Medical Information Protected by Barracuda NextGen Firewall F

Download PDF

Summary

The first organization in a German-speaking university with a focus on teaching and researching emergency medicine and medicine management was founded in 2002. The INM, Institute for Emergency Medicine and Medicine Management was established as an interdisciplinary clinical organization at the Munich University Hospital by the Bavarian Ministry for Science, Research and Art. This research work involves the analysis and assessment of high volumes of patients’ data, so protecting this is a matter of the highest priority. This can only be guaranteed by a security solution that meets rigorous standards.

Profile

  • First organization in a German university with a focus on teaching and researching emergency medicine and medicine management
  • 30+ remote users
  • Strict security standards due to patient medical info

Challenges

  • Pure packet filter solution - could no longer satisfy the current security requirements
  • Effective solution was required to counter the diverse attack attempts and malicious code activities
  • Security solution that meets the highest standards

Solution

  • Barracuda NextGen Firewall F-Series
  • Barracuda NextGen Control Center

Results

  • Multi-gigabit firewall performance and integrated bandwidth management
  • Reliable and secure distributed network with Centralized management through Barracuda NextGen Control Center
  • Secured access to the Institute’s network via VPN

Sensitive Data Must be Protected

An essential element of the scientific work at the INM is storage and processing of person and patientrelated information. Very tight legal stipulations defined by the Bavarian and Federal Data Protection Acts must be adhered to when dealing with this sensitive data. All data protective measures must stand up to an intensive discussion and examination with the controller for data protection at the University Hospital in Munich. It soon became clear to those responsible for IT at the Institute that the existing firewall solution—a pure packet filter solution—could no longer satisfy the current technical security requirements under the existing conditions. The four-man IT department at INM managed by Dr. Marc Lazarovici, M.D. began searching for a suitable alternative.

Core Requirements: More Security, Higher Availability, Greater Efficiency

The IT Team initially defined the core requirements for a new solution at the beginning of the evaluation phase. The following criteria had to be fulfilled:
  • Increasing security standards: In addition to meeting the strict data protection law stipulations, an effective solution was required to counter the diverse attack attempts and malicious code activities. It was clear at this point that the route which the Institute for Emergency Medicine had to follow was to move away from a pure packet solution and onto an application level firewall.
  • Secured access to the Institute’s network via VPN: The 30 full-time employees and their external colleagues should have easy access from outside onto the Institute’s network, without compromising the security.
  • Increasing failsafe security: The new system should have a redundant concept. Several physical computers in distributed premises should be used here.

One University, Two Networks

A further challenge was posed by a network topological feature of the overall system and embedding the INM network respectively into the overall University Hospital network. The hospital has two networks: The network for Science and Research and the network for Medical Care Provision. Hospital patients’ data is stored and processed using the latter, i.e. this is where laboratory results can be accessed for example. This network is protected by its own firewall run by the hospital’s computing center. However, for a long time the Science and Research network protection was insufficient, apart from blocking the file sharing port.

Reliable Partner at Hand

Following an intensive evaluation phase, Dr. Lazarovici’s IT department decided in favor of using a Barracuda solution. The Institute required a solution that would reliably guarantee that communications could continue running, even under difficult circumstances. The requirements also covered administrative efficiency increases with adapted management concepts. The Barracuda NextGen Firewall F-Series was clearly the best solution in all areas.
"The solution runs stably. Both the firewall and the VPN ran reliably from the outset. We would definitely decide in Barracuda’s favor again."
- Dr. Marc Lazarovici, M.D, Head of IT department, INM

Smooth Roll-Out Under Extreme Conditions

The implementation of Barracuda NextGen Firewall ran smoothly, despite some specific special issues which were inherent to the project. The transition to Barracuda NextGen Firewall took place simultaneously with a move to new premises by both the Institute and the computing center. However, the entire system had to remain constantly accessible and available throughout the entire transition.

It was inconceivable that the system be down for a period of several hours. On the one hand, employees and students work continuously with the Internet and on the other, a high number of web servers were hosted in the Institute’s computing center, including the main server for teaching at the faculty of medicine.

The old solution was still in operation while the new system was initially activated for selected parts of the network. Some VPN clients were also assigned to some testers. Since no problems arose during this test phase, the new system was transferred to the entire system in one major conversion process. This took place with a downtime of just a few minutes. The entire process, from the conception to the final transition, took three weeks.

Positive Résumé After Two Years

The Institute for Emergency Medicine and Medicine Management at the University Hospital in Munich today guarantees the secure availability of critical data and applications with redundantly designed Barracuda NextGen Firewalls, which are managed centrally via a Barracuda NextGen Control Center. Worthy of particular mention is that in comparison to the former gateways, there are more individual customization options for the VPN access, a performance in gigabyte range as well as easy options for adding interfaces.

About Barracuda

Barracuda provides cloud-connected security and storage solutions that simplify IT. These powerful, easy-to-use, and affordable solutions are trusted by more than 150,000 organizations worldwide and are delivered in appliance, virtual appliance, cloud, and hybrid deployments. Barracuda’s customer-centric business model focuses on delivering high-value, subscription-based IT solutions that provide end-to-end network and data security. For additional information, please visit barracuda.com.

About the Barracuda NextGen Firewall F

The Barracuda NextGen Firewall F-Series is the enterprise-grade network firewall that combines comprehensive, next-generation firewall capabilities - based on application visibility and useridentity awareness - with optimal efficiency and throughput. Coordinated WAN optimization, centralized management, and cloud-hosted content filtering and reporting are just a few of the key features supporting enterprise requirements.

Barracuda NextGen Firewall F Fast Facts

  • Integrated next-generation security
  • Granular control of user activity
  • Effective WAN management
  • Connection-friendly and robust VPN
  • QoS and link balancing
  • Central management