Navy unifies its monitoring networks

The U.S. Navy has put its Naval Network Warfare Command in charge of monitoring the Navy’s hundreds of different networks used by more than 400,000 personnel around the world in order to detect security violations.

Based in Norfolk, Va., the Netwarcom command group was established by the Navy just over a year ago to coordinate its IT operations and to support the concept of one naval network, with Vice Admiral Dick Mayo as commander.

In its new role of monitoring Navy networks for security purposes, Netwarcom is installing monitoring equipment from Securify that attaches to switches at the edge or inside hundreds of Navy networks. This will involve hundreds of separate Navy networks, including those at the Naval Supply Command, the fast-growing Navy Marine Corps Intranet (NMCI), legacy networks being phased out in favor of NMCI, and the terrestrial and satellite-based network known as Information Technology 21 to reach ships at sea.

By inspecting traffic using the Securify sensors, Netwarcom will be able to determine that only authorized personnel are using restricted services, that appropriate authentication and encryption is in place, and that equipment such as firewalls is properly configured.

“One of the serious challenges faced by the NMCI is the legacy networks, which have serious security problems,” says Navy Captain Chris Christopher, deputy director for future operations, communications and business initiatives for the Navy Marine Corps Intranet. While not detailing those problems, he noted that they can be as simple as bi-directional FTP or other services set up by default, creating security risks.

Before Netwarcom took on the watchdog role for the Navy’s network security, the responsibility for monitoring fell to local Navy facilities. The centralized approach should help the Navy tighten security, particularly with older legacy networks, Christopher says.

Netwarcom’s new approach through monitoring “is also going to help us understand what we should allow and what we should filter out from our network,” he says. NMCI – which is managed by EDS – will be the main network for day-to-day operations in the Navy as older legacy LANs and applications are phased out. “We’ll know what we should be quarantining in old networks as we bring applications onto this network.”

The Securify equipment allows for policy data to be entered at a Securify SecurVantage Studio console. This would be done by Netwarcom with cooperation from local Navy facilities. Policies can be distributed to the switch-attached sensors, called Securify Monitors, to be installed and maintained locally. EDS will be doing that for NMCI. The Monitors report in real time on traffic behavior to a third piece of equipment, called the Enterprise Monitor.

Through these sensors and monitors, Netwarcom can analyze the traffic at hundreds of naval locations and let management staff at these sites know if there’s a need to take a different course to reduce risk.

Securify’s sensors look at application and network traffic to spot whether VLANs are set up appropriately for secure communities of interest in the Navy, make sure written security policies are really being implemented, and check whether public-key certificates are being used for all Navy Web servers, as they’re supposed to be, says Carl Wright, vice president of federal operations at Securify.

As the Navy gets underway with its effort to get shipshape on security monitoring, it has no immediate plans to coordinate security monitoring with the Army, Air Force or other parts of the U.S. Department of Defense, sources say.

However, the Defense Information Services Agency, which oversees some IT and telecom services for Defense Department agencies, has purchased Securify gear, using it in the Middle East for the Iraqi war effort.

The Air Force and Army also are looking at the security-monitoring equipment, and the potential for coordinated security policy across the services is there, according to Securify.