Network Security: Keeping Intruders Off the Floor
By Margo McCall -- Tradeshow Week, 10/18/2004
Even within the controlled corporate environment, where every computer is registered to a known user and firewalls prevent unfettered access, administrators find it a challenge to secure networks from a host of malicious viruses and worms.
But in convention centers, where the average showfloor contains a dizzying array of computer devices, applications, users and experience levels, the task is even more difficult. Complicating the situation even further is the fact that firewalls aren't deemed feasible in the dynamic showfloor environment.
Networks operated by venues fall victim to the same malicious attacks that frequently afflict home and business networks. In the home or office environment, such attacks typically slow down networks and computers, causing only minor aggravation. But on a bustling showfloor, when every minute counts, a network slowdown or outage can lead to real consternation and exhibitor distress.
Increasingly, an intrusion prevention system, or IPS, is among the weapons in the typical network administrator's arsenal. Serving in a similar fashion to a firewall, an IPS can block attacks on the fly. Most of this type of software detects intruders by matching network traffic to a predetermined pattern and preventing data from being retrieved.
In what has become an escalating game, hackers of the world scramble to write new viruses and worms each time Microsoft reports a vulnerability in one of its software products. Sasser, Blaster, Sobig and mydoom are among some of the better known intruders; although, according to network security company McAfee, 81,000 worms, viruses and trojans are in existence.
Smart City Networks is considering IPS at several of the convention centers in the 13 cities where the company provides computer services, said David Langford, vice president of technology. Although useful, Langford said IPS can be difficult to manage and maintain, and is frequently unable to protect networks against the newest types of intruders. "The typical systems are only good for what you know about," he said.
Langford added that one of the most important network security tools is making sure that the devices connected to the network are virus-free and have been patched to protect against the latest Windows vulnerabilities. "Mostly what we've done is try and talk to our customers and educate them that this is not the same as the corporate office," he said.
However, Lou Martorella, network manager at New York's Jacob K. Javits Convention Center, swears by the IPS deployed at the Javits late last year. "It's like night and day," he said.
Martorella found the solution to his network security woes while stopping by Top Layer Networks' booth when Reed Exhibitions' ISC EXPO/East came to the Javits. "This stays in between me and my router and when it sees that rogue traffic, it shuts it down," he said.
The Javits has only been responsible for providing exhibitors and attendees with Internet service since February 2003. Before installing the Westboro, Mass., company's "attack mitigator" IPS, the network sometimes experienced several outages per day.
"We had instances when tech shows were coming in, when the Internet would go down sometimes once a day to five times a day. We'd trace it to a PC running Sasser or any one of the virus flavors of the day," Martorella said. "It was driving us crazy. It was a nightmare to track down when you have a couple hundred users on the floor."
After the IPS was installed, the outages ceased. Now that he and his team don't have to spend so much time chasing "network ghosts," Martorella said, productivity has increased tremendously.
Peter Rendall, Top Layer's CEO, said convention centers are among the most challenging network situations. "It's a very open environment," he said. "The key about the convention center is it's two way, with both inbound and outbound traffic. At most companies, devices are only given to employees and people you trust. At a convention center, you've got an environment where you don't know the users. It creates some interesting situations."
Rendall said there's a difference between an IPS, which prevents an attacker from retrieving data, and an intrusion detection system, or IDS, which merely monitors network traffic to spot unusual patterns.
The Venetian Resort Hotel Casino recently installed a system made by Richardson, Texas-based Intrusion, which detects and prevents network incursions. The facility declined to provide details about its deployment.
Because its network is configured differently, offering private channels instead of shared T1 lines, Philadelphia's Pennsylvania Convention Center has fewer security concerns, said Bill Zebrowski, vice president of information technology. "It's essentially like having DSL in every booth," he said.
A main component is something called a DSLAM, which Zebrowski described as "50 DSL modems smacked into this little cage." An Internet service provider monitors the lines, and informs the venue of any intrusions, Zebrowski said.
Computer rental companies are frequently blamed for bringing infected machines onto the showfloor. But those in the industry say the situation has improved, with most vendors doing their best to make sure the machines are properly patched. Still, Zebrowski said his venue is studying whether to enter the computer rental business, mostly to reduce the risk of virus-laden PCs being hooked up to the network.
Greater awareness that malicious viruses might be lurking inside the next opened e-mail attachment, along with an abundance of network security solutions, are helping network administrators win the war on viruses.
"It's not as bad as it was in 2000 and 2001. I used to spend 90 percent of the time worrying about network security; now it's 30 percent. It used to be reactionary. Now, I'm looking for intrusion detection devices, appliances, software and firewalls," said Smart City's Langford.
