An increasing amount of people who don't work for Adams County, Pa., ask to reach into the county's data network.
"Six, seven, eight years ago, there weren't nearly as many requests for remote access to information as there are now," said Dave Sprankle, Adams County's management information systems (MIS) director. "It's just been an explosion over the past year, year and a half."
As these types of requests increase, counties face a new challenge: finding efficient ways to keep communications between their own networks and external computers secure.
For Adams County, the "explosion" started with a heating, ventilation and air conditioning (HVAC) contractor that wanted to access a server to monitor its systems in two county buildings. Computers control most modern HVAC systems, and contractors often use off-the-shelf software, such as Symantec's pcAnywhere, to keep track of their equipment from offsite, Sprankle said.
But Sprankle didn't think that was a good solution.
"There are known vulnerabilities in a lot of this remote access software, and I didn't want multiple vendors using multiple versions," he said.
Then 10 local police departments needed access to the router the county operates for them as a gateway to the statewide Pennsylvania Justice Network (JNET). A local nursing home also uses the county network to access an online x-ray service, Sprankle said.
Too Many Clients
To secure data that passes over the Internet between a network and a remote computer, organizations often turn to virtual private network (VPN) software. For its own employees who needed to use the network from home or other remote sites, Adams County had installed VPN-1 from Check Point Software Technologies.
Based on the IPSec protocol, this solution uses software on the client machine to encrypt data and protect the network from viruses and other malicious code. As requests for access to the network arrived from outside county government, Sprankle offered VPN-1 to those users as well.
This strategy, however, put a burden on the four-person MIS department. After downloading the VPN client software, users had to configure it to operate on their personal computers.
"Almost every time, this requires us to be on the phone with them to get it set up," Sprankle said, adding that it often turned into a 20- to 45-minute process.
With the Carroll Valley Borough Police, the first police department to gain remote access, the situation looked complicated enough to require a technician to supervise the installation in person.
"We can't be running around to all these different police departments, because we're not just talking about one computer at a police department," he continued. "Some have three or four."
Chief Richard Hileman of the Carroll Valley Borough Police took charge of helping other law enforcement agencies in the county install the client software.
"My problem was, it wasn't easy enough for some of our less technologically savvy guys," he said. Therefore Hileman got personally involved in each installation.
The complexity didn't end when he finished setting up the software. Each time an officer wanted to use JNET to look up a driver's license, check for warrants or perform other functions, they first had to launch the VPN program, and not everyone found that easy, he said.
Just as Sprankle was getting ready to buy more licenses for VPN-1, he heard about a new VPN product from Check Point, SSL Network Extender, that didn't require software on the client system.
"We went ahead and bought 25 licenses for the SSL Network Extender to take the burden off us," Sprankle said. "Once we got it configured, it was a no-brainer. The thing is so easy to set up and use."