Information Technology Services (ITS)

Firewall upgrade successfully fast-tracked following security attacks

Published on: February 24, 2021

Collage of three images showing close up of firewall technology and hardware

Close-up images of the new next-generation firewalls hardware installed at the St. George campus.

Three cyber security attacks targeting the University of Toronto (U of T) — preceding the start of 2020 exams to boot — were the impetus to accelerate a next-generation firewall (NGFW) migration project that happened Dec. 10, 2020.

It all started on the morning of Dec. 9, when the Information Security (IS) team discovered that the tri-campus community had been hit by three distributed denial-of-service (DDoS) attacks.

What are DDoS attacks?

These malicious attempts, which disrupt and overwhelm IT services, have the ultimate goal of rendering them inoperable.

The U of T attacks intended to do just that; the sudden increase in traffic overwhelmed the existing legacy firewall that was in place at that time.

Firewall migration

Coincidentally, the Information Technology Services (ITS) department had already been planning for an imminent migration to a NGFW platform, scheduled for Jan. 6, 2021. However, due to the attacks — and through tremendous agility — the team successfully accelerated the migration to the next day (Dec. 10).

Purchased in February 2020, the new NGFWs are a more robust solution, explained Carl Chan, ITS’ senior security information and events monitoring administration, who was part of the migration team. In contrast to a traditional firewall, an NGFW can handle increased traffic and inspect it more closely at the application level.

“When faced with the DDoS attacks, we determined that accelerating the migration was our best option given the platform’s extensive capabilities to prevent and mitigate attacks,” said Chan. “This was especially appealing given that we were in the midst of final exams and the likelihood of new attacks were high.”

A successful approach

As a result of the IS and Enterprise Infrastructure Solutions (EIS) teams’ diligent planning and preparation, most of the infrastructure, supporting software and configuration were in place by the time the attacks occurred.

The December migration involved putting two of the new firewalls online at the St. George campus, with the technicians going between two buildings to work on wiring and configuration changes.

IT@UofT values and strategy

Collaboration played a large role in this project, said Ahmet Tas, senior systems administrator within Information and Instructional Technology Service (I&ITS) at U of T Mississauga (UTM).

“Jesse Stamplecoski [UTM datacentre operations manager] and I attended a couple planning/implementation phase meetings with Carl Chan before the migration date to share our experience and knowledge about some device configuration steps,” said Tas, who worked on a similar migration at UTM three years prior. “We understood expectations and goals as a team to perform and achieve the goal. And we shared our knowledge clearly to learn from each other.”

Improved security for future

What will the NGFWs mean for the future at U of T? The new firewalls can expand up to 250 Gigabits per second (Gbps), which U of T security experts estimate may be required for the future. Also, the newly implemented network architecture will allow the University to better manage known “good traffic” through the gateway so as to reduce the burden on the firewall systems, explained Doug Carson, senior manager, enterprise networking.

“To use a highway analogy: traditional firewalls are simple roadblocks, blocking specific roads,” said Chan. “An NGFW, on the other hand, can look inside each individual vehicle and allow only ones carrying specific passengers to specific destinations and block them from others. This allows us to provide more context in the identification and blocking of unauthorized traffic much more accurately, while ensuring that legitimate traffic is allowed through.”

Deyves Fonseca, Associate Director, Information Security Operations, further adds: “NGFW is one of the technology tenets of the ‘Zero Trust Architecture,’ in which ‘trust’ is always earned and the foundation for the U of T security strategy.”

In addition, this upgrade enhances the University’s network capacity, leading to improved high-speed internet connectivity.

Image description:

Key dates

Next generation firewall migration – project timeline

  • Feb. 2020 – Information Security team purchase new next generation firewalls (NGFW) system.
  • March 2020 – Configuration and architecture planning occurs. Installation of the network infrastructure required for the cutover.
  • Fall 2020 – Information Security team propose upgrade architecture and begin testing.
  • Dec. 9, 2020 – DDoS attacks occur at U of T, legacy firewall is compromised. The installation and configuration of two NGFW begins.
  • Dec. 10, 2020 – Migration of NGFWs is successfully completed (four weeks ahead of schedule).
  • Jan. 6, 2021 – Originally scheduled date fore NGFW migration.