NETWORK SECURITY

Our firewall software business partner – Symantec referred us to this particular client after complains from the client dissatisfied with the firewall’s performance.  Other system integrators have worked on this client’s problems with little success.  At the time, the most pressing issue for the client was their extremely slow Internet access.  It would take a user 30 seconds to load and view a web page.  The last system integrator had worked on this problem for 9 months with no progress being made.  The client was not pleased with this performance and thought that it was a software issue with their firewall product.

To get a better understand of the overall situation, TNS did an initial site assessment which took approximately two hours.    With extensive experience dealing with this kind of network and firewall performance issues, during this initial visit, TNS found the root cause of the problem and developed a project plan to solve this issue.  On TNS’s very next visit, the solution was implemented and the issue was resolved.  Web pages that took 30 seconds to load and view now took approximately 1 second.  As a result, the client was very thrilled with the improvement in performance and then proceeded to give TNS more challenging issues to solve.

Some of the considerable challenges were related to configuring their two existing firewalls, each using two separate ISPs, for failover functions, real time load balancing, and ease of maintenance, compatibility with their current WAN structure and to do so at a reasonable cost.  TNS was able to review the requests of the client and develop strong solutions to meet and exceed the expectations of all of them.  Through project planning, the solutions were implemented swiftly.  As a result, the following objectives were achieved:

Since Internet access is absolutely crucial to our client’s business, a configuration was created so that if one ISP fails the Firewall would failover to another ISP within 30 seconds with very little impact on the network.

With the implemented solutions, the client did not have to buy any additional hardware or software.  The solutions were devised purely by design versus buying any additional hardware or software.

The web servers were brought to DMZ from outside the firewalls to provide better security.  In addition, we set up the web server to failover to the secondary firewall and web server in the event the primary web server, firewall or ISP was down.   We then wrote a script and then completed a VPN setup to synchronize data between the two DMZ web servers’ data.

Another challenge was to establish some type of redundancy and fault tolerance setup for our client’s mail servers.   The client has their primary mail server location in San Francisco, a secondary mail server in another location in San Francisco; and then another mail server in a city in Nevada.  Fault tolerance was setup so that, if the ISP, firewall or mail server goes down at any one of the locations, it would not impact the mail services at any of the other remaining locations where the mail servers are still operating.  It is a matter fact if only ISP or the firewall was down in any given locations; emails will get re-routed via any locations that the ISP and firewall are still up and running.  The client was very pleased with this fault tolerance solution and proceeded to give us yet another challenge.

Because security is an extremely important issue for this financial services firm that has over 20 million payrolls monthly, the client decided to hire a professional hacker test the security of the network.  The hacker had no limitations as to what methods to use to hack the network.  In addition, the hacker was a former consultant for the company and had some inside information on the network.  Our consultant (TNS) was made aware of this hacking only at the last minute.  The hacker had the opportunity to perform hacking attacks for a two week period.  TNS was asked to react to the attacks on the client’s system.  During the course of these two weeks, the firewall that TNS had recently reconfigured and supported reacted very well to the attacks to the client’s systems.  In fact, TNS has received the authorization from the client to counter-attack the attacker!   The hacker was not able to obtain any meaningful data from the client’s site.  On the other hand, TNS was able to find out where the hacker was coming from, got into the hacker’s router, got the MAC addresses and some IP addresses behind the Network Address Translation (NAT) and came up with an internal diagram of the hacker’s network based on the finding.  TNS submitted the recorded documentation of these attacks and counterattacks sessions to the management.   After reviewing the results, they were very satisfied with TNS and the firewall product. 

Then, TNS was given one more challenge.  The client wanted TNS to set up a WAN connection fault tolerance failover system for their various sites throughout the United States.   Prior to TNS, they had a Frame Relay connection from one site to another with an ISDN connection for backup.  If the Frame Relay went down, in theory, the connection should have failed over to the ISDN connection.  However, their weekly tests of this setup showed an unacceptable high percentage of failures for this configuration.   Therefore, the goal of TNS was to develop a much more reliable failover system for their WAN connections to various sites as well as to increase the bandwidth of these backup connections.  TNS was able to come up with a solution to meet and exceed the client’s expectations.  Due to a good relationship with our business partner – Symantec, TNS was able to obtain a three month evaluation of a key piece of software to implement their solution.  There was no cost to the client for the software if the solution was not successful.  To begin the testing phase, we set up three sites in the Western United States with the TNS recommended solution as part of a pilot program.  The Frame Relay and ISDN setup were replaced with a Frame Relay and DSL setup between sites with a VPN configuration through the Internet as the failover system.  These three sites were tested thoroughly during this period and the solution came through admirably.  At the end of the day, the benefits to our client were:  greatly reduced data traffic congestion at their key San Francisco site, greatly improved bandwidth from their former ISDN backup line, a reliable site redundancy and failover configuration that can be applied on a nation wide scale, a relatively inexpensive solution in terms of the hardware and software needed to implement. And as a bonus, TNS configured load balancing for this solution.  Besides being just a failover solution, both connections were utilized.  Mission critical data goes through the Frame Relay connection while less important data moves through the DSL connection.  After reviewing the solution, the management is very impressed with the reliability and performance of the system recommended and implemented by TNS and decides go forward with purchasing all the necessary software for the design.

And after passing these challenges with flying colors, the management decided to sign a long-term maintenance agreement with TNS to provide on-going consultation, service and support for their increasing needs for high performance and security for their mission critical networks.  It should be noted that all of these challenges were met utilizing just the internal resources of TNS.  TNS did not subcontract any portion of the work for these various projects to any other firm.