The customer occupies on management, maintenance and conservation of an important tunnel between Italy and a foreign nation.
The tunnel has a strategic importance for national viability and it has systems and infrastructures complexes and strategic. To these infrastructures are guaranteed security and continuity of the service, necessary to maintain highly security standard to tunnel users.
PERIMETER PROTECTION AD ACCESS ADJUSTMENT
In order to increase the security and defense of its enterprise perimeter, as well as enhancing VPN access adjustment, the customer requested the implementation of:
- Cluster firewall of second level to defense the perimeter
- Protection of server exposed to public towards Internetthrough IPS motor
- AV and DLP protection on perimeter
- Filter for application and web contents
- VPN access adjustment with two-factor authentication mechanism
- Use of LDAP and RADIUS protocol to manage users
- Implementation of dynamic rules on user base through the use of sign-on single’s technology
- Protection of e-mail service through Antispam filter
The project aim is the building of an IT security infrastructure able to protect the enterprise perimeter, its services and the essential underlying networks. Another aim is the adjustment of access via VPN thanks to strong-authentication mechanism, the adjustment of traffic flows from and towards Internet and the protection with IPS, AV, Antispam mechanisms of exposed services to public.
SOLUTION, BENEFITS AND CONNECT’S ADDED VALUE
The Connect’s added value was the use of competences in IT security area joined to team work in order to satisfy quality and minimize the malfunction requested by the client.
The general characteristics of solution are the following:
- Architecture with double level of security
- Use of IPS, AV, DLP, Antispam, APP technology and WF on perimeter
- Implementation of VPN with 2-factor Authentication
- VPN and SSO users management via LDAP
- Use of cluster technology for security
- Standard’s respect at security level
The adoption of a new infrastructure allowed to:
- Increase security level and system access
- Census users that enter in VPN and regulate the authentication though a temporary token
- Increase security towards networks and critical services of the system (sensor networks, tunnel fundamental services)