It’s not often security products can deliver a swift and measureable return on investment. But, according to Roger Snelling, head of networks at the University of Exeter, the recent addition of a network traffic-shaping system to thwart content piracy has already delivered huge dividends.
Content piracy problem
Exeter had been trying to solve a content piracy problem that had been gradually growing over the years. Some students were visiting piracy sites and downloading material in breach of copyright laws, something the music and film industries are starting to police more effectively.
“We had a huge admin overhead dealing with maybe 20 to 30 complaints a week from the motion picture authorities and others,” Snelling said. “They have their honeypots and when someone from the university goes to a piracy site, they fire off an email to us, and we have to respond.”
They have their honeypots and when someone from the university goes to a piracy site, they fire off an email to us, and we have to respond.
University of Exeter
Failure to respond to content owners' requests and prevent content piracy would potentially expose the university to legal action, and so it has had to take the problem seriously. “It involves the security and network team tracking down the offending user, who is then pulled in, given a warning, asked to sign documentation saying he or she will remove all illegal material from their device and not repeat the offence,” Snelling said. Not surprisingly, that effort became a huge drain on staff time and clearly used up a lot of bandwidth that could be put to better use.
So as part of a major network security upgrade this year, the university installed the Allot Sigma-E traffic-shaping software (sometimes known as bandwidth shaping software) product from Allot Communications. “It allows us to provide bandwidth for legitimate purposes and to throttle or block undesirable or illegal activity,” he said.
The system went live just before the start of the new academic year, and Snelling said it is already paying for itself.
“It’s helping us to police the situation very rigorously,” he said. The product combines granular traffic detection and reporting, and real-time policy control, allowing the network team to prioritise certain delay-sensitive applications, such as voice over IP, and to block unauthorized traffic.
University IT security
The Allot deployment is part of a much broader network and university IT security upgrade being undertaken at the moment by the university, one of the country's most popular and successful, to keep up with the institution’s rapid growth over the last few years.
The university is attracting more students and more research money, which means users need fast networks to handle ever-growing data sets. Exeter is also making more use of video streaming technology to record lectures so students can view them later on-demand. It also runs a secure encrypted wireless network based on Aruba Networks technology.
“Traffic is doubling about every 18 months,” Snelling said. “We have more than 16,500 full-time students and around 40,000 active ports on the network now. We have an eclectic mix of services, from researchers moving huge data sets, to the ability to support delay-sensitive traffic, such as VoIP, which we have included as part of our upgrade project.”
To support this expansion, Snelling is also upgrading from the university’s current Juniper security gateway appliances to a new firewall platform, the Juniper SRX 5800, which he said will provide the high throughput, scalability and flexibility required to manage both extra-site and intra-site traffic. Furthermore, it is compatible with the current Juniper Unified Access Control (UAC) platform, which carries out posture checking of all devices logging on to the network.
“The SRX is a bigger and better platform that can easily integrate into the existing Juniper network. A big factor is that it involves minimum training for our team – they know the Junos operating system, so the changeover should be smooth,” he said.
“We are just moving the rule sets over at the moment [to the SRX], and going through a rigorous proof of concept. It’s a major change, and we are in our busiest period at the moment, at the start of term, so this will probably go live just before Christmas.”
As for the future, the new systems can expand to cope with demand. The SRX firewall and the Allot traffic shaper are both chassis-based and can be easily upgraded. “We are entering a time when the students are more demanding, and they are paying customers of the university,” Snelling said. “When they arrive, they expect a high-quality, high-availability service.”
However, those who also want to the use the network for illegal downloads will be sadly disappointed from now on.