The backbone network for the Athens Summer Games is three times the size of the 2002 Winter Olympics network. With some 900 Windows 2000 and Unix servers and 2,500 network devices, this supersized IP backbone is a big target for break-in attempts and could be prone to extraneous alarms triggered by any suspicious activity. To help manage the load, the IT team purchased Computer Associates' eTrust Security Command Center, which automates the alarm-gathering process (see "The Hard Sell,"). ETrust collects security and system data from different tools in real time, then filters, aggregates and correlates the alarms. Philipps estimates that about 200,000 alarms will sound during the Games.
"We needed more intelligence in the way we process the logs we receive," says Yan Noblot, information security manager for the Summer Olympics network. "With the larger amount of information security, we would have been overloaded."
Closing Down the Attack
As in Games past, the Olympic IT security team has minimized the risk of attack by keeping the 155-Mbps Sonet SDH and gigabit backbone closed to outside traffic. Internet traffic can't enter the backbone, and even Internet e-mail is off-limits. Network users go through a stringent accreditation process akin to obtaining a visa, and they can only send e-mail over the Internet using a separate, one-way connection. "We have several layers of firewalls, and we have an IDS [intrusion-detection system], so people on the Internet can't get in," Noblot says. "We've reduced our exposure as much as possible."
The network is split into seven virtual LANs, each of which contains its own security policies and systems. If one VLAN is attacked, the team can isolate it and protect the rest of the network. The security team also took the painstaking extra step of removing extraneous hardware from the more than 10,000 workstations at the Games before they were installed. "If we had a workstation that didn't need a CD-ROM drive or a USB, we removed it," Noblot says.