Slashdot Mirror

← Back to Stories (view on slashdot.org)

Information Security On An Olympic Scale

Posted by timothy on from the five-rings-of-fire dept.

jeffy124 writes: "Wired is running a story about the man in charge of securing the computer systems at the Salt Lake City Olympic Games next February. Matt McClung discusses how he's withstanding an 'overhype' in the media on the possibility getting his systems cracked and what he's doing to prevent it in the first place. With 4500 PCs and 550 servers, that shall be a daunting task, especially given the reliability problems at the '96 Atlanta games."

8 of 160 comments (clear)

  1. Is this the right man for the job? by gmhowell · · Score: 4, Insightful
    McClung said the Salt Lake City Olympic computer system, comprised of 4,500 PCs and 550 servers, is the most complex network he's ever seen.


    Urmmm... I work in a small company (50 employees) so I've never seen really big networks. But somehow, 2000 computers doesn't seem like that compares in any way to various military and Fortune 500 networks. By an order or two of magnitude.

    So, is somebody who has never seen (let alone worked with) this many machines the right guy for the job? Sounds like he is in over his head a bit.

    (Now, if this IS an incredibly huge/large network, please bitchslap me)
    --
    Jesus was all right but his disciples were thick and ordinary. -John Lennon
  2. Not that hard... by RollingThunder · · Score: 5, Interesting

    just don't hook one single system up to the Internet. Establish a private network (not VPN - actually private) for the entire thing.

    Use dedicated hosting boxes, with ALL DYNAMIC FUNCTIONS OFF, that run NOTHING but the http server on the public interface. The secure FTP server runs on a dialup connection that only connects to the private network, with hardware authentication of the modems to each other.

    Choose a bare-bones http server, with no bells and whistles. Both IIS and Apache are out. Maybe thttpd? Not familiar enough with it, to be honest.

    Yes, you're going to have to work around not having dynamic portions or ubiquitous connectivity, but you're having to choose, flexibility or security.

    Would this make for an enjoyable online olympics? Probably not, but that wasn't really what the story addressed. :)

  3. Olympic Security in Atlanta was a joke by CokeBear · · Score: 5, Insightful
    Olympic Security in Atlanta was a joke.
    I was a relatively low level voluteer, assigned to a specific area at a single venue. My badge said as much in codes that every security person was supposed to know.

    I was able to access behind the scenes areas, chat with athletes and celebrities, watch events at other venues, all without a single question from a security person. (Most of them were volunteers too). Even when I was out of my uniform, all I had to do was flash my badge and I was never denied access to even the most sensitive areas. Part of it has to do with attitude of course. If you act like you belong, they assume you do, and I consider myself a Master of Social Engineering, but even then, I should have at least been questioned when I walked into the athletes change area. (There were none there).

    I'm pretty sure that Salt Lake City will be more secure, if only because of all the money being poured into it now. But what they need to realize is no matter how many $B you spend on security, you still need people with the balls to say "I'm sorry sir, your badge doesn't allow you in this area" and to stick to it.

    --
    Reality has a liberal bias
  4. IBM passed on the job by Lumpish+Scholar · · Score: 5, Interesting

    ... because they wanted to control it all, including everything on the Olympics.com Web site.

    http://www.forbes.com/2000/08/23/feat.html

    --
    Stupid job ads, weird spam, occasional insight at
  5. A chance to win... by Swannie · · Score: 5, Funny

    Hmm... with a little hacking, and I could be the first person in my family to win a gold medal for figure skating.

    Swannie

    --
    :q!
  6. Rule Number 1 by darrad · · Score: 4, Interesting

    Secure the equipment!!!!

    If the guy from Atlanta was right, it does absolutely no good to put up firewalls, anti-virus, or intrusion detection. If any volunteer can take his limited badge and walk anywhere in the complex, then someone could volunteer, camp out around the IT room(s) and do their work from the inside.

    And then there is the ever present wireless links. Walk into the games with a laptop loaded with packet sniffers and a wireless NIC and wallah!!...you have all the info you need, even if you don't hack from inside the games, you have still obtained the needed info to go sit at home and go to work.

    I cannot believe that security was that bad at the '96 games, but I am not really all that surprised.

  7. Security already not so great by imrdkl · · Score: 4, Informative
    Just looking at the Saltlake official webpage, I see only one link which uses encryption, and that's the signup link so that you can download a screensaver and get some kind of updates. Theres a tremendous amount of javascript there, and it's clearly being served already from M$.

    We might already be too late to help them. :-/

  8. The Test by Rolo+Tomasi · · Score: 5, Funny
    OK, after they've got all rigged up and ready to go, they're ready for

    The Ultimate Test

    Fill the servers up with pr0n and serve it to the public, for free! If it withstands that, the Olympics will be a piece of cake.

    Hey, I'm serious ...

    --
    Did you know you can fertilize your lawn with used motor oil?