USGS tests net defense

USGS tests net defense

Late last year, computer specialist Tom Kress noticed unusual activity on a server at the Geological Survey's Geologic Division in Reston, Va.

It appeared to be internal activity, and there was no obvious security violation, but 'it got me thinking,' Kress said.
He began looking at ways to lock down application and print servers in a 30-day evaluation of ServerLock from WatchGuard Technologies Inc. of Seattle.

'I tried it, and it seemed to do what I wanted,' Kress said. 'Nothing is 100 percent secure. What we're trying to do is increase security. This is another piece of the puzzle.'

ServerLock locks down the operating system kernel and file system on servers running Microsoft Windows NT, Windows 2000 or Sun Solaris. That makes administrative changes impossible and prevents rogue programs from running.

When an administrator needs access to the server, a kernel-based public-key infrastructure supplies strong authentication to ensure that only the administrator can make changes.

ServerLock works against internal as well as external attacks because the software is installed on each machine being protected. Hacking for administrative privileges or hacking from inside will not work when the OS is locked down.

The software can be managed locally on each server or centrally using ServerLock Manager. USGS has the central management module, which uses 239-bit elliptic-curve cryptography to secure communications.

Kress said his network has several thousand clients running Windows, Mac OS, Unix and Linux operating systems. But he is not in charge of numerous servers, so he has time to devote to security.

Firewalls and demilitarized zones separate the network's perimeter defenses from the Internet. Kress also pays close attention to how his servers are configured.

Configuration is time-consuming, he said, but can be as important as any security hardware or software.

'You turn off services you don't need,' he said. 'You have to find the time, and it's up to you to sit down and start closing all the windows.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected