Case Studies
Federal Aviation Administration Case Study
Overview
The Federal Aviation Administration (FAA) is comprised of different Lines of Business, (LOBs) that make up the en- tire FAA organization. Each LOB has its own Chief Information Officer (CIO) that manages the IT infrastructure for that LOB. Commercial Space Transportation ensures the protection of the public, property, and the national security and foreign policy interests of the United States during a commercial launch or re-entry activity and encourage, facili- tate, and promote U.S. commercial space transportation. Established in 1984, the Office of Commercial Space Trans- portation (AST) is the only space-related LOB within the FAA.
Problem
The Commercial Space Transportation line of business within the FAA has great demands for security in the protec- tion and availability of its network assets. Christopher Harris, the CIO of Commercial Space Transportation was look- ing to implement open source security tools for its Intrusion Detection and Prevention System (IDP) needs using Snort-Inline. The problem the FAA faced in the adoption of this open source application, although rivaled expensive, commercial IDS/IPS solutions, provided no enterprise-grade Graphical User Interface and centralization that al- lowed it to scale in the enterprise.
The FAA, particularly Commercial Space Transportation, just like any organization, suffers from ongoing spyware infections and virus outbreaks that traditional desktop security solutions have been inadequate in handling. Along with daily spyware infections, and insight into the detection and prevention of attacks on its critical infrastructure was paramount in the decision to quickly getting a solution implemented.
Because of budget restraints and a lack of available funds within the FAA, a solution needed to be identified that was cost effective that could still capitalize on the use of open source to lower costs.
Solution
Christopher Harris, CIO for the FAA said, "We attempted for weeks trying to get Snort-Inline configured and work- ing properly and still could not get it operational. Within a few short minutes, we had a fully functional Snort-Inline IPS using the Applied Watch Command Center. Applied Watch's installation and setup wizard on the Agent simpli- fied the Snort-Inline command and control process. Before Applied Watch, we had no idea how we were going to manage the Snort rulesets and monitor it as we added more sensors. Applied Watch gave us the tools we needed to make open source in the FAA possible."
Christopher Harris posted help for Snort-Inline to a mailing list where Applied Watch responded by contacting Christopher offline to assist him in configuring Snort and getting it working. Without realizing they were working with the CIO of the FAA, Christopher Harris identified his organization and wanted to learn more about Applied Watch and its Snort management solution. It was quickly evident to the FAA that Snort wouldn't scale and would be unable to be managed effectively without Applied Watch.
Applied Watch was able to provide the FAA a combined open source solution that provided it perimeter intrusion prevention with an antivirus solution through ClamAV.
In phase one, the FAA used its own hardware to deploy Snort-Inline sensors across its perimeter with the Applied Watch Agent software installed on them for management. After a year of successful operation within the FAA, phase two consist of the migration of those systems to Applied Watch appliances.
By switching to the Applied Watch Agent appliance, the FAA was able to deploy the other supported open source tools that were packaged on the Agent appliance. The open source applications packaged on the appliance offered the FAA network management, intrusion prevention, antivirus, and a sticky honeypot for luring attackers and worms away from mission criti- cal systems. Powered by open source, the FAA was able to implement a cost effective security infrastructure that could scale into the future through the addition of new open source network management tools and security applications managed with the Applied Watch Command Center.