Melbourne's Monash University has implemented a vulnerability scanning system to get a clearer picture of potential threats across its 25,000-node network used by more than 50,000 students and 5000 staff.
Christian Wilson, IT security and risk manager for the infrastructure services department within IT services at Monash, said that development of the university's IT security policy started in 2000 and by 2001 each faculty and administrative unit was required to appoint its own IT security officers.
"Monash's large number of hosts poses a challenge to protect administrative, research and teaching data amid many vulnerabilities being discovered in software," Wilson said. "Centrally, within ITS, we used to use 'free' software such as Nessus to scan for vulnerabilities for both ourselves and our users, but the main issue with this software was that a lot of time had to be spent interpreting the reports after the scan was undertaken.
"We wanted a solution to allow us to give both faculties and administrative areas the ability to run scans across computers within their own areas, and evaluate the results from these scans by themselves.
"We evaluated a number of vulnerability scanners and purchased the Foundstone Enterprise software. We have trained users within the faculties and administrative areas to scan their own computers."
The new system also allows central scanning of the whole University network for specific issues as they arise.
Monash chose Dimension Data as its integration partner. The solution consists of two appliances - a Web server front-end and database backend, each in a 1U form factor. Wilson said both open source and commercial security products have their place but the functionality and support Monash needed led it down the commercial line.
"One particular useful part of the Foundstone system is that it has a continually updating threat centre, so if a new vulnerability comes out for a specific version of software, Foundstone will let you know if existing installations, for example Web servers, are vulnerable," he said.
"The system's database contains information from previous scans, such as application related software versions, that allow real time displays of issues that are affected by new threats, without requiring a new scan of the whole network."
In terms or ROI, Wilson said that new IT security technology implementations are difficult to measure but with better reports time usually taken to evaluate and assess reports that come from the freeware systems can be saved.
So far Monash hasn't integrated the Foundstone system with its other security systems but Wilson said integration with the university's authentication systems would be useful. He also believes it would be useful if the university's intrusion detection systems could fire off scans to verify if systems under attack were actually vulnerable - so that they can be blocked from attacks at the border gateways.