Roseville Golf Club is 20 minutes drive north of Sydney's CBD in the north shore hinterland.
Established in 1923, Roseville's 18-hole course winds along the top of an ancient sandstone escarpment set among and overlooking native bushland and the valleys and creeks feeding into Sydney's beautiful Middle Harbour.
Golf clubs typically inspire images of manicured greens and plush lounges, not environments in dire need of internet security. As a private club, Roseville welcomes inquiries from potential members. But these days, a huge amount of information is processed across the web, and clubs are custodians of a significant amount of private member data.
The Roseville Golf Club IT system includes about 25 networked computers, ranging from a public access terminal required for golf club member internet tee time bookings, registration for tournaments, results and handicap tracking as well as PCs for the usual administrative office functions.
Roseville offers internet access to all of its members, which further increases the need for internet security. The club also offers public internet hotspots and it offers open Wi-Fi infrastructure, which means network administrators have a huge challenge on their hands.
"It is something I find comes quite easy to me so it is easy for me to see problems and ways of doing things better," says Jason Seagg, general manager for Roseville Golf Club.
"As soon as I started at Roseville, five years ago, I was able to easily identify some major security problems. I'm responsible for the operation of the golf club, you name it, at the end of the day that's my responsibility. Over the years we've made some big improvements to the network. When you compare us to other golf clubs, we're really, probably, setting the lead for others to follow."
The infrastructure at the club used a standard router firewall device operating a single ADSL connection. The original firewall router had programming for simple incoming services, and there were no outbound firewall restrictions in place and remote access was by unprotected remote desktop connections with no VPN capabilities.
As well, the system's existing router did not provide any outbound security and allowed club guests unrestricted internet access and potentially exposed the network to malicious attacks, virus downloads or access to sites containing unauthorised content.
Seagg turned to Jason Drew, a technical director for networking infrastructure services provider Secom Technology. It was a matter of just getting in touch with him to plug up the holes, he says.
"I met Jason [Drew] quite a few years earlier at different golf clubs and from that first meeting I was impressed with his knowledge and his ability to really understand the products. If I presented a problem he was able to suggest a way of solving that problem and move forward."
Drew, a Kerio preferred partner based in Sydney, recommended updating the system with Kerio WinRoute Firewall.
Internet security vendor Kerio Technologies provides internet messaging and firewall software for small-to-medium sized businesses and organisations worldwide. Headquartered in San Jose, California, Kerio has more than 4400 business partners in 108 countries.
Drew, IT director for Secom Technology, leads a team of engineers who provide IT services for small-to-medium sized organisations. Drew has more than 10 years experience with networks and wireless applications for multiple industries. He manages a team that oversees 60 networks in Sydney, 250 servers and 2000 desktop PCs.
"When Jason [Seagg] took over the club there were a fair few security flaws around remote access and some other areas. He wanted to expand on the internet usage and maintain a strict level of security with the customer, with hotspots and with the function centre having availability for internet access.
"At that point we knew we needed to implement something that was expandable and manageable. The club actually used the whole suite of Kerio products. Seagg implemented the firewall as well as the mail server," says Drew.
"We installed the earlier versions when I first aligned with the club and then we followed through with the newer products as they came online up until the latest version," says Drew.
The new version of Kerio WinRoute Firewall was recently deployed by Secom.
The Roseville Golf Club system implemented Kerio Firewall 6.7, a corporate gateway firewall to protect critical organisational data and allow the 1600 club members access to its online services, which include internet timesheets, golf results, handicap details, house account info, golf prizes and up-to-date member information, anytime online.
Before investigating alternatives, Seagg considered implementing user level access control in its existing system, however the only supported authentication method was networking protocol Radius, which the club claimed was difficult and time-consuming to configure in an existing Windows Domain environment.
After implementing Kerio WinRoute Firewall's URL filter, the public access terminals were limited only to specific web destinations required by the golf booking system. User authentication was integrated directly with Active Directory through network authentication protocol Kerberos, and required for access to any internet location outside of the approved URL group.
For those users with authenticated internet access, Secom enabled Kerio WinRoute's integrated Kerio Web Content filter to ensure the club's internet policies were maintained. This meant no one could access gambling sites, pornography or any other proscribed material.
To further tighten internet access, the public internet hotspot hours were configured on the firewall between 10 am and 6 pm at the club. Public internet bandwidth was managed by providing suitable hotspot bandwidth while not compromising other club-related services. Time-based hotspot routing ensured public hotspots were not accessed out of club hours.
"The whitelist has been fantastic. We recently did a survey of all the golf clubs and we have the smallest ISP spend of all of them because we've had this whitelist implemented," says Seagg.
"Certain areas in the club can only access certain websites and it just stops all those non-productivity websites such as YouTube and Facebook. That means we don't have to have a huge download limit." In fact, Seagg says he is using TPG ADSL 2+ and is paying around $40 a month for the club's internet service. Most golf clubs are paying "well in excess of $100 a month".
Furthermore, Kerio WinRoute Firewall's internet bandwidth management control ensured appropriate internet bandwidth was allocated to member lookups and the internet-based golf handicapping system. This advanced configuration was possible due to the policy-based bandwidth control, built into Kerio WinRoute Firewall.
Secom arranged for remote support via secure VPN connections and likewise manages third party vendor connections based on secure firewall rules per VPN client connection.
Public internet terminals for club members were not affected by large incoming email traffic or remote support services due to bandwidth control management.
A club requirement is to ensure member terminals' internet speed will not be compromised.
Drew says Seagg just recently upgraded the mail server to support the iPhone capability and set up his own iPhone. Drew didn't need to be there, it was such an easy task.
"Jason [Seagg] is on the high end of technical expertise scale for a manager of a venue. I would normally advise him of a new update with a few new features and go through what's the advantage like recently the new upgrade to the firewall allows management.
"We initially programmed the firewall for the club and I showed him the sections in the firewall. He manages the whitelisting now with the new web interface - it just improves the management," says Drew.
The implementation of Kerio WinRoute Firewall took a few hours, meeting all expectations of the client and providing simplified management and installation for Secom Technology.
"Customers don't think about security. From my point of view, we want to make sure it's as secure as possible. That's the key - really having them oblivious to it or have it run in the background."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
