LAN-to-Internet firewall protects city’s data

When Concord, N.H., sought to integrate its computer networks early last year, Information Services Coordinator Art LeClair was charged with delivering Internet access and web services on Concord’s internal network. At the same time, he needed to protect the city from hacking without complicating use of the network.

Like most IS professionals, LeClair did not have the luxury of learning every detail of system implementation — especially given the immediate mission-critical needs of numerous city departments. He consulted with The Destek Group, a Nashua, N.H., computer reseller that configures wide area networks. The firm helped him develop a plan for delivering the connectivity that Concord required.

As a first step, the consultants and city IS staff determined that a proxy server was needed for the network, and an identical server would be needed to serve as backup. The proxy server would simplify administration and security, since all incoming and outgoing e-mail could be routed only through that server.

The server would need to have integrated firewall services to protect the city’s disparate databases. At the dealer’s recommendation, the city acquired Proxy software from CSM, a Layton, Utah, software design firm. “We set up the proxy as the single point of access, in and out, for the entire network,” LeClair says.

The city’s network consists of the proxy server and backup server; seven NetWare servers for file and print access; a Windows NT server for a geographical information system; an RS/6000 mainframe for database activity; and a police department server with the Santa Cruz Operating System, a version of Unix. All of those servers are connected to about 250 client machines at a few locations. Terminal emulators were set up so that older, legacy-type programs can be accessed on newer computers.

The consultants helped install and configure the network within a month, according to LeClair. The firm also trained employees and will be available to offer ongoing technical assistance. LeClair estimates the city spent about $10,000 on hardware and software, and another $15,000 on installation, training and a service agreement.

He expressed confidence in the security system’s firewall. “We haven’t had any problems with people trying to break into the network — and with all the layers built into the design, especially the application-layer filtering that the proxy performs, I’m not concerned about the threat,” he says.

In addition to providing security, the proxy server will help city officials ensure that their employees are using the Internet productively and appropriately. “We are already using the proxy to monitor where employees are going on the Web, and we’re testing some of the access control features built into the proxy to stop access to inappropriate sites,” LeClair says. “As a public agency, we have strict policies about what content is permissible.”