By Terry Sweeney
With Kathy Taylor, information security officer for Siemens Energy & Automation (SEA), which recently tightened up its WAN security infrastructure.
This interview originally appeared in the IT Business Edge weekly report on Fortifying Network Security. To see a complete listing of IT Business Edge weekly reports or sign up for this free technology intelligence agent, visit http://www.itbusinessedge.com.
Question: SEA made it through the MyDoom storm virtually unscathed. How did you pull that off?
Taylor: This past fall, we deployed the Cisco CSA (Cisco Security Agent), an intrusion-prevention service on our desktops and servers. Since the tool blocks based on activity and does not require any signature updates, as soon as we started getting the virus hits, CSA was effectively blocking the attacks. It was nice to sit out this virus; this time last year, every new virus was a fight to get signature updates applied and control the virus while those updates were deployed. We have a large distributed network and a highly mobile workforce. Many of our engineers are at customer sites more than in the office. Keeping their AV and OS updates current has always been a real challenge. Having the CSA tool on these laptops provides an additional layer of protection. The CSA tool keeps these devices protected when they are not on our network and getting the updates.
Question: Most of your internal users are subject to very specific policies and rights. Can you describe them and tell us why you do it that way?
Taylor: Most of the CSA policies we have in place are for the prevention of various intrusion attempts, Trojan protection, and OS integrity checks. We have the Internet browser protected from malicious activity and calls that would expose the client or our network. Additionally, we have policies in place to prevent unauthorized downloading or installing of programs. We do not allow file-sharing applications like Kazaa and spyware applications that employees love to download.
Question: What features or capabilities would help you even more with regard to managing the rights, identities, and relative "health" of remote users and third parties who attach to your internal network?
Taylor: I am not sure how I want to answer this, as I don't want to expose vulnerable areas of our infrastructure. I do want to put in a clientless VPN solution for our third parties to use in connecting to us. Employees that do not have laptops to connect to our network remotely could use this same kind of solution.