Monday, June 22, 2015

Putting air bags in a 1965 Mustang?

The new US CIO, Tony Scott addressed security concerns in federal IT, especially after the recent massive data breach at the Office of Personnel Management. He said the one of the biggest challenges is protecting old and outdated IT infrastructure


systems, comparing it to trying to install air bags in a 1965 Ford Mustang. It's a task that's not impossible, but technically complicated to do correctly.

While replacing the outdated technology will be expensive and take time, Scott says it's absolutely necessary, with the percentage of IT spending targeted at security increasing over the next couple of years.

Improvements begin with enforcing basic processes already in place.

"Everything we do should be two-factor enabled, from networks to applications to servers and so on. We need end-to-end security in anything that we do," Scott said. "Things like two-factor authentication are really important."

Scott continued to address processes beyond secure access:

"Things like patching, things like making sure we're minimizing the number of system administrators and making sure that people with elevated access are also using two-factor [authentication] are some of the key things," he said. "It's really important each day we wake up and focus on making our nation's cybersecurity better."

IT Policy Enforcement is part of our key functionality at Uplogix. When it comes to enforcing basic processes, the answer is to take people out of the equation. People skip steps and forget to log out. Uplogix follows the rules each time, every time.

Here is a quick overview of some of the Uplogix security highlights:
  • Maintain and enforce AAA (Authentication, Authorization and Accounting), regardless of the state of the network. Under normal circumstances, Uplogix Local Managers integrate with remote authentication mechanisms, such as TACACS and Radius, but if connectivity is lost, the LM can failover to other AAA servers before falling back on cached authentication data to maintain authorized access.
  • Use multifactor authentication through integration with RSA SecureID and Secure Computing Safeword
  • Prevent unauthorized user access by automatically closing idle sessions, eliminating a potential security gap. Uplogix also ensures that the right users have the right access by enforcing granular, role-based permissions
  • Enable audit and compliance reporting by constantly logging all changes made to managed devices and the results of these changes
  • Eliminate modem security issues with CallHome™ connectivity. By default, Uplogix appliances always “dial-out,” never allowing in-bound dial-up requests, to restore connectivity when the primary network connection goes down, closing common security holes.
  • Improve overall security by restricting access to specific IP addresses and encrypting passwords stored in the database, and by automating management functions related to security enforcement, like updating the access passwords on hundreds of managed devices at once.
For more on Uplogix security features including detailed, network-independent audit and compliance reporting for network infrastructure, Check out this solution brief.