Thapar University Punjab, India
Cyberoam UTM: Best Internet Security Solution for a
About Thapar University, Education
Thapar University (TU) was established in 1956 with the goal of providing
undergraduate, postgraduate and doctoral education and guidance in Engineering
and Technology, close interaction with industry, and strong emphasis on research.
The Thapar University is today recognized among the leading privately managed
grant-in-aid engineering institutions of the country.
“Cyberoam’s gateway AV and
AS are its most relevant
features.We even tried to switch
off the AV and AS modules to
check their effectiveness. In
their absence the unwanted
traffic increased to almost 90 to
Dr. Seema Bawa
“We had already tinkered around with self built firewalls, for some time. However, we
soon realized that our needs were much larger,” said Dr. Seema Bawa, Head-CSED,
Explaining the need for a secure gateway and Internet control in a technological
institute, Dr. Maninder Singh, Assistant Professor and Network Manager, CSED, TU
said, “We needed a security solution and a control mechanism to regulate the Internet
usage. Firewall, web filtering, anti-spam and anti-virus solutions were our top priority.
Over and above this, we wanted a robust control solution that was identity based and
hence could identify the individual users, not just the IP addresses.”
With high-grade resources offered to students and faculty, optimum utilization of
these resources, including productive use of Internet bandwidth at all times was
critical to supporting the high educational standards set by the university,
Expressing reservation against multiple solutions deployment, Dr. Singh said,“Multiple solutions do not always translate into higher levels of security and better
controls. More often than not, multiple solutions involve huge capital and operating
expenses. Easy configuration and maintenance were our priority,” he added. One
thing more, we already have an existing network of more than 2200 live nodes. We
wanted a solution that can blend into our existing network seamlessly and work
transparently.We cannot afford to have an alternative focus of managing it.”
The Cyberoam Solution
After scouting the market for a viable solution, TU zeroed in on Cyberoam in 2003.“We purchased a software-based Cyberoam UTM in 2003. Today, we have a
Cyberoam 500iUTMappliance deployed in Gateway mode,” said Dr. Bawa.
“Cyberoam’s user-friendliness was proven quite effectively when it blended
seamlessly into the existing network,” said Dr. Singh.
At any point in time,TU has almost three thousand (3000) students. Creation of users
in Cyberoam required the simple task of importing a CSV file. Cyberoam it self
shouldered the responsibility of authentication through automated Single Sign-On.
So the administrators were saved from providing a separate authentication server.
Dr. Singh was also able to form the users into groups and assign access controls to
the groups. Cyberoam’s identity-based nature, drilled down to reveal the individual
user’s identity “Cyberoam’s identity-based reporting not only revealed the facebehind an IP address, but also promoted responsible end-user behavior. It helps us
track and isolate errant individuals from such a vast pool of Internet users.” Dr. Singh
He could now selectively provide need-based Internet access and download rights to
users. He was even able to specify the amount and types of downloads that a
particular group of users was allowed at a particular point of time. Cyclic access
feature of Cyberoam ensured that a few individuals would not corner the Internet
bandwidth. “Undergraduate students are allowed to access the Internet from 8AM to
12 noon. This is because we want the students to rest and sleep before they come to
class next morning,”Dr. Singh said in a lighter vein.
Creating user identity-based policies also helped him apply customized policies for
application controls. Dr. Singh, now has complete control over all the applications
running in TU’s network. Cyberoam’s web filtering solution prevented students from
visiting malicious sites and downloading and installing malware on local terminals.
Identity based multiple IDP policies ensured that no security loopholes were left
“In addition, with a firewall rule in place, TU’s VoIP traffic stays controlled too,” said Dr.
Dr Bawa and Dr. Singh were of the opinion that, “Cyberoam’s gateway anti-virus and
anti-spam are its most relevant features.” To ascertain the effectivity of the gateway
AV & AS modules, Dr. Singh shut them down and monitored the traffic. They found
that the noise on the network reached an unmanageable crescendo. However, when
the modules were redeployed, the viruses disappeared and 90 percent of spam mails
In addition, Cyberoam’s Multi-Link Manager load balances TU’s two ISP links with a 6
: 4 ratio in traffic distribution. Cyberoam’s gateway failover automatically switches the
traffic to the working link automatically in case of link failure.
Cyberoam’s bandwidth management module allows Dr. Singh to assign a specific
amount of bandwidth to a group of users, leading to optimal usage of the total
available bandwidth. “We have grouped the students according to their undergraduate
and post-graduate status. Faculty, deans and directors have their individual
groups. While undergraduate students have a fixed amount of bandwidth, postgraduate
and research students have a greater amount of bandwidth allocated to
them. Certain users are allowed to access the Internet through a specific gateway,
controlling bandwidth usage further.”