Association Makes the Strength
The Province of Avellino, an agricultural and light-manufacturing
centre that has retained much of its medieval architectural charm, is one of five provinces in the
southern Italian region of Campania.
In 2004, ‘Provincia di Avellino’ issued a public tender to develop a technological solution integrating all existing web-based applications into a unified architecture, protecting the system from threats, intrusions, and unauthorised access attempts to information on the system itself.
Such a system would allow the Province to provide a number of innovative services to a userbase base of citizens, associations, institutions, and companies.
The project was born of guidelines issued by central institutional entities (CNIPA, MIT, Public Function, etc.) to start actions allowing users to have telematic access to PA (public administration) services and information, and also because the Province wanted to simplify and integrate its internal processes.
By introducing innovative technology, encouraging its deployment across wide layers of public
and private users, and adding or modifying a number of important areas (digital
signatures, electronic identity cards, administrative simplification etc.), the Province
planned a revision of interaction between users and the agency, further raising contact with the
public structure and facilitating the process of e-democracy, as prioritised in the e-Europe 2005
plan.
The Province of Avellino called on Intesis Engineering and Stonesoft’s innovative StoneGate Platform to create a new information system integrating administrative processes in one architecture.
“We selected StoneGate because it was considered the best integrated solution offering
reliability, business continuity, balancing of network traffic and centralised management,” said
Pasquale Del Sorbo, technical director of Intesis
Engineering and coordinator of the Intamm project.
“Stonesoft’s technology permits us to integrate in one scalable security platform all the nonhomogenous protection systems previously used in Province of Avellino.”
Obtained Results
The Province of Avellino has already realized several benefits of the integrated web-based architecture, including:
- Reduced time finding information and executing practical tasks
- Decreased circulation of paper
- More secure and timely updates
In addition to these external advantages, there have been a number of internal ones:
- Operational efficiencies as a result of a reduced need for manual intervention
- More certain and exact administration of information
- Review and improvement of administrative procedures
The new solution enables the implementation of a document administration system able to: program and record planned and performed activities; monitor the distribution of work; support decision making for the whole organization and individual personnel; and offer information externally to citizens, public agencies and companies.
It was essential to create an IT system capable of administrating protocols, administrative
decisions and practices established by government mandates. To achieve this objective, it was
important to have access and insight into all information circulating around the agency. This
required a technological solution to ensure uninterrupted availability of services and security
without compromise.
The Province of Avellino was able to spot this kind of solution in Stonesoft’s StoneGate and in Intesis Engineering’s system architecture.
“We selected StoneGate because it was considered the best integrated solution offering reliability, business continuity, balancing of network traffic and centralised management,”
- Pasquale Del Sorbo, technical director of Intesis Engineering and coordinator of the Intamm project
The Global Solution
The project proposed by Intesis Engineering for Province of Avellino was very complex, with the main objective of integrating existing and new processes. Many Province activities are based on file information or actions based on protocolled documents, so the solution was designed around automating such processes. In addition, there were extra areas of information to consider, such as departmental organzation, administrative processes, and standard associated timings.
Today, the final result sees the Province of Avellino’s information system structured to link documents and relative administrative paths (procedures) with a global organization structure, maximizing simplicity and minimizing bureaucracy. The main features of the solution proved to be an ease of deployment, solution scalability, simplified maintenance and system supervision, integration with external applications, compliance with standards, re-usability of common components, plus a high standard of compliance for perimeter and application security.
In order to deliver comprehensive perimeter security, Intesis Engineering proposed and
successfully implemented Stonesoft StoneGate technology:
“Stonesoft technology allowed us to integrate a highly available unified, yet scalable security platform, combining uninterrupted protection and business continuity, with all the different systems previously used by the Province”, explained Renato Maglio, information systems manager of the Province of Avellino.
“Our satisfaction level is high concerning Stonesoft´s solution and its ability to guarantee complex protection of all the information systems of the Province of Avellino. The high availability firewall and IPS solution (Intrusion Prevention System) provide both efficiency of control and administration in global security. Currently the system covers all the demands of the Province, and thanks to its scalable architecture, it is already predisposed to future expansion”, concludes Maglio.
Stonesoft Solution for Perimeter Security
The primary needs described by the Province in its tender specification were reliability, scalability and compliance with technological standards. Such needs were promptly addressed by the chosen security platform thanks to its open and modular architecture, based on industry standard specifications.
Stonesoft´s StoneGate security and business continuity solution integrates firewall, VPN (Virtual Private Network), and IPS technologies to ensure maximum availability of both internal and public network. This completeness, coupled with integrated software for centrally managing all functionality, is the main differentiator of the Finnish company’s solution from competing products.
The ability to offer globally distributed management using one centralized server - StoneGate Management Center – together with high-availability features and service continuity have been key features for the choice Province of Avellino. Each of these abilities are fundamental requirements for any other public administration body wishing to assure effectiveness and efficiency in services provided to its user base, while at the same time reducing security infrastructure costs.
“The StoneGate Management Center allows implementation of distributed logic security, minimizing the total cost of administration (TCA),” said Marco Rottigni, senior technical consultant for Stonesoft Italia. “The solution allows totally integrated and centralized management over remote devices thanks to features like remote upgrade, log administration, distributed reporting with high performance and modeling tool concerning rules and topology.”
StoneGate is designed to protect company resources at different security levels, detecting and reacting to intrusion threats while at the same time ensuring continuous availability thanks to native clustering functionality. Moreover, Stonesoft´s patented Multi-Link technology offers load balancing and high availability for connections to and from the internet and among VPNs.
Architecture of the New Information System of the Province of Avellino
Firewall and VPN
The project for Province of Avellino that Intesis Engineering implemented included installation of two dual node cluster systems. StoneGate software runs on four HP Proliant DL380R systems, ensuring a 1.9Gbps firewall throughput and 140Mbps VPN throughput using AES-128/SHA-1 cryptography.
Intrusion Prevention
Deployment included two Intrusion Detection/ Prevention StoneGate SGI-100s IPS Appliance Sensors
to protect network segments between firewalls and routers to the Internet, and network segments
towards the server farm.
The SGI-100 is a rack-mountable appliance that is managed by the same console used for firewall
systems. Each suspicious activity notifies the systems administrator through visual and acoustic
alerts and, in case of clearly dangerous activities, the IPS is able to adopt autonomous prevention
actions. It is therefore capable not only of threat detection like in traditional IDS, but also of
automatic prevention.
Each connection is traced and recorded in log files and at the same time a black list of suspicious IP addresses is created so that, depending on configuration, it is possible to block them for a predefined timeframe to allow analysis.
Management
The centralized management console StoneGate Management Center includes an Alert Center to
automate handling of massive alert quantities, progressively notified using alert chains based on
alert originators, type, and reception time.
Each alert chain consists of a notification method, target, eventual threshold for overload
situation, and maximum waiting time for acknowledgement before escalating to the next level.
StoneGate technology allowed us to integrate a highly available unified, yet scalable security platform, combining uninterrupted protection and business continuity, with all the different systems previously used by the Province.
Renato Maglio, information systems manager of the Province
of Avellino.
Management Center allows the remote upgrade of security engines through the Management Server simply by selecting the sensor or analyser for upgrade, then the target version from a list of available ones, and finally by sending the upgrade command.
The whole upgrade process is fast and secure. StoneGate Management Center supports multiple administrator accounts, allowing task delegation depending on the authority of the single administrator. The system supports simultaneous connection of multiple administrators, allowing distributed management across multiple sites or territories.
“The StoneGate Management Center allows implementation of distributed logical security
minimising Total Cost of Administration (TCA)”, explained Marco Rottigni.
“The solution allows the management of remote security engines in a totally integrated and centralised way, thanks to features like remote upgrade, high-performance distributed log processing and reporting, and modeling rule bases and topology”.
About Province of Avellino
The territory of Avellino Province is situated in Campania Region, and its capital is the city of Avellino. It is 2791,64 square km large and has borderlines with the provinces of Benevento, Foggia, Potenza, Salerno and Naples. It consists of appr. 119 communes.
The Province of Avellino is a local institution intermediating between the communal and regional administration. It aims to ensure that the citizens have free access to information of the administrative life and to the activities of the institution and takes adequate steps to realise a full and equal use of public services. The Province has statutory, normative, organizational and administrative autonomy.
Also involved in the project:
Intesis Engineering is one of the main Italian companies specialized in
- Designing, building and maintaining cabling, network and information security systems
- Consulting and training services about information security and risk & crisis management.
Intesis Engineering has a broad range of experience in all aspects of networking and information security - from designing setting up security measures in heterogeneous networks to tracking down intruders, from encryption and VPN implementation to staff training seminars.
With about 70 employees and 4 Italian branch offices, Naples, Rome, Genoa, Milan, Intesis Engineering can guarantee its customers a complete competent on-site support throughout the whole Italian territory. Intesis Engineering has a wide customer base in Italy in both Government and Enterprise industries.