Air Force pact to protect phone lines

The Air Force plans to announce a contract today to plug one of the most commonly overlooked gateways into networks: telephone lines.

Under the contract, SecureLogix Corp. will deploy its Enterprise Telephony Management (ETM) Platform at Air Force bases worldwide. According to Lee Sutterfield, president of SecureLogix, the platform and bundled application suite will give the Air Force:

* An enterprisewide, real-time tool to protect the data network from attacks via the telephone line.

* Control over voice network usage and security policy enforcement.

* Reduced phone bills and other operational costs through better management of usage.

* The ability to characterize and quantify its operational needs for the eventual secure migration to IP telephony.

"The ETM platform provides new capabilities such as real-time situational awareness and enhanced operational responsiveness of the voice networks in a fashion similar to [what is] currently done for data networks," said an Air Force official who spoke on the condition of anonymity. "Current telephony management is reactive. We know or hear something's wrong when we start getting lots of complaints, people can't make calls to another base or area for some reason. The ETM platform will allow us to be proactive."

"The Air Force is the first large enterprise to ever have these abilities," Sutterfield said, adding that the SecureLogix tool will also enable the service to address and control authorized and unauthorized modem use.

"Phone security is still a serious concern," said John Girard, vice president and research director of the network research advisory services practice at Gartner Inc. "Everyone turned their attention to the Internet, which arguably is a more efficient and less expensive place to hack, but unauthorized system access via [dial-up] modems continues to happen and cannot be ignored. SecureLogix has a very scalable and distributable system to cope with finding unexpected modems and the PCs and servers connected to them."

The SecureLogix system is a PBX- independent, centrally managed platform that IP-enables any private voice network so that security and management of the network can be improved. It uses intelligent communications appliances coupled with a suite of bundled applications — including the TeleWall Telecom Firewall, TeleAudit Usage Manager, and TeleView Infrastructure Manager — in a centrally managed architecture (see box).

TRW Inc., the prime contractor on the project, awarded an initial $2.5 million equipment purchase order to SecureLogix on behalf of the Air Force, said Dan Vaughn, manager of global information technology products for TRW. The initial purchase order is part of a larger task order awarded to TRW under the Unified Local-Area Network Architecture II contract.

Vaughn said TRW will install and deploy the SecureLogix hardware and software and will also provide training at various Air Force locations.

The Air Force will be conducting a full-blown field service evaluation of the platform in May at the HQ Air Education and Training Command's Network Operations and Security Center and at four bases — Randolph, Lackland, Tyndall and Luke. Service officials expect to begin deploying the system during the summer, the Air Force official said.

Sutterfield said that a single facility with several thousand phone users and up to 16 T1 lines can be fully configured and operational in about two days.

The company is in ongoing discussions with about six other federal agencies and should be making some "fairly substantial announcements in the next few months," Sutterfield said, adding that the total value of the SecureLogix Air Force deal is $5.8 million.

***

Closing doors

Servers almost always have a dedicated modem connection for emergency remote access. Modems also serve as a primary point of maintenance access through copiers, fax machines or other network peripherals, said Lee Sutterfield, president of SecureLogix Corp.

"That's a primary target for folks trying to get into the internal data network from the outside...and goes right around the firewall," he said.

Using a technique known as "war dialing," which is a system designed to detect modems, hackers get in using the phone lines, set up bogus accounts and then back out the same way, Sutterfield said. Later, they use the false accounts to enter the system via the Internet.

The TeleWall Telecom Firewall software can detect, log, alert and block unauthorized modem, fax, voice or video traffic. A single management server or client controls the centrally defined, rules-based security policies and can terminate unauthorized modem traffic and/or alert systems administrators in real time, he said.

"The Air Force has spent considerable resources securing our data and voice networks," said an Air Force official. "However, an insider threat or unauthorized modem connection could open a 'back door' to our data networks."