If there's one thing the Atos Origin team understands as lead contractor for the Olympic IT infrastructure, it's that you must learn from your mistakes.
One such lesson learned the hard way: Security must be built in from the start, says Claude Philipps, program director of major events at Atos Origin. For the 2002 Olympic Games in Salt Lake City, the company "started embedding the security too late, so it wasn't running well," he says.
The lapse caused nothing serious, aside from a few headaches: "We had a lot of attacks, but we ran the games safely," Philipps says.
The team found the number of alarms generated by security systems can become unmanageable without software help. Based on the number of alarms seen in Salt Lake City, they could expect to see 200,000 per day related to security in Athens, Philipps says -- most of them irrelevant warnings.
"This is not manageable: Screens would be flickering all day long, so we want to reduce it to [the] 10 to 50 that are real," Philipps says. This year, Atos Origin is using Computer Associates' eTrust to filter the alarms based on a set of rules.
Careful filtering can help in other ways, too, particularly when it comes to Windows 2000 permissions. To prevent power falling into the wrong hands, information Security Manager Yan Noblot uses NetIQ for security administration.
"It allows us to have a more granular definition of rules," Noblot says, "We don't have to give admin rights to the help desk; we give them only the rights they need."
That precaution might rule out some social engineering attacks, but there are other ways in. In Salt Lake City, miscreants got around application-level locks on public-access PCs by rebooting them and trying to get into the network from there, Noblot says.
Anyone hoping to introduce a virus or other software onto the network in Athens will find the CD-ROM drives, floppy drives, and USB ports on PCs and servers disabled.
According to Philipps, it's cheaper to have the suppliers deliver standard machines then uninstall the drivers and disable the drives and ports at the BIOS level than it is to order special machines.
If any of the PCs later need a last-minute anti-virus update or security patch installed, "we distribute it through the network using tools like LANDesk or Symantec Ghost," Philipps says. With the CD-ROM drives out of use, there'd be no point in sending someone running around the 60 or so venues with an update CD, unless they were training for the marathon.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive Networking Resource Alerts
Recommend This
