Project Background

As the administrative department for education system informatization development for the entire district, the Longgang District Education Bureau Information Center is responsible for overall planning, development management, technology expansion, media production, resource development, theoretical research, subject experiment, information technology curriculum development, teacher training, etc. It is also in charge of operation, management, monitoring and maintenance of educational MAN for the entire district. Along with Big Data, cloud computing and other advanced technology development, especially the development of an education cloud for Shenzhen, the Information Center has gradually become the regional network management service center, education information resource center, education technology and equipment center, and application extension center for new media and new technology. The development of an educational MAN and education cloud was mainly for teaching applications and to provide students easy access to online study materials.

Based on the relevant requirements of Order 82 of Ministry of Public Security, network operators and important national public basic information system institutes should maintain audit records for internal network information, and the public security network supervision department is responsible for monitoring the same.

To achieve the above goals, Longgang District Education Bureau issued an open tender for procuring a set of network security audit systems to be deployed for the educational MAN’s exit point, to supervise and manage online behavior at schools at all levels under Longgang District.

Requirement Analysis

By developing a network security audit system, Longang education district wanted to achieve the following functions:

1. Network and information system should meet relevant requirements of Order 82 of the Ministry of Public Security.

2. Upload of audit log to the municipal education bureau’s audit platform.

3. Maintain existing network devices and network status, and maintain the users’ network usage mode

4. Audit log should include HTTP, FTP, TELNET, SMTP, POP3, frequently used IM, frequently used audio and video protocol, frequently used network games, frequently used stock software, webmail, BBS, search keyword, and other behavior log as well as relevant information.

5. All log information should be automatically summarized to generate statistical reports, and be exported to Excel, Word, PDF and other formats.

Solution

Searchable and traceable online behavior was achieved to meet the requirement of real-name system internet authentication stipulated by the public security network supervision department, and to audit the network log based on Order 82. To ensure network traffic of schools and institutes at all levels under the district education bureau converges at the district information center, Surfilter deployed SURF-SA high performance online behavior audit system in the network exit point of the entire District Education Bureau Information Center’s network, and captured inbound and outbound internet access traffic for each school through mirror imaging.

To meet the audit system reliability requirement, Surfilter deployed one master and one backup device. In case of a malfunction in the master device, the backup device would immediately take over the load, ensuring system reliability.

Product Deployment/Network Topology

Effect/Feedback

This implementation plan was designed by Surfilter, combining relevant requirements of Longgang Education Bureau including behavior audit, content audit, behavior control, online user audit, statistical analysis reports, and other functions. It involved the implementation of a whole set of complete functional online behavior audit solution programs combined with relevant norms, to fully satisfy online behavior audit, legal risk aversion, student online behavior standards, and helped achieve the following:

1. Met the requirement of campus network information security supervision from the perspective of Shenzhen’s public security network supervision. The adopted audit device is a security audit product recommended by the Department of Public Security, and the earlier passive investigation was changed to active discovery. In case a network violation occurs, the information of the violation is reported to the municipal education bureau’s audit platform by the audit device in real-time, and the triggered alarm information is sent to the administrator.

2. Met the requirements of information security classified protection and relevant laws and regulations, (e.g. Order 82, Ministry of Public Security), enabling the school to use the network better and with more trust.

3. The person responsible for leaking confidential information could be easily tracked through sensitive information output warning, output document audit, output keyword audit and other functions.

4. Helped schools to avert legal disputes caused by inappropriate internet access and information release through real-time alarms and post-audit analysis.