South Carolina's security chief worries about insider mistakes
- By Richard W. Walker
- Jun 13, 2003
Sometimes it's the little things that cause the big problems.
Jim MacDougall, director of advanced technologies and acting chief information security officer in South Carolina's CIO office, knows this well.
Three years ago, when MacDougall and his IT team were preparing to launch South Carolina's Web portal, at www.myscgov.com
, they installed an upgrade to the firewall during testing. Several weeks later, before going live, MacDougall hired a security company to test the site for vulnerabilities.
Surprise. 'They walked in like it was Main Street,' MacDougall said.
One of the system's technicians had left the firewall wide open after an earlier test.
'We locked the system down, and [the technician] will never do that again,' he said. 'But I'm not so sure the next guys won't. That's really a concern to me.'
At a time when cyberattacks are raining down on government computers, it's the potential for such insider errors more than anything else that keeps MacDougall awake at night.Sleepless in S.C.
'Misconfiguration on some of the perimeter of our security mechanism'that's really what makes me the most nervous,' he said. 'After you put the technology in place, are the people managing and certifying it actually doing the day-to-day stuff, like keeping up with patches?'
The portal, which went live in November 2000, now has more than 120,000 registered users. Using the portal, South Carolinians can pay taxes online, renew licenses, apply to state colleges and universities, buy items from state museums and conduct criminal records checks.
Many of South Carolina's state and local government agencies also process credit card transactions through the site, using it as a gateway to banks, MacDougall said.
That means security, both physical and cyber, must be super tight.
'We're very sensitive to the privacy of that information,' he said. 'We do about everything we can to protect privacy. [Credit card data] is only live during the transaction to the bank, and then it's protected behind our environment here at the data center.'
Security includes 24-hour armed guards and cameras to protect the data center and a three-tiered architecture to ward off hackers.
A cyberintruder would have to breach the firewall, the Web server and the application server to get at a database, MacDougall said.
The portal suffers hundreds of hacking attempts daily, he said, but 'none have been successful to my knowledge. We've had no fingerprints on the inside of the environment.'
One tool in MacDougall's cybersecurity kit is VisualRoute from Visualware Inc. of Turlock, Calif., which automatically maps the network's infrastructure.
Though it's not strictly a security tool, VisualRoute can trace the geographic location of routers, servers and other IP devices'letting IT managers identify the sources of external network intrusions and attacks.Consider the source
For instance, the software recently traced repeated hacker runs at www.myscgov.com to a computer in China, possibly located at Beijing University. MacDougall then blocked the IP address of the Chinese machine.
'VisualRoute made it easy to track down the source,' he said.
VisualRoute provides an overall analysis in plain English and a data table that lists information for each hop, including IP addresses, node names, geographic locations and the major Internet backbones where servers reside.
It also gives a geographical view of the actual path of an Internet connection. By clicking on a server or network name on a world map, a user can open a pop-up window with whois information.
'I use it as a tracking mechanism to find out where activity is coming from,' MacDougall said.