A university that prioritizes freedom and entrusts autonomy to companies that can strengthen management and regulations

Founded in 1934, Fukuoka University has over 80 years of history and tradition. It has a campus of approximately 600,000 square meters in the Nanakuma district in the southwestern part of Fukuoka City. It is one of the leading comprehensive private universities in western Japan, with more than 1,000 students enrolled and two university hospitals.

The Fukuoka University synthesis Information Processing Center is working daily on planning, construction, and operation management related to informatization, with the aim of further developing educational, research, and medical activities and improving operational efficiency. The on-campus information system infrastructure, which started in the electronic computer office in 1967, evolved into an advanced information network and educational research system called "FUTURE" (Fukuoka University Telecommunication Utilities for Research and Education) in 1994. While being updated every five years, it has continued to be used as a future-oriented advanced communication network and information system environment for students and researchers.

On the other hand, information security in the network environment has long been an issue unique to universities. According to Susumu Fujimura, Associate Professor at the Research and Development Office of the Information Processing Center, Fukuoka University, ``Company networks can be controlled and regulated top-down according to strict security policies, but universities prioritize free academic and research activities. Networks are also moving in the direction of allowing operations to be left to as much autonomy as possible, making it extremely difficult to achieve both security and convenience." In addition, the OS is mixed on campus, and the types of devices are increasing. It is said that it is extremely difficult to always keep the virus definition files and security patches of all terminals with different access methods and security measures up to date.

The only implementation of the HostQuarantine function, and the throughput achieved more than the published value

While there are security restrictions unique to universities, drastic countermeasures have been required, such as the increase in damage caused by malware in recent years. The Information Processing Center focused on IPS (Intrusion Prevention System) as the most effective countermeasure. IPS detects and blocks malicious code at the network level, so it can be used regardless of OS or device type. It was also in line with the university's policy to allow free network use, but to be able to take forceful measures such as disconnection if infected with malware.

The General Information Processing Center introduced IPS products for the first time in ``FUTURE 3'', the third update implemented in 2005. However, the performance of the IPS at that time was low, the throughput was extremely low, and there were frequent troubles that communication was cut off every time an illegal code was detected due to lack of stability. It is said that the operation itself was a heavy burden on the staff.

“Based on that experience, when we selected the next IPS, we decided to select a high-performance product that would not require much work, could be operated stably, and would not affect throughput,” says Mr. Fujimura, looking back on those days.

In the fourth update "FUTURE 4" in 2010, we investigated multiple IPS products. After a rigorous performance comparison, the McAfee Network Security Platform M8000 (hereafter, McAfee NSP M8000) was selected.

McAfee NSP M8000 is a robust product with high throughput performance and stability that does not become a network bottleneck even if burst traffic occurs, in addition to the basic function of stopping unauthorized communication with real-time intrusion prevention by in-line connection. was evaluated.

Also of particular interest was the "HostQuarantine" function, which semi-automatically realizes the detection and blocking of unauthorized communications, the alerting of users, and the application of the latest patches. According to Fujimura, "University students, researchers, and staff all have different levels of information literacy, so it was important for us to be able to respond according to their literacy level when it comes to remedial measures after communication is cut off." says.

The specific operation method at Fukuoka University is as follows: 1) Immediately cut off communication when an infected terminal connects to the network. 2) A message is displayed on the infected terminal's browser screen notifying of the fact that it has been infected and that it will be blocked, and a redirect to the "Isolated PC Rescue Site" is implemented. 3) The isolated PC rescue site provides information on removal tools, manual removal methods, and contact information.

"Among the IPS we considered, only McAfee NSP M8000 was able to meet our requirements. It worked as expected in tests in the verification environment, and the throughput, which was a concern, exceeded the manufacturer's announced value, so we adopted it. We have decided.” (Mr. Fujimura)

Reduced the number of IPSs for internal and external use from 8 to 2 Virtually compatible with two different policies

In "FUTURE 4", six McAfee NSP M8000 units were installed, three units each in server room 1 and server room 2, and active/active redundant operation was performed.

In addition, professional operations were outsourced to an external managed security service (MSS) company to detect suspicious IPs from logs and signatures, freeing staff from log monitoring work. . The McAfee NSP M8000 was used to deal with a large number of serious incidents, and P2P (file-sharing software) on campus was also detected and quarantined, which greatly improved security levels.

And five years later, in the fifth update "FUTURE 5" in 2015, two next-generation IPS "McAfee Network Security Platform IPS-NS9200" (hereafter, McAfee NSP IPS-NS9200) that adopted the Intel chipset introduced.

Regarding the reason why McAfee NSP was adopted for FUTURE 5 as well as FUTURE 4, Mr. Fujimura said, "In addition to the track record and reliability of trouble-free operation, ease of operation without trouble, excellent bandwidth performance, etc. We felt that McAfee NSP was extremely reliable." Also, in FUTURE 5, log monitoring will continue to be outsourced to MSS, but McAfeeNSP is one of the most famous IPS products, so many MSS operators use it as a monitoring device. For that reason, the fact that there are many options for MSS companies, which are contractors, is also a big point for continued use.

In FUTURE 4, eight IPSs were operated for internal and external use, but in FUTURE 5, only two McAfee NSP IPS-NS9200 units are used for both internal and external use. Another advantage of McAfee NSP is that it can virtually implement two different policies.

After migrating to FUTURE 5, the number of incident logs detected by McAfee NSP IPS-NS9200 is several million, including attacks from the Internet. Operation is being carried out to report incidents where infection is suspected to the center.

Terminals suspected of being infected are guided to the isolated PC rescue site as before, and security is maintained by providing support for quarantine, extermination, and repair. In addition, it is said that such a user-oriented operation method is also useful for raising the security awareness of students.

By consolidating IPS, we were able to reduce installation costs, management costs, and power consumption, as well as greatly reduce rack space. Moreover, the throughput is greatly improved. “I was very surprised to learn that the throughput was higher than ever before, probably because of the improved performance of McAfee NSP. Security is well protected," says Fujimura.

The case of Fukuoka University, which has implemented security measures including the operation of an isolated PC rescue site by introducing a next-generation IPS, is becoming a benchmark for other universities, and it is expected that similar initiatives will spread in the future. In addition, as Macnica, which supports McAfee NSP, will continue to support Fukuoka University's FUTURE, it hopes to propose various solutions centered on IPS to deal with increasingly sophisticated threats.

User Profile

*Information at the time of interview.