Air Force tests phone firewalls

[InfoSec News <isn () C4I ORG>]

http://www.gcn.com/vol19_no22/com/2574-1.html

Forwarded By: Todd Beebe <tb714 () freenet tlh fl us>

August 7, 2000

A novelty for telephone networks, the technology gets a field test at
two locations

By William Jackson
GCN Staff

The Air Force is studying the use of telephone firewalls to improve
security and management of its phone systems.

We would like to have proactive, automated policy enforcement, said
Capt. Mary Plies, chief of information warfare capabilities at the Air
Force Information Warfare Battlelab in San Antonio. It is usually a
smart idea to go automated any chance you get.

Firewalls -- standard equipment on data networks still are a novelty
for phone networks. To try out the concept, the Air Force Space
Command is installing 50 TeleWall appliances from SecureLogix Corp. of
San Antonio at Peterson and Schriever Air Force bases in Colorado.

TeleWall will monitor all incoming and outgoing calls at the bases and
enforce security policies set by administrators.

The Space Command, headquartered in Golden, Colo., is sponsoring the
test, but the lab will do the performance evaluation.

We chose the sites because we wanted to make sure we had
representative operational environments, Plies said. Peterson has an
older infrastructure, and Schriever has gone all digital.

Trial by fire

The lab does not do formal product evaluations. We try to infuse new
technology into the Air Force by doing quick turnarounds, Plies said.
We see if it really works, see if it crashes when its in the field.

The lab focuses on technologies rather than products, determining
whether they are mature enough to be incorporated into Air Force
systems. After collecting surveys from users in the field, the lab
will report its findings and recommendations to the Air Force
Requirements Oversight Council, which specifies program requirements.

The Air Force has policies for telephone use, but enforcement is
casual and confined to obvious violations such as hooking up a
notebook computer to a fax line.

The policies can be programmed into TeleWall, which automatically
applies them to all calls routed through it. The appliance can
terminate and log calls and notify a manager of violations. The logs
give a comprehensive view of a distributed telephone system with
private branch exchanges.

TeleWall is the second product from SecureLogix. The first was
TeleSweep Secure, a so-called war dialer that an administrator can use
to survey a phone system for security holes such as unauthorized
modems or receiver modems with weak passwords.

About a quarter of SecureLogix employees have had experience at the
Defense Information Warfare Center.

The government is one of our largest potential client bases, said John
B. Dickson, director of business development.

TeleWalls sensor box interfaces with the telephone system on the trunk
side of the PBX and enforces policies on incoming and outgoing calls.
It supports analog, Integrated Services Digital Network primary-rate
interface and T1 connections. A 10/100-Mbps Ethernet connection to a
LAN, WAN or the Internet provides a link to a server.

TeleWall server software runs under Microsoft Windows 98 or NT on a
Pentium II or faster computer with at least 128M of RAM and 500M of
free storage. The server can centrally control up to 27 appliances.

Policy check

The client software is the user interface where policy is defined and
reports viewed. It requires a Pentium II or faster computer running
Win98 or NT with at least 64M of RAM and 500M of storage.

TeleWall differentiates between voice, fax and modem calls and applies
policies accordingly. Policy can be set down to the individual phone
numbereither caller or receiverand can block unauthorized calls.
TeleWall notifies the manager of policy violations by e-mail and
pager.

The log usage reports can focus on individual numbers or locations of
callers, time of day, type of call and numbers called.

We will probably have the system just logging a lot of the time, Plies
said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".