School Security | News

Bloomington District Attacks Back with Plixer

• By Dian Schaffhauser
• 10/01/10

Bloomington Public Schools, District 87, has gone public with its February 2009 implementation of a set of network tools it's using to keep its network secure. The Illinois district deployed Plixer International's Scrutinizer NetFlow and sFlow Analyzer software to monitor its network traffic.

The tools are used for a number of monitoring activities at the 9,000 student district: to provide overall metrics for bandwidth use on its Cisco network, to identify traffic anomalies and Web usage not allowed by the school, and also to increase bandwidth for permitted sites.

But shortly after the installation, the software saved the day. A user contacted the IT department to complain about problems with a PC. The user's Web browser wasn't responding, and unrequested pop-ups were taking over the machine. A technician confirmed the computer was infected with the AV2009 virus, which hadn't been caught by the anti-virus software being used on the system. The virus was reaching out to botnet sites and sending e-mail to propagate itself. In a short time, the virus had infected more than 100 machines on the network.

Systems Administrator Jason Radford suggested trying out IT's new Scrutinizer NetFlow monitoring software. From a central console, the IT team created filters in Scrutinizer for SMTP and specific subnets trying to hit known botnet sites. In less than an hour, they isolated every infected machine and dispatched IT people to clean them up.

"Before enabling NetFlow and Scrutinizer, we had very little visibility," Radford said in a statement. "There is no question that it would have taken a lot longer to catch every infected computer without Scrutinizer."