Security appliance reduces workload

Network services firm uses solution for its LAN and for its customers’ networks.

At Techni-Core Network Services, solving security challenges for its own network is only part of the battle. The company, whose certified network engineers and security consultants provide IT support for northern Alabama and southern Tennessee area companies and defense contractors, also uses its own network as a test bed to determine the best products to recommend to its clients.

Lawrence Taylor-Duncan, senior vice president of network services for Techni-Core Network Services, says the company’s new security solution makes monitoring potential attacks or looking for suspicious activity easier.

Being security innovators in a sea of security offerings and solutions is no easy feat, according to Lawrence Taylor-Duncan, senior vice president, network services, at Techni-Core. “Our experienced staff and years learning the literal in and outs of security in defense contracting, government and aerospace, separates us in this regard,” he says.

To secure its corporate network, Techni-Core is using an Arxceo Ally IP1000 to filter and stop malicious traffic before it gets to its firewall. The appliance and an Ally ip100, a smaller in-line security appliance, also are protecting Techni-Core’s clients’ Web, e-mail and database servers and Internet portals.

Leveraging the Ally IP1000 to provide border gateway protection, Techni-Core installed the appliance using two Ethernet cables. The device sits in-line between the firewall and the Internet gateway. “It’s as close to plug and play as you can get and remarkably unobtrusive,” says Taylor-Duncan. “It has become a key tool for us, as it provides immediate results we can show to our customers, and the cost is considerably lower than the competition.”

The Ally IP1000 gives Techni-Core a measurable additional layer of security, he says. The company typically sifted through a large number of packets blocked by its firewall. Firewall logging is much less of an undertaking now, Taylor-Duncan offers, which makes monitoring potential attacks or looking for suspicious activity easier.

“As soon as you plug it in, you can quickly see potentially dangerous IP addresses added to the blacklist,” he adds. “We have not seen anything suspicious show up at the firewall since then.

“The amount of malicious traffic it blocks is substantial,” Taylor-Duncan explains. “In one month, it blocked hundreds of thousands of IP packets, including denial-of-service, terminal-scanning attacks and malformed packets that would have to be dealt with.

“Before we plugged in the appliance, 99 percent of the time all we could do was try to take preventative steps by blocking the source IPs manually. It was a constantly moving target. Our firewall was right on the front line of attack, as we were not there watching out for attacks 24/7.

“We tell our clients they couldn’t possibly realize the amount of malicious traffic that targets their networks,” he adds. “When we installed our Ally IP1000 for the first time, we were shocked at the number of packets targeting our IP address. When our clients see this for the first time at their own site, it’s a real eye opener.”

The appliance not only blacklists malicious traffic, it also sends back erroneous information to misdirect or confuse attackers, sending them on a wild goose chase. If a hacker finds gaining access difficult and frustrating, he will likely move on to an easier target. Regardless, the malicious traffic is not allowed into the protected network.

Among the biggest concerns for network operators, Taylor-Duncan says, is the problem of filtering outgoing traffic. Most firewalls simply allow all traffic from the trusted network to flow outbound–unhindered. If a worm is unleashed on the LAN (e.g., from a laptop or portable storage device that has been infected elsewhere), it can quickly propagate throughout the LAN and hop across the firewall to external targets.

By placing one or more Ally ip100s or IP1000s in strategic positions internally (e.g., in front of a server farm or other sensitive resources, as well as at the perimeter gateway), Techni-Core has prevented attacks from this type of suspicious traffic. The same principal can apply to malicious activity resulting from root kits, backdoors or viruses that attempt to launch an attack across the network. The Ally is not a virus or spyware scanner, but it does provide a line of defense against a wide variety of malicious traffic.

Arxceo’s “plug-and-protect” technology also enables Techni-Core’s staff to be more productive by freeing up time to focus on other IT issues, according to Taylor-Duncan. “We spent up to an hour per day looking at firewall and event logs. The Arxceo products filter out so much of the nonsense that monitoring these logs is now more of a cursory glance rather than the security audit it used to be.

“The great benefit of the product is it is not limited by static definition updates the way a virus scanner would be,” he adds. “It’s able to react dynamically to changing conditions because of the way it tags traffic and still provides the same level of protection. It’s not rule-bound the way a firewall is.”