Louis Martorella, network administrator at the Jacob K. Javits Convention Center, remembers the irony. The three-person IT staff at the 800,000-square-foot New York convention hall hopelessly watched for nine months as malicious intruders hijacked their network. The attacks caused exhibitors to regularly lose access to the internet.
Each time a new show came into town, as many as 100 new computers required ethernet connections, many of whose anti-malware capabilities were suspect.
The scenario, of course, presented a golden opportunity for malicious code writers hoping to add new systems to their armies of zombies and botnets. But for Martorella and his staff, the ensuing denial-of-service (DoS) attacks meant loss of money and unhappy customers.
Martorella did not have to go far for help. As a matter of fact, he discovered the solution — Top Layer Networks' Intrusion Prevention System (IPS) — on the Javits showroom floor during the Infosecurity New York conference in 2003 (which runs October 24 to 25 this year).
"We could make his life easier," Paul Tishkevich, Top Layer's vice president of North American commercial sales, remembers telling Martorella.
The convention center's network was hit during at least 20 different shows between February 2003 and November 2003, each time requiring management to refund exhibitors an average of $10,000 for internet outages, Martorella says.
"It was not good for our reputation as a service provider that our internet access was going down so often during the day," he recalls. "They're paying us great amounts of money [$1,200 to $1,500 each per show for internet access]. When their internet goes down and they're an internet company, they're not happy."
The code writers would bring our networks to a screeching halt, Martorella says. "We were seeing Code Red, SQL Slammer. They were hitting us and taking down our networks at a tech show three to four times a day. I don't think it was a targeted attack. In this case, it was random scanning by some rogue people, looking for specific vulnerabilities."
More than two years later, since deploying the Top Layer solution, Martorella and his staff sleep well knowing there have been no new attacks.
"I never had another service-related outage," he says.
Adam Hils, director of security strategy at Westboro, Mass.-based Top Layer Networks, says Martorella tried to fight the attacks at the endpoint, which was a daunting challenge.
"He couldn't do it all," Hils says. "This is not a typical shop where you have control over who's logging in and out."
Top Layer's IPS offers defense against unauthorized access, rate-based attacks, vulnerabilities and other malicious content, while also offering application rate limits and bandwidth control, Hils said. It also scans for reliable IP addresses.
"We look for behavior that is anomalous," he says "We make sure the machines are acting in the normal range."
By using the IPS, not only was Martorella protecting Javits' network from the front end, he also was protecting the infrastructure of the exhibitors. Martorella says he was drawn to the solution because it was not router dependent.
"There was no other solution out there that was a self-contained solution that didn't require any interaction with any other device on the network," he says.
Deployment was simple. Since implementing Top Layer's IPS 3500 for his Wi-Fi network, Martorella also has installed the IPS 5500 for protection between the router and the core switch, he says. The devices cost a combined $60,000.
Hils says Martorella, in charge of computer security at a site where new PCs constantly are joining the network, faced a challenge comparable to college campuses.
"It's a unique challenge in that a show can be spread out among several hundred thousand square feet and a thousand exhibitors," Martorella says, "and you're in search of the rogue computer. This [IPS] basically brings them to you. It's policing your network without you having to be standing on top of it."
POLITICAL SUPPORT:
Javits gets bigger
Mayor Michael Bloomberg and U.S. Sen. Charles Schumer teamed up on Aug. 7 to push for a faster expansion of the Javits Center. Reportedly, they argue that phase two of the expansion, which would double the size of the hall to 1.4 million square feet, could take place concurrent with the first stages of the expansion plan.
Phase two of the expansion is being estimated at $600 million, on top of the $1.7 billion for phase one. Completion of the expansion is slated by 2010.