Security at the perimeter of the network is of utmost importance in today’s threat landscape. First United Methodist Church at Chula Vista (FUMCCV) engaged VPLS for a firewall upgrade and wireless site survey.
City of Beaumont Undergoes Network Refresh with VPLS to Support CJIS Compliance
The City of Beaumont, California’s third fastest-growing city, partnered with VPLS for a city-wide network refresh project, which included replacing the City’s aging firewalls, switches, and endpoint protection software with new solutions from Fortinet. In addition to just replacing aging equipment, VPLS also architected and implemented several network enhancements, such as internal network segmentation to support the City in their goal of achieving Criminal Justice Information Services (CJIS) compliance.
The Security Fabric
After the firewalls and switches were in place, another key component added to the City of Beaumont’s Security Fabric was FortiClient. FortiClient is an endpoint protection software from Fortinet and replaced McAfee on all city-owned and -issued devices. All FortiClients are centrally managed with FortiClient EMS (Endpoint Management Server) and provide client-side antivirus, web filtering, and application control functions.
Finally, FortiAuthenticator and FortiAnalyzer were added to the Fabric to centralize authentication and logging, respectively.
During the deployment of the Fortinet security fabric, additional improvements were made to the network, including:
Comprehensive Internal Network Segmentation
FortiGates were placed at key boundaries within the City of Beaumont campus. Within each boundary, devices were placed in different VLANs on the FortiSwitches. Within each boundary, the FortiGate performs all inter-VLAN routing, requiring traffic to be thoroughly inspected at the application layer before being routed. The benefits of segmentation include limiting potential attack vectors and minimizing “east-west” threats and malware proliferation.
SSL Deep Packet Inspect
The FortiGates were configured to perform SSL decryption on critical traffic to ensure no threats are hiding in encrypted payloads.
Centralized Multi-Factor Authentication
The FortiAuthenticator acts as a centralized authentication point for all FortiGates in the Security Fabric. When first deployed, the FortiAuthenticator was integrated with City of Beaumont’s Microsoft AD, and then AD users were tied to a FortiToken. The FortiToken, Fortinet’s secure token offering, is used to enforce multi-factor authentication for remote user VPN access, ensuring all network access is secure.
Centralized Logging, Alarming, and Reporting
The FortiAnalyzer acts as a centralized point for network administrators to monitor and respond to network threats in real-time in the Fortinet dashboard.
A complete network refresh is a large undertaking, but the City of Beaumont knew the security objectives they needed to reach and what it would take to achieve those objectives. By partnering with VPLS, the City of Beaumont was able to quickly deploy the new equipment and software across the entire city campus with minimal downtime, while at the same time revamping the network design to meet the stringent security standards demanded by today’s sophisticated, and unfortunately all-too-common, cybersecurity threats.
Read about other successful VPLS projects: