Migrating to Astaro Security Linux

by Victor Cruz

Micah Lloyd, a senior systems administrator for eBet Ltd., knew that he needed to upgrade the security for eBet's distributed network. The company had been using Check Point 4.0 as a perimeter firewall solution for its five offices. The problem was, though, that upgrading to the latest version of Check Point would be a costly and time-consuming proposition. Not only would eBet need to pay for and manually install new software, but the underlying hardware also would need to be updated, further adding to the overall cost and complexity of the upgrade.

Headquartered in Australia and with operations and contractual arrangements in New Zealand, Singapore, Greece, the Philippines and the USA, eBet is a public company listed on the Australian and New Zealand Stock Exchanges (ASX/NZSE: EBT). The company is divided into a Gaming Systems Division and an Online Division.The Gaming Systems Division develops and markets a range of networked solutions for gaming machines. The Online Division develops and operates turnkey Internet-based wagering systems for licensed gaming operators in international markets. eBet operates Internet systems for the New Zealand TAB, Penn National Gaming and Playboy.com.

Micah Lloyd was hired by eBet to administer and upgrade the network serving eBet's two divisions. "When I came on board, it was immediately obvious that our security system was out of date, and it threatened to impact our business." Lloyd initially explored simply updating to the latest Check Point offering. He noticed several potential problems, however, such as high cost, lack of redundancy and a complicated upgrade process.

"To upgrade our remote firewalls, we had to rely on a central management console in our Australia office and local staff at each of the remote offices had to be present to manually complete the upgrades." Lloyd said that with as much as a 17-hour time difference between offices, simply coordinating updates was a problem. Staff at some of the offices would be forced to show up in the middle of the night. To make matters worse, each eBet office has a different mission: the ones that serve as gaming portals do so for different regions, while the Carlsbad office acts as a software development facility in addition to providing systems management. This meant that each firewall conceivably would need a different set of rules, which further complicated matters.

Facing a time-consuming and expensive upgrade process, Lloyd found an ideal solution: he turned to an all-in-one security product. Lloyd set up his own network at home where he downloaded a free 30-day trial of Astaro Security Linux. "To meet my own firewall requirements for my Linux- and Windows-based network, I investigated several open-source solutions. I looked at SmoothWall, IPCop and Astaro, among others, and as I investigated the features offered by each, I found that with Astaro I could turn an inexpensive server into an all-purpose security appliance", he said.

Lloyd also noted a key gap in the other open-source offerings: the lack of NAT support. "Without NAT, the other solutions may work for a single home or small office deployment, but they're inappropriate for a large network with a number of devices behind the firewall." Lloyd says that he further was won over by the fact that Astaro offers a simplified, standardized installation process, as well as providing several security features, including a firewall, packet inspection and antivirus protection, all in a single software product.

"After I had Astaro Security Linux up and running at home, I tried to link up with eBet's Carlsbad office in order to remotely manage that network", Lloyd said. It turns out that Astaro blocked this communication because the VPN he was trying to use was a relatively weak 40-bit DES VPN provided by the Check Point system. "In other words, Astaro protects you from yourself." At that point, he recommended to his company that they replace all of their existing firewalls with Astaro Security Linux.

Astaro Security Linux is a perimeter security solution that combines firewalling via stateful packet inspection filters, virtual private network (VPN - IPSec/PPTP) support, anti-spam and anti-virus protection, content filtering, URL blocking, application-level proxies, load balancing, QoS and user authentication. A global database of 20 million entries based on the analyzed content of 2 billion HTML pages is used to support URL blocking. Automated updates and remote administration are performed securely over the Web.

With help from Astaro's technical support team, Lloyd was able to migrate up from a weak 40-bit DES VPN to a robust 128-bit IPSec VPN. Astaro's team worked with Lloyd to get the VPN up and running, allowing him to securely administer the eBet network from home or even from his hotel while he's on vacation.

"Working with Astaro is much different than working with one of the large software vendors," Lloyd said. He noted that when eBet tried to move certain software licenses from another vendor to a new office, the company had to engage consultants from the vendor, which turned into a long, costly process that forced eBet to take one location off-line for an entire day. "With Astaro, I simply have a license for a certain number of IP addresses. If my office moves or my network changes, I simply update the IP address list. That's it."

In addition to features such as a firewall and VPN support, a software security appliance needs to be reliable, manageable and current. If the appliance server hardware fails, Lloyd says he can install the Astaro software on a different server or even a Linux-based PC within 20 minutes. Because Astaro software contains its own IP address, it functions as a self-contained entity capable of automatically making its own updates, such as patches and new virus signatures, saving Lloyd the hassle of manually collecting and pushing out all of these updates to each of the five locations.

In addition to managing eBet's network and developing gaming systems, eBet's development and administration office also does outside system integration work for companies without their own in-house networking expertise. "After I sold my company on Astaro, I found myself bundling it with the systems we were designing for our customers", Lloyd said. eBet's customers knew they needed firewalls, but most also requested something to help them block spam and filter out unwanted Web content, both of which are available with Astaro. "Astaro provided me with all of my security needs in one package, at a fraction of the cost of other solutions", Lloyd continued. "And when you add to that the fact that it is simple to install and easy to manage, while also keeping itself up-to-date, Astaro is a compelling alternative to the other security offerings on the market."

Victor Cruz is a consultant and writer living in Boston who has published articles in American Venture, Boston Business Journal, Harvard Review and Wireless Business & Technology. Write him at vcruz1@comcast.net.

Load Disqus comments