Connecting state and local government leaders
The Veterans Benefits Administration is developing a network security program based on the idea that any single line of defense can be breached.
By William Jackson
GCN Staff
The Veterans Benefits Administration is developing a network security program based on the idea that any single line of defense can be breached.
'You never feel 100-percent safe,' said Anthony L. Paul, manager of the network security project at the Hines Benefits Delivery Center outside Chicago. 'You always have to be cognizant that there are ways to get in, and you have to be prepared to react.'
The Hines Center and the Veterans Affairs Department's Chicago regional office are piloting multilevel network defense using the Active Security suite from Network Associates Inc. of Santa Clara, Calif.
The suite integrates the Gauntlet firewall, CyberCop scanner and PGP Security applications with a central event manager.
Event Orchestrator, the central repository for security and performance alerts, automates responses to network problems.
'We're looking at both host-based and network-based' tools, Paul said.
The pilot implementation of the desktop-to-network suite in Chicago is VBA's response to Presidential Decision Directive 63, which requires all agencies to protect their critical infrastructures, he said. The pilot eventually could lead to protection for the entire VBA network.
Defense plan
'We're going to try to expand as the budget permits,' Paul said.
VBA chose Network Associates products because it already was using the company's NetShield and VirusScan antivirus software on servers and PCs. The software suite extended protection out to the firewall.
'That's important,' Paul said of Event Orchestrator's automated responses. Event Orchestrator acts as a hub for the other products. It runs on a server under Microsoft Windows NT, reacting to security and performance alerts according to user-defined policy.
Responses range from logging to alerting an administrator by pager or e-mail, opening a help desk ticket, shutting down a port or blocking an IP address.
'As long as you've got any kind of network connectivity, it can access the information and act on it,' Network Associates' VA account manager Paul Thuman said.
CyberCop and Gauntlet use the company's PGP public-key encryption to communicate with Event Orchestrator.
The digitally signed messages offer assurance that information received by Event Orchestrator has not been tampered with; signed orders from Event Orchestrator to a server or other system ensure the orders are genuine.
Network Associates is the certificate authority for the system. 'We are just issuing the machine-level certificates,' Thuman said.
One Network Associates security tool that does not use PGP-encrypted communications is the Sniffer network monitor and intrusion detection suite. Handling authentication and encryption functions for Sniffer would be too cumbersome, Thuman said.
'Our intrusion detection strategy is: When you can put an agent on the server that needs to be protected, do it,' he said.
Learning curve
Server agents give more security and create less of a bandwidth bottleneck than network agents, he said, but encrypted traffic from agents on every server could slow Event Orchestrator.
Even with the best tools, security requires constant effort by VBA administrators, Paul said.
'It's a learning process,' he said.
Each operating system has different vulnerabilities, and the administrator must know what they are to know what to shore up.
Security products are not static, either.
'It's an evolution,' Paul said. 'As fast as we get this stuff in, they are upgrading it and introducing new products.'
NEXT STORY: BIA suffers high-tech growing pains