USGS tests net defense

USGS tests net defense

Late last year, computer specialist Tom Kress noticed unusual activity on a server at the Geological Survey's Geologic Division in Reston, Va.

It appeared to be internal activity, and there was no obvious security violation, but 'it got me thinking,' Kress said.
He began looking at ways to lock down application and print servers in a 30-day evaluation of ServerLock from WatchGuard Technologies Inc. of Seattle.

'I tried it, and it seemed to do what I wanted,' Kress said. 'Nothing is 100 percent secure. What we're trying to do is increase security. This is another piece of the puzzle.'

ServerLock locks down the operating system kernel and file system on servers running Microsoft Windows NT, Windows 2000 or Sun Solaris. That makes administrative changes impossible and prevents rogue programs from running.

When an administrator needs access to the server, a kernel-based public-key infrastructure supplies strong authentication to ensure that only the administrator can make changes.

ServerLock works against internal as well as external attacks because the software is installed on each machine being protected. Hacking for administrative privileges or hacking from inside will not work when the OS is locked down.

The software can be managed locally on each server or centrally using ServerLock Manager. USGS has the central management module, which uses 239-bit elliptic-curve cryptography to secure communications.

Kress said his network has several thousand clients running Windows, Mac OS, Unix and Linux operating systems. But he is not in charge of numerous servers, so he has time to devote to security.

Firewalls and demilitarized zones separate the network's perimeter defenses from the Internet. Kress also pays close attention to how his servers are configured.

Configuration is time-consuming, he said, but can be as important as any security hardware or software.

'You turn off services you don't need,' he said. 'You have to find the time, and it's up to you to sit down and start closing all the windows.'

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected