Public sector at a crossroad

Governments across the world are at a critical juncture. Challenged to deliver better and more efficient services using online technologies, they also have an unprecedented need to protect their information and processes from digital attacks.

Chris van Niekerk, country manager of 3Com SA, discusses how governments cannot simply rely on piecemeal security solutions - instead they must weave security into every component of their network infrastructure.

In these challenging times, governments face conflicting pressures. On the one hand, they must improve their delivery of online transactions and data sharing in response to public demand for better and more efficient services. On the other hand, they must safeguard all information and processes from hackers, digital attacks, and other online threats.

Consequently, the public sector must heighten the security of its growing data and voice networks just as it is expanding its services for greater productivity and public access.

Effective security, however, cannot be simply bolted onto a network in a piecemeal fashion - it must be embedded in the very fabric of the infrastructure.

To achieve this level of security, network devices should be designed around three pillars of communications security: confidentiality, integrity and availability. They must provide in-depth defences that are secure, expandable and tamper-resistant, while delivering all the bandwidth-intensive services governments require.

As governments open up their networks to constituents and other agencies, they are at risk from two basic threats. One is hacker attacks that disrupt the delivery of services and communications. The other is intrusions from ne`er-do-wells who penetrate the network via a public portal to steal or tamper with sensitive information.

Perimeter firewall systems address these dangers by erecting an electronic barrier along the network`s perimeter. Situated at the gateways between the internal system and outside networks like the Internet, they thwart attacks like denial-of-service (DoS) assaults and permit only authorised users into the enterprise network.

Though an essential component of security, perimeter firewalls cannot defend against thieves or malicious employees within the network.

Internal threats, therefore, remain a serious risk for governments, particularly since their facilities are often open to the public.

To gain the in-depth security governments need inside their LANs, their networks should pervasively support RADIUS, an authentication standard that permits only authorised users to enter the LAN.

The public sector can also benefit from switching solutions that support access control lists (ACLs), which allow only legitimate users to retrieve designated directories or files within the network.

For truly robust protection, governments should deploy firewalls at the device level. These devices allow access only to servers and applications for which a user has authorisation. This innovative approach allows governments to vigorously enforce security policies, while facilitating constituent transactions and data sharing.

Constituent transactions and messaging between sites, vendors and other governmental agencies generally occur over the Internet or other public networks.

Once outside the safety of the enterprise firewalls, communications are vulnerable to interception when in transit, posing an unacceptable security risk.

To remedy this problem, governments should use perimeter firewalls that support virtual private networks (VPNs), which create highly-encrypted digital "tunnels" between sender and receiver. All communications, even IP voice traffic, are sent within these "tunnels", protecting them from prying eyes.

Wireless systems have proven to be a cost-effective boon for networking new sites or expanding existing networks. Administrators, however, fear that someone could park across a street and intercept confidential wireless communications.

However, current wireless solutions make networking practical for governments by offering the most advanced security and authentication capabilities available. When using IEEE Industry standard 802.1X security technology, they allow governments to build or extend networks wirelessly with the confidence that they will meet all security mandates.

By turning to networking solutions designed for confidentiality, integrity and availability, governments can achieve complete end-to-end networking security, from server farms at the data centre to wireless laptops at remote sites or employees` homes.

Additionally, their solutions should all be standards-based to ensure interoperability with systems at other governmental agencies, facilitating the breaking down of information silos for greater cooperation.

Using such solutions, all of which are available right now, governments can avoid any compromises between services and security. When they invest in solutions with security at their core, they can meet public expectations by expanding their networking services while providing robust, cost-effective protection.