Defense Contractor - VPN Install and Improvement of Security

Provision of Project Management and Design Consulting to complete the activities related to the implementation of security at a domestic defense contractor. Successfully designed and implemented Watchguard technology at 15 sites.

Team Members - 1 Project Manager, 3 engineers
Users - 200
Project Duration - 2 months
Project Effort - 4 person-months
Sites - 15 Tokyo, Osaka, Fukuoka, Saseho, etc.

Problems

• Weak single point-of-failure security.
• Questionable technology choices made.
• Current system required a long implementation, which resulted in business interruption.

Solution

• Implemented Watchguard security appliances at each site, with a central log server.
• Used existing routers as first-level packet filters.
• Minimal changes to existing IP address structure.

Benefits

• Full "stateful inspection" firewall protection.
• Detailed, comprehensive logging for all services.
• Shallow learning curve for IT team to learn Watchguard firewall administration.
• Yearly "LiveSecurity" subscription for security Alerts, Updates, Reports
• Little business interruption during implementation.

Technology Highlights

• Stateful Inspection firewall allows connection sessions to be monitored, preventing spoofing
• Centralized Logging to a single large log server (syslog also possible).
• Built-in detailed reporting, viewable via HTML. VPN Manager software allows central setup
• VPN Manager software allows central setup and control of all VPN tunnels.
• Flexible technology choices ? IPSEC, 3DES, etc.