The fave: HP’s HP ProCurve switches
Selected by: Mark Currence, network administrator, PrintingForLess.com, Livingston, Mont.
As an e-commerce company, we move a lot of data on a daily basis, running a 24/7 operation to print brochures, postcards, catalogs and stationery. So we rely heavily on robust, scalable and cost-effective network products and high-performance hardware.
The HP ProCurve line of switches gets my vote as all-time favorite.
Our company built a new facility to house all of our operations and consolidate five separate buildings. We used five models from the ProCurve line when designing the data and voice infrastructure and easily transitioned from a flat network with a mix of connectivity rates to a multitiered, routed network with gigabit connectivity to every desktop. The hardware was very affordable and gave us everything we need.
Our network mostly comprises HP ProCurve products, with 10Gbps links in the core and 2Gbps trunks to the access layer. We use Power over Ethernet for our VoIP infrastructure, and Cisco hardware for our firewalls, external routers and internal wireless network.
We have had one hardware problem since installation. HP tech-support staff diagnosed the problem and had a replacement in my hands the next morning. Situated in Montana — far from any major city — we were very impressed with a turnaround of less than 18 hours.
The fave: SecureWave Sanctuary Device Control
Selected by: Rob Israel, CIO, John Lincoln Health Network, Phoenix
Sanctuary Device Control Software is definitely up there at the top of our list of favorite products. With all the added peripherals and added knowledge of users, controlling the desktop environment has become an increasingly difficult task. Sanctuary Device Control lets us remove the daily obstacles of user “technicians” modifying their own systems and put some power behind our policies.
Devices such as USB memory sticks, scanners and PDAs give our physicians and other staff instant access to information for increased productivity. But these devices also pose a serious threat to the confidentiality of patient data, as devices as small as a thumb that hold as much as 80MB of data can be easily lost or stolen.
We also were finding many instances of people changing the configuration of their PCs without IT involvement or notification. We saw instances of people downloading and uploading personal information to PCs, as well as the loss of data stored locally.
The SecureWave software dramatically simplifies device management and actively secures my organization from threats, such as data leakage, malware and spyware. Now, with Sanctuary Application Control, I can regulate company application use. Sanctuary’s unified console lets me centrally manage and monitor device and application control across the organization.
Following the October 2006 news that some Apple iPods had been infected with malware, I feel further justified in my decision to implement SecureWave Sanctuary. I have the guarantee that virus-laden iPods and other devices will not impair the organization, because they will never succeed in connecting to the network if they are plugged in to any of my 2,000 workstations.
The fave: Core Security Technologies’ Core Impact
Selected by: Mark Odiorne, senior network systems manager, Scottish Re, Charlotte, N.C.
Scottish Re, a life reinsurance specialist, maintains three main data centres and nine smaller offices around the globe connected by high-speed direct links and an MPLS network. The sun never sets on Scottish Re, and our commitment is to maintain full availability around the clock and around the globe.
My all-time and current favorite product is Core Impact. Quite simply, this is a full-on penetration tester in a box with real-world exploit code. While our network has grown tremendously in the last few years, time spent testing our security posture has increased marginally, because of the ease of use and reporting tools in this product. You can be as involved as you wish or have the product run almost fully automatically. Core Impact’s basic functions are very easy to use and are easy to teach, even to a junior engineer.
In the past, we spent a great deal each year on outside consultants hired to do external vulnerability testing once a month and penetration testing semiannually. These services would cost us more than we now pay for a Core Impact yearly license. In addition, we no longer have to wait for the monthly or semiannual reviews to know our posture. I can test from any point, inside or outside the network, any time I wish.
The fave: Juniper’s Secure Access SSL VPN
Selected by: Greg Kohl, vice president, IT infrastructure, Kelly Services, Troy, Mich.
Because so many of our customers and temporary employees are remote and far from Kelly Services’ brick-and-mortar offices, I would have to single out Juniper’s SSL VPNs as making a big difference for us. With any browser and PC, our users can access our network with no setup and no administrative help.
Quick, secure access is crucial to meeting our customers’ needs. I recall a particular situation in which we needed to deploy many, many employees to help a customer that was getting an unusually large volume of orders — a real “Christmas in July” type of experience. By using Juniper’s SSL VPN, we were able to react quickly.
We use Juniper’s Secure 2000, 4000 and 6000 models to meet the needs of different classes of users and IT services. On average, we have anywhere from 800 to 1,000 concurrent users at any one time. And while the solution is housed in our Troy data centre, it is accessed by users from as far away as Europe, Australia and Singapore.
Although we started to deploy our SSL VPNs in 2004, we are still working to use the full range of features. For instance, we want to let customers get access to different portals and view reports in a secure fashion. When you are talking about the staffing industry, securing information is crucial. At the same time, we have to keep in mind those temps that are going into a library or Internet café to use our applications.
The fave: 8e6 Technologies’ R3000 Internet Filter and Enterprise Reporter
Selected by: Jim Culbert, information security analyst, Duval County Public School System (DSPS), Jacksonville, Fla.
With all of its inclusive features, the R3000 Internet Filter and Enterprise Reporter is by far the best value for our school district. Our IT staff faced a real challenge in blocking access to pornography and other objectionable material easily accessible to students via the Internet. In particular, students were bypassing DSPS’s previous filter by accessing anonymous proxies in order to view prohibited sites, such as MySpace.com. Students were visiting that site 300,000 times a week.
To block access to offensive material, we decided to implement this Web-filtering program and reporting product.
Along with ensuring the safety of our students, teachers and staff, we were required to implement a filter to ensure compliance with the Children’s Internet Protection Act [CIPA], a federal law enacted by Congress in December 2000 to address concerns about access to offensive content over the Internet on school and library computers. CIPA imposes certain types of requirements on any school or library that receives government funding support for Internet access or internal connections.
With more than 200 remote sites, securing every corner of the district’s network was not easy. We are now able to centrally manage our Web filtering and reporting with a single box, without the need for appliances at each of our individual sites.