Collins finds prevention better than detection

Integrator CDM solves Collins Food Group's security woes with a TippingPoint intrusion detection system.

Collins Food Group is something of a pioneer in the fast-food restaurant business in Australia.

Based in Brisbane, the company operates some 113 KFC outlets and 28 Sizzler restaurants nationwide after opening the first KFC in 1969 and the first Sizzler in 1985, both in Brisbane.

Operating out of a central office with VPNs linking the outlets, Collins’ IT people had been aware for some time that their existing traditional firewalls were not adequately protecting them from a range of application-level network attacks.

According to Brisbane-based IT services company Communications Design & Management (CDM) technical architect Ross Taylor, Collins had been looking for an intrusion detection system (IDS) for their network and were in the process of assessing the solutions offered by various network security vendors when they were invited to a presentation by 3Com division Tipping Point of their range of security solutions.

It was here, according to Collins IT manager, infrastructure and restaurant systems, Shaun Smith, that the company was introduced for the first time to the possibilities of Tipping Point’s Intrusion Prevention System.

Determining security needs

Smith says Collins has a traditional Cisco corporate firewall configuration with VPN tunnels to each of the organisations 140 stores. They also use an e-mail scanning product called Mail Marshal, and all Internet traffic is monitored and scanned through an additional product called Web Marshal, as well as anti-virus protection.

“We believed this was protecting most of our e-mail traffic from the flood of e-mail borne viruses and undesirable mail traffic.

“Web Marshal ensured that we could control what sites our users visited and what they could download from the Web to the corporate network. The firewalls are set to exclude all but wanted traffic to our main servers,” he says.

Smith says the things that were unique about the environment were that they have an aging topography where they still run Token Ring for a significant component of their network. To overcome this, they had made use of wireless access points in certain parts of the building.

They also had over 140 external sites to manage and wanted to ensure that security at each of these nodes was strong and that network integrity was maintained.

“With such a varied topography we found it hard to find a network monitoring solution that would help us isolate where we were having problems. We also had no simple tool to let us know what sort of attacks our network was being subjected to,” Smith says.

It was for this reason that Collins sought a solution that could be implemented behind the corporate firewall.

According to Smith, the IT team at Collins were far from experts in this field, so they needed to know how the system could be installed in a way that was most effective for protection from external threats as well as wireless access points.

Taylor says the box was relatively easy to install and had been designed specifically to gather and disseminate information according to an end user’s needs.

It could also be tuned to provide reports on different levels of information. It therefore acts as an intrusion prevention system, unlike the traditional IDSs that the company had in place on its network.

“What they needed was a central security function from their head office, where VPNs from their other outlets are terminated, which could control the flow of all ingoing and outgoing traffic,” Taylor says.

“They wanted to know how they should deploy the box and what sorts of things it could be used to deploy against and how it could be configured to derive maximum value.”

The Tipping Point solution also includes innovative IPS features such as Spyware protection and multi-gigabit throughput.

Tipping Point’s intrusion prevention system offers VoIP security, bandwidth management, peer-to-peer protection and default “recommend settings” to block malicious traffic automatically upon installation without tuning.

Pilot stage

Following the demonstration of the Tipping Point 400 network security box IPS, Collins moved rapidly to a pilot stage using equipment provided for evaluation by CDM.

During this trial and evaluation period, most of the discussion centred around what it was that Collins Group actually needed from a network security perspective.

The Tipping Point IPS proved to be exactly what Collins was seeking, as it provided application, performance and infrastructure protection at gigabit speeds through total packet inspection, whilst also protecting routers, switches and other critical infrastructure from targeted attacks and traffic anomalies.

The box also provided Collins with automated reports, e-mailed in PDF form for management staff with comprehensive information on attacks.

Taylor says the Tipping Point solution also provided an effective “drop in” solution that, in its default state, could pretty much immediately start providing an extra level of awareness to the organisation of potential malicious traffic passing through the existing packet-based firewalls, as well as rating, and stoping, those potential attacks without any further intervention from server or network administrators.