Council Rock District Boosts Network Visibility with Team of Monitoring Tools

• By Dian Schaffhauser
• 03/11/13

Council Rock School District has added several applications to help improve network security. The work began in response to a summer security audit focusing on district-owned end user environments used by students. That audit uncovered "69 things to remediate," according to Matthew Frederickson, director of information technology.

The district has about 11,700 students, 1,400 staff members, and 5,386 devices. With an IT staff of 10, said Frederickson, "I don't have a lot of time to spend doing the types of things the district should be doing on a regular basis to manage security." The audit, he noted, "was a real eye-opener for us. We knew when things broke, but we didn't have good visibility about what was going on on a daily basis."

The IT organization has added software from four companies--Ziften Technologies, Lancope, Infoblox, and Splunk--to gain better control over network activity.

Ziften's software provides detailed information about what's running on the desktop that's useful in two ways, Frederickson explained. First, when a user calls for support because the "computer's not working right," Ziften can pinpoint what part of the boot process is delayed or what application process is hanging. "So I know when users are having issues," he said. "It's such a great diagnostic tool that way."

Second, it provides software compliance by reporting "concrete" information about how many times a particular program is being used. "If I've got a thousand licenses of a software application installed at the elementary schools and only two people are using it over the year, maybe it's time to get rid of that software," he said. "This gives me concrete information. It's not just Matt saying users don't use it. Here's a report that says how many times it's been used."

Lancope's StealthWatch FlowSensor software does packet inspection to identify applications and protocols in use across the network. Said Frederickson, "It tells me where the users are going and how they're using the network."

The district has adopted the Trinzic DDI appliance from Infoblox, which provides several tools. NetMRI helps the district to manage its switches. "It's probably the single best investment I've ever made," the director said. "Every time I make a modification on a switch, it's saved." When something goes awry on the network, IT can view the history of configuration changes and figure out which one may have caused the problem. IP Address Management (IPAM) manages the district's server Internet protocol address information, so "I can get rid of my spreadsheets." Now, he pointed out, the problem of two people separately allocating the same IP address to two different devices is eliminated. It also tells IT what type of device is using a given IP address.

Frederickson has multiple environments set up for Splunk, which reads machine data. First, he's centralizing all the security and application log files from the district's domain controllers into a database. Then he uses a couple of free applications to collect snapshots from the network to get an overall picture of the network infrastructure. Second, he's using Splunk to collect information from his firewall and intrusion detection system to collect snapshots of those systems. Finally, he's using it to capture snapshots of the district's Microsoft Exchange environment for such purposes as capacity planning.

Currently, the Splunk activities are primarily being used to develop a baseline of network activities. Eventually, IT will be able to set up thresholds to be alerted when something happens on the network that requires staff attention.

Each product has its own way of setting up reporting and its own style of console, Frederickson said. Ultimately, he'd like to consolidate all of that information into one view with traffic light reporting. "I need to be able to look at a monitor," he explained. "If I see a yellow light, I know I need to ask some questions. If I see a red light, I need to stop what I'm doing and take action. If I see green, I'm a happy guy, and I can move on and do other things."