Tokiwa University Relies on Check Point for an Integrated Solution to Campus Network Security
What I like about VPN-1 Pro/FireWall-1 is from the start there was a consistent philosophy that has never changed. It has continued to be upgraded to respond to new threats, but the basic technology hasn’t changed. – Tomokazu Nemoto, System Engineer, Tokiwa University Media and Information Technology Center
Founded as a junior college in 1966, Tokiwa University is a private educational corporation in Japan that now encompasses the entire range of education from kindergarten to graduate school. In May 2005, the university unveiled its new Media and Information Technology Center to facilitate education and research across the campus, as well as offer more effective classes to students. For network security, Tokiwa University relies on Check Point Software Technologies and its VPN-1® Pro™/FireWall-1® and SmartDefense™ solutions.
Emphasizing the important role of the Media and Information Technology Center, Mr. Masanobu Abe, professor in the department of human sciences and director of the new center, says, “We see corporations investing in the development of leadingedge hardware and software, moving the broadband platform forward. But it seems to me that small- and midsize businesses aren’t taking a strategic approach to developing and using software or other content that makes the most of this advanced platform. One important role of the Media and Information Technology Center is to educate people in Web programming, computer graphics, digital image production, and other digital media information technologies, and then send them into the world to help these smaller companies.”
The center houses a full inventory of digital equipment, including computers, video production studios and equipment, and much more. Consolidated and centralized resources allow information to be shared among departments separated geographically but now connected electronically. This has fostered an environment that facilitates education and research.
In 1995, the university connected to the Internet through participation in SINET (Science Information Network). As the needs of the faculty and students quickly grew beyond Web browsing and email, branching into a variety of other applications, the university faced growing issues of network bandwidth and guaranteed availability. Stating the need to balance security with network expansion and guaranteed availability, Mr. Tomokazu Nemoto, system engineer of the Media and Information Technology Center says, “For us to respond to Internet usage needs, we must be able to expand the network while maintaining its ease of use. And we have to have an environment allowing free access to the Internet for students, which means we absolutely have to have strong security measures in place.”
In the year following its connection to SINET, the university implemented VPN-1/FireWall-1. This is the most popular perimeter firewall in the world because it uses INSPECT, the most adaptive and intelligent inspection technology, to provide both network- and application-layer protection.
When a wireless LAN environment was implemented, allowing faculty and students to use their mobile PCs on campus, the university had foresight that those PCs would have insufficient security measures and knew that the network would need protection not only from external threats but internal ones as well.
To resolve these issues, Tokiwa adopted Check Point’s InterSpect™ internal security gateway. InterSpect protects internal networks from personal mobile computers that may not be secure. It incorporates functions to prevent the proliferation of worms and other attacks inside a network, segment an internal network into protected security zones by department, and quarantine infected devices that propagate attacks or worms.
Tokiwa University also keeps ahead of evolving Internet security threats by subscribing to SmartDefense™ Services for real-time updates and security advisories for its Check Point security infrastructure.
When Tokiwa University chose FireWall-1 in 1996, two factors were important: The interface was easy to understand—greatly simplifying the deployment and ongoing management of multiple firewalls—and Firewall-1 was software-based, so the university could run it on its existing Unix servers.
Stable foundation for network security
“What I like about VPN-1/FireWall-1 is from the start, there was a consistent philosophy that never changed,” Mr. Nemoto says. “It has continued to be upgraded to respond to new threats, but the basic technology hasn’t changed. What I mean by basic philosophy is that the core of the system monitors and inspects the status of data packets and then applies rules whereby only data necessary for communications is allowed to pass through automatically. To prevent new threats, we implemented SmartDefense Services, which also follows this basic philosophy and is easy to use since it has the same interface.”
Behind the basic Check Point philosophy that Mr. Nemoto praises, the core INSPECT technology forms a foundation upon which a newer architecture in the form of Application Intelligence™ and SmartDefense has been built. From simple misuse of packets to large-scale attacks, this technology offers thorough protection for an organization’s network.
According to Mr. Nemoto, products from other companies claiming functionality similar to InterSpect seemed to emphasize treating security deficiencies on mobile PCs. “The concept behind InterSpect was more in line with our view that security for mobile PCs is the responsibility of the PC owner, while the network operator has to protect the internal network.” At present, the school restricts personal computer connections to the LAN inside specially segmented areas in the Media and Information Technology Center. However, the plan is to expand the number of areas where students and faculty can connect.