Securing the System
With Sidewinder"> The HIDTA office in the late-2000 time frame replaced its older router with an updated firewall as part of a federal purchasing contract mandated by the other 12 agencies it works with. When the provider of the initial product HIDTA chose was sold to Secure Computing, HIDTA upgraded once again. This time, it went with Secure Computings Sidewinder G2 Security Appliance, which was deployed in the organization with help from Northrop Grummans now-disbanded systems integration unit.Sidewinder G2 is a proxy firewall, he explained. It protects the network on an application level and gives the IT group greater flexibility and granularity in terms of establishing access rights. For example, HIDTA was able to vary the types of access to network resources and data based on individual users or groups according to their specific needs, Cunningham said. "Sidewinder G2 allows me to lock down individual machines and also group machines together, so I can allow access for different groups of users based on need and function," Cunningham said. "Role-based access greatly simplifies administration, since users need not be configured individually. Access can be granted based on role and need." Another compelling feature of the Sidewinder appliance, Cunningham said, is its ZAP (Zero-hour Attack Protections) capability, which employs a "positive security model" to stop zero-hour attacks automatically without waiting for anti-virus or IPS (intrusion prevention system) signature updates. In addition, Sidewinder G2 takes a UTM (unified threat management) approach, delivering anti-virus/spyware and anti-spam/fraud protection, Web content filtering, and traffic anomaly detection, among other protection features, in one box. "Less secure firewalls need a signature of an attack in order to block it," Galligan said. "We analyze the data stream coming into the firewall and look for abnormalities in the data stream without any preknowledge of what the attack is. That way, we can catch it before anyone IDs it." In the years since deploying Sidewinder G2, HIDTA has reduced that whopping 1,200 hacker attempts per hour down to approximately 35, Cunningham said. The company has since upgraded to a higher-end version of Sidewinder G2 to accommodate additional capacity on its network. This added capacity is related to different government agencies tapping into its resources, as well as for agency, government and law enforcement officials who might need to tap into HIDTAs resources while on the road, Cunningham explained. "The network is so secure that its almost in the back of my mind now," Cunningham said. "I dont have to worry when I come in in the morning because I know its going to be working. We can just watch the [network] traffic go by, and it doesnt phase us anymore. There are still attempts to break in, but they never come through the perimeterthey just bounce off." Beth Stackpole is a freelance writer based in Newbury, Mass. Contact her at email@example.com. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
HIDTA settled on Sidewinder G2 in part because of the economic advantages of buying the application on a government contract and in part because of its capabilities, Cunningham said.