Case Study 1: Florida Department of Management Services, Part I
P. Denise Washington
CIS 505/ Week 4 Case Study
Running head: Case Study 1: Florida Department of Management Services, Part I 2
By the early 1990s, the Florida Department of Management Service (DMS) had built up a large information systems network that served state government agencies in 10 regional sites and connected these to the data center in Tallahassee. The network was based on the use of the proprietary Systems Network Architecture (SNA) from IBM and a mainframe at the data center that housed most of the applications. The Florida Department of Management Services conducts business with a suite of technological resources customized to help the workforce efficiently and seamlessly communicate, collaborate and manage business activities. Every program area within DMS generates its own source data set, services and processes to operate their part of the business.
1. Analyze the security mechanisms needed to protect the DMS systems from both state employees and users accessing over the internet
The State of Florida's networking infrastructure provides sufficient functionality to meet the requirements for expanding networked applications and services using VPN network technology. A VPN is an alternative to a private network, where the wired infrastructure is used exclusively by the network owner. VPNs are created using specialized software and hardware to encrypt/send/decrypt transmissions over the internet. By encrypting transmissions, a VPM creates a private tunnel with the internet or public network. (Turban, 2011). The Florida DMS uses two types of VPN networks, client-to-LAN and LAN-to-LAN technologies. The Client-to-
Running head: Case Study 1: Florida Department of Management Services, Part I 3
LAN VPN provides the remote user the ability to connect to the state intranet through a secure encrypted tunnel built from the user's remote pc (desk or laptop) to the state VPN gateway cluster. The remote user access permissions are configured based upon the information provided within the service order issued to DMS by the requesting agency. Host Checker verifies that the remote computer has an active firewall enabled, and updates the operating system software patches and antivirus software. Once the Host Checker feature verifies that the remote computer is protected and has no malicious software, the remote computer is allowed to connect to the VPN gateway and simultaneously connect to Internet websites.
The LAN-to-LAN service is used to connect a remote network to the state common services. The centralized LAN-to-LAN VPN service receives encrypted IP traffic using the Internet as the IP data transport medium instead of relying on dedicated transport circuits. When an entity has a relationship with a state agency and has a need to access agency data resources, this service provides a cost effective access solution. The data is securely transported across the Internet through an encrypted VPN tunnel. Permitted access to the state intranet is governed by machine authentication and an access control list (ACL) programmed within the state VPN appliance's configuration. The ACL governs which network(s) or host(s) within the state intranet the remote partner has authorization (permission) to access. The data stream is encrypted from the remote VPN appliance to the DMS gateway VPN appliance.
For security reasons, access to the state network originating from any point on the Internet is blocked unless one of the permitted VPN remote access methods is utilized. The VPN gateway
Running head: Case Study 1: Florida Department of Management Services, Part I 4 includes a user access control list (ACL), which dictates the permitted access to a remote user or remote network may access on the state