home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers

Security
C E N T E R F O L D  
Security the Main event for Olympic IT Specialists

  May 13, 2002
  By Kelly Jackson Higgins


TOC Issue TOC
Printer Print this page
Printer Download article as PDF
Printer Download centerfold graphic as PDF
E-Mail E-Mail this URL

While the pairs figure-skating controversy was in full swing and the Canadian ice-hockey teams were skating toward gold medals, another high-stakes competition was under way at the Olympic Winter Games in Salt Lake City--one that pitted network hackers against the Games' IT security team.

Representatives of that team gave Network Computing an exclusive peek at how it responded to a wave of firewall scans and denial-of-service attacks on the Salt Lake network. In the end, the Games' Incident Response Team (IRT) came out on top and gained experience for the larger 2004 Summer Games network in Athens.



"The Games have been a magnet for hackers and malicious people trying to prove to their peers they are clever," says Robert Cottam, chief integrator at SchlumbergerSema, the lead IT architect for the Olympics through the 2008 Summer Games in Beijing.

Hackers probed firewalls in search of ports they could exploit to get onto the Salt Lake network, and scanned for IP addresses, says Lee Robertson, the Games' chief of IT security and principal security consultant at Schlumberger Network Solutions. Hackers typically used hijacked, legitimate IP addresses to cover their tracks and grab e-mail messages they hoped would give them intelligence about the network. They tried using standard access methods--telnet and SSH, for example--to get to the firewall's management interface or to an IDS (intrusion-detection system) box on the Olympic network, Robertson says. But they got no further than the external firewall.

When a hacker actually opened a firewall port, the action triggered alarms in the network's firewall logs and IDS probes. Then it was up to IRT members to trace the intruding IP address. If a particular firewall scan or other intrusion attempt during the Games looked threatening, the team cut off the compromised network segment, but that was rare, Robertson says. Usually, it was a matter of singling out the intruder's IP address and shutting it down.

The attempted break-ins weren't surprising, but the volume and flow were unsettling. Hackers struck most often on evenings and weekends, when most events were televised, and most attempts came through the Internet and other outside firewalls rather than from inside. The IRT witnessed more than 100 fingerprinting attempts--that is, when a hacker pokes around to see what operating systems are running--and significantly more firewall scans.

The Salt Lake network was protected by dual firewalls and IDS probes at every edge and location. The network was closed to the outside world except for links to MSNBC and some news agencies for sending results and other information. The Internet connection was separate, too. On the inside, the network was segmented by VLANs, so a virus or break-in couldn't spread from one segment to another automatically.

For firewall logs and intrusion detection, the IRT chose mostly open-source tools, such as the Snort IDS probe and Demarc IDS management console, so team members could respond to incidents on their own rather than relying on vendors. As with any corporate network, the hardest part was digesting all the security data generated--sifting through the alerts, alarms and log entries, and weeding out false alarms.

For Athens, the security team says it hopes to run some of Schlumberger's in-house security-information-management tools, which should lighten the labor load by automating correlation and aggregation tasks. "We would like to be able to correlate attacks from different points of the network at the same time, to tie into a central cause or type of attack," Robertson says. And the team probably will use different IDS and other security tools, as well as develop some new policies, to handle any major security threats that emerge before 2004.

On the Job

  • Cottam's Biggest Hurdle of the 2002 Winter Olympic network: Complexity of building for 100 percent uptime, ensuring redundancy and failover.

  • Biggest Hurdle of the 2004 Games: Size of the job (number of athletes and events in the Summer Games is expected to be more than three times those in the Winter Games).

  • Lessons Learned in securing the Olympic Network: Never underestimate the size of the job, and always be sure your staff is aware of its security responsibilities.

  • Next Time I Would: Give the security team more responsibility within the overall project than they had with the Winter Games, because security is an integral part of it.

  • Job Perks: The buzz of hitting your deadline, knowing that the date of the Games does not change. And watching the events on TV, knowing that IT pulled together the results and TV graphics for the 1.5 billion viewers worldwide.








Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo JitterPlug Into The Cloud
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet EvolutionPyramid Research
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights