Eksfin is a merger of the former Export Financing and the Guarantee Institute for Export Credits (GIEK). The state-owned enterprise has very strict security requirements and uses, among other things, Aruba ClearPass for authentication and to enforce role-based security policies based on zero trust.
– We have several wireless networks, including for employees and guests. One day, a certificate suddenly stopped working, says Roar Soløst, Senior IT Advisor at Eksfin.
What initially seemed like something that should be easy to fix turned out to be a long-lasting nightmare for Eksfin. Even though the certificate was replaced, the problems persisted. The cause was more complex and multifaceted than first assumed.
– We have had large consulting companies come in to dig into the problems, but they started at the wrong end, and it got worse than it was before. Things simply stopped working, says Soløst.
Needed someone with a holistic understanding
Soløst explains that although many IT consultants have solid expertise in specific areas, it is rare to find those who can see the big picture and have the comprehensive overview needed to solve the most complex problems.
– Initially, it was certificates we wanted help with. It is an enormous field that requires understanding infrastructure, everything from Windows and Linux servers to switches, VMware, wireless networks, and so on. If you have a certificate that doesn’t work as it should, it can cause a lot of problems.
Soløst had worked with Kim Hansen before he joined Sicra and had received help from the experienced system architect to solve complex challenges previously.
– He has helped us with a lot and is someone who really understands infrastructure and knows how to think holistically about security. We therefore signed an agreement with Sicra to get help with our certificate problems.
Kim Hansen brought along another experienced Sicra consultant, Lars Petter Hosøy, and together they began troubleshooting the Clearpass solution at Eksfin. It turned out that the problems were more extensive than just a faulty certificate – it also involved misconfigured systems.
– Firstly, certificates were set up so they didn’t work on iPhones, and the certificate for managing and deploying Apple devices had expired. In addition, there were several aspects with the configuration of the guest network login that was wrong, says Kim Hansen.
Kim Hansen, Solution Architect Security & Instructor i Sicra.
Others had seen themselves blind on things
Soløst believes the other consultants had seen themselves blind on things, and that it was therefore wise to bring in a third party to look at the problems with completely fresh eyes.
– It took Sicra five to six hours to clean up and get everything back up. Other consulting companies have struggled with this for several months without getting to the bottom of the problems. It’s actually one of the most impressive things I’ve seen, and I’ve been in the industry for a long time.
He also praises the Sicra consultants for providing good input.
– Security is paramount for us, and it’s good to work with people who are good at explaining and giving us good advice along the way, concludes Soløst.
Vi har hatt store konsulentselskaper inne for å grave i problemene, men de startet i feil ende og det ble verre enn det var før.
Explore more
Oslo Taxi secures the platform with Sicra and River Security
.jpg?width=292&height=195&name=shutterstock_2259920251%20(1).jpg)
Malling wanted a security review of their M365 environment
Ransomware attack caused headaches for one of Norway's largest chains
