Case study: Ballarat Grammar uses SDN to fight malware

Summary:Managing over 1,400 students is a tough job. Managing the security on their computing devices is even tougher. So Ballarat Grammar turned to software-defined networking.

Software-defined networking wasn't really something Ballart Grammar had considered. But ever since implementing a software-defined network (SDN) application earlier this year, the school is officially a fan.

ballarat-grammar-uses-sdn-to-fight-malware
Ballarat Grammar's Gregory Bell. Image: HP

In late 2012, the Anglican school, located in Victoria, Australia, had been beta testing some of HP's software for wireless network authentication and network access controls as it was in the process of rolling out a single wireless network for staff and students.

Ballarat Grammar has around 1,400 students and 200 faculty members, and each of them either have a school-issued notebook or bring their own devices onto campus. The school had toyed with several on-device antivirus software products, including from Sophos and Microsoft, but it was hard to manage because Ballarat Grammar couldn't stop students from setting up their own firewalls or disabling the antivirus software manually.

"We like to be a bit flexible with the kids — we don't want to lock down too tightly, but at the same time, it means we have to work harder in other areas to maintain network security," Ballarat Grammar head of technical services, Gregory Bell, told ZDNet. "They'll often just click on links, and when they get a piece of spyware or malware, they might have turned off the antivirus."

During the wireless network rollout process, a discussion started up between Ballarat Grammar and HP regarding an effective way to secure the wireless network.

"We wanted to manage our school-provisioned devices to staff and students, as well as manage BYOD, through the wireless network," Bell said. "We were after a better way to ensure the integrity of those end-point devices."

The school ended up implementing HP's Sentinel Security software-defined network (SDN) application in early 2013 to do just that. Ballarat Grammar used OpenFlow firmware on existing HP switches as a key part of the SDN, which allows deployment of various routing and switching protocols on the network.

Ballarat Grammar didn't have to change any hardware at all. While the OpenFlow firmware is not yet available for all HP switches, the school was lucky enough to have existing switches that supported the firmware.

By using OpenFlow, Ballarat Grammar is able to create a rule on the switches and virtual local area networks (VLANs) that will catch domain name system (DNS) traffic as it comes across the network, then parse the DNS traffic onto a server running HP's TippingPoint Intrusion Prevention System (IPS). The IPS will then analyse that DNS request and work out if it's malicious. If the traffic is identified to be from a malicious website, contains spyware, or is considered harmful, the school can set thresholds on what it's prepared to let through and what to block.

"TippingPoint will either allow that request to go through or it will drop the request," Bell said. "Sitting there in network layer, we can quite effectively scan for spyware or malware on staff and student devices without needing any software on their devices."

"Improving network security is just the tip of the iceberg. It will be exciting over the next 12-18 months to see SDN applications come — it's just a new way to do networking."

— Gregory Bell, head of technical services, Ballarat Grammar

After installing OpenFlow, all Ballarat Grammar had to do afterwards was to install the SDN controller and do some configuration. There was no downtime for staff and students. The school is currently running OpenFlow in hybrid mode.

"We are running it that way so we can still do everything we used to do on the switches, but we have just enabled some OpenFlow rules for the VLANs we are using Sentinel on," Bell said. "That's a really easy way to dip your toes in the water and get things up and running."

Sentinel was only rolled out on the wireless network because the majority of users are on that network during the day. The process was quick and painless with only few changes or upgrades required. If changes were required, they were able to be implemented swiftly on the SDN.

"That was something that impressed me — it was a very agile process," Bell said. "Once we had everything configured on the controller and we were happy with the switch configurations, it was just a matter of changing VLANs for staff and students to be on Sentinel or not.

"That was a pretty slick process."

Ballarat Grammar has been more than happy with the results of the SDN implementation because it has made the process of fixing malware-infected end-user devices much easier. Previously, if a student realised they had malware or spyware on their device, they would have to bring the machine to the technical services department and initiate a long process of repairs taking from several days to several weeks.

If antivirus software was discovered to have been disabled or uninstalled on the infected device, the IT team would have to wipe the machine clean and start from scratch.

"The advantage with Sentinel is the Sentinel log has already told us what the infections are of that device, so we can get a pretty good idea of how to tackle repairing the machine," Bell said. "It gets rid of several hours of trouble-shooting and scanning before we make a decision.

"We just clean up the infection, and if it's really badly infected, we'll re-image it. That means our turnaround time for students is a lot better."

Bell is very optimistic about what the future holds for software-defined networking, and is looking forward to the next step of innovation in this technology category.

"Improving network security is just the tip of the iceberg," he said. "It will be exciting over the next 12-18 months to see SDN applications come — it's just a new way to do networking.

"There will be lots of new tools we will be able to use. It's pretty exciting stuff."

Topics: Networking, Australia, Enterprise Software, Security, Software

About

Spandas forayed into tech journalism in 2009 as a fresh university graduate spurring her passion for all things tech. Based in Australia, Spandas covers enterprise and business IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.