"The Games have been a magnet for hackers and malicious people trying to prove to their peers they are clever," says Robert Cottam, chief integrator at SchlumbergerSema, the lead IT architect for the Olympics through the 2008 Summer Games in Beijing.
Hackers probed firewalls in search of ports they could exploit to get onto the Salt Lake network, and scanned for IP addresses, says Lee Robertson, the Games' chief of IT security and principal security consultant at Schlumberger Network Solutions. Hackers typically used hijacked, legitimate IP addresses to cover their tracks and grab e-mail messages they hoped would give them intelligence about the network. They tried using standard access methods--telnet and SSH, for example--to get to the firewall's management interface or to an IDS (intrusion-detection system) box on the Olympic network, Robertson says. But they got no further than the external firewall.
When a hacker actually opened a firewall port, the action triggered alarms in the network's firewall logs and IDS probes. Then it was up to IRT members to trace the intruding IP address. If a particular firewall scan or other intrusion attempt during the Games looked threatening, the team cut off the compromised network segment, but that was rare, Robertson says. Usually, it was a matter of singling out the intruder's IP address and shutting it down.
The attempted break-ins weren't surprising, but the volume and flow were unsettling. Hackers struck most often on evenings and weekends, when most events were televised, and most attempts came through the Internet and other outside firewalls rather than from inside. The IRT witnessed more than 100 fingerprinting attempts--that is, when a hacker pokes around to see what operating systems are running--and significantly more firewall scans.
The Salt Lake network was protected by dual firewalls and IDS probes at every edge and location. The network was closed to the outside world except for links to MSNBC and some news agencies for sending results and other information. The Internet connection was separate, too. On the inside, the network was segmented by VLANs, so a virus or break-in couldn't spread from one segment to another automatically.
For firewall logs and intrusion detection, the IRT chose mostly open-source tools, such as the Snort IDS probe and Demarc IDS management console, so team members could respond to incidents on their own rather than relying on vendors. As with any corporate network, the hardest part was digesting all the security data generated--sifting through the alerts, alarms and log entries, and weeding out false alarms.
For Athens, the security team says it hopes to run some of Schlumberger's in-house security-information-management tools, which should lighten the labor load by automating correlation and aggregation tasks. "We would like to be able to correlate attacks from different points of the network at the same time, to tie into a central cause or type of attack," Robertson says. And the team probably will use different IDS and other security tools, as well as develop some new policies, to handle any major security threats that emerge before 2004.
|
On the Job
- Cottam's Biggest Hurdle of the 2002 Winter Olympic network: Complexity of building for 100 percent uptime, ensuring redundancy and failover.
- Biggest Hurdle of the 2004 Games: Size of the job (number of athletes and events in the Summer Games is expected to be more than three times those in the Winter Games).
- Lessons Learned in securing the Olympic Network: Never underestimate the size of the job, and always be sure your staff is aware of its security responsibilities.
- Next Time I Would: Give the security team more responsibility within the overall project than they had with the Winter Games, because security is an integral part of it.
- Job Perks: The buzz of hitting your deadline, knowing that the date of the Games does not change. And watching the events on TV, knowing that IT pulled together the results and TV graphics for the 1.5 billion viewers worldwide.
|
REPORTS
ANALYTICS
Follow 
