Corps gets a grip on security
Corps gets a grip on security
E-mail shutdown during Melissa had a silver lining: increased awareness
By Bill Murray
Capt. Carl M. Wright of the Corps' Network Operations Center says it is vital that the service's users understand the threat that exists in cyberspace from viruses and other network vulnerabilities.
Although Marine Corps officials had to shut down
e-mail access for five days after the Melissa virus began spreading in late March, they say they are now satisfied with their strategy for centrally managing enterprise networks.
'We knew that [the virus] would proliferate because address books are used very extensively' in the Marine Corps for Microsoft Outlook, said Capt. Carl M. Wright, chief information security officer at the Network Operations Center at Quantico Marine Corps Base, Va.Spreading fear
The Melissa virus, which infected Microsoft Word 97 and Word 2000, in addition to Outlook documents, spread through e-mail.
'Some folks thought we overreacted and questioned our aggressiveness. We had the capability of defending our systems and shutting off Internet access centrally,' Wright said. 'We shut down the Simple Mail Transfer Protocol service because our boundary-level architecture allows us that kind of flexibility and protection.'
Since last August when the Corps cut off all back-door access to the service's 29 base-level networks, there has been a reduction in the number of denial-of-service attacks, Wright said.
'Although we have seen a significant reduction in virus problems, we believe it is because our users are much more aware of the threat and better educated to deal with it,' he said.
In a five-month blitz, six employees, including Wright, made detailed site surveys at the bases and identified back doors for Internet access through the Non-Classified IP Router Network.
The Network Operations Center screened routers and made sure all base-level circuits linked to official gateways, Wright said.
He said the Corps is the only Defense Department organization that he knows of that can control Internet access from a central point.Weighing the options
The usual trade-off for closing back-door access is slower connection to the Internet, but the Marines report no such degradation in performance. 'I haven't had any complaints' about Internet connection speeds, said Brig. Gen. Robert M. Shea, assistant chief of staff for command, control, communications, computers and intelligence. He also lauded Wright, calling him one of DOD's best network security officials.
'The Marines speak with one voice,' Shea said, describing how the centralized network management strategy reflects the service's military culture.
'All of our mission-critical applications are functioning fully according to the boundary-level architecture,' Wright said. 'We are very restrictive from a policy perspective.'
He said this approach can cause problems for new network-based applications if vendors do not pay attention to integrating good security concepts during a system's development.
The so-called Solar Sunrise attacks in February of last year on 440 Defense systems heightened senior Marine leaders' awareness of network security, Wright said.
At the time, the service had just launched its effort to shut down back-door entrances to NIPRnet. The concentrated attack on multiple DOD systems led the Corps, however, to make the project a more urgent endeavor, he said.
A positive result of the five-day shut-off of Internet e-mail during the Melissa virus threat was that Corps users learned something about the importance of computer security, Wright said.
'Education is perhaps the biggest hurdle we face today,' he said. 'It is absolutely imperative that users, application developers, program sponsors and senior leadership are educated about the real'not perceived'threat that currently exists in cyberspace. If those entities do not actively participate in the security process on a daily basis, we will ultimately fail in mitigating significant threats to our architecture at the enterprise level.'
The Marines' Enterprise Network features 80 Cisco 4700 and 7500 series routers from Cisco Systems Inc. of San Jose, Calif., as well as Cisco switches in the boundary infrastructure, Wright said. For NIPRnet links, the Marines maintain 46 Gauntlet firewalls from Network Associates Inc. of Santa Clara, Calif., and 50 RealSecure intrusion detection systems from Internet Security Systems Inc. of Atlanta.
Individual commands can use either of two antivirus packages to protect PCs: Network Associates' McAfee or Norton from Symantec Corp. of Cupertino, Calif. Both are available at no charge through the Defense Information Systems Agency's antivirus site license. The Marines Corps uses Norton software on its servers, Wright said.
For network management, the Network Operations Center uses Hewlett-Packard OpenView 5.01 running under SunSoft Solaris 7 and CiscoWorks 2000 running under Microsoft Windows NT 4.0, he said.Looking ahead
The Marines have bought asynchronous transfer mode networking equipment that they want to integrate into the boundary- level architecture, Wright said. The products are sitting on the shelf, he said, and 'all we have to do is get [DISA] to provide ATM service at a competitive price.'
DOD's leadership needs to do a better job of retaining military information technology specialists if they are serious about network-centric warfare, Wright said. His staff of 30 provides round-the-clock coverage, but half of the staff members are contractors.
'We can't outsource IT specialist [jobs] in a deployed tactical environment,' Wright said.