Insights to Network Security Products and Solutions Training Support Partners Contact | About us | Press & Media | Investor Relations

A Matter of State Security

Founded in March 1974, the Centre Informatique de l'Etat (CIE) is the State data-processing centre and ISP for the government of the Grand-Duchy of Luxembourg. Its mission is to promote, organise and co-ordinate the automation of the IT administration of the State, with regard to the data collection, circulation and processing.

The aim of the CIE is to rationalise the public administration services and provide unified and co-ordinated services to both the State employees and the general public.

As an ISP, CIE also provides Internet access, web hosting and e-mail services for at least 6000 users.

To achieve its goals, the CIE utilizes one central database of information thus enabling all administration departments to receive record updates simultaneously, and allowing CIE to enjoy huge savings on computing and storage facilities. This unified database, however, raises the challenge of making the data available to all people who need it, while at the same time, protecting it from the outside world.

"Frankenstein's Monster!"

CIE started to implement their security policy seven years ago with network security solutions that were available at that time. Over the past years, however, CIE began to notice that the solutions they initially installed to their network were no longer capable to meet the increased demands of modern networks with respect to management, maintenance and scalability.

In order to be able to meet the requirements of their rapidly growing network infrastructure, CIE understood that they needed a better firewall solution.

For example, one challenge facing CIE was that the management system of the old firewall was too complicated and could not easily manage large numbers of firewalls. "We would have had to install a new management server for every new group of 10-15 firewalls. But, there wasn't any real alternatives at the time of original installation 7 years ago", recalls the Project leader at CIE.

"Our old firewall had become 'Frankenstein's Monster' with the amount of patches, which had been applied over 7 years and not only that, we felt that the vendor didn't really provide us with a 'solution'. We were constantly being advised about new features and improved support but they never materialized."

Also, implementing changes from a central location was not always easy.

"We plan to have 200 sites and doing the expansion with our old solution would have required absolutely too much resources", explains the Project Leader. CIE looked at all 'market leading' firewall systems and felt that they were not designed to efficiently manage large numbers of firewalls.

CIE knew Stonesoft because of StoneBeat, but was reluctant to evaluate StoneGate when it was first launched. "We have to be sure that any product is tried and tested in the market before we can consider looking at it ourselves. Once we saw that StoneGate was getting good reviews and we were convinced that StoneGate could stand up to commercial pressure, we decided to evaluate it ourselves" said the Project Leader.

Ease of use

CIE was pleased with the results of their testing and found that the task of rolling out StoneGate to 200 administrative locations was much easier than with their previous firewall. "With the old solution, the implementation of new firewalls or the replacement of existing ones took a lot of time and resources", remembers the Project Leader. "With StoneGate, the exact same changes in the network now happen 5 to 6 times faster. In fact, when we are onsite installing a new StoneGate, the hardest and most time consuming job is actually taking the hardware out of the box and putting it in the rack!!"

Ongoing administration of StoneGate is much easier too", said the Project Leader at CIE. "Upgrades to the old firewall took a long time and sometimes they were not even possible. In some cases we could not upgrade to the latest feature pack as it would have taken hours to set everything up, without a guarantee that it would work! With StoneGate all these problems are gone and ongoing management is really fast and simple."

"StoneGate has freed up resources and allows us to concentrate on managing our security policy instead of the security system."

To 'log' or 'not to log'

A security system protecting highly sensitive information in a distributed environment requires extensive logging to follow the usage of the protected systems. Each day CIE has millions of log entries added and deleted.

"The old firewall couldn't cope with this amount of log information. We had to write scripts trying to get it run properly - it logged pings and a lot of information, which caused the log systems to saturate. The 'continue' option from the StoneGate log menu solved the problem by letting us choose the important traffic to follow. Also, before we couldn't remove certain unwanted items from the log, and with the amount of logs that were being generated we had to delete log entries older than 24 hours", explained The Project Leader. "It was quite time consuming and frustrating."

cie_3

StoneGate's Log Data Manager allows the administrators to create and configure data management tasks to run either manually or automatically and to ensure that log data does not exceed the system's capacity or unnecessarily utilise system resources.

StoneGate's Filtering Profile Manager allows them to create profiles that filter out specific types of data at various stages of the process i.e. immediate discard, discard before storing and discard after archiving. These profiles can be named and saved and used for different log management tasks.

About CIE

Founded in March 1974, the Centre Informatique de l'Etat (CIE) is the State data-processing centre for the Grand-Duchy of Luxembourg. Its mission is to promote, organise and co-ordinate the automation of the IT administration of the State, with regard to the data collection, circulation and processing. CIE is responsible for the maintenance of the technical infrastructure, management and evolution of the hardware and software systems, the management of the data banks and the central data bases, monitoring the use of the systems, authorisation/access control and security management, preparation of electronic forms, production, dispatch of mass documentation and internet services.

In 2003 the CIE counted approximately: 4,600 administrative users, 688,000 online transactions on average per working day, 1,672,406 batch runs, 30.575 disk files managed, 7.355.857 pages printed at the central site, 4.226.568 letters managed and 887 different electronic forms were maintained.