Open Source in Government: Delivering Network Security, Flexibility and Interoperability

Transcription

1 W H I T E P A P E R Open Source in Government: Delivering Network Security, Flexibility and Interoperability Uncompromising performance. Unmatched flexibility.

2 Introduction Amid a growing emphasis on transparency and accountability, government agencies are striving to make information more readily accessible and ensure interoperability among and within agencies. Conversely, these same agencies are operating in an evolving networking environment, marked by a growing pool of complex security threats and a dramatic rise in network use. In addition, tight budgets are forcing agencies to look for ways to meet their information assurance and network security objectives while also containing spending. The result is an increasing demand for economically viable policy-centric data inspection and processing capabilities to insure secure information delivery and assurance in this volatile networking environment. Fortunately, some of the most innovative cyber security, traffic analysis, traffic management, app lication acceleration and mobility solutions are available to government agencies as open source software applications. Adoption of open source has soared in recent years at all levels of government, as agencies and systems integrators increasingly embrace the advantages these applications present over proprietary solutions and self-funded initiatives. Open source applications that are deep packet inspection (DPI)-enabled can help agencies better assess and manage network traffic to ensure data integrity and security while keeping pace with the high-performance demands of a collaborative, net-centric environment. By deploying open source applications, government agencies can implement the best solutions for their needs without many of the security, interoperability and cost challenges associated with proprietary or in-house developed products. This white paper explores some key benefits to government agencies when open source applications are deployed to enhance cyber security and network awareness. In addition to offering a list of commonly deployed applications, the paper also discusses the improvements in flexibility, agility, solution stability, as well as the potential reduction in the total cost of ownership that comes with open source solutions. 1

3 5 Key Values of Open Source Software 1. Breadth and Depth of Open Source Cyber Security Solutions Given the bandwidth-intensive, collaborative and sensitive nature of government networks, many agencies are especially eager to deploy open source applications that provide greater visibility, security, and control over network traffic. Several leading edge open source applications are available to and are being deployed by government IT and security managers today, particularly to address network security, flow analysis, and traffic monitoring and management requirements. Key Open Source Security Applications: Application Purpose Description Argus System & Network Monitoring Audit data to support network operations, performance, and security management, including network forensics, non-repudiation, network asset and service inventory. Arpwatch ARP monitoring tool Provides alerts on modifications to ARP tables Barnyard Bro nprobe Alert Processor for SNORT Passive Intrusion Detection Active Inline Prevention NetFlow Collector Offloads the output processing task by parsing the SNORT unified output format into textual or database alerts. Network intrusion prevention and detection application using eventoriented analysis Scalable network monitoring architecture that passively monitors and collects netflow information on high-speed network links ntop GUI for network metrics Network traffic probe that displays network usage SANCP Connection Profiler Creates network connection and traffic logs for auditing, historical analysis, and network activity discovery SiLK Flow Analysis Engine Delivers historic and real time analysis of network traffic. SNORT Squid Suricata Passive Intrusion Detection Active Inline Prevention Web Proxy Passive Intrusion Detection Active Inline Prevention Network intrusion, prevention and detection application that combines the benefits of signature, protocol and anomaly-based inspection methods Web caching proxy for HTTP, HTTPS, FTP, and others that reducesbandwidth and improves response times. Next generation multi-threaded IDS/IPS from Open Information Security Foundation (OISF). TCPdump Packet Capture Open source tool for capturing and analyzing packets YAF Flow Analysis Sensor Network flow recording program that processes packet flows into IPFIX format for later analysis. Core to the optimal execution of each of these applications is deep packet inspection (DPI) technology. DPI technology allows IT managers to set network access, control and monitoring policies that are customized according to the agency s unique network security needs and requirements. 2

4 Agency Location #1 Agency Location #2 Government Agency Characteristics Classified and Unclassified Networks Single and/or Multiple Locations Legitimate and Malicious Users Internal & External Threats Unclassified Network INTERNET Argus Classified Network Open Source Cyber Security Applications Arpwatch Bro IDS/IPS SiLK SNORT Suricata YAF Agency Location #3 What s Required To Protect Agency Networks A high performance DPI networking device aggregating on a single platform - Security / Intrusion Detection & Prevention - Flow Analysis - Monitoring & Surveillance For example, DPI-enabled network flow recording and analysis tools, like YAF and SiLK, can provide agencies with comprehensive visibility into network protocols and data traversing their network, presenting an all-inclusive view of the network environment, network users, and bandwidth trends. By recording and analyzing network flows, YAF and SiLK can help identify and report policy violations as well as viruses, worms, botnets, malware and other vulnerabilities. As seen above, DPI-enabled open source applications are widely available for government use. However, agencies must carefully select the appropriate host processing platform(s) to meet network security and bandwidth requirements; usually these applications function best when integrated with a high-performance DPI-enabled platform. 2. Empowering Government with Flexibility and Agility With unique mission goals, government agencies need flexibility, control and oftentimes scalability over the form, fit and function of network solutions. However, rather than enabling agencies with customized solutions that are best-suited for their objectives, proprietary products can create vendor dependency, locking agencies into costly products with pricey licensing agreements. Unfortunately, once locked-in to a single vendor solution, the switching costs to more flexible, value-add solutions may be high. Open source software based solutions eliminate vendor lock-in and dependency. Instead of relying on one specific vendor, agencies have access to a wide range of best of breed technologies and are freed from dependency (and risk) on a single vendor for upgrades, security patches and other enhancements. While government-off-the-shelf (GOTS) solutions afford agencies a high level of direct control over product specifications and can be freely shared among agencies, they require dedicated software programmers and can be costly to modify. Modular open source systems allow programmers to adapt key features or add new capabilities when needed, rapidly developing and deploying customized applications to address their specific challenges. Open source allows government programmers to tailor existing open source code, minimizing the time and money needed to create a custom solution. 3

5 3. Bolstering Security and Innovation Open source users can count on a large and active community that offers best practices in network access awareness and control, cyber security and information assurance. This community presents a significant pool of knowledge and resources government IT managers can tap for fresh ideas, a variety of opinions and reliable insight, as opposed to relying on a single vendor source. The open source user community is particularly beneficial when it comes to one of the most pressing concerns for government agencies: cyber security. For highly sensitive government networks, security vulnerabilities are not an option. Fortunately, access to open source program blueprints enhances security while also promoting continuous product improvement. User communities are constantly testing and validating open source software. When security patches are required, the open source community responds rapidly to fix the bugs, developing fixes for security vulnerabilities, sharing patches and continually refining and refreshing software, ensuring that open source solutions continuously evolve and improve. This open source community approach enhances security, since vulnerabilities are quickly identified and remedied before they can be exploited. In other words, cyber security vulnerabilities are minimized when thousands of experienced programmers have the opportunity to independently view, modify and validate the blueprint. 4. Doing More with Less A perennial challenge for government IT managers is making the most of tight budgets in networking environments where they lack the necessary human and financial resources required to keep up with software changes, equipment upgrades, licensing fees and maintenance costs that come with closed or proprietary technologies. Open source software has lower total cost of ownership (TCO) than closed solutions, and enables government agencies to develop and deploy scalable applications at a fraction of the time and cost of proprietary software. Often, open source solutions are available for free with technical support in terms of ongoing patches and upgrades provided by the community at large. In additional, some high-performance DPI-enabled platforms allow multiple open source applications to run simultaneously on common data streams without impacting performance, further reducing CapEx and OpEx costs for agencies. 5. Supporting Collaboration and Interoperability With open source, IT managers can share critical information among and within agencies. Open source makes it easier for agencies to collaborate among themselves and with private sector solutions providers, and to provide constituents with easy access to resources and information. For example, government agencies can use standards-based, self-serve open source Web applications to make information available to constituents or other agencies, furthering transparency and simplifying access to unclassified information. Bivio Networks: Optimizing Open Source Applications with High-Performance Infrastructure To optimally support open source DPI-enabled applications with minimal porting effort, government agencies need policy-centric network infrastructure that can execute deep packet inspection and processing at multi-gigabit speeds on a single platform. 4

6 To this end, Bivio Networks application and network processor scaling technology, coupled with a standard Linux operating environment, makes the company s DPI application platforms uniquely suited to support the deep packet processing capabilities of a variety of open source applications and services. Leveraging Bivio s DPI-enabled network appliances, government agencies achieve dramatic increases in the performance of open source applications. In fact, through its Application Library, Bivio provides government agencies and channel partners deploying network security, monitoring and analysis solutions one-click access to and implementation of industry-leading open source networking applications on Bivio s DPI application platforms. Applications include a range of security, flow analysis and network optimization software packages, all of which are certified to perform at throughput speeds of up to 10 Gbps on the Bivio 7000 DPI Application Platform, with higher performance available through Bivio s innovative scaling capabilities. The initial set of applications includes Argus, Arpwatch, Barnyard, Bro, nprobe, ntop, SANCP, SiLK, SNORT, Squid, Suricata, TCPdump, and YAF. The Application Library program allows agency network managers to couple Bivio s industry- leading network appliance platforms with certified open source applications so they can economically leverage the very best solutions available. Bivio also offers the Continuous Threat Monitoring Solution (CTMS), a multi-function, high-performance network monitoring probe designed to provide the best possible defense against known and unknown attacks, often grouped as advanced persistent threats. Bivio CTMS aggregates multiple open source and licensed software engines in a fully-integrated solution to meet customer-specific network awareness and forensics requirements. Get Ahead with Open Source Budget and security considerations often keep government agencies from getting ahead of the curve when it comes to advancing their networks in support of unique mission objectives. But with open source, agencies can implement the applications that are best-suited to mitigate cyber security threats, facilitate collaboration and adapt to evolving network requirements without the restrictions of proprietary or self-funded initiatives. Agencies are increasingly recognizing that, when deployed on high-performance DPI devices like Bivio s, the benefits of open source are many and are moving forward to deploy open source applications to lower costs, promote and encourage innovation and safeguard their networks. For more information on how your agency can get ahead with open source applications through Bivio s Application Library and Continuous Threat Monitoring Solution, please visit 5

7 About Bivio Networks Bivio Networks is a leading provider of network systems for securing, monitoring and controlling critical network infrastructure. Bivio s global customer base includes worldwide government agencies and service providers. Its product suite enables customers and partners, which include application developers and systems integrators, to develop and deploy leading solutions to secure, monitor and control customer networks. Bivio is privately-held and is headquartered in the San Francisco Bay Area with office locations worldwide. More information is available at Bivio Networks, Inc Willow Road, Suite 200 Pleasanton, California Phone: Fax: Bivio Networks, Inc. All rights reserved. The Bivio logo, BiviOS, Bivio 7000 Series, Bivio 7100, Bivio 7500, DPI Application Platform and FlowInspect are trademarks or registered trademarks of Bivio Networks, Inc. All other company and product names may be trademarks of their respective owners. Bivio Networks may make changes to specifications and product descriptions at any time, without notice. Uncompromising performance. Unmatched flexibility.