was even able to specify the amount and types of downloads that a
particular group of users was allowed at a particular point of time. Cyclic access feature of Cyberoam ensured that a few individuals would not corner the Internet bandwidth. “Undergraduate students are allowed to access the Internet from 8AM to 12 noon. This is because we want the students to rest and sleep before they come to class next morning,”Dr. Singh said in a lighter vein.

Creating user identity-based policies also helped him apply customized policies for application controls. Dr. Singh, now has complete control over all the applications running in TU’s network. Cyberoam’s web filtering solution prevented students from visiting malicious sites and downloading and installing malware on local terminals. Identity based multiple IDP policies ensured that no security loopholes were left uncovered.

“In addition, with a firewall rule in place, TU’s VoIP traffic stays controlled too,” said Dr. Singh.

Dr Bawa and Dr. Singh were of the opinion that, “Cyberoam’s gateway anti-virus and anti-spam are its most relevant features.” To ascertain the effectivity of the gateway AV & AS modules, Dr. Singh shut them down and monitored the traffic. They found that the noise on the network reached an unmanageable crescendo. However, when the modules were redeployed, the viruses disappeared and 90 percent of spam mails vanished too.

In addition, Cyberoam’s Multi-Link Manager load balances TU’s two ISP links with a 6 : 4 ratio in traffic distribution. Cyberoam’s gateway failover automatically switches the traffic to the working link automatically in case of link failure.

Cyberoam’s bandwidth management module allows Dr. Singh to assign a specific amount of bandwidth to a group of users, leading to optimal usage of the total available bandwidth. “We have grouped the students according to their undergraduate and post-graduate status. Faculty, deans and directors have their individual groups. While undergraduate students have a fixed amount of bandwidth, postgraduate and research students have a greater amount of bandwidth allocated to them. Certain users are allowed to access the Internet through a specific gateway, controlling bandwidth usage further.”