Best Practice: Locking out intruders

The Internet Services Unit (ISU) at King Abdulaziz City for Science and Technology (KACST) is chartered to promote internet-based services for national academic sectors

Tags: BahrainBest practiceBlue Coat Systems IncorporatedKuwaitOmanQatarUnited Arab Emirates
  • E-Mail
Best Practice: Locking out intruders
More pics ›
By  Andrew Seymour Published  September 22, 2010

The Internet Services Unit (ISU) at King Abdulaziz City for Science and Technology (KACST) is chartered to promote internet-based services for national academic sectors. So when the organisation looked at what it needed to do to support its increasing client base, it put web security and productivity at the top of its agenda.

The network infrastructure for your average university is one of the harshest environments to manage.

Think about it – while a normal administrator might have to deal with 200 or 300 users, a run-of-the-mill university will be looking at a nightmarish scenario of several thousand users logging in and out each and every day; not to mention, hundreds of guests workers with their Wi-Fi connections as well. In a region where bandwidth isn’t cheap, this situation demands the utmost efficiency in managing data usage, while simultaneously ensuring that malware and other web-based threats are kept at bay.  Faced with such a challenge a decade ago, Saudi Arabia’s King Abdulaziz City for Science and Technology (KACST) decided to opt for Blue Coat’s range of web appliances and has recently completed an upgrade which has brought IPv6 functionality into the mix.

The recent explosion of Web 2.0 content and a growing number of daily users required a new solution that was flexible, scalable and could provide on-demand security intelligence about unknown or unrated internet content.

As Hesham Bin-Abbas, director of the Internet Services Unit at KACST explains, the university had very specific requirements when it first implemented the devices: “We needed to have both proxy filtering and caching for the website, but we specifically needed it as a hardware appliance, not as a software product. We always monitored the traffic and took care for the future, but the demand kept increasing. So we responded by upgrading the entire system, and we haven’t had any problem since,” he continues.

Abbas has been with the university for the past 16 years, and when Blue Coat first entered the picture, he remembers why its products stood out from the crowd.

“We chose it based on a range of technical evaluations. We had some demos performed and several evaluation criteria. After trying a range of different solutions, we decided that Blue Coat was the best. With the new upgrade, we didn’t look at any one else — we went straight to Blue Coat because we already had their boxes in our branches,” he recalls.

With the latest round of upgrades, Abbas says that the existing SG8000 devices were unable to keep with the rapidly scaling needs of the university. Accordingly, they upgraded 15 boxes in two locations in Saudi Arabia — Riyadh and Jeddah — to the new ProxySG and ProxyAV devices. After the new devices were received by the university, they took one month to implement with no issues to report.

While the ProxyAV devices are tasked with filtering out spam, malware and viruses, the ProxySG boxes are tasked with a more difficult role — acting as a guardian to prevent viewing of undesirable web addresses, while simultaneously speeding up internet access through intelligent caching.

With the new appliances, ISU can implement flexible policy control over content, users, applications and protocols to protect its users from malicious content.

Interestingly, it also supports IPv6 — something which Abbas notes was no accident. In the anticipated transition from IPv4 to IPv6, ISU saw an opportunity to deliver new value-added services and needed to ensure that its network could capably support both IPv4 and IPv6 users and applications.

“It’s not the main driver but one of the requirements. We need to have our machines supporting IPv6 because we migrated two years ago from IPv4. So we needed boxes that supported everything through to IPv6,” explains Bin-Abbas.

The upgrades have already begun having significant effect at KACST. The ISU has successfully recorded a 50% improvement in the speed of filtering out malware, while the new proxy appliances have enabled a doubling in existing bandwidth. Abbas also reports an impressive 35% drop in CPU utilisation, coupled with a 50% smaller memory footprint.

And with the advanced caching and compression technologies in the ProxySG appliances, web content now loads on average three times faster, improving the user experience for all ISU customers.

For the future, Abbas plans to look at ways of combining the Blue Coat appliances with its newly-installed load-balancing system from Foundry Networks.

“We are a non-profit organisation but consider ourselves as part of this achievement because this is a new technology or solution. Many will benefit from this combination of Blue Coat with Foundry products together,” he concludes.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code