Helderberg College, Cape Town,
Cyberoam Provides Cast-Iron Network Security to Helderberg
About Helderberg College, Education
Helderberg College is a private higher education institution situated in Somerset West,
South Africa. It was established in 1893 - the first Seventh-day Adventist College
established outside of North America under the name "Union College".
There are more than 60 buildings on campus including the church, administration and
lecture buildings, library, auditorium, gymnasium and cafeteria, student centre, threestorey student residences, married students' flats, staff flats and homes, and separate
church-operated primary and high schools.
The growth of the College is probably best reflected in the number of graduates which
has increased from 8 in 1929 to an average of 40-60 a year.
The network covered sensitive
information which was under
constant threat from spyware and
DoS attacks. So they needed a
strong Firewall and IPS solution.
Mr. Lyndon Bender
According to Mr. Lyndon Bender, IT Director at Helderberg College, the institute was
facing the following security and connectivity challenges related to its business
Firewall and IPS
The Helderberg‘s network basically comprised of web and mail servers with no focused
doorway security sketch. The outside of the DMZ is under constant attack. The inside
is limited to the traffic that is routed to it. As an educational organization, Helderberg
strives to facilitate the open exchange of information. Students, instructors, and
librarians all need access to the Internet. Students rely on access to the web for vital
course information and research purposes.
However, at the same time, Helderberg has a responsibility to protect users from
network threats, and keep the network up and running. A top security priority was to
establish a private network to keep confidential information safe from unauthorized
users, hackers, and other threats. The college, therefore, needed a gateway firewall to
regulate user authentication and access control.
Also, the sensitive servers were under constant threat from spyware, DoS attacks,
fragmented and malformed packets, blended threats and more. Therefore, they
needed a strong IPS solution which would be capable in retorting these threats.
Malignant Malware Attacks
For Helderberg College, a virus attack in the network would translate into a bunch of
unwelcome problems - corrupt files, information theft, network anomalies, huge
downtime and more. This would result into network crash. Helderberg was looking for a
better option to combat blended threats lurking in the Internet.
Keep an eye on Website Access
The college wanted to monitor and restrict its users from accessing unproductive sites
such as Music, Video, Social networking & Streaming media. Phishing, Pharming and
nasty Websites also needed to be plugged away. Content filtering was needed to
protect the users from accessing futile or deceitful websites. In case of blended threats,
Mr. Bender was looking for a solution that could block all illicit download over the
The Cyberoam Solution
Helderberg looked into a number of security products including Sonicwall and Astaro
in order to address their business challenges, but they have limitations with Data
Transfer Quota. The search was on for an appliance which would take care of their all
above requirements. After going through a trial demo of Cyberoam by Xepa, they felt
that Cyberoam was the apparent choice. The college then deployed One (1) CR 200ia
and One (1) Cr35ia at their headoffice in Gateway mode.
The business benefits were as follows:
- Access and Application Control
Cyberoam‘s Dual certified firewall - Checkmark and ICSA, provides access control
over all the Internet traffic. Stateful inspection firewall and Intrusion Prevention solution
guard the LAN and the DMZ network from unauthorized access and intrusion
All applications that tried to access Internet were logged and any un-productive
application was blocked. If required, Mr. Bender can create custom signatures for
custom applications. This gave him an unparallel control over all the network activities
happening in the college.
- Gateway level Antivirus
Cyberoam‘s gateway anti virus pickets all the web and mail traffic - SMTP, IMAP,
POP3, HTTP, HTTPS and FTP-o-HTTP protocols and makes sure that no malware or
spyware creeps through the boundary and the network is fully safe and sound against
malware including root-kits, viruses, worms, Trojans, spyware, backdoors, key-loggers
Each and every file going through gateway is scanned against antivirus engine that is
powered by more than 4 million signatures.
- Browsing Check Accomplished
Cyberoam UTM‘s web content filtering feature controls Internet access in the entire
college network by blocking inappropriate and unsafe Web content, including phishing
and other malware-laden sites. This is done through a constantly updated database of
millions of sites divided into 82+ categories including pornography, P2P, entertainment
and job search. Moreover, Cyberoam‘s identity-based filtering allows sets individual
user Internet access policy, surfing quota, time limits and bandwidth restrictions.
By customizing students‘ identity-based policies, the administrator provides selective
Internet access and surfing rights based on the staff and students working needs. “I
can now prioritize the college‘s bandwidth usage as per academic requirements with
more effective controls on which user consumes how much bandwidth (upload and
download limits) during any time of the day”, said. Mr. Bender. This helped the college
in controlling the student‘s behavior on the Internet.
Mr. Bender said, “The reporting capabilities are an essential component of the
Cyberoam appliance. We consult the activity logs and reports on a weekly basis to
ensure that the students and staff are using the Internet appropriately and have the
information on hand when dealing with students who abuse our Internet Usage