Trani is a Southern Italian seaport with a population of around 60,000 people in the Apulia region of the Province of Barletta-Andria-Trani. The excellent reputation of German company macmon secure GmbH reaches all the way to Italy, where engineer and Chief Information Officer Catino Valerio, who oversees IT for 250 city employees, reached out to the Italian system house Bludis with this in mind.
The challenge: to protect the IT network from internal and external attacks and make administrative processes related to VLAN management in the IT department more efficient.
During the selection of a reliable network access control solution, macmon secure Gmbh scored highly with its extensive experience in public administration. Effective defense against unauthorized attacks on the governmental network is a central objective for the Comune di Trani.
The public administration in Trani handles highly sensitive personal data on its inhabitants, which is a lucrative target for cyber criminals. It also manages information about critical infrastructures, including data about energy suppliers and the public transport system as well as public tendering and planning documents.
“Thanks to macmon NAC, we can ensure the integrity of the network by exclusively allowing network access for our own defined and approved devices.“
(Catino Valerio, Chief Information Officer Comune die Trani)
Once the choice was made to go with the IT security experts macmon secure, the city was able to introduce the NAC solution in just two days. Catino Valerio, Head of IT, Comune di Trani on the rollout: “With macmon NAC, our IT administrators now know which devices are on our network at all times and can efficiently monitor the deployed PCs, printers, laptops and technical devices in use. macmon NAC detects, reports and prevents the operation of third-party systems in our public authority‘s internal network. That ensures our administrative IT is protected against attacks on sensitive personal data."
macmon NAC displays the whole network in a graphical topology and in real time. In addition to the network itself, it also maps all connections between the network devices in the infrastructure. This valuable overview was available to the Trani IT team shortly after commissioning and enables them to locate incorrect configurations, unknown devices and vulnerabilities, for instance, providing maximum stability and security on the network.
As a manufacturer-independent security solution, macmon provides reliable monitoring even for networks with different network components. Since changes to management structures and tendering processes can sometimes lead to undesirably heterogeneous IT infrastructure environments in public administration, manufacturer-independence and the ability to easily integrate existing IT security solutions, such as WatchGuard in this case, was a decisive factor in the municipal authority’s decision.
To fully control today’s networks, an NAC solution must be able to support any authentication technology. Not all providers offer this functionality or enable mixed operation with technologies such as 802.1X and SNMP. macmon NAC not only supports such functions, but it also scales with the network. The existing infrastructure (the municipal authority operates its data center with endpoints from a variety of different manufacturers and VMware virtual servers) can continue to be used in its present form without any issues. If changes occur, the set of rules, automated functions and processes in the background ensure that you do not have to take any additional actions in macmon NAC. In the field of public administration especially, this is a major benefit because administrative districts and organizational structures can often change following a legislative term.
The second central objective of the Comune di Trani is to prevent the use of unauthorized devices. Guest and employee devices (BYOD) can now be simply and securely authorized via the guest portal, using dynamic management of the network segments.
The variety of different endpoints, such as notebooks or tablets from different manufacturers, poses no problem for macmon NAC, even when managing guest devices, because authentication takes place via the macmon RADIUS Server based on the unique MAC address.
The Comune di Trani supplements its Network Access Control system with the provision of a guest portal that also enables temporary and restricted access by third-party endpoints. In the past, the IT department had to manage guest devices. Now, other members of staff can prepare appropriate guest identities via the guest portal and employees can register their own devices themselves based on specific criteria. Delegating the management of guest and employee devices in this way relieves the burden on the IT department considerably.
Catino Valerio adds: “Providing dedicated and timelimited Internet access for visitors with no need to set up separate infrastructures for employees and guests lets us save resources and reduce the workload of our employees. Thanks to macmon NAC, we can ensure the integrity of the network by exclusively allowing network access for our own defined and approved devices.”
The Norman-Swabian castle “Castello Normanno Svevo” is a fortress built by Friedrich II in the 13th century. It served to protect the town against enemies. Today, NAC technology from Berlin protects against “enemies” in the community network.
The Italian value-added distributor Bludis has more than 20 years of experience in the sale of
IT and telecommunications solutions and offers a wide range of value-added services for resellers, system integrators, Internet service providers and end customers. The company, a partner of macmon secure GmbH for a number of years now, is a leading technology distributor in Italy offering solutions in the fields of communication, cybersecurity, IT management, cloud computing and the Internet of Things.
Weitere Informationen: www.bludis.it