Информационное Руководство для Cisco Cisco IPS 4520 Sensor
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Customer Case Study
EXECUTIVE SUMMARY
BARNHART CRANE & RIGGING
● Heavy equipment lifting and transportation
● Memphis, Tennessee, USA
● 600 employees
● Memphis, Tennessee, USA
● 600 employees
BUSINESS CHALLENGE
● Prevent hacker intrusions into network
● Get improved visibility into firewall to find
● Get improved visibility into firewall to find
potential vulnerabilities
● Segment traffic for greater security and
administrative efficiency
● Deploy network security system that can be
modified during business hours without loss of
protection
protection
NETWORK SOLUTION
● Cisco ASA 5500-X Series Next-Generation
Firewalls with Intrusion Prevention System
(IPS) modules
(IPS) modules
● Firewall and intrusion prevention in one device
● Active-standby configuration
● Active-standby configuration
BUSINESS RESULTS
● Provides robust intrusion prevention
● Simplifies administration for better visibility,
● Simplifies administration for better visibility,
improved security
● Allows most maintenance to be performed
without firewall outages or IT overtime
Mitigating Security Breaches with Firewalls and
Intrusion Prevention
Intrusion Prevention
Barnhart Crane & Rigging leverages ASA 5500-X with IPS in active-standby
deployment.
deployment.
Business Challenge
Based in Memphis, TN, and with 28 sites across the United States,
Barnhart Crane & Rigging serves demanding customers in
construction and other time-sensitive industries and knows that it
cannot afford disruptions to its computer network. So when hackers
took advantage of a hole in the company’s non-Cisco firewall to
took advantage of a hole in the company’s non-Cisco firewall to
hijack its Internet bandwidth, systems engineer Gene Shinall and his
colleagues knew it was time to address the larger issue of protecting
its data and digital assets.
“They got around our firewall, hacked into a Windows box, and used
the Windows machine to get into another
server,” Shinall says. “Then
they used our bandwidth to attack other systems outside our
network.”
network.”
The result: Barnhart’s Internet connection was virtually unusable by
its own employees. The firewall itself was part of the problem.
As Shinall says, “In the old firewall system, it was very hard to view
the NAT translations and the firewall rules that were set up. So it was
difficult to see that we even had a hole in our firewall.”
difficult to see that we even had a hole in our firewall.”
Barnhart’s IT staff realized that they needed a more effective and a more easily manageable intrusion prevention
solution. They also wanted a solution that could segment traffic coming from or going to the Internet, Barnhart’s
solution. They also wanted a solution that could segment traffic coming from or going to the Internet, Barnhart’s
network edge, and employee VPN connections. Finally, they wanted a resilient security solution that offered an
active-standby capability, so that they could carry out maintenance on their security infrastructure during normal
business hours without leaving their network vulnerable.