Security refresh teaches James Cook University the value of better visibility

A year after a major upgrade to its perimeter and endpoint security, tropical James Cook University (JCU) is still working with users and internal customers to refine protections for key data and application assets across its international network.

That upgrade came about in late 2017, when it became clear that JCU’s existing firewall system – which for over five years had been serving the university’s Cairns, Townsville, and Singapore campuses as well as a number of satellite sites – had come to the end of its life and was no longer addressing changes in the usage models of staff and students.

The rapid shift to bring your own device (BYOD) computing, in particular, had forced university IT staff to reconsider how they could protect the network from completely-unknown user devices.

“With BYOD you’re not going to be able to guarantee that those devices have antivirus, and the antivirus that you want,” head of ICT infrastructure services Swain Kirk told CSO Australia.

“You need to go the perimeter, and do as much as possible to identify known malware sites and behaviour. You make sure you cover the endpoints – and if anything does get through the perimeter, that you have mechanisms to deal with it.”

Those mechanisms had been difficult to implement and enforce in the past environment, which was based around conventional perimeter firewalls and offered little segmentation and control over resource access across the flat university network.

Given the demonstrated success of external actors in compromising networks using endpoint devices and traversing the host network laterally without detection – something seen in nearly 60 percent of attacks, according to one recent analysis – there was increasing support from the university executive for a change to its network protections.

“Cybersecurity has raised its profile and is now part of our Audit, Risk and Compliance Committee discussion,” Kirk explained. “We had buy-in from the top to improve the overall posture of the organisation, with a cost-effective approach that addressed not just the firewall situation, but also the broader view of security.”

JCU implemented Fortinet next-generation firewall appliances and the FortiAnalyser dashboard, which consolidates management consoles into a single end-to-end interface.

The approach allowed it to segregate its campus networks with a distributed firewall configuration that delivered a “far more complex” solution that was implemented one campus at a time.

A logical internal perimeter has also allowed the creation of an internal security border around the data centre, allowing it to be managed and protected with different policies than those used for the predominantly endpoint-dominated campus networks.

The implementation team worked closely with Fortinet specialists to complete the installation, and also engaged extensively with end users – both to educate them around issues such as phishing, and to make sure the new security protections complemented their everyday activities.

“One of the key strategies is implementing security in a way that protects the user without affecting their day-to-day operations,” Kirk explained. “We can now identify unique security requirements for different areas, and modify that without impacting other areas.”

High-level visibility across the entire network has provided administrators with much-needed intelligence about user and enforcement activity across the network,” he said.

“Security has always been something we had in place, but we’ve had to evolve how we address it. We are still working with our user base, and owners of different services, to really identify what we should be protecting – but the key here is to make sure we understand user requirements, and can secure everything more appropriately.”