Introduction
As the industry moves into a smart-shipping era, the risk of cyber threats is at an all-time high. Cyber threats are one of the most serious economic and international security challenges facing the maritime industry today. The need for protection and security enforcement's to mitigate the threats is more important today than ever.
Aim and Scope
The ESAPC company recognizing the increasing concern of its end user and clients with regards to the cyber security and their protection. Magnum Computerware was assigned to deploy a Network Security that helps them to secure their connection between Main Office and multiple branch site by using Firewall device. A Firewall is a barrier between your trusted internal network and untrusted outside networks, like the Internet. A set of defined rules are employed to block or allow traffic. A firewall can be software, hardware, or both. The free firewall efficiently manages traffic on your PC, monitors in/out connections, and secures all connections when you are online.
Clients requirements for Firewall Device
For ESAPC Main Branch they required a Firewall Device that can handle 100 to 300 concurrent users and 10 to 40 concurrent users for their branch site. Main Office and their branches must have secure connections with each other over a public network.
Fortigate Firewall Deployment
As agreed by ESAPC, Magnum Computerware deployed Fortinet Firewall. Fortigate 201E for Main Office and Fortigate 30E for their 5-branch office. Please see below network diagram.
As you can see on the diagram, all 5-Branch site have access to the Main Office Server using IPsec VPN. IPsec VPN is typically used for site to site or site to multi-site tunnels. It will protect all data flows between two or more sites communicating to each other. The purpose of this is to have a secure network connection between the Main Office server and 5-Branch Site. All Branch sites and Main Office FortiGuard appliance have FortiGuard Security Services. Included on FortiGuard Security Services are Intrusion Prevention (IPS), Mobile Security, Antispam, Vulnerability Management, Virus Outbreak Protection Service, IP Reputation, Content Disarm and Reconstruction, Industrial Sercurity, Application Control, Web Filtering, Security Rating Service, Web Security and Indicators Compromise. This Fortiguard Security Services enable unified protection against today’s threats
Conclusion
We all know new cyber threats emerge every moment of every day. Whether it’s ransomware, phishing campaign, or infrastructural vulnerability. Organizations must constantly be prepared to defend against something new at all times. Extensive knowledge of the threat landscape, combined with the ability to respond quickly at multiple levels, is the foundation for providing effective security.