Naval center keeps defensive eye on its network

Naval center keeps defensive eye on its network

Navy IT official wears both administrative and network hats to keep abreast of intrusion

By William Jackson

GCN Staff

Ron Black, information technology director for the Navy's Transportation Support Center in Norfolk, Va., does not brag about his network defenses.

'I try to maintain a low profile,' said Black, who is in charge of network security. 'I don't go out of my way to let people know I'm here.' But he is confident that he has done a good job of securing his corner of the wired world.

'There is no such thing as a completely secure system,' he said. 'We use a defense-in-depth strategy where we have several means of detecting an intrusion attempt.'

The first line of defense is firewalls, backed up by a suite of products from Axent Technologies Inc. of Rockville, Md. Enterprise Security Manager lets Black set and enforce security policy. Intruder Alert provides intrusion detection, and NetRecon scans the network for vulnerabilities.

The center's small network has fewer than 200 users housed in a single building. 'It used to be bigger,' Black said. The Naval Supply Systems Command 'has been reorganized a couple of times, and we have been consolidated from several buildings.'

Switching networks

The mixed network primarily runs Microsoft Windows NT and Novell NetWare with some Unix. Servers are on Fast Ethernet links, and desktop PC systems have switched Ethernet over Category 5 unshielded twisted copper pair wiring.

The data on the network would be of little interest to anyone outside the Supply Systems Command, Black said. 'We're not an operational command; we're a support activity,' he said. 'The biggest threat is that it would be a jumping-off point for other parts of the department.'

That is why the Defense Department has declared all its networks need to be secured at the C2 level for sensitive but unclassified data. The Supply Systems Command installed Enterprise Security Manager and Intruder Alert in 1998 for C2-level access control.

Enterprise Security Manager uses a manager-agent architecture to monitor security policy. Agents are hardware-specific software objects that watch assigned workstations, servers or nodes. They report to manager objects. Although agents are hardware-specific, the managers can reside on any kind of system. A manager running on a Unix system can control agents on NetWare, NT or Unix systems, for example.

Intruder Alert looks for different exploits, blocking them and notifying administrators, according to established policy. It consists of an interface console and a manager that act as a rules configurator. Agent processes run on local systems to execute the rules.

Black added NetRecon to the suite in 1998 to scan the network for open protocols and ports. 'That was something I did on my own because I had an interest in getting the same kind of view of my network that a hacker would have,' he said.

Freeware scanning tools are available, but most of them are for Unix. NetRecon runs under NT, 'so it's easier to fit into my environment,' Black said. NetRecon also tries to penetrate rather than just report vulnerabilities, so it provides more information than the freeware tools.

Although the vulnerabilities of most operating systems are well-known and patches are available, 'in some cases it doesn't get done,' Black said. 'NetRecon gives me an easy way of checking.'

Though he was reluctant to give specifics about types of threats, Black said, 'I don't see a lot of attacks. We haven't seen any really good, concentrated efforts.'

He is confident of knowing about the attacks that do occur, however. 'We used a contractor to test our defenses, and we were able to detect the intrusion,' he said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.