Illinois district adds security with network monitor

The network design for Illinois’s Bloomington Public School System is somewhat unusual.Bloomington’s Systems Administrator Jason Radford equates the public school’s 98% virtual traffic network to the Wild West, unlike modern corporate environments which tend to have straight and narrow paths.The IT Department services technology needs across 10 sites for three primary groups:students, teachers, and faculty.With the multi-directional traffic and with the laws governing student cyber safety, the ability to monitor and trace network activity is vital.

With student cyber security a constant priority, user complaints of suspicious activity are taken seriously.When a user contacted the IT Department complaining of suspicious PC behavior regarding slow response time and unrequested pop-ups, the IT team dispatched a technician who confirmed the machine was infected with a virus called “AV2009” that wasn’t caught by the anti-virus software they had been using.The virus was reaching out to botnet websites and was sending email to further propagate itself.In a short time, the virus infected over 100 machines.

Upon discovering the nature of the virus, Radford suggested using their new NetFlow analysis software to pinpoint it.NetFlow technology monitors and records all IP traffic passing through the supported router or switch. Prior to this development, IT administrators could see how much traffic was on a network, but they couldn’t see what kind of traffic it was. NetFlow collectors gather and analyze the flow packets for data then present that data in graphical format, providing detailed trending and measurement of network traffic.

From their centralized data center location, Radford’s team used their NetFlow collector to create filters for SMTP and specific subnets trying to hit known botnet sites.In less than an hour, they isolated every single infected machine and dispatched IT SWAT teams armed with a the collector’s report.“Before enabling NetFlow, we had very little visibility,” Radford explained.“There is no question that it would have taken a lot longer to catch every infected computer without Scrutinizer.”

Radford’s IT team uses the software’s NetFlow analysis on a daily basis to verify that connection thresholds aren’t exceeded, and to provide overall metrics for bandwidth utilization to traffic anomalies.Their primarily virtual processes rely on internet connectivity in all fields, from classroom instruction to food service operations.Online video streaming requires large amounts of bandwidth- not just for the 50 security cameras in each building, but also for educational instruction through video sites like YouTube.NetFlow analysis allows the IT Department to not only pinpoint traffic that is prohibited by school policy, but it also allows the team to increase bandwidth for accessing permitted sites for legitimate educational needs.“Visibility is everything to us so that we can correct problems on our network,” Radford said.

The Bloomington Public Schools System pushes the envelope with educational network traffic configuration.They serve 9,000 students in 10 separate locations for pre-kindergarten through high school.These locations are interconnected through a Metro TLS Ethernet network then linked to a central data center with an all-Cisco network.The Bloomington School system was the first school district in the nation to get a Cisco Nexus 7000 switch and a Cisco UCS server.

Few schools have this type of infrastructure and primarily virtual nature.Radford said that this type of setup allows multiple points of entry, which demand tools to ensure security.“The Scrutinizer product has changed our processes.It lets us drill down to any type of traffic, anywhere on the network, so we can quickly provide answers to what is going on and why.”