This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."
Download it now to read this article plus other related content.
Like Norwich, the government of Hamilton County in Indiana overhauled its remote access system to deal more efficiently and effectively with growth and expansion. However, Hamilton felt the pinch of its legacy IPsec VPN in different ways--beginning with mobility.
"It started with the sheriff's office," says Jeremy Hunt, one of four administrators responsible for Hamilton County's network. "Officers needed more information in the car to make better decisions. Knowing that we were going to need access to a new system in the sheriff's office, we looked for a solution that could provide better access for everyone."
Today, Hamilton County uses NetMotion Wireless to support mobile device access by not only the sheriff's office, but also police, firefighters, health inspectors, prosecutors and building inspectors. This mobile VPN was deployed about two years ago and has already expanded beyond the target population. "We're licensed for 200 clients and we're pushing that limit. Before, we didn't have a solution for many people due to cost, but now we can support more users, giving them access to different systems," says Hunt.
Originally, mobile sheriff's units used Verizon Wireless AirCards to reach the office via frame relay backhaul. "It wasn't an easy setup and we had to rely on users having some knowledge. It only worked for one
| application. It left those Verizon Wireless connections open to the Internet, which was a security concern. And clients had to have static IPs, which became a configuration nightmare," says Hunt.
Other county offices started with more traditional remote access. "Initially we used dial-up to get into one of our mainframes," says network administrator Mike Carter. "We also supported vendors and attorneys using analog modems. Eventually we moved to other platforms, ending up on a Cisco 3005 [IPsec] VPN."
The county issued RSA SecurID tokens for authentication. "That got to be cost-prohibitive as more people wanted access," says network administrator Chris Kuner. The token-based VPN client approach also became a big support concern. "We had to help users on a weekly basis, talking them through installation. It was a hassle for users, who had to connect to the Internet, then fire up the VPN client. And if they didn't secure [their laptop], who knows what they brought into our network."
This was first published in November 2007