Grand Prairie teaches security lessons to other schools
In the US, schools are grouped into school districts, where common services are provided to a group of schools serving a particular geographic area. The Grand Prairie Independent School District (ISD) in Texas, created in 1902, is one such district. It provides services for 36 school campuses – 23 elementary and 13 secondary campuses. With a population of around 140,000 in Grand Prairie, nearly 20% attend a school that is part of the Grand Prairie ISD.
Schools and other educational establishments are not immune to the types of security vulnerabilities that affect companies. But, according to Jon Warren, network operations manager for the Grand Prairie ISD, schools generally tend to be overlooked by technology vendors. However, the sort of school districts that exist in the US are, in fact, very large distributed computing environments – many of which actually rival Fortune 500 companies in terms of the complexity of their communications environments, with high-speed connections and elaborate, private fibre networks.
This makes school district networks targets for attack by hackers and spammers who look to compromise them so that the networks can be used as relays – or for whatever other exploits they wish to launch. However, school districts generally cannot afford to employ large numbers of resources to administer their networks, ensure that e-mail networks are adequately configured and protected, and keep the networks free from security incidents. As with any other company operating today, school districts face challenges in improving their service delivery, improving administrative efficiencies and in meeting regulatory requirements. For schools, relevant regulations pertain to security and dealing with emergency situations.
The sort of problems that faced Grand Prairie ISD was a steady stream of spam and viruses, which was affecting the security and performance of its e-mail communications network. On average, around 30,000 e-mails pass through its system per day, but the volume of attacks being launched against the system was making the e-mail network unreliable and forcing administrators to deal with a large amount of malicious traffic.
To solve this problem, Warren and his team initially looked for ways to help them make critical decisions about which e-mail to block from entering the network. At first, they licensed anti-virus technology and subscribed to public blacklists of known spammers, blocking traffic according to its originating IP address. But Warren concedes that this strategy was no more than marginally effective and resulted in large volumes of legitimate traffic being blocked, whilst the e-mail system was still overloaded with spam.
After one year of unsatisfactory results, the network team at Grand Prairie ISD began looking for alternatives. With not much budget at its disposal and with limited time available to adequately evaluate multiple competing solutions, Warren and his team turned to their peers at other local school districts and universities – all of which were battling with the same problems. During this process, all solutions based on Microsoft Windows technology were automatically eliminated – owing to the need for Grand Prairie ISD to integrate effectively with its GroupWise technology from Novell, together with the inherent security weaknesses regularly reported about Microsoft technology.
Grand Prairie selects technology from IronPort
Of all the solutions considered, the C30 appliance from IronPort was chosen as one of the few products available that could deliver all the functionality that Grand Prairie ISD was looking for – and more. In particular, the C30 is specifically designed for protecting groupware servers and with the needs of mid-sized organisations in mind. According to Warren, there was just no comparison between the architecture offered by the IronPort solution and those of other vendors.
Warren indicates that implementing IronPort’s technology has led to benefits being seen on many fronts. For a start, employees have seen their productivity levels increase as they no longer need to spend time deleting high volumes of e-mails from cluttered inboxes after viewing all messages to see if they were spam or not.
But the biggest benefit has been seen in the reduction of time that IT helpdesk staff, administrators and management staff spends dealing with e-mails. Helpdesk staff are having to deal with fewer incidents related to e-mail use – previously, employees would open spam messages and often follow the link that prompted them to visit a web site, where spyware was installed on their computers. Now, rather than putting in place a huge educational effort to teach staff the dangers of such behaviour, employees just don’t see those particular spam messages any more and this has led to many fewer helpdesk tickets being opened.
At first, Warren and his team had been worried that the anti-spam technology would be too inaccurate or invasive, creating a bottleneck in the e-mail system. But, after installing the C30 appliance for initial evaluation, those fears proved to be groundless. Not only were no false positives encountered, but the e-mail system was not negatively impacted at all in terms of performance. In fact, its performance was improved significantly.
IT staff and administrators are also seeing significant benefits from the technology. One particular area with which Warren was particularly pleased was that IronPort’s technology allowed them real visibility into the flows of e-mail, in and out of the organisation, for the first time. Previously, information was limited to when the last signature update had been provided and a raw list of spam that had been prevented from entering the network, but no information was available on, for example, how much bandwidth was being consumed. Warren states that the only way of sorting through this information was to transfer everything onto an Excel spreadsheet, leading to a ridiculous amount of time being spent on number crunching.
One of the most crucial benefits for Grand Prairie ISD is that it has been able to gain back much of the time (which it considered it was wasting) that IT administrators and managers were having to spend on controlling the e-mail system. That is not to say that there is now nothing that needs to be controlled, as upgrades have been made to the software code a couple of times to deal with such exploits as e-mail throttling, but those upgrades have been incredibly easy to implement and required that only a couple of policy changes be made.
Other school districts follow suit
Every couple of months or so, representatives of 30 to 40 school districts from the locality meet to compare experiences, including discussing amongst themselves the technology challenges they face and how they are solving their problems. These meetings prompted around five other school districts from the locality to evaluate IronPort’s solution, since Grand Prairie ISD had declared it to be an ideal solution for companies of a similar size to theirs, as well as being technologically sound.
But Warren cautions that all did not run smoothly for some of the other companies looking to implement IronPort’s solution. However, these problems were with the local resellers (which were not in all cases the same ones as used by Grand Prairie ISD), rather than with IronPort technology itself. Warren states that the problems were caused by a lack of knowledge on the part of some resellers of IronPort’s technology. Not all resellers had the required level of technological savvy to implement such technology, as it is actually rather complicated. Issues arose around such areas as badly configured settings and particular problems were seen with e-mail throttling. According to Warren, if implementation is not handled properly and parts of the IronPort technology are not utilised, the full advantages of this technology cannot be realised – making it no more effective than appliances supplied by other vendors evaluated, and rejected.
One particular area that Warren found was not fully understood by resellers was the power of IronPort’s SenderBase technology. SenderBase is an open database that interrogates around three billion e-mail messages per day to provide a view of all messages being sent globally from a particular IP address. SenderBase applies a broad set of around 50 parameters, such as user complaint data and country of origin, to distinguish spam from, for example, a company sending out a press release legitimately to a large number of recipients. According to Warren, this service is where the real power of IronPort’s technology lies, and companies considering implementing such technology should carefully evaluate this offering to gain the full power from the technology.
Warren is more than happy to recommend other companies to consider e-mail security solutions from IronPort, and points out that the vendor offers a wide range of products aimed at companies with different needs, from small and medium enterprises, to government agencies, Global 2000 companies and ISPs. He states that, overall, the more that he digs into the capabilities of the product, the more surprised he is. It is obvious to him that IronPort engineers have an intimate understanding of the workings of e-mail and have architected the products to ensure that they will work properly and scale well. This provides IronPort with the capacity to add more functionality down the road.
Going forward, Warren is looking for functionality to be added so that messages can be digitally signed for greater security among groups that need to exchange highly sensitive information, and recommends that other companies consider this option when implementing e-mail security. He is unsure whether or not this is on the radar screen for IronPort, but believes that this will be a logical step for introduction in the next 12 to 18 months or so. But then, with what Warren has seen concerning IronPort’s track record so far, he thinks that adding this functionality will be a piece of cake for the vendor.
With security exploits becoming more than a mere nuisance, with hackers now looking for financial gain from their attacks rather than just credence from their peers, problems surrounding e-mails will not disappear overnight. But this is a problem for which a solution is available now and companies would be wise to follow the lead of Grand Prairie ISD.