Netherlands public transportation Stay Securely Connected with the Help of Barracuda and ICT Vision B.V.

Download PDF

Summary

About Syntus

Syntus is a regional public transportation provider operating several hundreds of buses with public Wi-Fi in the provinces of Gelderland, Veluwe, Overijssel, Twente, and Utrecht. Syntus is extending public bus services throughout the area connecting Almere municipality by December 2017, and a train route between Zwolle, Kampen, and Enschede, located in the Overijssel province. Syntus is a subsidiary of the global mobility company Keolis.

About ICT Vision B.V.

Located in Eindhoven in the Netherlands, ICT Vision B.V. is a multivendor ICT consulting company and system integrator with certified partnerships for Microsoft, Google, VMware, Netapp, Aruba Networks, and Barracuda Networks. ICT Vision specializes on ICT networking and infrastructure solutions, including SAN storage, hosted environments, office automation, and business continuity. All services are continuously monitored and managed 24x7 from ICT Vision’s own network operations center.

Challenges

  • Provide secure and reliable Wi-Fi services for several hundred public transportation buses.

Solutions

  • On-board 4G modem connected to Barracuda CloudGen Firewalls SC1 IoT devices, which are connected to a Barracuda NextGen Machine Access Security Broker Virtual image. Central Management by a Firewall Control Center virtual image.

Results

  • Secure VPN connection from every bus to the datacenter Fast reliable Wi-Fi, protected from internet based hacking and Denial of service available after Terms and Conditions agreement.

The Challenge

For the Utrecht province in the Netherlands, more than a hundred public buses that provide clean, reliable, timely, and entertaining transportation were to be equipped with public Wi-Fi that needed to be secured from network-based threats and reliably connected to the data center. Via a secure VPN connection from every bus to the data center, ongoing updates were provided for the on-board infotainment system. As every bus is equipped with a reliable 4G data modem uplink, speeds weren’t an issue— keeping the Wi-Fi network safe and protected from internet-based hacking and denialof-service attempts was difficult. Syntus needed an affordable solution that can scale and securethe thousands of remote public buses.

The Solution

To find a manageable Solution, Syntus turned to ICT Vision B.V., a long time Barracuda Partner that provides networks-as-a-service. After evaluating several options, Syntus chose the Barracuda CloudGen Firewall solution for IoT. The CloudGen SC1 appliances connected to the stackable machines access security brokers was the perfect fit since it’s able to provide secure and reliable tunnels to the public transport system, offering Wi-Fi access and central management.

Fast Troubleshooting and Efficient Daily Management

All security, networking, and connectivity benefits are easily accomplished with the management console, a small Microsoft Windows OS executable. Using this standalone application enables rich, low-latency live views of all the traffic flowing through the firewall, with the ability to easily manage the firewall even when under heavy loads. Configuration changes are done quickly and applied almost instantaneously.

And with “Firewall History View,” troubleshooting can be done in a matter of seconds, without the need to go through tons of log files or use of complicated commands in a CLI window.

Quick Deployment

Configuring and maintaining multiple security appliances can be a complicated and time-consuming task. For IoT environments, the F-Series is fully configurable via a template-based management system that is tightly integrated with the central management capabilities of Firewall Control Center. Once a template is changed, Barracuda CloudGen Firewall appliances linked to this template are automatically updated within seconds.

The “Automatic Network Setup” takes care of cumbersome setup and routing configurations. Administrators just define a single, large network that is automatically translated into smaller subnets, which, in turn, are then automatically assigned to the remote appliances. The encrypted connection between the FSC1 security appliance and the data center is established with Barracuda’s proprietary, enhanced IPsec protocol TINA. Without relinquishing any security aspects, TINA is significantly more resilient and effective for low latency 4G internet connections than standard IPsec solutions.

Central management scales to tens of thousands of remote locations by using a three-tiered management and load-share approach:

"With the Barracuda CloudGen Firewalls SC1 the Wi-Fi access points on the public buses kept secure, always connected to the datacenter and central management is no longer an issue."
-Frank van Tuyl, Consultant, ICT Vision B.V.

About Barracuda

Barracuda simplifies IT with cloudenabled solutions that empower customers to protect their networks, applications, and data, regardless of where they reside. These powerful, easy-to-use and affordable solutions are trusted by more than 150,000 organizations worldwide and are delivered in appliance, virtual appliance, cloud and hybrid deployments. Barracuda’s customer-centric business model focuses on delivering highvalue, subscription-based IT solutions that provide end-to-end network and data security. For additional information, please visit www.barracuda.com.

About the Barracuda CloudGen Firewall

Barracuda CloudGen Firewalls feature advanced security capabilities, including integrated Intrusion Prevention (IPS), URL filtering and antivirus to identify and block evasion attempts that would trick traditional systems. Barracuda’s security extends beyond a network to Barracuda’s Advanced Threat Protection (ATP) cloud for both statistical and sandboxing analysis of zero-day and targeted threats that routinely bypass signature-based IPS and antivirus engines.

Barracuda CloudGen Firewall Fast Facts

  • Integrated next-generation security
  • Full SD-WAN capabilities included
  • Full user/group awareness
  • Full application visibility and granular access control
  • Advanced Threat Protection (incl. sandboxing)
  • Built-in web security and IDS/IPS
  • Connection-friendly and robust VPN
  • QoS and link balancing
  • Industry-leading central management