DOD on the hunt for security solutions

Recent RFIs focus on virtualization-based security strategeies and commercial solutions for defending against denial-of-service attacks

The Defense Department is asking industry to provide input on two potential initiatives aimed at improving the security of the department's systems.

In a request for information issued earlier this month, the department is asking industry vendors whether virtualization technology might make it easier to secure networks and systems.

In a virtualization-based infrastructure, multiple networks and systems are treated as one common pool of technology in terms of how they are managed and allocated to users.

In theory, virtualization could make it easier to secure those systems. For example, administrators could manage servers used to browse Web sites or handle e-mail -- both of which can expose a network to security risks -- separately from other systems. Likewise, servers that handle sensitive information or operations could be placed in virtual trusted enclaves.

Modern operating systems and many applications in traditional data centers might be too large to secure effectively, according to DOD.

“It may be that the era of monolithic general-purpose operating systems is nearing its end and could be replaced by a cluster of modules or virtual appliances acting in concert to perform services traditionally supplied by operating systems,” the request states.

The Defense Industrial Base Cyber Security/ Information Assurance Task Force, which the department created in 2007, will review the industry information and determine whether virtualization is a viable strategy, according to the RFI.

Meanwhile, the Defense Information Systems Agency wants to deal with a more tactical problem: distributed denial-of-service attacks.

In such attacks, an individual or group attempts to bring down a Web site by overwhelming it with traffic. Distributed denial-of-service attacks attacks made headlines earlier this month when government and private sector sites in the United States and South Korea came under attack.

The agency has issued an RFI looking for solutions that could give administrators a clear and timely picture of what is happening on their networks, alert them in the event of suspicious activity and provide options for mitigating attacks, the notice states.

“The goal of this solution is to detect and mitigate all DDOS attempts to disrupt [Defense Department] network communications and to detect internal assets displaying anomalous behavior across the Internet-to-NIPRnet boundary,” the notice states.

DISA said it’s interested in a tool that can report distributed denial-of-service events within five minutes of the start of the attack. Officials also want the solution to monitor inbound and outbound traffic at 11 worldwide access points to the Internet from the Unclassified but Sensitive IP Router Network (NIPRnet).

The RFI asks vendors to provide details on their proposed solutions’ capabilities for detection, mitigation, monitoring, logging, reporting and alerting. DISA also wants information on proposed systems’ security, administration, architectures, and cost and schedule estimates.

About the Authors

Ben Bain is a reporter for Federal Computer Week.

Doug Beizer is a staff writer for Federal Computer Week.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.