NSW police beef up identification, firewall protection

The NSW police service is planning to beef up its security by consolidating its disparate identification systems and firewall management.The service is currently using two-factor authentication tokens from Vasco to secure on-the-road access to its internal network.



The NSW police service is planning to beef up its security by consolidating its disparate identification systems and firewall management.

The service is currently using two-factor authentication tokens from Vasco to secure on-the-road access to its internal network. However, recently-released tender documents have revealed an all-in-one authentication solution is being sought due to problems caused by a new single sign-on solution and associated Windows XP/Active Directory rollout and dissatisfaction with the need to carry additional building access and identification cards.

Further potential features of the solution flagged in the documents include on-card stored asset management information and data encryption.

The service said it required specific features in a multi-factor authentication device. It must interact directly with the PC or laptop being used, and disable the desktop session if the user walks away. If the user wants to re-activate the session they must re-insert the device along with a PIN number.

If a different user wants to use the device, the previous session should be cancelled and replaced with a fresh login screen.

The police force also wants to integrate management of its 30-strong firewall and network intrusion detection systems (IDS), according to a second set of tender documents.

Currently, firewall and IDS management is undertaken by a "co-sourced solution between NSW Police's security group and [security vendor] Symantec". The hardware and software used comes from a variety of vendors, including CheckPoint, Symantec, Cyberguard, Cisco and RealSecure.

However, the police force wants to be able to set policy rules for all of its firewalls at once.

Key to any future solution is that "every single bit of information generated from these devices will be required to be collected". This requirement has resulted in NSW Police collecting 50-100 megabytes in log files from its protection systems each day.

The organisation also noted that it wished to continue its policy of using dual-layer firewall systems.

The moves come as NSW Police said several weeks ago it was upgrading its operations centre in Penrith as a backup site to the Sydney Police Centre in Sydney's CBD, which currently houses the centralised IT infrastructure.