"The whole working principle of the academic world is based on a free exchange of knowledge and experience. It's no coincidence that it was universities that first developed the Internet as a working tool," says Marta Petrides, IT coordinator at the University of Gothenburg. "Practically all the information is made up of public documentation, and our specific situation also means that we have different IT security requirements to ordinary companies and organisations. It's not so much about preventing access to information, as preventing unauthorised users from adding, altering and publishing information. We have no firewall, so authentication – i.e. checking the login identity – is one of our most important security issues."
Since the majority of information is public, the University of Gothenburg didn't feel that there was a need to install firewalls to secure their network. The University's security policy comprised of user password protection for allowing access to specific applications. Thus, the user had to keep track of multiple user-ID and passwords for each application they had access to.
There are 2,000 administrative users spread throughout 180 institutions, and a total of 38,000 students, making management administratively difficult. In addition, there have been several attacks on the University network by hackers. So far, without loss of sensitive data.
In 1997, the University of Gothenburg installed the AppGate security product to protect all administrative applications as part of its security solution. By using a fine-grained authentication process, this allows only authorised users to access an application. The user will then have the right to edit or publish the data as needed in order to perform their job.
The access rights are based on who the user is, where the user is connected, the time of day and the time of the week. These rules prevent hackers from adding, editing and/or publishing any internal data. By controlling the users' access rights, the University can administer the flow of incoming and outgoing traffic to applications. The new security policy also includes task-oriented access to applications, meaning that the user is only able to view or access applications that are necessary to perform their work.
The University's client operating systems vary from Mac, PC, UNIX, Linux and the application servers include NT, HP-UX, Solaris and a mainframe with MVS. Most client operating systems are supported by the system in a heterogeneous desktop environment, the University of Gothenburg found the implementation to be trouble-free.
“Academic information is a dynamic phenomenon and it’s not always easy to determine what’s internal information.”
The University's software comprises of in-house developed applications, as well as standard applications, so no modifications to the application servers were required. This avoids time-consuming work when upgrading or modifying existing applications and provides an immediate increased security level regardless of operating system environments.
Since all traffic from the users desktop to the AppGate server is now secured with encryption, by using long encryption keys, it is impossible to eavesdrop the data on the open network. The system also allows users to have the same user-ID and password on all applications. Not only has this resulted in an increase in security, employees have also become more efficient because they no longer have to keep track of multiple passwords.
"Academic information is a dynamic phenomenon, and it's not always easy to determine what's internal and what's public information. We have so many different kinds of employment contracts and project agreements that it's absolutely essential that we set different clearance levels. In many cases we need to restrict access depending on who the user is," says Marta Petrides. "AppGate has greatly increased our opportunities in this area."
Besides ease of maintenance and administration, other benefits of the AppGate system include its high performance and scalability. The University of Gothenburg will be able to expand its number of users, allowing several thousands simultaneously, without affecting performance. In addition, the servers can be clustered to achieve the redundancy necessary to maintain constant operation. These benefits contribute to an overall smooth security solution.
Marta Petrides believes that this solution will be a useful tool in the future for making the university's administrative systems more service-based, rather than the current system-based structure.
"The best aspect of AppGate is that it works on several different platforms, which brings us closer to a service-based solution". Although they may work in different ways, other universities and colleges have shown great interest in the pioneer solution at the University of Gothenburg.
Source
SMT
