WASHINGTON, D.C. – Last weekend’s SQL Slammer worm attack, which disabled bank machine networks in Canada, was one of the primary discussion topics at Tuesday’s ComNet Conference and Expo.
The U.S. Federal Aviation Administration (FAA),
which controls about 35,000 flights carrying two million passengers per day, was left nearly untouched by the Slammer worm, but the organization’s chief information officer, Daniel Mehan, suggested he is worried a more sophisticated attack could catch the organization off-guard.
“”We’re not gloating,”” he said during a press conference after his keynote address Tuesday. “”In no way do we taunt or challenge the perpetrators to try to take a run at us.””
Mehan, who spent 30 years at AT&T Corp. before joining the FAA, said only one FAA machine was affected by SQL Slammer, and it was quickly taken offline. He credits his staff with ensuring most vulnerable systems had patches installed, and said when the worm attack started, the FAA’s intrusion detection systems alerted administrators to unusual traffic patterns.
During his keynote, “”Using Multiple Protection Layers to Provide Cyber Security,”” Mehan said policies and communication are as important as technology in the FAA’s intrusion detection system. Detecting false positives is nearly as important as dealing with intrusion, he said.
Because intrusion detection alerts IT staff to all anomalous traffic, administrators must ensure all staff know which traffic patterns are unusual and which ones are normal.
Another way to detect an attack is by analyzing traffic types, said Todd Krautkremer, vice-president of worldwide marketing at Packeteer Inc.
“”If you could not see that Microsoft SQL traffic was exploding, you could not have done anything,”” he said during a panel discussion titled Doing More With Less: Bandwidth Optimization During Budget Meltdown. “”People didn’t expect to wake up and deal with a completely different virus, but that is in fact what was happening.””
Krautkremer said companies that develop Web clients to their applications and deploy voice-over-IP systems increase the demand for bandwidth. This demand, however, cannot easily be satisfied by adding more bandwidth. He added network resources are not always aligned with business objectives (such as when employees use the Internet at work for personal use).
The FAA doesn’t have too many problems with the Internet, because even though it has 40,000 operational systems (including airport control towers and flight service stations), it only has eight points of Internet access, Mehan said.
A key to the FAA’s security strategy, according to Mehan, is “”boundary protection”” and ensuring that its operational systems can be separated when necessary in order to contain an attack. He added operational systems are separated from administrative systems (such as human resources and finance).
ComNet Conference and Expo continues until Wednesday.