When the Conficker worm overran Blackpool Council’s computer network a couple years ago, Head of ICT Tony Doyle...
realised it was time to review the organisation’s network security tactics.
With the UTM, we could spot any infection very quickly, contain it, and take swift countermeasures to stop it [from] spreading.
Tony Doyle, Head of ICT
What he discovered in the review was an expensive collection of different products that were hard to manage and had clearly failed to deliver the protection they promised. It was time for a radical redesign of the whole infrastructure.
Like many organisations, Blackpool’s networks had grown up over the years as the council took on extra roles, and it now supports around 3,000 users. “Our infrastructure had mushroomed during the previous decade. We were a district council back in 1999, when we just had a Check Point firewall for both the council and local schools,” Doyle said.
As the data centre grew, the council added Cisco PIX firewalls, and were using products from Surfcontrol (later acquired by Websense) to filter Web and email traffic.
Over time, the infrastructure became more difficult to manage and more inflexible to update. “We were having performance issues with the network and we were not agile with changes,” Doyle said. “We realised [the network] had become overly complex. Then we had a nasty incident with Conficker, and it was a wake-up call for us about the changing threat landscape, and a realisation that the defences we had were not up to the job.”
Part of the problem was that the Council’s in-house IT staff understood the Check Point equipment, whereas the Cisco equipment was looked after by an outside partner, Synetrix. That meant problem solving could often be slow as problems were often passed back and forth between internal and external teams.
In addition to the complexity of the network hardware, Doyle realised that software was costing a fortune. “We were paying for Check Point, Cisco PIX and Internet and email filtering from Websense. In fact, we had three Websense Internet-filtering licences: one for education, one for libraries, and one for the corporate network,” he said. In addition, the council needed to comply with the government’s Code of Connection, which would require him to purchase even more products.
Doyle decided to go back to square one and review the whole network. Having recently read a Gartner paper on unified threat management (UTM), he figured a UTM system might be the way to go. “I was on a mission to simplify the network and to get more end-to-end control of it. Reading about UTM made me realise there was a simpler model of doing things,” he said.
The Council team looked at a number of UTM devices, including Websense, but found many of the products could not provide the level of agility their network required. For instance, monitoring Internet access for schools required different standards than other parts of the organisation.
In the end, the Council chose the Fortigate UTM appliance from Fortinet. The Council has installed a dual Fortigate UTM configuration for reliability, which is now managing email and Web filtering for the schools and libraries, as well as intrusion protection.
Eventually, the Fortigate appliances will be used to manage the organisation’s network, including the Council’s corporate network, a public access Wi-Fi network that also serves the region’s libraries, and a network serving the area’s 40 schools.
Doyle decided to move email filtering for the central corporate network out to a cloud service run by Websense, arguing that, with the high level of incoming traffic, it made sense to do such filtering in the cloud rather than filter at the network gateway.
At the moment, the Council is in a transition stage, with the Fortinet UTMs operating alongside some Check Point and Cisco PIX firewalls, on a mixture of leased lines from Virgin Media (which are being phased out) and some high-speed wireless links.
“The irony is we have to make it more complicated at the moment, running the Fortinet firewalling technology alongside the legacy equipment. But when we get to the destination, we will have a simpler and cleaner network,” Doyle said.
The new setup will also deliver impressive network cost reduction. The Council no longer pays for Websense licences for the school and library networks, and the Cisco and Check Point firewalls will be phased out over the next six months. “As we move off our current corporate Internet connection and remove our last Check Point firewall, the UTM will then deliver full protection to the network,” Doyle said.
In all, he said, the changes will save more than £75,000 per year on licensing costs, which will make a small contribution to the £16 million of cuts the council is making as part of the government’s austerity measures.
The changes will also enable easier and faster network security management. For a start, the in-house networking team and the Synetrix team can now work together on the Fortigate platform. “Before, we were often just fire fighting and reacting to events. If someone with specific skills was away, we might not be able to do [a certain task] until they returned,” Doyle said. “Without increasing our overheads, it has really increased our capacity, which is very important for us at a time of cuts.”
And, what if another threat like Conficker occurred? Though Doyle concedes that an outbreak could take place in a school, because the council has no control over the management of individual school networks, the UTM is now in place to stop any infection spreading from school to school, or to the wider council network. “With the UTM, we could spot any infection very quickly, contain it, and take swift countermeasures to stop it [from] spreading,” he said.