Researchers in the Department of Electrical Engineering engage in just about every aspect of technology, ranging from holography to radar remote sensing. However, Joe Little, a principle systems architect and a researcher in the department, needs to apply security applications right at the home front. He must strive to balance two conflicting problems -- how to make a key department in a major research university open to the world, and, at the same, how to keep researchers' systems from being constantly probed and attacked.

Little says, "We have security updates available in various platforms. Getting the staff to maintain security on these systems has been difficult."

In turn, he has taken a three-step approach to providing better security enforcement. First, access to public services is being restricted to central systems when possible. Each researcher has a virtual Web server, based on SW-Soft's Virtuoso Universal Server, that essentially runs on the central systems. This arrangement enables a researcher to configure and to manage his or her own system, but Little controls the security on those machines.

Next, each researcher's workstation gets moved to a private network when possible. These researches then use a Virtual Private Network, or VPN, which allows authenticated users to establish secure channels over the public Internet to this closed network. Little says, "The private network and VPN solution keep attackers from actually seeing a lot of the systems that aren't going to be easily maintained."


Since the researchers' systems are out of sight, the third step consisted of providing researchers with transparent access to their systems via the public Internet or a private network from anywhere in the world.

After researching the gamut of security products, Little downloaded the free trial copy of Astaro Security Linux from Astaro Corp., Burlington, Massachusetts. He bought it after four months of testing. Little says, "The- try-before-you-buy capability enabled us to see how well the product would fit into our environment." This software product, which sells for about $390 per ten users, turns an inexpensive server to an all-purpose security device capable of handling the VPN connection, the authentication, as well as providing a firewall, anti-virus protection and proxy services for Web and email.

Little runs the Astaro Security Linux on a $1,500 Dell PowerEdge 1400 server. Together these products provide the VPN which acts as a gateway onto the public Internet for as few as 50 remote users or up to as many as 1,000 remote users. The security device supports researchers' remote workstations consisting of everything from Windows 2000 XP to Mac OSX to Linux.