Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Cloud-Based Security Helps Aspen Fend Off Malware

A small team of three full-time IT employees for the city of Aspen, Colo. has the challenging task of managing a fiber-connected network for Aspen and Pitkin County that runs through 32 facilities in central Aspen and in more distant locations such as the Aspen airport, which is three miles away from downtown.

The city maintains two data centers, one in city hall and a second in another county building two blocks away. Together, these data centers house 75 Dell servers, which support over 500 desktop and mobile devices on the network plus an assortment of applications used by various departments, such as the assessor’s office, the roads department, and the treasurer.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

“Virtually everything is connected to our network. Even the fuel pumps for our transportation are monitored for consumption,” said John Sobieralski, Aspen's network coordinator.

In managing a network of this magnitude and diversity with limited personnel and a tight budget, maintaining security became increasingly difficult.

“One of the challenges we were constantly facing over a number of years was being victimized by malware attacks,” Sobieralski said. “We’re a small shop, so it was difficult for us to respond to security issues as fully as we needed to.”

The problem intensified as malware attacks accelerated. “It reached a point where we were experiencing as many as four or five security episodes a day,” Sobieralski said. “As a staff, we were working as fast as we could to clean up infections, and of course, there were user complaints.”

Unfortunately, the expensive security appliances the city had previously installed on the network weren't helping.

"They didn’t do a good job of detecting and mitigating security threats and at any given time, there were always a number of network infections we were fighting,” Sobieralski said. “On top of this, we were experiencing problems with our Internet services provider, which was constantly being hit with denial-of-service attacks that could take our network down.”

[Read how open source tools can help small businesses with few resources defend themselves against today's sophisticated malware in "Using Open Source Tools For Malware Detection."].

When the time came to replace the old devices, Sobieralski jumped at the chance to consider a new security approach. He opted for a cloud-based service that eliminated the need to install physical hardware and software on the city's network.

Aspen implemented OpenDNS’ Umbrella, which provides cloud-based security for the network plus roaming security support for Macs, PCs and iOS devices, and is managed from a central Web-based dashboard. “We get reports each day on security status and events, and we also have expanded visibility of every end user computer and mobile device, and where they’re located,” Sobieralski said. “Since we have many mobile users who are out of the office, this is important.”

The service monitors security, applies organizational security policies and detects malware threats before they can become problems. This provides relief for Sobieralski and other network technicians, since Aspen has an internal network, a Wi-Fi network and a couple of DMZ networks to patrol and protect.

“We didn’t turn the full cloud service up at once,” Sobieralski said. “We began by just using the DNS service, which filtered for malware and blocked it. This past year, we implemented a service that connects right into our Active Directory so that our [internal] servers and servers in the cloud are communicating with each other. Now, we have visibility from the cloud of security-related activities on our internal servers and devices. This enables us to track a malware invasion to a specific end user device.”

Sobieralski said that perhaps the best benefit was being able to identify malicious websites so a network administrator could take preemptive steps by blocking users from accessing those sites. “Since we’ve been using this capability, our malware attacks have dramatically diminished,” he said.

As a result, Aspen's networks have gone from what Sobieralski described as “cycles of drive-by infections” to rarely having any infections.

An additional bonus is the security protection and mitigation for mobile devices, which grew into a major IT challenge once the city implemented BYOD policies. “From an IT perspective, having improved mobile device monitoring capabilities is going to help us with that because we didn’t always have control or visibility of the devices employees were using,” Sobieralski said.

The new security approach has paved the way for Aspen to look at future phases of security and network management, such as setting up a full-featured, centralized system for the management of mobile devices, along with automated “push” technology that places software updates directly on devices as they connect to the network.

“We’ve come a long way with our network security, and without adding headcount,” Sobieralski said. “Initially, we were just trialing a cloud-based technology that addressed security. But I can tell you that since that early pilot, it has delivered a huge time savings for our staff, not to mention peace of mind.”

[Don't miss the panel discussion "What's Next? Emerging Trends in Information Risk Management and Security" at Interop New York Sept. 30-Oct. 4.]


Related Reading


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013



TechWeb Careers