Florida boosts network security with software toolkit

Florida boosts network security with software toolkit

There's no spring break for Florida's network security this year.

The Sunshine State in February installed two Symantec Corp. products on its agency servers, said Mike Russo, Florida's chief information security officer.

NetRecon, Symantec's hacker-in-a-box enterprise software, resides on the state's agency servers and scans its networks for vulnerabilities, Russo said.

State agencies also are using the Cupertino, Calif., company's Enterprise Security Manager to enforce security policies, including the latest security updates mandated by the Health Insurance Portability and Accountability Act of 1996.

If, for example, the network policy is that all passwords must be six characters and all capital letters, then ESM could be programmed to check that, Russo said.

When Florida began its search for a way to boost its network security, Florida CIO Kim Bahrami said she knew she 'didn't want a proliferation of what we had in the past'a multitude of tools with different levels of capability. We wanted to give every agency best-of-breed tools and make sure our network was being scanned regularly.'

Bahrami also wanted a security tool that would provide management reports. ESM lets managers know when someone is not updating SQL Server patches, for instance, revealing what could be an Achilles heel's securitywise.

Another factor: Gov. Jeb Bush didn't want the state to buy a huge infrastructure to support its security initiatives, Bahrami said. He would rather use available tools to do the work less expensively, she said.

Bahrami also said it was important for the state and its employees to feel a sense of ownership over the security process.

'You can outsource a lot of things. But security is one area where we took a hybrid approach,' Bahrami said. 'Our state employees understand that it's ultimately their responsibility to keep their systems protected. We all felt strongly that security of our state's systems is one thing we don't want to outsource.'

Bahrami and her team are creating a spreadsheet of measurable data about intrusions on the state's networks and the damage that resulted from them.

'In the past, we've had some issues on our network that resulted in downtime,' Bahrami said. 'When your state network serves 143,000 state employees, it's a significant loss when you're down for an hour.'

Since Bahrami and her team installed the Symantec products, the state's network has had a system availability rate of 99.9 percent, Bahrami said.

Considering how many states are facing budget shortfalls, Florida's use of software tools for network protection could prove to be a model for other states looking to save money while keeping networks secure, Bahrami said.

'We think we have the best crackerjack approach to systems security in the nation,' Bahrami said.

About the Author

Trudy Walsh is a senior writer for GCN.

inside gcn

  • Phishing

    Phishing is still a big problem, but users can help shrink it

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group