Slashdot Mirror


Information Security On An Olympic Scale

jeffy124 writes: "Wired is running a story about the man in charge of securing the computer systems at the Salt Lake City Olympic Games next February. Matt McClung discusses how he's withstanding an 'overhype' in the media on the possibility getting his systems cracked and what he's doing to prevent it in the first place. With 4500 PCs and 550 servers, that shall be a daunting task, especially given the reliability problems at the '96 Atlanta games."

3 of 160 comments (clear)

  1. Not that hard... by RollingThunder · · Score: 5, Interesting

    just don't hook one single system up to the Internet. Establish a private network (not VPN - actually private) for the entire thing.

    Use dedicated hosting boxes, with ALL DYNAMIC FUNCTIONS OFF, that run NOTHING but the http server on the public interface. The secure FTP server runs on a dialup connection that only connects to the private network, with hardware authentication of the modems to each other.

    Choose a bare-bones http server, with no bells and whistles. Both IIS and Apache are out. Maybe thttpd? Not familiar enough with it, to be honest.

    Yes, you're going to have to work around not having dynamic portions or ubiquitous connectivity, but you're having to choose, flexibility or security.

    Would this make for an enjoyable online olympics? Probably not, but that wasn't really what the story addressed. :)

  2. IBM passed on the job by Lumpish+Scholar · · Score: 5, Interesting

    ... because they wanted to control it all, including everything on the Olympics.com Web site.

    http://www.forbes.com/2000/08/23/feat.html

    --
    Stupid job ads, weird spam, occasional insight at
  3. Rule Number 1 by darrad · · Score: 4, Interesting

    Secure the equipment!!!!

    If the guy from Atlanta was right, it does absolutely no good to put up firewalls, anti-virus, or intrusion detection. If any volunteer can take his limited badge and walk anywhere in the complex, then someone could volunteer, camp out around the IT room(s) and do their work from the inside.

    And then there is the ever present wireless links. Walk into the games with a laptop loaded with packet sniffers and a wireless NIC and wallah!!...you have all the info you need, even if you don't hack from inside the games, you have still obtained the needed info to go sit at home and go to work.

    I cannot believe that security was that bad at the '96 games, but I am not really all that surprised.