Symantec, which has been used for a long time along with the historical progress of the computer center

Reflect IP function limits use of paid online services to access from necessary terminals

What was the trigger? Gakushuin University Computer Center Assistant Professor Hiroyasu Kidokoro says, "We needed a proxy appliance server." “We used to use a software-based security gateway, but due to a change in system operation policy, we are using a proxy appliance server that is superior in terms of stability, performance, management, reliable support system, and device security. We have decided to operate it so that access to the outside is safe.”

After that, at the timing of the system update, we selected and compared several of the latest proxy appliances released at that time, but Symantec's performance was consistently superior to other products, so it was adopted each time. .

And most recently, two proxy appliances "ProxySG-S400-30" (hereafter SG-S400) and two secure appliances "Content Analysis System S400-A3" (hereafter CAS) with dual antivirus engine + whitelist function In addition, the high-precision URL filtering software "Blue Coat Intelligence Services" and the anti-virus software "Kaspersky Anti-Virus" operated by CAS have been adopted.

Gakushuin University Computer Center Assistant Professor Toshio Murakami said, "We chose Symantec not because we have been using it for many years, but because after comparing the functions of multiple products on a zero-based basis, Symantec was the closest to the functions we wanted. Considering the requirements based on the functions required at our university, the reality is that there is no product that surpasses Symantec."

One of the requirements is the "reflect IP function". Reflect IP is a function that allows you to specify the source IP by client IP (or client IP group), and defines (holds) the source IP when connecting to a site. In recent years, it has become common to access electronic documents on the Internet rather than reading them in libraries. What is needed is an IP that proves the organization.

However, if you contract with an IP that covers a wide range of Gakushuin as a whole, it will be used by people other than the actual users, and it will cost you a lot. It is possible to limit the number of suitable users by creating a group for each faculty or department that you want to use and fixing it to a specific IP, and when using paid online services such as domestic and overseas online databases / journals. can be used at a reasonable price.

Strengthen security by linking with Box products

In addition, one of the two SG-S400 is placed between the firewall and the L3 switch in a transparent configuration (transparent type), and the other is placed in an explicit configuration (explicit type) branched by a router, Active/standby and standby/active crossover operation provides redundancy, so even if one of them fails due to a problem, the other will continue to operate to avoid network outages. It has been hardened.

In addition, the Box product and SG-S400 are linked, and when an alert is issued from the Box product, the URL blacklist on the Symantec product side is updated. This reduces the effort of manually registering blacklisted URLs detected by Box products in the SG-S400. In addition, by shortening the lead time, the risk of connecting to the C&C server is also reduced, and security is more robust. “Previously, both Symantec proxies were deployed in an Explicit configuration, but with this renewal, the majority of terminals are connected to the Internet via the SG-S400 in a Transparent configuration,” explains the explanation. , Gakushuin University Computer Center Assistant Professor Sadao Isogami. The reason for this is that users who often use the Internet without being aware of proxy settings, such as those who use the Internet at home, can apply URL filtering and anti-virus functions by CAS without having to set up a proxy. It is said that it was configured mainly for transparent operation so that it can be used by everyone. However, since there are still some terminals that have network settings with the Explicit configuration, we decided to leave the Explicit configuration as well. Such fine ingenuity is probably part of the know-how that has been used for many years.

Overwhelming stability with no major incidents and a dramatic reduction in work load

“We have been using Symantec for more than 16 years, but there have been no major security incidents in the past, and it has been proven that security throughout Gakushuin is robust. We have achieved extremely stable operation without service interruptions when updating , and the administrative burden on the IT department has been greatly reduced,” says Kidokoro.

Mr. Murakami also said, "There is a great deal of trust in Symantec's unique technologies, such as GIN (Global Intelligence Network), which analyzes unknown URLs in almost real time using Blue Coat Intelligence Services' multi-stage approach. It is no exaggeration to say that it supports the

Mr. Isogami said, "Symantec has a special presence among proxy appliances, and I hope they will continue to make them for users like us who need proxies."

There is no doubt that Symantec will be back on the table for consideration when system upgrades are considered in the future, and Macnica plans to fully support Gakushuin in its continued adoption.

User Profile