The Computerworld Honors Program
Honoring those who use Information Technology to benefit society
LOCATION:
Stanford, CA, US

YEAR:
2007

STATUS:
Laureate

CATEGORY:
Education and Academia

NOMINATING COMPANY:
Juniper Networks

ORGANIZATION:
Stanford University

PROJECT NAME:
Stanford School of Education Provides Secure Access for Faculty, Staff and Students

Short Summary
As an internationally distinguished institution, the Stanford University School of Education is a prime target of wannabe hackers and proficient attackers who bombard the university e-mail systems with viruses, spam, phishing attacks, worms, and other malware, hoping to steal intellectual property or to simply make a name.

Yet as a research institution, the School of Education must allow its faculty, students, and visiting professors to collaborate easily with each other and across departments, and have ready access to information systems across the university. Students and faculty use a wide variety of applications on their desktop and mobile computers, ranging from officially sanctioned applications like e-mail and courseware to personal applications like VoIP and peer-to-peer software.

Some Major Challenges that faced Stanford where:
• Stop spam, viruses, phishing and network attacks at the perimeter, preventing them from entering the network
• Ease the administrative burden of making sure 550 to 700 users have updated anti-virus and anti-spyware software on their desktops and laptops
• Maintain open access required for academic collaboration


Introductory Overview
The IT team at the School of Education must strike a delicate balance between protecting users while giving them the freedom to use the computing tools they need. That balance makes it all the more difficult for IT to protect the School of Education against the rising tide of malware and network attacks.

At the Stanford School of Education -- like many organizations whether academic or corporate -- some 80 percent of incoming mail is spam and other unsolicited e-mail. “Spam is totally out of control,” says Dr. Paul Kim, CIO for the Stanford University School of Education. “The spam coming in nowadays is more sophisticated and the spam filters on our e-mail servers aren’t catching it.”

If the spam filters are set too loosely on the e-mail servers, then users receive an avalanche of unwanted mail and they waste time deleting it or creating spam folders. If the spam filters are set too tightly, then users run the risk of losing important e-mails. “Spam wastes a lot of time and causes user frustration,” observes Kim.

Spam causes more than wasted effort. Spam can be inappropriate, offensive—and dangerous. These unsolicited e-mails carry payloads of malware—worms, Trojans, viruses, and spyware. They can be phishing attacks designed to trick an individual into giving up personal information, which criminals will use for identity theft and fraud.

In several instances, worms have penetrated the university’s defenses and compromised vital systems. “As a research institution, we have to protect our intellectual property,” says Tony Wong, network administrator at the School of Education. “Spam, worms, malware, and network intrusions are on the increase, so we have to take action.”


Benefits
Has your project helped those it was designed to help?   Yes

What new advantage or opportunity does your project provide to people?
Stanford turned to Juniper Networks Secure Services Gateway 550 (SSG 550) to provide an integrated perimeter-based defense that bolstered its desktop- and server-based protection against these damaging threats. As a longtime Juniper customer, Kim was eager to migrate the school’s existing Juniper firewall/VPNs to the integrated networking and security of the SSG 550.

The Juniper SSG 550 is a purpose-built security appliance that delivers high performance, security, and LAN/WAN connectivity. Traffic flowing through the SSG 550 can be protected from worms, Spyware, Trojans, and malware by a complete set of Unified Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (including Anti-Spyware, Anti-Adware, and Anti-Phishing), Anti-Spam, and Web Filtering. The SSG 550 is designed for regional and branch office deployments.

“The SSG 550 is a one-stop solution,” says Wong. “Integrated security devices just make sense. As a result, we’re able to put the proper levels of security in place while allowing users access,” says Kim.

The SSG 550 appliances are located in the School of Education’s DMZ, where they eliminate spam, spyware, and other malware before they can get onto the network and compromise vital networks and systems. Protecting the internal network is critical because university’s network is a single, flat network. To facilitate academic collaboration, the university does not use VLANs to isolate different departments’ traffic.

The Juniper SSG 550 appliances provide a strong layer of protection to the university’s current server and desktop anti-spam and anti-virus protection. Departmental servers and users’ desktops and laptops have individual firewalls and anti-virus software. Desktops and laptops also have anti-spyware protection.


Has your project fundamentally changed how tasks are performed?   Yes

How do you see your project's innovation benefiting other applications, organizations, or global communities?
The Stanford School of Education is somewhat of a testing ground for other implamentations that the University is concidering. We think integrated security is a model for other educational institutions. The SSG 550 solution helps us maintain the open environment that the university needs to do research and teaching. “pening the network for academic purposes is a challenge for IT administrators because you put yourself at risk. We have to meet the diverse needs in the university.

The Importance of Technology
How did the technology you used contribute to this project and why was it important?
The Juniper SSG 550 is a purpose-built security appliance that delivers high performance, security, and LAN/WAN connectivity. Traffic flowing through the SSG 550 can be protected from worms, Spyware, Trojans, and malware by a complete set of Unified Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (including Anti-Spyware, Anti-Adware, and Anti-Phishing), Anti-Spam, and Web Filtering. The SSG 550 is designed for regional and branch office deployments.

The SSG 550 is a one-stop solution for us. The ntegrated security devices just make sense. As a result, we’re able to put the proper levels of security in place while allowing users access.

The SSG 550 appliances are located in the School of Education’s DMZ, where they eliminate spam, spyware, and other malware before they can get onto the network and compromise vital networks and systems. Protecting the internal network is critical because university’s network is a single, flat network. To facilitate academic collaboration, the university does not use VLANs to isolate different departments’ traffic.

The Juniper SSG 550 appliances provide a strong layer of protection to the university’s current server and desktop anti-spam and anti-virus protection. Departmental servers and users’ desktops and laptops have individual firewalls and anti-virus software. Desktops and laptops also have anti-spyware protection.


Originality
What are the exceptional aspects of your project?
Before deploying the Juniper SSG 550 appliances at the gateway, IT had the unenviable task of making sure 550 to 700 users had up-to-date anti-virus and anti-spam software installed on their desktops and laptops. It was a lot of work to monitor the users to make sure everyone was downloading the updates.

In addition, he SSG 550s have delivered a significant hard-dollar savings that is multiplied across hundreds of users\. The reaction from the faculty and students has been overwhelmingly positive because they have experienced a reduction of junk in their mailboxes. Plus, network bandwidth and server resources are not wasted.

How is it original?
We think integrated security is a model for other educational institutions. The SSG 550 solution helps us maintain the open environment that the university needs to do research and teaching. Opening the network for academic purposes is a challenge for IT administrators because you put yourself at risk. We have to meet the diverse needs in the university and we're the first ones in the University to deply this type of architecture.

Is it the first, the only, the best or the most effective application of its kind?   First

Success
Has your project achieved or exceeded its goals?   Exceeded

Is it fully operational?   Yes

How many people benefit from it?   700

If possible, include an example of how the project has benefited a specific individual, enterprise or organization. Please include personal quotes from individuals who have directly benefited from your work.
“The SSG 550 has delivered a significant hard-dollar saving that is multiplied across hundreds of users,” says Tony Wong, IT Manager at the Stanford School of Education. "The reaction from the faculty and students has been overwhelmingly positive because they have experienced a reduction of junk in their mailboxes. Plus, network bandwidth and server resources are not wasted. "

How quickly has your targeted audience of users embraced your innovation? Or, how rapidly do you predict they will?
We have seen an imediate embracement of our inovation. Students and Faculty alike have seen an a dramatic improvement in network stability while reducing the amount of spam and threats from malware. They absolutly love it!

Difficulty
What were the most important obstacles that had to be overcome in order for your work to be successful? Technical problems? Resources? Expertise? Organizational problems?
Before deploying the SSG 550 appliances at the gateway, IT had the unenviable task of making sure 550 to 700 users had up-to-date anti-virus and anti-spam software installed on their desktops and laptops. It was a lot of work to monitor the users to make sure everyone was downloading the updates.

Deployment and management of the SSG 550 appliances is straightforward. We can see what’s coming into our network and what’s going out. To get that visibility without the SSG 550, we had to visit every desktop and server individually. The IT staff uses either the SSG 550’s Web-based interface or the command-line interface. The NetScreen-Security Manager is also used to control all aspects of the SSG 550, including configuration and security policy making continued management of the appliances a breeze.


Often the most innovative projects encounter the greatest resistance when they are originally proposed. If you had to fight for approval or funding, please provide a summary of the objections you faced and how you overcame them.
No resistance
Digital/Visual Materials
The Program welcomes nominees to submit digital and visual images with their Case Study. We are currently only accepting .gif, .jpg and .xls files that are 1MB or smaller. The submission of these materials is not required; however, please note that a maximum of three files will be accepted per nominee. These files will be added to the end of your Case Study and will be labeled as "Appendix 1", "Appendix 2" or "Appendix 3." Finally, feel free to reference these images in the text of your Case Study by specifically referring to them as "Appendix 1", "Appendix 2" or "Appendix 3."

Currently Uploaded Appendices:
No appendices currently uploaded.