Worthing Borough Council overhauls connectivity and firewall infrastructure

(21/10/2008)

Worthing Borough Council is strengthening business continuity and security related to online public services as part of an overhaul of its connectivity and firewall infrastructure.

The council has brought in CI-Net, in a three year contract to cover installation and ongoing management including dual, load-balanced clustered internet connections which automatically failover in the event of disaster, and a centralised jointly managed firewall with round-the-clock intrusion monitoring. A new Virtual Private Network (VPN) is supporting secure remote working for an increasing number of employees.

“In the last few years we’ve seen a sharp rise in the number of council services delivered via the web – from council tax and housing benefit to a variety of leisure offerings. And many of our staff are heavily reliant on Internet and email. So it’s essential to have a resilient and secure environment to keep public services online and employees productive. Because we’re handling people’s personal and financial information, security is paramount,” said Mark Gawley, ICT services manager.

The CI-Net service is built around a StoneGate firewall which is being configured to load balance and failover between a primary 10 MB/s Ethernet line that is already live and a secondary 2 MB/sec connection being implemented in the next few months.

“Two separate connections from different service providers means public services and staff productivity won’t be affected if one of them is hit by a problem. And the firewall lets us control Quality of Service for specific traffic types, so we could decide to give a bigger priority to email or web traffic for example,” explained Gawley.

CI-Net will provide regular reports on traffic crossing the network border and 24 hour monitoring to identify any unusual activity trying to infiltrate the network through web servers, web services or by breaking firewall rules.

“A jointly managed service with experts tracking our borders 24-7 is vital. We know we can pick up the phone to a CI-Net specialist if we need someone to change firewall rules or the VPN’s remote access policies at short notice. This might be because it’s outside normal hours in an emergency or simply because we don’t have the manpower or specialist expertise to do something,” explained Gawley.

Previously Worthing’s connectivity infrastructure had grown organically over a period of years into a complex environment. “We had around ten separate internet links and a variety of firewalls and web servers relating to different council business units,” said Gawley.

“We needed to simplify and centralise things in order to manage security more effectively and benefit from economies of scale. We saw a number of suppliers but CI-Net came up with the most straightforward cost effective solution, which is flexible enough to expand as our needs change."

During implementation, CI-Net kept the older connections and firewalls running in parallel while various council services and systems were transferred to the new infrastructure. The aim was to avoid disruption during the transition.

“They had to be very reactive during the changeover as the complex nature of our old environment meant we didn’t know how different systems would be affected as things were moved across,” explained Gawley.

Also part of the CI-Net offering is a Secure Sockets Layer (SSL) VPN which is providing remote access to around 70 employees, including 37 local councillors. For additional security, all authorised staff are provided with VASCO two-factor authentication tokens. These generate unique security codes that must be used in order to log in to the network.

The VPN, which is built around an AEP Netilla Security Platform (NSP), has been configured to work with Windows Terminal Server to give staff web based access to desktop applications and the council intranet. It integrates with Windows active directory and CI-Net has configured it to do an automatic end-point scan of all remote devices to ensure they have up to date Anti-Virus protection before accessing council resources.

“Having enhanced our border security with the help of CI-Net we’re well placed in terms of our future commitments to government computing. We wouldn’t have to do too much work in order to come in line with the stringent security protocols required by Government Connect the trusted UK network for local authorities,” concluded Gawley.

Related topics:  Authentication and identity management   Data management and data security   Firewall   Network Security   VPN 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources