Securing Next Generation Education A FORTINET WHITE PAPER



Similar documents
Securing Next Generation Education A FORTINET WHITE PAPER

Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper

Fortinet Partner Program

Fortinet Secure Wireless LAN

Improving Profitability for MSSPs Targeting SMBs

Fortinet s Partner Programme

Fortinet FortiGate App for Splunk

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

The Fortinet Advanced Threat Protection Framework

How To Get A Fortinet Security System For Free

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

MSSP Advanced Threat Protection Service

SDN Security for VMware Data Center Environments

The Enterprise Cloud Rush

Use FortiWeb to Publish Applications

5 ½ Things That Make a Firewall Next Gen WHITE PAPER

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Network Firewall (INFW)

The Fortinet Secure Health Architecture

SOLUTION GUIDE. Maintaining Business Continuity Fighting Today s Advanced Attacks

The Fortinet Secure Health Architecture

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

Lowering The Costs Of High Performance Network Security For Retail Chains A FORTINET WHITE PAPER

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

FortiVoice Enterprise

Secure Access Architecture

Securing the Data Center

How To Secure Your Store Data With Fortinet

Keeping the Store Open: Fighting the Cyber Criminal in the Retail World

FortiVoice Enterprise

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Vulnerability Management for the Distributed Enterprise. The Integration Challenge

FortiMail Filtering Course 221-v2.2 Course Overview

FortiGate 100D Series

FortiGate/FortiWiFi 60D Series

V1.4. Spambrella Continuity SaaS. August 2

High performance security for low-latency networks

Fortigate Features & Demo

How To Buy Nitro Security

FortiGate 200D Series

The Evolution of the Enterprise And Enterprise Security

High Performance NGFW Extended

FortiGate/FortiWiFi 90D Series

CLOUD & Managed Security Services

10 easy steps to secure your retail network

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

How To Manage Security On A Networked Computer System

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem

BUSINESS OPPORTUNITY 4 CONNECTED UTM FOR SMALL OFFICES 6 SECURE COMMUNICATIONS FOR SMALL OFFICES 10 COMPETITIVE COMPARISONS 15

Mobile Configuration Profiles for ios Devices Technical Note

Securing your IOT journey and beyond. Alvin Rodrigues Market Development Director South East Asia and Hong Kong. What is the internet of things?

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

Lot 1 Service Specification MANAGED SECURITY SERVICES

FortiAuthenticator TM User Identity Management and Single Sign-On

FortiGate RADIUS Single Sign-On (RSSO) with Windows Server 2008 Network Policy Server (NPS) VERSION 5.2.3

Your Security Partner of Choice

Best practices for WiFi in K-12 schools

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

FortiMail Filtering. Course for FortiMail v4.0. Course Overview

WHITE PAPER. Towards A Consolidated Approach For PCI-DSS Compliance In Healthcare

FortiGuard Security Services

SOLUTIONS GUIDE. Secure Wireless LAN Solutions Guide. Complete Wi-Fi Security for Any Network Topology

Database Security in Virtualization and Cloud Computing Environments

Advantages of Consolidating Network Security with Wireless for Small & Mid-Size Businesses

BYOD Policy & Management Part I

Unified Threat Management, Managed Security, and the Cloud Services Model

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

Meru MobileFLEX Architecture

Nominee: Barracuda Networks

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

Achieve Deeper Network Security

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Proven LANDesk Solutions

Same great products, different brand name

Fortinet s Data Center Solution

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

White Paper. ZyWALL USG Trade-In Program

Firewall and UTM Solutions Guide

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

2012 North American Enterprise Firewalls Market Penetration Leadership Award

INFORMATION PROTECTED

DOBUS And SBL Cloud Services Brochure

Driving Agility and Security with Data Center Consolidation WHITE PAPER

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

The Fortinet SDN Security Framework

Meru MobileFLEX Architecture

Simplify Your Network Security with All-In-One Unified Threat Management

Building a Security Fabric for Today s Network

FortiAuthenticator - What's New Guide VERSION 4.0

FortiMail Filtering. Course 221 (for FortiMail v4.2) Course Overview

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

Security Services. 30 years of experience in IT business

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

WHITE PAPER SOLUTION CARD. What is Fueling BYOD Adoption? Mobile Device Accountability and Control

Fortinet Presence Analytics Solution

The Advantages of Security as a Service versus On-Premise Security

Transcription:

Securing Next Generation Education A FORTINET WHITE PAPER

Introduction Education And The Next Generation Over the past 20 years the world of education has changed out of all recognition. We have transitioned from a world of individual and largely isolated institutions firmly bound to traditional methods, procedures and resources to one at the forefront of the collaborative computing/internet/international organisation collide. This situation has arisen and continues to be driven by a number of confluent factors that have uniquely shaped the profession. Firstly, educational methods have evolved rapidly hand-in-hand with the availability of content-rich education focused computing applications. Secondly, the ubiquitous nature of the Internet continues to disproportionately shape the lives of our next generation to the extent that young people s lives are becoming defined by and experienced through the Internet. Finally, and more ominously, the availability of the world s knowledge at our fingertips massively increases the risk of exposure to the worst ills of our global society. To examine how we can effectively harness the opportunities of the interconnected world and liberate competition and collaboration between establishments whilst mitigating the inherent threats, we must thoroughly understand the specific current and future drivers of our educational institutions with respect to IT systems, IT security and the Internet. Combining this with the aspirations and needs of our young adults we can fulfil the promise of next generation education.

Computing And Life In Further / Higher Education Level For students, the phase of further/higher education is defined by extensive use of the Internet for educational, research and social purposes, not necessarily in that order. Whilst providing access to computing and Internet resources, a university or college also has a responsibility for duty of care for all users of its services. However the majority of students expect to connect their own devices to the network for both intra- and Internet access. Every establishment will make their own decisions on network design, but there are clear demarcation lines between students, staff, research and visitors and these need to be built into both the wired and wireless access service. The Educators' Challenge Our Education Differentiation The reliance of educational establishments on non-public sources of funding has driven competition between them to new levels. There are a number of battle lines for competition, but in the drive for better results, many rely on a secure computing and network platform for a greater collaborative capability and to deliver education more effectively through content and data rich applications. It is now the accepted norm that colleges and universities demonstrate in their prospectus how they lever such platforms to the benefit of all stakeholders in the establishment, namely students, staff and prospective employees. Enabling Strategies For Developing The Brand Intense competition at home has driven the search for lucrative overseas students whilst developing the establishment brand to a wider business and international research audience. Partner or extension faculties are typically located in rapidly developing economies such as South East Asia or the Middle East. Key to the success of such strategies is rapid yet secure wide area networking linking such sites together to share resources. Forward thinking establishments will reach out to their local communities and businesses to utilise their assets for brand enhancing or indeed profitable events such as continuing education, summits and presentations. Highly flexible networking and security infrastructure are pre-requisite capabilities are essential to support these initiatives. Demonstrable Duty-Of-Care And Acceptable Use Policies Despite the fact that the majority of users of establishment networking and Internet access are over the age of consent, there remains a key requirement to provide a demonstrable duty-of-care. The core pillar of this responsibility is an enforceable acceptable use policy that is distributed widely to staff, students and visitors alike. The policy defines e-safety and must strike the balance between accessibility and protection for each faculty, function and user category. It must detail the controls that are put into place whether they are preventative, detective or corrective. Heterogeneous Systems / Networks / Applications Education networks are very rarely built from scratch and have typically evolved in fits and starts as project budgets have become available based on top down driven initiatives. Furthermore, establishments often require connectivity to regional or national networks such as Janet in the UK that demand appropriate firewalling and segmentation. Incorporating local, regional, national and international wired and wireless resources into a homogeneous network without undue complexity and cost can present a significant challenge.

Campus Topologies and High Density Access Many colleges and universities comprise of multiple faculties and departments located in disparate buildings, some of which may be temporary. Deploying wired networks may be cost prohibitive or simply impractical in many situations. An attractive alternative is to provide wireless connectivity based on the latest international standards to provide rapid and cost-effective extension of existing networks across an entire campus. In contrast to extending access reach, in certain locations such as lecture theatres, residence halls etc, there is the need for high-density deployment capabilities to address a high probability of channel interference, channel frequency and access point overload in addition to external interference sources. All of these factors are contributors to poor levels of wireless service if the networks are not deployed and configured appropriately. User Identification for Profiling and Segmentation Implicit at all phases of education is the requirement that different user categories(i.e. students, staff, visitors) have differing levels of access to internal and Internet based resources. This can be achieved in a number of ways, but the most common is through a user s identity that is determined as they authenticate onto a network. Having security policies that are identity based and/or device based allows an establishment to define and implement solid boundaries. This requires robust identity management capabilities that offer single and increasingly 2-factor authentication with fine-grained authorisation to network based resources. Wireless Guest Provision In today s modern education establishment it is now expected that visitors (i.e. parents, adult education students etc) may benefit from access to the Internet. Ideally, this is proposed free of charge and branded with the establishment s own landing/login page. Consequently, an infrastructure is required to provide this level of differentiated service comprising of wireless access points, wireless guest management, welcome/login pages in addition to fine-grained, segmented security management. Dynamic Security Provision Design of IT and IT security systems cannot assume static network topologies. From a physical perspective, departments may be relocated and temporary buildings erected to cater for extraordinary events. From a logical perspective, requirements such as college projects, research projects, and external conferences may demand a rapid provisioning and re-configuration of the security profiles attributed to part of the network. The ability to react effectively and securely to these requirements can make the difference between success and failure. Secure Email Having an establishment mail domain is now commonplace for all levels of education. The key challenge however is to provide cost effective email messaging whilst also ensuring that usage policies are being followed with respect to email content, privacy and backup. Cloud based or on-demand based services have proven to be quite restrictive and inadaptable to rapidly evolving protection and archiving requirements. Budget Challenges As is the situation in the public and private sector alike, budgets are under severe pressure. Delivery and support of technical systems are usually relegated to be secondary in priority to front line services with direct, visible costs such as staff, capital assets and buildings. It is important then to recognise how IT and IT security enables better education whilst seeking to deploy technology platforms that implicitly reduce complexity of deployment, management and overall cost.

Enabling Next Generation Education With Fortinet Introduction To Fortinet Fortinet is a global provider of IT security solutions to organizations of all sizes. Customers benefit from a large portfolio of best-in-class products that touch the majority of IT disciplines such as wired and wireless network security, web application security, email security and database protection to name just a few. Fortinet s leadership has been recognised by the industry through the awards of numerous industry standard security certifications and third-party testing such as VB100 Virus, VB100 Spam, NSS, Gartner and IDC. Most of Fortinet s products are underpinned by a global threat research and response delivery platform known as FortiGuard that provides real-time updates to signatures and global threat sources that all customers benefit from.

Secure Fundamentals For Further / Higher Education At the core of Fortinet s solution portfolio is Unified Threat Management (UTM) that is delivered in the form of the product FortiGate. FortiGate provides a scalable platform for Firewall, Anti-Virus, Anti-Spam, DLP (Data leakage prevention), IDS/IPS (Intrusion detection/protection) and Wireless control amongst other capabilities. A D C B The diagram above illustrates how components of the Fortinet product may be deployed to fulfil the fundamental challenges the educators face today: A) Service Provider / Authority In many circumstances an educational establishment may not have the skills or resources to retain full control of their security management. In this case they may have recourse to a local public authority or a private sector organization to manage this on their behalf. Fortinet products can be flexibly deployed in either scenario or indeed as a hybrid whereby the establishment retains partial delegated control of certain security management elements. B) University / College Lecture Hall In active and dynamic environments such as lecture theatres students require instant access from their own device. The wireless network in these high density circumstances must cope with large variability in client numbers, load and traffic types. A FortiGate appliance with its incorporated wireless controller combined with FortiAPs for wireless access points meets these types of extreme challenges. When combined with FortiAuthenticator for federated identity the platform becomes a powerful enabler for end-to-end secure Bring-Your-Own-Device (BYOD). C) Duty-of-Care & Governance Protection is paramount. FortiGate devices underpin flexible security policies providing robust and up to date filters to categorized web sites and applications whilst allowing access to whitelisted resources. The same platform through identity based user segmentation will provide different network and Internet access and traffic shaping for roles such as staff, students and visitor. Notification of attempted policy violations to appointed staff completes the governance of acceptable usage policy implementation. D) Campus Coverage Extending the network quickly and cost effectively across large areas and between buildings even in builtup areas is essential for service delivery. Provider based private network options are often cost prohibitive particularly if the links are temporary in nature. Fortinet resolves this challenge through its meshing and wireless network extension features. These are facilitated by both indoor and outdoor dual radio access points. Radio frequency coverage can be focused using Fortinet designed beam forming antennae thus greatly boosting data rates. This combination provides rapidly deployed local area links very cost effectively over hundreds of metres.

The Student And Their Device The phenomenon of BYOD is as prevalent in the education environment as it is in industry. Most students are equipped with smart devices of one form or another that they wish to connect to both the Internet and establishment resources. Indeed many today rely on these devices inside the lecture theatre or classroom for frontline education as much as they do in the cafe or common areas for social purposes. Enabling BYOD however brings with it many security challenges that require a BYOD-Ready Secure Network. Fortinet provides numerous BYOD critical features that allow for a securely managed BYOD strategy. A) Integrating Security & Wireless Control In any wireless solution there are 3 core components, radio(s), wireless controller and network security services. With a Fortinet based solution, the wireless controller is integrated into the same FortiGate appliance as the security services. As well as offering a far greater level of security control, this configuration significantly reduces the cost of procurement, deployment and management by removing complexity. Indeed, Fortinet customers also have the option of combining all 3 components into one appliance namely a FortiWiFi, further accentuating the benefits of greater simplicity. B) Device Identification And Security Attribution FortiGate appliances are capable of recognizing mobile device platform types, even without user authentication or complex traffic tracing. This capability gives administrators a clear view on the relative proportions of device types in circulation and can plan accordingly. Furthermore, security profiles can be attributed to specific device types enhancing the level or control needed in BYOD situations. C) Client Reputation In conjunction with device identification, FortiGate appliances can collect statistical information concerning the security posture of every client. This is determined by a number of weighted factors including, web activity, use of games, P2P sites, viruses/malware, IPS, bad connection attempts etc. Judicious use of client reputation accelerates the identification of clients that have either been infected with malware and users that are potentially misusing the service provided for them. D) Scalable Federated User Identity Management Managing the full diversity of user profiles is essential for a BYOD-Ready Secure Network. Users can be presented as purely unknown wireless guests through to high privilege administrators of IT resources connecting from a controlled desktop. Reliable identification of users provides the capability to apply user oriented security as a function of their profile. Correlating scalable industry standards based authentication with existing user/resource directories completes the security integration with other IT moving parts. Administrators and high privilege accounts often require 2-factor authentication to strengthen identity management. The Fortinet Identity Management solution articulates around the FortiAuthenticator which combines standards based authentication with certificate management servicing large and small establishments alike. FortiTokens that seamlessly integrate with FortiAuthenticator are available as hardware or software tokens for time based 2-factor or as a USB key form factor certificate token.

Cost Effective Secure Messaging Having an establishment email domain demonstrates to the stakeholders a high level of ICT/Computing maturity. Some establishments rely on on-line services from their ISP or other service provider for email enablement. However, costs can grow significantly due to both the larger community sizes typical in universities and colleges and the increased requirements for policies providing email content control. Fortinet s FortiMail provides both email messaging and messaging security in a single appliance. The messaging component is a fully functional email server with collaborative features such as calendaring and resource scheduling that can be utilised for room and equipment control too. All email security services are provided as part of the FortiMail license so an establishment can enjoy the security of antispam, antivirus, DLP, mail encryption, archiving and quarantining, all at no extra charge. Cost/benefit analyses show that with user communities greater than 50, deploying a fully functional, serviced secure messaging appliance is more cost effective than a simple online solution. The Final Bell Higher education establishments are looking to expand their IT infrastructures to meet the demand from students, staff and the business community. National education guidelines lean ever more heavily on secure IT, inter-connectivity and the Internet to fulfil education and research objectives. Forwards thinking establishments are pushing their boundaries internationally to develop new markets and attract overseas students and investment. To date the three constraints slowing such adoption are cost, complexity and security. Fortinet is a world leader in IT security solutions for Education that focuses on simplifying security deployment and cost. We have probably already enabled a higher education IT infrastructure in your region of the world for next generation young adults. Let us show you how we can achieve the same for you.

About Fortinet Fortinet is a global provider of high-performance network security solutions that provide our customers with the power to protect and control their IT infrastructure. Our purpose-built, integrated security technologies, combined with our FortiGuard security intelligence services, provide the high performance and complete content protection our customers need to stay abreast of a constantly evolving threat landscape. More than 125,000 customers around the world - including the majority of the Global 1,000 enterprises, service providers and governments - are utilizing Fortinet s broad and deep portfolio to improve their security posture, simplify their infrastructure, and reduce their overall cost of ownership. From endpoints and mobile devices, to the perimeter and the core - including databases, messaging and Web applications - Fortinet helps protect the constantly evolving networks in every industry and region around the world. AMERICAS HEADQUARTERS EMEA HEADQUARTERS APAC HEADQUARTERS 1090 Kifer Road Sunnyvale, CA 94086 United States Tel +1.408.235.7700 Fax +1.408.235.7737 www.fortinet.com/sales 120 rue Albert Caquot Sophia Antipolis France 06560 Tel +33.4.8987.0510 Fax +33.4.8987.0501 300 Beach Road 20-01 The Concourse Singapore 199555 Tel +65.6513.3734 Fax +65.6295.0015 www.fortinet.com Copyright 2013 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herin were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet's General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet's internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information