The Federico II University of Naples, founded in 1224, is the oldest public university in the world and the third largest in Italy by number of students. It currently has more than 30 offices spread between the metropolitan city of Naples and the other provinces of Campania. In this context, its thematic network is managed, which consists of five main nodes connected via the dark fiber (Iru): Monte Sant’Angelo (MSA), Centro Storico (Cs), Engineering (Ing), Policlinico (Poli) and finally Polo San Giovanni and Teduccio (Sgat). The university is also a founding member of the Garr (Group for the Harmonization of Research Networks) community and as such is part of a national research network that guarantees connected structures and users top connectivity service for available bandwidth. the quality of the service portfolio and for the effective support of research and training activities throughout the state.
The challenges to which Federico II University had to respond were therefore basically two: the lack of visibility that led to the inability to adequately protect the network and the considerable complexity of the infrastructure, specifically with regard to what was installed. “Fortinet was chosen after examining various solutions proposed by competing brands based on the wide range of features available as well as the convenience of the displayed offering.
The relationship of trust created with the contact person who followed the operation and subsequent implementation was also very important,” says Carmine Piccolo, Head of the Federica II University Network.
After an initial phase of analysis and planning, in which the main weaknesses and sufferings of the “legacy” architecture were highlighted, it was decided to move from the Routed model to the Spine-Leaf model, and at each “leaf’ nodes, a pair of firewalls suitable for managing the traffic generated a specific node. This transition from the older routed topology to Spine-Leaf resulted in a multiple of the network speed.
Another challenge in creating this architecture was to rationalize and analyze and, where possible, filter the huge amount of internet/intranet traffic generated. Using FortiAnalyzer, a solution that automatically collects, stores and analyzes logs from all Fortinet security devices, it was possible to gain an overview of the security posture of the entire university and its users.
Once the information was collected, it became natural to manage the process of any security incident detected in the log thanks to FortiSiem, Fortinet’s security information and event management system, which offers options from automated sources to the use of state-of-the-art behavioral analytics for rapid detection. and respond to threats. Last but not least, thanks to FortiMail, it was possible to increase the level of antispam offered by the manufacturer of postal services. The result achieved in terms of the volume of spam emails processed increased drastically, as did the false positive and false negative rates.
The implementation of the Fortinet solution led to an improvement in the overall stability and security of the network. The main benefits gained relate in particular to the controllability of the entire structure and the possibility of applying security, filtering and protection controls at the point closest to traffic generation.
This option also optimizes the bandwidth load of the entire network and distributes the work necessary to control the traffic generated by thousands of users visiting different campuses daily. The project started within the hospital was subsequently expanded to different campuses and soon all 5 points of presence (Pop) will be equipped with the same Spine-Leaf configuration and the entire infrastructure will be homogenized. Going forward, the goal is to further streamline the network, implement two levels of security, and gain greater depth and accuracy in isolating cyber threats in the bud.