Centrelink nullifies Net security risk

Centrelink will implement a new intrusion prevention system (IPS) to counter a security threat heightened by its increased use of the Internet and connections to external partners.

The social security agency said the IPS was one of a number of security measures implemented as part of the five-year, AU$312 million IT Refresh program. IT Refresh is designed to support Centrelink's Electronic Service Delivery (ESD) program, whereby offerings such as child care benefit details and monies owed are available online.

In tender documents issued this week, Centrelink said "ESD has resulted in the expanded use of public data networks, such as the Internet, and an increase in network connections between business partners and client organisations".

"As a result there has also been an increase in the risk of compromise to Centrelink's key information assets."

The IPS -- designed to ensure external access to Centrelink is controlled and report on the agency's security status - is part of the Refresh project's audit, logging and monitoring requirements.

The system will be integrated into Centrelink's new Gateway architecture, according to the tender, which incorporates redundant infrastructure across two data centres in Canberra. Each centre hosts a separate Internet and business gateway, part of a distributed network encompassing more than 400 local area networks.

The system would provide "a real-time monitoring capability that is able to detect and respond to events involving intrusion and attack against Centrelink's IT systems," according to the tender.

The tender required high quality detection of potential security threats, including "sophisticated real time analytical techniques to improve anomaly detection".

The IPS must also use multiple detection methodologies at different levels of the Centrelink network to identify more sophisticated attack techniques.

The IPS design should include system hardening, self defending capability and data protection.

The IPS will accompany Centrelink's two main security tools, Security Access Management System (SAMS) and Access Control Facility (ACF). SAMS works by 'instructing' the security system of each platform in Centrelink on the appropriate level for each user or application. The ACF provides security services such as registration and authentication for the delivery of ESD applications to Centrelink customers and corporate users.

Like this article? Click below to send it to your mobile for free!

Talkback 0 comments


Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Alex Serpo Will the NSW Govt put Linux in schools?
    The NSW Government's release this week of an expressions of interest tender to give low-cost laptops to every senior public school student in NSW is a big step, but will these systems be Windows or Linux?
  • Array Naked Mac versus protected PC: What wins?
    What's easier to manage — 200 Mac OS X systems without antivirus or 200 Windows systems running a leading antivirus package?
  • Array Dear Telstra: pack up your toys, go home
    Rejecting Telstra's proposal, after all, is the only conclusion Conroy can reach: as someone whose entire philosophy is built around transparency and process, he simply cannot keep Telstra as part of the NBN bidding process anymore.
  • More blogs »

Tags

Back to top

Featured