VBA Network Security Pilot: Findings and Recommendations

1
VBA Network Security PilotFindings and
Recommendations
Hines Information Technology Center
2
Overview

• VBA Requirements
• Review of Pilot
• What we have learned
• Future Security Initiatives

3
Network Security Requirements Addressed

• Detect equipment being attached to network
• Assess network security status
• Detect wide range of intrusion signatures
• Automated response capability
• Real-time pager and e-mail alerts
• Centralized management reporting
• Stability, dependability, ease of management
• Play well with VBA applications/environment

4
Additional Requirements

• Support VA/VBA environments
• Principle of layered security
• 24/7 Monitoring Staff
• Continuing training of security personnel

5
The Pilot
6
Review of Pilot Configuration

• Pilot Sites
• Hines, Chicago, Philadelphia, VBACO, Los Angeles
• Installed Software at Pilot Sites
• ISS Internet Scanner
• ISS RealSecure Server Sensors
• ISS RealSecure Network Sensors
• Hardware Installed at Pilot Sites
• Local machine(s) to host Network Sensor(s)
• Local machine to host Scanner

7
Other Tested Software and Hardware at Some Sites

• L0phtcrack Password Cracker
• Cisco Secure Scanner (Net Sonar)
• ISS System Scanner
• ISS RealSecure Workgroup Manager
• ISS SafeSuite Decisions
• Cisco Routers with Encryption
• Network Adapter Cards with Encryption
• Radius Server (Wireless)

8
Important Note
Our current focus is on protection of production
systems.
9
Our Findings
10
The Numbers Daily Basis

• Limited Monitoring Hours
• 75 Server Sensors
• 7 Network Sensors
• 2 System Scanners

11
The NumbersCustomized Policies

• 9 Server Sensor Policies
• 1 Network Sensor Policy
• 2 System Scanner Policies
• 1 Vulnerability Scanner Policy

12
More Numbers

• Daily review of more than 2,300 events
• Since June, 2001
• Analyzed approx. 90 identified vulnerabilities.
• Issued 27 fixes via IT Security Alerts
• Corrected more than 14,000 vulnerabilities
  nationwide
• Continuing research on additional vulnerabilities

13
What we have learned
14
What we have learned

• Centralized Approach and Universal implementation
• Layered security needed
• Monitoring 24/7
• Dedicated SMTP gateway for alerts
• Constant Reviews
• Playing field keeps changing
• Balance risks, capabilities and workload

15
Product RecommendationsVulnerability Scanning

• ISS Internet Scanner Scheduled and On-Demand
• ISS System Scanner
• Cisco RealSecure
• Intrusion.com Security Analyst
• Freeware scanners

16
Product RecommendationsManagement Security
Reports

• SafeSuite Decisions
• (Real-time) RealSecure Workgroup Manager

17
Product RecommendationsIDS

• ISS RealSecure Server Sensors
• ISS RealSecure Network Sensors

18
Where Do We Go From Here?
19
Future Security Initiatives

• Continue to Review
• Continue to Evaluate the risks
• Continue Educating

20
More Security Initiatives

• ISS Database Scanner
• Personal firewalls
• Cisco Catalyst 6509 switches with IDS
• 3Com network cards with firewall
• System Event Log Analyzer Package
• Firewall equipment for backdoor gateways
• Honeypot
• Protect all servers and workstations
• Schedule password cracking nationwide
• Schedule equipment discovery

21
Questions
Thank You!
Anthony Paul, Project Manager Larry Block Linda
Kintz Hat Nguyen Raymond Orton