Navy unifies its monitoring networks

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.nwfusion.com/news/2003/0811navy.html

By Ellen Messmer
Network World
08/11/03

The U.S. Navy has put its Naval Network Warfare Command in charge of
monitoring the Navy's hundreds of different networks used by more than
400,000 personnel around the world in order to detect security
violations.

Based in Norfolk, Va., the Netwarcom command group was established by
the Navy just over a year ago to coordinate its IT operations and to
support the concept of one naval network, with Vice Admiral Dick Mayo
as commander.

In its new role of monitoring Navy networks for security purposes,
Netwarcom is installing monitoring equipment from Securify that
attaches to switches at the edge or inside hundreds of Navy networks.  
This will involve hundreds of separate Navy networks, including those
at the Naval Supply Command, the fast-growing Navy Marine Corps
Intranet (NMCI), legacy networks being phased out in favor of NMCI,
and the terrestrial and satellite-based network known as Information
Technology 21 to reach ships at sea.

By inspecting traffic using the Securify sensors, Netwarcom will be
able to determine that only authorized personnel are using restricted
services, that appropriate authentication and encryption is in place,
and that equipment such as firewalls is properly configured.

"One of the serious challenges faced by the NMCI is the legacy
networks, which have serious security problems," says Navy Captain
Chris Christopher, deputy director for future operations,
communications and business initiatives for the Navy Marine Corps
Intranet. While not detailing those problems, he noted that they can
be as simple as bi-directional FTP or other services set up by
default, creating security risks.

Before Netwarcom took on the watchdog role for the Navy's network
security, the responsibility for monitoring fell to local Navy
facilities. The centralized approach should help the Navy tighten
security, particularly with older legacy networks, Christopher says.

Netwarcom's new approach through monitoring "is also going to help us
understand what we should allow and what we should filter out from our
network," he says. NMCI - which is managed by EDS - will be the main
network for day-to-day operations in the Navy as older legacy LANs and
applications are phased out. "We'll know what we should be
quarantining in old networks as we bring applications onto this
network."

The Securify equipment allows for policy data to be entered at a
Securify SecurVantage Studio console. This would be done by Netwarcom
with cooperation from local Navy facilities. Policies can be
distributed to the switch-attached sensors, called Securify Monitors,
to be installed and maintained locally. EDS will be doing that for
NMCI. The Monitors report in real time on traffic behavior to a third
piece of equipment, called the Enterprise Monitor.
 
Through these sensors and monitors, Netwarcom can analyze the traffic
at hundreds of naval locations and let management staff at these sites
know if there's a need to take a different course to reduce risk.

Securify's sensors look at application and network traffic to spot
whether VLANs are set up appropriately for secure communities of
interest in the Navy, make sure written security policies are really
being implemented, and check whether public-key certificates are being
used for all Navy Web servers, as they're supposed to be, says Carl
Wright, vice president of federal operations at Securify.

As the Navy gets underway with its effort to get shipshape on security
monitoring, it has no immediate plans to coordinate security
monitoring with the Army, Air Force or other parts of the U.S.  
Department of Defense, sources say.

However, the Defense Information Services Agency, which oversees some
IT and telecom services for Defense Department agencies, has purchased
Securify gear, using it in the Middle East for the Iraqi war effort.

The Air Force and Army also are looking at the security-monitoring
equipment, and the potential for coordinated security policy across
the services is there, according to Securify.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.