Security at the perimeter of the network is of utmost importance in today’s threat landscape. First United Methodist Church at Chula Vista (FUMCCV) engaged Evocative to upgrade their existing firewall with a next-generation FortiGate 60E firewall. In addition to this upgrade, Evocative also provided a Managed Firewall service to manage, audit, and monitor the firewall 24×7, as well as a Wireless Site Survey of the church, school, and administrative office.
Security Enhancements
A thorough assessment of the business needs of FUMCCV was conducted before deploying the new FortiGate firewall. Several security improvements were made by installing the FortiGate at the edge of the network. The benefits of these improvements include:
Threat Prevention
- AntiVirus profiles are configured for the detection of malware and advanced persistent threats.
- Files traversing through FortiGate are analyzed for further threats by using FortiSandbox.
- Intrusion Prevention System (IPS) profiles protect the clients and servers by monitoring and actively blocking any external infiltration threats. Zero-day vulnerabilities are prevented as well, by constantly updating the database of unknown threats and behavior-based signatures.
Application Control
- By using protocol decoders and signatures, FortiGate detects the underlying applications, even when using nonstandard ports.
- Organization security is strengthened by controlling applications that are malicious and not required for business activity, such as p2p, botnet, proxy, etc.
Web Filtering
- FortiGate detects and prevents web-based threats such as phishing, drive-by malware, and botnets.
- Web traffic is categorized by FortiGuard and is filtered by categories such as “adult content” and “phishing”, to name a few.
SSL Certificate Inspection
- By inspecting the SSL certificate, FortiGate verifies the identity of web servers and ensures that the HTTPS
Managed Services
Security event analysis, maintenance, patching, and firewall reporting are routinely conducted by Evocative, including:
Monitoring
- FortiAnalyzer appliance of Evocative is used for centralized logging, alarming, and reporting of the FortiGate Firewalls.
- The FortiGate is monitored 24×7 to report and prevent any real-time network threats.
Auditing
- A quarterly audit of the firmware and configuration of the firewall is conducted.
- Any changes needed to harden the security posture of the environment, as discovered from the audit, is actively implemented.
Wireless Site Survey
A wireless site survey was conducted to assess the current state of FUMCCV’s wireless network and make recommendations for improvement. Before the survey, the church’s floor plans were reviewed to understand their current needs, i.e. areas of coverage, use cases, high priority areas, etc. Detailed and scaled floor plans are critical to the success of any site survey. Fortunately, FUMCCV had original blueprints on-site, which were imported into the survey project. Mission-critical coverage areas for Wi-Fi were identified, as well as areas where connectivity was lacking. The high priority areas included the church business offices, fellowship hall, and sanctuary. Staff members in the preschool reported poor Wi-Fi performance in the teacher’s lounge, which was noted for later analysis.
The site survey was conducted using Ekahau Pro and Ekahau Sidekick. Ekahau provides industry-standard tools for performing wireless site surveys. All required coverage areas were surveyed, and photos of the current access point locations were taken. The survey data was verified before leaving the site. The data was analyzed off-site and the results were collected in a detailed report.
The survey data revealed inadequate coverage to meet FUMCCV’s requirements. For critical areas, like the church office building, additional access points were recommended to cover the entire floor. High client density areas, such as the sanctuary and fellowship hall, would also require additional access points to provide Wi-Fi service to large numbers of clients and guests.
Evocative also recommended that existing access points that were mounted horizontally on the wall should be re-mounted on the ceiling for optimal performance.
Results
By deploying the next-generation FortiGate firewall, FUMCCV has taken a crucial step in the right direction. With Evocative diligently monitoring the firewall, FUMCCV can meet the demanding security needs of current and future cybersecurity threats while experiencing improved network connectivity.
“I have been extremely impressed with the knowledge, flexibility, patience, and professionalism of all members of Evocative that I have come into contact with. I look forward to working with Evocative in the future regarding the phases of our network management, and I would highly recommend Evocative to any organization seeking similar technical expertise and support,” stated Brian Cox, FUMCCV’s Office Manager.