Securing Next Generation Education A FORTINET WHITE PAPER



Similar documents
Transforming Your WiFi Network Into A Secure Wireless LAN A FORTINET WHITE PAPER. Fortinet White Paper

Keeping the Store Open: Fighting the Cyber Criminal in the Retail World

Fortinet Secure Wireless LAN

MSSP Advanced Threat Protection Service

Fortinet FortiGate App for Splunk

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

Secure Access Architecture

How To Get A Fortinet Security System For Free

Overview. Where other. Fortinet protects against the fullspectrum. content- and. without sacrificing performance.

The Enterprise Cloud Rush

Use FortiWeb to Publish Applications

Fortinet Partner Program

SDN Security for VMware Data Center Environments

The Fortinet Advanced Threat Protection Framework

Improving Profitability for MSSPs Targeting SMBs

FortiVoice Enterprise

Securing the Data Center

FortiVoice Enterprise

FortiGate RADIUS Single Sign-On (RSSO) with Windows Server 2008 Network Policy Server (NPS) VERSION 5.2.3

Fortinet s Data Center Solution

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Network Firewall (INFW)

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

High performance security for low-latency networks

FortiAuthenticator TM User Identity Management and Single Sign-On

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

The Fortinet Secure Health Architecture

INDEPENDENT VALIDATION OF FORTINET SOLUTIONS. NSS Labs Real-World Group Tests

The Fortinet Secure Health Architecture

5 ½ Things That Make a Firewall Next Gen WHITE PAPER

Supported Upgrade Paths for FortiOS Firmware VERSION

FortiSwitch. Data Center Switches. Highlights. High-performance and resilient managed data center switch. Key Features & Benefits.

SOLUTION GUIDE. Secure Access Architecture. Enterprise Network Access with Complete Security

FortiAuthenticator - What's New Guide VERSION 4.0

WHITE PAPER. Empowering the MSSP. Part 2: End To End Security Services Ecosystem

Advantages of Consolidating Network Security with Wireless for Small & Mid-Size Businesses

Purchase and Import a Signed SSL Certificate

CLOUD & Managed Security Services

FortiGate/FortiWiFi 60D Series

How To Secure Your Store Data With Fortinet

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

FortiGate/FortiWiFi 90D Series

The Fortinet SDN Security Framework

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

SOLUTION GUIDE. Hybrid WAN Solutions with FortiWAN. The cost-effective way to deliver the WAN bandwidth and redundancy your organization demands

FortiAP Wireless Access Points

Best practices for WiFi in K-12 schools

Fortinet s Partner Programme

Place graphic in this box

Fortinet Presence Analytics Solution

FortiGate/FortiWiFi -60C Series Integrated Threat Management for Small Networks

FortiGate/FortiWiFi -90D Series Enterprise-Grade Protection for Smaller Networks

SOLUTIONS GUIDE. Secure Wireless LAN Solutions Guide. Complete Wi-Fi Security for Any Network Topology

FortiGate 100D Series

Same great products, different brand name

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

FortiAnalyzer VM (VMware) Install Guide

WHITE PAPER. Empowering the MSSP. Part 1: Real World Customer Needs

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

FortiVoice Enterprise Phone System GA Release Notes

WHITE PAPER. Securing ICS Infrastructure for NERC Compliance and beyond

WHITE PAPER. Empowering the MSSP. Part 3: Monetizing Fortinet s Ecosystem in a Multi-Tenant Cloud Service

Securing your IOT journey and beyond. Alvin Rodrigues Market Development Director South East Asia and Hong Kong. What is the internet of things?

Managing a FortiSwitch unit with a FortiGate Administration Guide

Meru MobileFLEX Architecture

Mobile Configuration Profiles for ios Devices Technical Note

The Evolution of the Enterprise And Enterprise Security

Configuring FortiVoice for Skype VoIP service

Connect and Secure Retail

FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

FortiGate 200D Series

Meru MobileFLEX Architecture

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

WHITE PAPER SECURING DISTRIBUTED ENTERPRISE NETWORKS FOR PCI DSS 3.0 COMPLIANCE

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

How To Ensure Security In Pc Ds 3.0

FortiSwitch B and C-Series

Networking for cloud computing

Load Balancing Microsoft Exchange 2013 with FortiADC

Seven Requirements for Hybrid Web Delivery Getting the best of both on-premises and SaaS

Load Balancing Microsoft Exchange 2013 with FortiADC

VMware Hybrid Cloud. Accelerate Your Time to Value

Authentication Strategy: Balancing Security and Convenience

Policy Management: The Avenda Approach To An Essential Network Service

The Cisco Mobility Express Solution

Managed Security Service Provider Program.

Transcription:

Securing Next Generation Education A FORTINET WHITE PAPER

Introduction Over the past 20 years the education sector has gone through major transformation. It has evolved from a world of individual and largely isolated institutions bound to traditional methods, procedures and resources to one at the forefront of computing, Internet and international collaboration. This change process is driven by a number of factors that have uniquely shaped the delivery and consumption of modern education. Firstly, educational methods have evolved with the availability of applications providing content-rich focused education. Secondly, the ubiquitous and democratic nature of the Internet shapes so many aspects of life for our next generation that young people s lives, and education, are increasingly being defined by and experienced through the Internet. To examine how we can effectively harness the opportunities of the interconnected world and enable competition and collaboration between establishments while mitigating the ever changing threat landscape, we must understand the environment and drivers of our educational institutions with respect to IT systems, IT security and the Internet. This should provide us the foundations for fulfilling the promise of next-generation education.

IT Challenges in Further / Higher Education For students, the phase of higher education is defined by the extensive use of the Internet for educational, research and social purposes. While providing access to computing and Web resources, an educational institute also has a responsibility for duty of care for all users of its network, applications and services. However the majority of students expect to connect their own devices to the network for accessing both the intranet and Internet. Every establishment will make its own decision on network design, but there should be clear demarcation lines between the access levels given to students, staff, research and visitors and these should apply for both the wired and wireless access service. Increasingly taking advantage of technology and IT related platforms, education institutes have become better equipped to meet a growing set of challenges in the 21st century higher education market but challenges still remain. Differentiation The reliance of educational establishments on private sources of funding is driving competition between them to new levels. There are a number of fronts for competition, but in the drive for better results, many rely on a secure computing and network platform for a greater collaborative capability and to deliver education more effectively through content and data-rich applications. It is now the accepted norm that higher education institutions demonstrate how they leverage such platforms to the benefit of all stakeholders in the establishment, namely students, staff and employees. Brand Development Intense competition has driven the search for lucrative overseas students while developing the establishment brand to a wider business and international research audience. Partner or extension faculties are typically located in rapidly developing economies such as South East Asia or the Middle East. Key to the success of such strategies is rapid yet secure connectivity linking such sites together to share resources. Forward thinking establishments will reach out to their local communities and businesses to utilize their assets for brand enhancing or profitable events such as continuing education, summits and conferences. A highly flexible networking and security infrastructure is essential to support these initiatives. Duty-Of-Care One of educational institutes key requirements is to provide a demonstrable duty-of-care. The core pillar of this responsibility is an enforceable and manageable use policy that is widely distributed to staff, students and visitors alike. The policy defines e-safety and must strike the balance between accessibility and protection for each faculty, function and user category. It must detail the controls that are put into place whether they are preventative, detective or corrective. Homogeneous Network Education networks are very rarely built from scratch and have typically evolved in phases as needs and budgets presented themselves. Furthermore, establishments, which often require connectivity to regional or national academic networks, demand appropriate firewalling and segmentation. Incorporating local, regional, national and international wired and wireless resources into a homogeneous network without getting too complex and costly can present a significant challenge.

Campus Topologies and High Density Access Campuses faculties and departments are located in disparate buildings, some of which may be temporary. Deploying wired networks may be cost prohibitive or impractical in many situations. An attractive alternative is to provide wireless connectivity for rapid and cost effective extension of an existing network across an entire campus. In addition to extending network access in locations such as lecture theatres and student residence halls, there is also the need for high-density deployment capabilities to address a high probability of channel interference, channel frequency and access point overload in addition to external interference sources. Appropriate deployment and configuration are crucial in avoiding these factors and ensuring an appropriate level of service. Identification, Profiling and Segmentation Different user categories (i.e. students, staff, visitors) must have different levels of access to internal and Internet-based resources to enable education excellence. The most common, flexible and cost-effective way to achieve this is through user identification upon users authenticate onto a network. Having security policies that are based on identity and the type of device used allows an establishment to define and implement solid boundaries. This requires robust identity management capabilities that offer single and two-factor authentication with fine-grained authorization to network-based resources. Wireless Guest Provisioning In today s modern education establishment, visitors (i.e. parents, adult education students etc) may benefit from access to the Internet. Ideally, this is proposed free of charge and branded with the establishment s own landing/login page. Consequently, an infrastructure is required to provide this level of differentiated service comprising of wireless access points, wireless guest management, welcome/login pages in addition to fine-grained, segmented security management. Dynamic Security Provisioning Design of IT and IT security systems cannot assume a static environment for the network topology and the security threat landscape. From a physical perspective, departments may be relocated and temporary buildings erected to provide for extraordinary events. College and research projects and external conferences may demand provisioning and reconfiguration of the security profiles attributed to part of the network. The ability to react rapidly and securely to these requirements can make the difference between success and failure. Secure Email Having an establishment mail domain is now commonplace for all levels of education. The key challenge however is to provide cost-effective email messaging while also ensuring that usage policies are being followed with respect to email content, privacy and backup. Cloud-based or on-demand services have proven to be limited and unable to adapt to the rapidly evolving protection and archiving requirements. Budget Public and private higher education budgets are under constant pressure. Delivery and support of technical systems are usually given a lower budget priority in favor of direct, visible costs such as staff, capital assets and buildings. It is thus important to recognize how IT and IT security enable better education while seeking to deploy technology platforms that reduce complexity of deployment, management and overall costs.

Connect & Secure For Further / Higher Education Security Fundamentals Higher education institutes are open, outwards-facing, dynamic enterprises. Today, the core activities of research and education are being re-shaped by technology, the Internet and mobility: remote learning, Massive Open Online Course (MOOC) platforms and worldwide research collaboration are only a few examples of how IT technology is empowering higher education. This extraordinary openness, while a key to the success of higher education, must not compromise the security, integrity and availability of the IT infrastructure, its platforms and services. Connect & Secure is Fortinet s Unified Access solution combining state of the art network security with ubiquitous connectivity. Within a university or college campus, be it a single site campus, national or multinational multi sites configuration, Connect & Secure acts as a dynamic security membrane, a selective permeable barrier, allowing wired and wireless connectivity with selective and secured access to the network, applications, and IT resources. Fortinet s Connect & Secure architecture is built upon six key pillars: Network Security; Wired Access; Wireless Access; Identification and Authentication; Device and User based Policy; and Management. It allows higher education institutions to resolve some of the major network challenges and pain points: CONNECTIVITY is provided for both traditional wired Ethernet and wireless users by a single access layer, fully integrating both access methods directly into the security fabric of the network. Regardless of the access method, users are handled equally, eliminating any discrepancies in the authentication and identification process. SECURITY is fully integrated into the very fabric of the network, so that network security authentication, user and device based identification and policies are applied equally to all parts of the network - in the different classes, lecture theatres, libraries and campuses. PERFORMANCE is guaranteed by a high performance, hardware-based solution that can scale to meet both connectivity and security requirements for the short and long term. COST EFFICIENCY AND REDUCTION are achieved through the support, within a single high performance security appliance, of multiple security and networking functions, high Ethernet port density and integrated wireless access eliminating redundant security devices, routers and switches. MANAGEABILITY is provided through single pane of glass management capabilities for centralized element configuration and control, user and device based policies definition and application, common authentication, event logging and report generating.

WHITE PAPER: SECURING NEXT GENERATION EDUCATION Connect & Secure Components Fortinet s Connect & Secure provides the foundations upon which higher education institutes can deliver a connected, on-demand learning and research environment, ensuring that students and staff can maintain their focus on learning, teaching and research. FortiGate FortiGuard FortiGate is the heart of the Connect and Secure solution, consolidating multiple network security and networking functions into a single, high performance cost-effective platform. FortiGuard is Fortinet s in-house threat detection and protection service so that the network will keep up with the constant changes in the threat landscape that it will encounter throughout its lifetime. FortiOS FortiOS is the intelligence powering each FortiGate, allowing it to be individually tailored to meet the institutes specific security and networking requirements. FortiAuthenticator Authentication and access control are also key components of the overall solution and crucial in allowing intelligent policy to be applied to users and devices. The FortiGate is capable of providing user authentication locally or working cooperatively with central authentication systems such as RADIUS, Active Directory or FortiAuthenticator. With FortiAuthenticator as part of the security infrastructure, these authentication methods can be strengthened even further with Single Sign-On (SSO), 802.1x Port Access Control, Two Factor Authentication (2FA) and certificate management. Once a user or device has been identified and authenticated, policies can then be applied to control access to network resources and applications.

FortiSwitch FortiManager FortiSwitch can provide additional ports if more Ethernet connectivity than the one already supplied by the FortiGate is required. Through an integrated switch controller, the FortiSwitch is easily managed through the FortiGate. Both the FortiGate and the FortiSwitch support Power over Ethernet (PoE), simplifying deployment of network attached devices such as wireless access points. FortiManager provides a single pane of glass management capability for the entire network. Although Connect and Secure is a comprehensive solution it does consist of several different elements. The ability to centrally configure and manage the different elements is crucial as is defining and implementing consistent policy for users and devices. FortiAP FortiAnalyzer FortiGate includes a wireless controller to easily integrate wireless users into the security fabric of the network. FortiAPs are external WLAN access points that are managed and secured via the integrated controller, providing wireless coverage for large, dense locations such as lecture theatres and even outdoor environments. Smaller locations also have the option of deploying FortiWiFi, which integrates a wireless access point directly into the FortiGate. FortiAnalyzer complements FortiManager by providing centralizing reporting, event logging and analysis, allowing you to turn individual alarms and events into a comprehensive view of the state of the network.

Connect & Secure For Further / Higher Education In Action The diagram below illustrates how components of the Fortinet Connect & Secure solution may be deployed to fulfill the fundamental challenges the educators face today: A B C D A) Service Provider / Authority In many circumstances, an educational establishment may not have the skills or resources to retain full control of their network and more importantly its security capabilities. In this case they may decide to outsource these operations to a local public authority or a Managed Security Service Provider (MSSP). Fortinet products can be flexibly deployed in either scenario or as a hybrid whereby the establishment retains partial delegated control of certain elements. B) Campus Coverage Connect & Secure provides cost effective and secured wired and wireless coverage in buildings and across the campus to ensure service delivery. Integrating with FortiGate, FortiSwitch, FortiWiFi and FortiAccess Points, the solution provides high-speed, high-density LAN/WLAN network connectivity and extension. Wired and wireless network are natively integrated into the security fabric, ensuring access and security to IT resources based on policy enforcement. C) Duty-of-Care & Governance Protection is paramount and at the heart of the network. FortiGate, through FortiOS enables flexible and fine-grained security and access policies to provide unparalleled protection to overall IT resources while delivering the required performance to the campus users, such as staff, students and visitor. With FortiGuard threat protection service, dynamic and continuous protection is ensured against the constant changing threat landscape. D) University / College Lecture Hall In active and dynamic environments such as lecture theatres, students and staff require wired and instant wireless access from their own device. The wireless network must cope with large variability in client numbers, load and traffic types. FortiGate, with its incorporated wireless controller and FortiAPs for wireless access points meets these challenging requirements. When combined with FortiAuthenticator for federated identity, secure Bring-Your-Own- Device (BYOD) is enabled.

The Student And Their Device Connect & Secure in a rich BYOD environment The phenomenon of BYOD is prevalent in the education environment. Most students are equipped with smart devices of one form or another that they wish to connect to both the Internet and establishment resources. Indeed many today rely on these devices inside the lecture theatre or classroom for frontline education as much as they do in the cafe or common areas for social purposes. Enabling BYOD however brings many security challenges that require a BYOD-Ready Secure Network. Fortinet s Connect & Secure solution provides numerous BYOD critical features that allow for a securely managed BYOD strategy: A) Integrating Security And Wireless Control In any wireless solution there are three core components, radio(s), wireless controller and network security services. With a Fortinet-based solution, the wireless controller is integrated into the same FortiGate appliance as the security services. In addition to offering a far greater level of security control, this configuration significantly reduces the cost of procurement, deployment and management. Indeed, Fortinet customers also have the option of combining all three components into one appliance, FortiWiFi, further accentuating the benefits of greater simplicity. B) Device Identification And Security Attribution Connect & Secure relies on the FortiGate recognizing mobile device platform types, even without user authentication or complex traffic tracing. Security profiles are attributed to specific device types enhancing the level of control needed in BYOD situations. This also gives administrators a clear view on the relative proportions of device types in circulation and can plan accordingly. C) Client Reputation In conjunction with device identification, Connect & Secure allows the collection of statistical information concerning the security posture of every user. This is determined by a number of weighted factors including, Web activity, use of games, P2P sites, viruses/malware, IPS, bad connection attempts etc. Judicious use of client reputation accelerates the identification of clients that have either been infected with malware and users that are potentially misusing the service provided for them. D) Scalable Federated User Identity Management Managing the full diversity of user profiles is essential for a BYOD-Ready Secure Network. Users can be presented as purely unknown wireless guests through to highprivileged administrators of IT resources connecting from a controlled desktop. Connect & Secure provides reliable identification of users in order to apply useroriented security as a function of their profile. Correlating scalable, standards-based authentication with existing user/resource directories completes the security integration provided by Fortinet s Connect & Secure. To that end, for administrators and high-privileged accounts, the Identity Management component of the solution, FortiAuthenticator, combines standard-based authentication with certificate management and Two Factor Authentication (2FA).

The Final Bell Higher education establishments are looking to expand their IT infrastructures to meet the demand from students, staff and the scientific and business communities. National education guidelines lean ever more heavily on secure IT, interconnectivity and the Internet to fulfill education and research objectives. Forward-thinking establishments are pushing their boundaries internationally to develop new markets and attract overseas students and investment. Fortinet s Connect & Secure solution delivers a simplified, secured and cost-effective unified access platform so that your establishment can securely expand to reach new academic and business frontiers.

About Fortinet Fortinet (NASDAQ: FTNT) protects networks, users and data from continually evolving threats. As a global leader in high-performance network security, we enable businesses and governments to consolidate and integrate stand-alone technologies without suffering performance penalties. Unlike costly, inflexible and low performance alternatives, Fortinet solutions empower customers to embrace new technologies and business opportunities while protecting essential systems and content. AMERICAS HEADQUARTERS 899Kifer Road Sunnyvale, CA 94086 United States Tel +1.408.235.7700 Fax +1.408.235.7737 www.fortinet.com/sales EMEA HEADQUARTERS 120 rue Albert Caquot Sophia Antipolis France 06560 Tel +33.4.8987.0510 Fax +33.4.8987.0501 APAC HEADQUARTERS 300 Beach Road 20-01 The Concourse Singapore 199555 Tel +65.6513.3734 Fax +65.6295.0015 www.fortinet.com Copyright 2014 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expresslyidentified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information