A conference that attracts top security professionals from around the world is very tempting to hackers. Unless properly secured, the conference network could be vulnerable to attacks intended to disrupt the conference activity or to access sensitive information on participants’ computers.
These threats will be considerably reduced in the network that Cisco is building for the annual international security conference hosted by the Forum of Incident Response and Security Teams (FIRST) on June 21–22, 2007 in Seville, Spain. Cisco is building and managing this network free of charge for FIRST, which is a nonprofit organization for incident response teams from government, business, and education organizations worldwide.
Traveling Security System
Cisco will monitor network performance and security with a new, portable system developed by the Cisco Computer Security Incident Response Team (CSIRT). This traveling “system in a box” includes power equipment and the following network elements:
* Two Cisco Catalyst Series 3750 switches for wired network connectivity
* Multiple Cisco Aironet 1240 AG Series wireless access points using Wi-Fi Protected Access (WPA2) for authentication and encryption of wireless sessions
* The Cisco ASA 5500 Series Adaptive Security Appliance (IPS Edition), which provides capabilities for firewall, intrusion detection and prevention, and secure VPN access
* The Cisco Security Monitoring, Analysis and Response System (MARS) appliance, which performs security monitoring by correlating events reported by the network and security elements
All of these products are installed in a standard 19-inch rack that is mounted on compression shocks and brackets in a portable container. The container is hardened to prevent damage during shipping and has wheels for easy movement. “At the conference site, we will just need to connect the Ethernet cables, then we can immediately start monitoring the network activity and security,” says Gavin Reid, manager of the Cisco CSIRT team.
Threats that can be detected by this portable system include network intrusion attempts, viruses, events that trigger a security alert on the Cisco ASA appliance or Cisco Catalyst switches, and traffic flows that indicate anomalies. “We will be monitoring for suspicious activity and if found, we will be able to block it very quickly by using the capabilities in our traveling security system,” says Reid.
“Network connections at conferences can be haphazard, which is a concern for security professionals who must be able to securely connect to their enterprise networks while away from the office,” says Martin Nystrom, a Cisco CSIRT security engineer. “With the Cisco network and security capabilities at the FIRST conference, participants can be more confident in the security and reliability of their network connections.”
“Ready-to-Go” Network Security for Events and Emergency Response
Cisco plans to use this portable security system at other events, both public conferences and internal company meetings that are held at locations not connected to the Cisco network.
“The equipment rack and shipping container have the size and flexibility to incorporate different devices as needed for each event or location where the portable system will be used,” explains Chris Fry, Cisco network security engineer. “For example, the system can contain only security and monitoring devices when it will be used in a location that already has a network.”
Adds Nystrom, “A portable network and security system can also be used by enterprises to respond to emergency situations or to deploy in advance as a preparedness measure. With all elements in one portable case, a network team can quickly deploy the system during an incident.”