SECURE -SCHOOLSafe contact with the Internet

Fortigate – network security at every school

ESKOM is a company created and formed by ex-ceptional people who consistently strive to achie-ve set objectives. The company offers IT services (IT outsourcing) and implements dedicated IT infrastructure and security solutions. It has built its position on the IT market already since 2003. ESKOM has installed next generation firewall de-

v i c e s Fortigate 100D, set up in the framework of the project related to the

modernization of the internal network and

Internet connec-tions at educatio-

nal institutions in the district of Ursus in Warsaw. Mo-dern security

systems have been fo-unded by the Ursus Muni-

cipality Office for the bene-fit of the infrastructure at: Warsaw

Heroes’ Primary School no. 14, School Complex no. 80 with Inclusive Education Sections in War-saw, 1st Kosciuszko Infantry Division’s Prima-ry School no. 11 and School Complex no. 42.

Challenge: security tailored to insti-tutional needs

„While analyzing the needs of both schools, we found out that we needed to use devices that wo-uld handle the increased traffic and ensure gre-ater control over the content viewed by students browsing the Internet. The so far applied Open Source solutions worked properly, however they provided only basic control over the traffic,” says Pawel Niemiro, network administrator at School Complex no. 80 and Primary School no. 14. In many schools such devices support only the most basic blocking functionalities, which are most often limited to the selection of specific web pages. Another need of modern schools is to ad-just to the increasing number of devices capable of connecting to the Internet and the increasing transfer speed.

Every school’s network administrator faces the challenge of providing students and school per-sonnel with Internet security. With a very large number of users it is virtually impossible to manu-ally set the blocked sites and contents. Therefore, it has become necessary to implement a tool which

can choose filtered content automatically, and on the other hand, provide intuitive and easy han-dling and administration. “ESKOM is always keen to provide its customers with perfect solutions suited to current and future needs. The require-ments of the implementation project deployed at schools in the district of Ursus were strictly specified by the representatives of the Municipa-lity Office and the Schools. Our goal was to pro-pose a technology adjusted to the nature of the functioning of educational establishments – a technology which is flexible and easy to use,” explains Piotr Zakrzewski, Key Ac-count Manager at ESKOM.

Grzegorz Szmigiel from Veracomp, a distributor of Fortinet solutions, on the nature of network threats: “Most current attacks are aimed at re-aching workstations of users who are comple-tely unaware of the danger. A workstation is a rich source of information and constitutes an excellent intermediate stage in getting to other systems in the establishment it is operated. It is a potentially trusted part of the network and often has a privileged access to internal servers, where confidential and sensitive information is stored. Compromising a workstation represents a serious threat to the entire infrastructure.”

Solution: reliable security

ESKOM has proposed to install Fortinet – For-tigate model 100D devices at schools from the district of Ursus. It is a security platform equip-ped with firewall functionalities, VPN, anti-virus, IPS (protection against attacks), web content fil-tering, protection against spam, DLP (protection against leakage of confidential information). Mo-reover, the administrator can apply tools to con-trol applications and optimize bandwidth, and

make use a wireless network controller and additional options for au-thentication enhancement. “At schools, the biggest em-phasis is put on undesirable content filtering and safety of internal network devices. Fortigate device features a vast number of filters of dif-

ferent types: from a website content filter (by ad-dresses and key words), DNS, Internet applications (browser-based and desktop) to IPS/IDS filters. Filtering of pornographic websites and websites containing harmful software has been easily im-plemented. Moreover, Fortigate contains a very accurate traffic monitoring module. It not only al-lows me to monitor the effectiveness of rules but also quickly diagnose problems in the network.Picking out traffic of a specific client within a period of, let’s say – the last hour, is a matter of just a few clicks. Besides, a very useful functiona-lity is the ability to automatically generate PDF

reports – as they allow for seamless preparation of filtering statistics,” notes Paweł Niemiro. “For-tigate is a platform that integrates a number of safeguarding mechanisms,” says Grzegorz Szmi-giel, adding that: “Everything is realized through a number of cooperating safeguarding functions: stateful firewall, IPS (protection against attacks), application control, anti-virus protection, www control, anti-spam protection, DLP (protection of confidential information), analysis of encrypted network traffic SSL/SSH.”

Fortigate is a device used primarily for ensuring the best safety of Internet users at schools. Howe-ver, it also comprises many other functionalities that optimize and facilitate network management in an organization. For example, Fortigate is capa-ble of indicating the maximum time of browsing private websites by devices connected to the ne-twork. “The 100D model also allows to allocate a certain amount of bandwidth for services which, from the didactic point of view, are not indica-ted as key and give them low priority. In addition, with WAN optimization functions, I can reduce the amount of downloaded data even by a half,” says Jacek Kowal, network administrator at Primary School no. 11 in Warsaw.

Choosing the right technology is only the first step in network modernization. It is also important to perform effective configuration and installation. ESKOM meets these requirements. “Our team consists of highly qualified specialists who, first

of all, are capable of installing and configuring the device in a very short time and, secondly, can monitor the status and immediately respond to all possible risks,” explains Piotr Zakrzewski. A very important function of Fortigate solution is the function of notifying about undesirable Internet traffic within school premises, which Pawel Nie-miro describes as follows: “E-mail alerts are of greatest help in my everyday work. They provide me with information about what is happening at my schools, so I can quickly respond to dangerous situations. In near real rime I get to know about blocked encrypted attachments (likely ransomwa-re), failed attempts to bypass the firewall by users running TOR anonymous network or entering inap-propriate websites by pupils during an evening movie marathon.”

In addition, Fortiga-te 100D is the per-fect tool to easily create subnets at schools. Ja-cek Kowal says: “Fortigate allo-wed me to sec-tion off several network segments at our school. We have created separate networks for teachers’ workstations, com-puter rooms and WiFi

networks. Authentication mechanisms and the Captive Portal, which the device is equipped with, allowed the creation of separate networks for te-achers, students and guests. Another advantage is a module that collects information about the traffic in school’s network, which allows to quic-kly identify the so-called higher-risk user.”

ESKOM performed the installation of Fortigate devices very swiftly. “Guys from ESKOM mounted the devices within one day. The created infrastruc-ture is really top quality and school administra-tors can count on 24/7 support,” says Jacek Kowal.

Benefits: full control and security

Schools in the district of Ursus have noted real advantages from the administrative and didac-tic point of view. Pawel Niemiro says: “Fortigate was a good purchase for my schools. It gives me, as the administrator, more control over what is happening in my networks. Frequent updates of virus definitions is also of great advantage. There have already been several cases, when the devi-ce safeguarded me against serious problems such as ransomware, or the dangers associated with malicious scripts on web pages. Taking into acco-unt the above, Fortigate also ensures the school Director that the applied security solutions are re-liable and proves itself as an alert for subsequent pedagogical actions. We have noted a significant decrease in network abuses, when the students realized that the Director has detailed knowled-

ge about the Internet traffic at school.” Fortigate is distinguished by its intuitive usability, softwa-re tailored to administrator’s needs, central re-porting and, primarily, comprehensive network safeguarding solutions. Fortigate 100D is a fully integrated security center, which elevates school network functioning to the highest level.

ESKOM has provided the district of Ursus with access to state-of-the-art devices for network se-curity. ESKOM specialists instantly installed and configured the equipment, provided the necessa-ry knowledge to local personnel and are available around the clock to overcome any risk of failure or disruption of the network. ESKOM stands for the highest quality, professionalism and security assurance.

Solution supplier:

tel.: +48 22 100 55 80 | fax: +48 22 100 55 81 © Copyright ESKOM 2016 | eskom@eskom.eu | www.eskom.eu

The road from challenge to solution.