CETPA DataBus Product Review: Total Traffic Control
Print
By Jonathan Foth, Network Systems Engineer, Bakersfield City School District
During seven years of employment with Bakersfield City School District (BCSD), my responsibilities have included district wide e-mail management, bandwidth management, server management and network security. Over the years, we have transitioned away from utilizing multiple products to manage our e-mail filtering, web filtering, bandwidth management and antivirus to a single product with a single point of management. The product we have transitioned to is Total Traffic Control v6 from Lightspeed Systems.
BCSD first started using Lightspeed with the sole goal of obtaining a clear understanding of the traffic passing in and out of our network. By installing the TTC server between our PIX firewall and the core of our network we were able to get a very detailed picture of exactly what was taking place inside our network. The detailed monitoring and reporting told us exactly when it was happening and who was doing it. At that time, we found a disturbing amount of P2P traffic as well as an unacceptable amount of other non-business related traffic. While there are several options to mitigating the unwanted traffic (including staff being reprimanded), the most logical approach for us was to simply limit or completely block the unwanted traffic. This approach allowed us to solve the problem without creating a lot of additional administrative work for our school staff. This filtering has been in place for several years now, and we still have not received a work order to fix Napster or one of its equivalents.
About the same time our district began prioritizing our network traffic, we were receiving a small amount of spam e-mail (approximately 20 percent). To combat this, we utilized a combination of Real-time Blacklist servers and Symantec Antivirus/Mail Filtering on our Exchange servers. Over the following year, the amount of spam the district received seemed to be increasing ten-fold. We found that our current e-mail filtering using RBL servers was no longer sufficient. Given the performance and great support we had received from Lightspeed Systems with our TTC for network management, we decided to give their spam filter a try. While the fine-tuning took a few weeks, the spam filter quickly began catching a much larger portion of the spam mail making its way into staff accounts. We have now been utilizing Lightspeed's spam filtering for over three years. Currently 91 percent of the e-mail traffic attempting to enter our e-mail servers is caught and categorized as spam by Lightspeed. We also tracked our overblocked mail and typically run at an average of between 0.1 percent and 0.2 percent overblocked. We have also noticed that since Lightspeed's spam filter provides virus scanning of incoming e mails that our exchange servers very rarely see any infected messages reaching their antivirus scanners.
As Lightspeed Systems has continued to update their product and add additional features over the past several years, we have had several programs come due for renewal. One such product was our Internet filtering agreement with WebSense. While we were very happy with the performance and filtering WebSense provided, we could not ignore the potential savings of switching to Lightspeed Systems internet filtering. We placed the Lightspeed server outside of the WebSense server on our network for one month to see what WebSense missed that Lightspeed would have caught. We then reversed this and put WebSense outside of Lightspeed's internet filter for one month to see what Lightspeed missed that WebSense would have caught. The result was that a negligible number of sites missed by one filter would be caught by the other. While WebSense did offer a few more features than the Lightspeed Systems content filter, our network administrators were sold on switching to Lightspeed due to the central point of management and the overall design of Lightspeed administrative console.
As the number of threats from spyware, malware and adware have continued to grow, our district decided to give Lightspeed's security agent a trial. The security agent virus and spyware signatures are loosely based on an open source database known as "clam." Our initial trial of the security agent went very well, so we have begun a district wide implementation of the security agent. While we still feel the need to utilize MS Antigen for our Exchange servers, we are now in the process of removing Sophos antivirus and utilizing the security agent on all NT kernel clients. We also utilize a free antivirus product on our left over 9x machines based on the same open source database know as Clam- Win. Our district now has approximately 3,000 nodes that are running the security agent for antivirus and malware removal, we continue to install more daily. Having the security agent installed on our clients has also given access to more accurate and granular reports on our TTC server. While we have only used this feature in a limited fashion, the security agent has also allowed us to force Internet filtering policies on desktops and laptops both inside and outside of our network.
To sum it up, our district is now utilizing Lightspeed Systems for our Internet filtering, traffic reporting and prioritization, client antivirus, malware removal, and spam filtering. We have enjoyed the central point of administration as well as the excellent support we have received from Lightspeed Systems' staff. We will continue to utilize their product and further integrate into our network infrastructure.