Network Security -It Takes a Village
By David Link
Securing the world's largest temporary network takes a variety of vendors working together.
For three days, InteropNet is one of the largest hacking targets on the planet. Attacks and threats come from both inside and outside the network. While the external attacks are certainly more malicious in intent, most of the internal ones ended up being due to misconfiguration or just plain misunderstanding.
To understand the problems associated with this type of setup, please view the following:
1.Video streaming devices flooded the network with millions of multicast packets per second. EM7 noticed a big bump in latency on that network segment at the same time that the Enterasys Dragon IDS caught the flood of packets. Both tools could tell the origin of the packets and traced them back to misconfigured video multicast devices. In this case Not Malicious, but the result was still degradation to that network segment until the problem was fixed.
2.One vendor at the show purposely scanned all other devices on the show network to model them in their product demos. They didn't ask anyone's permission (or at least they didn't ask ours). They purposely used multiple community strings to see if any would work. Personally I don't think they meant it to be malicious, but as a monitoring tool in this space, they should have known that doing all that scanning would actually degrade network and other vendors' device performance. I wonder if this is the vendor that was telling people that it does this at every show, and this is the first time it's been caught.
Connect the Vendors
Enterasys took care of external attacks by identifying them and asking Qwest to block them. But it's with the internal "devices behaving badly", that the real fun began. It took a combination of vendors to identify, confirm and track down the offenders on the network.
First Enterasys Dragon IDS alerted on suspicious behaviors. Dragon identified what IP, MAC address or port on a switch was having the issue - which information was cross-checked against vendor registry info in EM7 to track down offenders to a booth, a room or a wireless access point in the facility. Splunk was also used to look at logs and verify the source of bad behavior.
For tracking down wireless misbehavior, Aruba Networks had a cool tool that took the info from Dragon and EM7 and used it to literally triangulate the location (down to a laptop).
Before the show started, we tested our security process by sending people out with laptops and finding them, gps-style, whether they were walking around or hiding under a desk.
Overall, I think the real-life multi-vendor network security solutions I've described here are great examples of why interoperability is so important and why InteropNet was such a great experience.
About the author
Louis DiMeglio is in charge of all pre and post-sale customer engineering engagements at ScienceLogic, a provider of virtualization management and monitoring solutions. Louis has nearly fifteen years of experience in IT and over seven in IT and Network Management . Louis' expertise lies in connecting the business needs of an organization to the IT delivery organization. from http://www.FreeArticlesAndContent.com
|
|
Copy This Article
For FREE!!!
You can use this article and copy it on your own website
for free! All you have to do is make sure the article
is copied with no changes and includes the "About
The Author" text. Also please ensure that all url's
are hyperlinked according. Thank you. |
Link To This Article - And We'll
Link Back To Your Website!
You are more then welcome to link to this article! All
you have to do is copy this webpage address from the
address bar and create a link on your website. Please
use the title of this article for your link text. Please
get in contact once you have linked to this article
and we'll link back to you! Thank you. |
|
|
|
Other great articles from this category...
|
Related Sites
|
|
