Ghana Community Network Services Limited, Ghana, Africa
Cyberoam Secures GCNet - Ghana“s Premier Trade Regulation Portal
About GCNet, Information Technology Solutions Provider (Semi-Government)

Ghana Community Network Services Limited (GCNet) is an Information and Communication Technology solutions provider based in Ghana that fosters trade development and facilitation in the country. The company has implemented an electronic system using cutting edge technology that links all trade operators, revenue agencies, and regulatory bodies through a "Single Window” system. As a result, the company has earned the moniker of a “B2G company” which means “your business to Government Company”.

The vision behind starting the GCNet portal was to eliminate the need for any trade-related paper documents. This saves a lot of time through online clearances compared to manual systems. The GCNet system is extremely resilient, making use of enterprise class infrastructure such as high availabilty servers, clustering, real time replication to a Disaster Recovery Site and redundant communications links. In addition, all sites are provided with power conditioning equipment and standby generators.

The Internet forms the backbone of our company. Without it, nothing seems to work since most of the applications we run are webbased applications.

Mr. Lawrence Owusu-Kena
IT Security Specialist

Today, the GCNet portal has significant importance for any company that wishes to export, import or transport commodities to Ghana because the system takes care of all custom codes and regimes for that country. Some of the client agencies supported by the system include government ministries, port authority, banks, traders, freight stations, customs, forwarding agents, vehicle licensing authorities and insurance companies.

According to Mr. Lawrence Owusu-Kena, an IT Security Specialist at the helm of affairs in GCNet, Ghana, “The Internet forms the backbone of our company. Without it, nothing seems to work since most of the applications we run are web-based applications. At the centre of this, we have an electronic messaging platform - a Tradenet system, with functionalities such as electronic data interchange (EDI), XML, AINSI etc. all of which govern trade and customs functions. These include declarant entries, payments of duties and taxes, maintenance of custom codes and online report-generation.”

Considering the business importance of above systems encompassed by the GCNet portal, Mr. Owusu-Kena outlined the following security challenges for the company:

Protecting Perimeter Points of Entry

The customized external client log-in system at GCNet had multiple security features built into it including a log-on password and a database accessibility password, both of which are specific to the client user logging in from the World Wide Web. The system ensured that user passwords get changed periodically as per standard practice in IT security.

However, the internal networks (LAN) were still vulnerable to unauthorized external access from hackers, DOS attacks and other network intrusions. The most valuable data related to client logon credentials. E.g. In the event of a password theft incident, unauthorized users would succeed in making declarations through legitimate users“ identification or password. A gateway firewall here, would act as a protective fence to keep unwanted external data and software out and sensitive internal data and software in.

Preventing Network Downtime

The GCNet network had a high volume of users connecting through their own network connection or by DSL links supplied by GCNet. Clearly, any security downtime would have a huge effect on their clients“ business with clogging up of their database systems with numerous log-in queries. Constant network uptime was absolutely essential for business reputation. Dootall wanted a High Availability solution to offset failure of some critical service by hardware issues.

Zeroing in on Malware

GCNet“s portal already had existing safeguards against the spread of viruses, worms, Trojans and spyware in their network. The system primarily transmits text. Neither data nor programmes are handled. However, the company was still in need of a robust anti-virus system at the gateway to avoid being infected froms sophisticated, zero hour malware threats.

The Scourge of Spam

Spam was a major problem for the GCNet network as the website was supporting transaction activity for tens of thousands of users. Many of these bad emails would end up in the inboxes of employees associated with finance, IT and support helpdesk work. This trend had to be reversed as soon as possible.

Regulating Surfing Practices

According to Mr. Owusu-Kena, indiscriminate Internet surfing by employees in GCNet was causing disruptions to workplace productivity. The management was perturbed by downloads and transmission of non-business related information such as entertainment, music, gaming etc. In addition, this would place enormous burden on the company“s precious bandwidth resources, lowering network availability for legitimate business activities.

The Cyberoam Solution

After exploring and testing several security products to match their needs, the technical team of GCNet finally decided on Cyberoam Unified Threat Management solution. They purchased three Cyberoam appliances in total - two CR1000i which High Availability-configured, and consequently had to be configured in Gateway mode; and a separate CR100i which was also deployed in Gateway mode. The appliances were installed in the company“s head office in Accra, the capital of Ghana.

Securing the Perimeter and Internal Networks

Cyberoam“s identity-based UTM appliance easily integrated into the GCNet network with an existing Active Directory Services (ADS) which pulled all users directly into its database, providing them with real time protection while providing real-time info on their activities.

Cyberoam has a two-tiered security to protect the GCNet network. Its stateful inspection and identity-based firewall managed to separate out the entire LAN from outside users, thus, allowing user identity-based access control, user authentication and application-level protection to the company“s sensitive internal data. In addition, Cyberoam“s Intrusion Prevention System thwarts intrusion attempts and blocks malicious traffic, protecting the company“s password systems, and business reputation

Continuous Business Security

Two Cyberoam CR1000i appliances were deployed in High Availability mode in the GCNet network. This is designed to ensure that upon the failure of any one appliance, the other one would automatically takes over, ensuring continuous security to the network. Cyberoam“s High Availability feature has been endorsed by a leading certification agency – ICSA Labs.

Closing the Remaining Malware Gaps

Mr. Owusu-Kena found that Cyberoam“s gateway anti-virus solution was able to provide advanced level web and email anti-virus protection against all spyware/malware, including viruses, worms, spyware, backdoors, Trojans, keyloggers and more across HTTP, FTP, SMTP, POP3 and IMAP protocols. In addition, Cyberoam“s proactive Virus Outbreak Detection (VOD) technology ensured users' protection against newer malware threats, hours before signatures are released.

All-out Assault on Spam

Mr. Owusu-Kena found that Cyberoam was equipped with multiple methods to block spam in the organization. Through IP Reputation filtering and Real-time Blackhole List techniques, it blocked most spam from frequently troublesome server IP addresses. In addition to this, Cyberoam“s Recurrent Pattern Detection-based Anti-spam technology was able to ensure zero hour protection from email borne outbreaks of large as well as small, targeted attacks in order to ensure high spam catch rates. The end result was safe and clean email networks.

Surfing/Bandwidth Controls

Cyberoam“s Web Filtering featuring has ensured comprehensive Internet control in the GCNet network, disabling employee ability to surf non-productive sites and pursue IM, P2P and multimedia downloads. In addition, the web filtering was configured to create identity-based access policies based on groups, departments, levels in hierarchy and also, the individual user. Cyberoam“s GUI dashboard offered the GCNet admin enterprise-wide view of web access which drills down to user-level reporting with extensive reports on data transfer, applications used, sites visited, search engine usage profile and much more.

Cyberoam“s Bandwidth Management solution solved the company“s earlier bandwidth clogging issues by actively helping in controlling individual user surfing time by designing surfing quota policy. It has also helped in restricting bandwidth usage by determining appropriate bandwidth policy for any given user or group.

To Round it Off

Giving his feedback on Cyberoam appliances, Mr. Owusu-Kena said, “It is an awesome, ideal security box for our entire productivity and security needs. It can be described as a reliable security Box. I have never come across a network security device that gives a comprehensive reporting system like this. I strongly recommend it for all organizations relying on internet to operate their business especially the ISP“s and the Telecommunication companies.”