IT folk in corporate America spend many a sleepless night fretting over network security and how to prevent denial-of-service attacks or downtime that can negatively impact the business.
At the Rocky Mountain High-Intensity Drug Trafficking Area, a government organization charged with anti-drug efforts, the IT team has more pressing concerns related to network security. Along with worrying about loss of data or loss of productivity, this group agonizes over possible loss of life.
“We are a collector of data of a sensitive nature,” explained Dwight Cunningham, network systems engineer at HIDTA, in Denver, which is part of The White House Office of National Drug Control Policy. HIDTA collects and stores surveillance information, phone records, analysis and other confidential informant information related to its drug investigations on its network—ammunition, Cunningham said, that has to be kept away from the “bad guys” at all costs.
To ensure that it was, HIDTA, with the help of Northrop Grummans systems integrator arm, performed a major security upgrade to its network—the goal being to ward off mounting intrusions that were disrupting network uptime as well as becoming cause for concern.
HIDTA, which is responsible for the Rocky Mountain region and has more than 1TB of data to protect on its network, turned to a new all-in-one appliance from Secure Computing that provided firewall, anti-virus and anti-spyware protection in one package, according to Cunningham.
“Our main problem and objective is to be able to secure the data within our domain without allowing intrusion, which could compromise privacy issues,” Cunningham said. “We dont deal with marketing data or product data—we deal with analyzing and finding bad guys, so … we need to be very careful with our information based on government regulations. Information leaked out could compromise a case or put lives in jeopardy.”
While corporate IT has viable challenges related to security, government agencies such as HIDTA are required to conform to a higher level of security because of the nature of their classified networks.
“Security measures others might consider secure, the Department of Defense or sensitive agencies like HIDTA could never adopt,” said Matt Galligan, vice president of the federal division of Secure Computing, a maker of enterprise security products such as firewalls and VPNs, in San Jose, Calif.
“If someone hacks into a bank, people lose money. If someone hacks into a network such as HIDTA, people could lose their lives. It takes a different level of responsiveness and security,” Galligan said.
At HIDTA, the so-called bad guys were doing everything in their power to get at the agencys highly sensitive information, said Cunningham. Several years back, prior to installing a new all-in-one security appliance, HIDTA was tracking 1,200 attempts per hour to infiltrate its firewall, he said.
These ongoing hacker attempts were wreaking havoc on the HIDTA network. Spam was also an issue, and Cunningham said his team had to regularly shut down the network to attend to the problem, causing internal productivity to stall and closing the network off from outsiders—both other government agencies and citizens, who access the informational aspect of the site.
“It was a constant battle to isolate the network by turning off outside traffic until we could get with a vendor and get a patch in to fix [the router],” Cunningham said. “That meant there was no work going on internally and no interaction with the outside world. Employees couldnt log on to Mugshot or other Internet resources, so they couldnt do their daily business and access the external resources that they needed.”
Securing the System
The HIDTA office in the late-2000 time frame replaced its older router with an updated firewall as part of a federal purchasing contract mandated by the other 12 agencies it works with. When the provider of the initial product HIDTA chose was sold to Secure Computing, HIDTA upgraded once again.
This time, it went with Secure Computings Sidewinder G2 Security Appliance, which was deployed in the organization with help from Northrop Grummans now-disbanded systems integration unit.
HIDTA settled on Sidewinder G2 in part because of the economic advantages of buying the application on a government contract and in part because of its capabilities, Cunningham said.
Sidewinder G2 is a proxy firewall, he explained. It protects the network on an application level and gives the IT group greater flexibility and granularity in terms of establishing access rights.
For example, HIDTA was able to vary the types of access to network resources and data based on individual users or groups according to their specific needs, Cunningham said.
“Sidewinder G2 allows me to lock down individual machines and also group machines together, so I can allow access for different groups of users based on need and function,” Cunningham said. “Role-based access greatly simplifies administration, since users need not be configured individually. Access can be granted based on role and need.”
Another compelling feature of the Sidewinder appliance, Cunningham said, is its ZAP (Zero-hour Attack Protections) capability, which employs a “positive security model” to stop zero-hour attacks automatically without waiting for anti-virus or IPS (intrusion prevention system) signature updates.
In addition, Sidewinder G2 takes a UTM (unified threat management) approach, delivering anti-virus/spyware and anti-spam/fraud protection, Web content filtering, and traffic anomaly detection, among other protection features, in one box.
“Less secure firewalls need a signature of an attack in order to block it,” Galligan said. “We analyze the data stream coming into the firewall and look for abnormalities in the data stream without any preknowledge of what the attack is. That way, we can catch it before anyone IDs it.”
In the years since deploying Sidewinder G2, HIDTA has reduced that whopping 1,200 hacker attempts per hour down to approximately 35, Cunningham said.
The company has since upgraded to a higher-end version of Sidewinder G2 to accommodate additional capacity on its network. This added capacity is related to different government agencies tapping into its resources, as well as for agency, government and law enforcement officials who might need to tap into HIDTAs resources while on the road, Cunningham explained.
“The network is so secure that its almost in the back of my mind now,” Cunningham said. “I dont have to worry when I come in in the morning because I know its going to be working. We can just watch the [network] traffic go by, and it doesnt phase us anymore. There are still attempts to break in, but they never come through the perimeter—they just bounce off.”
Beth Stackpole is a freelance writer based in Newbury, Mass. Contact her at [email protected].
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.