Q&A: nTelos

Over the years, there has been a lot of focus on security in both public-facing networks, and increasingly, internal infrastructure, including operational support systems (OSS).

With so many applications being used across broad employee bases and systems, it's more difficult than ever for IT to keep up with updates for securing frequently used applications (e.g., Acrobat, Flash, Java).

As the task becomes more difficult, the vulnerabilities can grow—especially around sensitive data, increasingly populated, accessed and manipulated by not only internal sources, but also external customers and partners as well.

For smaller CSPs lacking budgets and resources for staff and tools, what are the options for securing assets in an increasingly digital and vulnerable world?

Connected Planet spoke with John Lewis, who manages IT assurance for nTelos to gain perspective on key issues and solutions:

CP: What are some of the risks that keep you awake at night?

JL: We have to continuously minimize exposure in a world where malware hides in web traffic and where less-skilled users can compromise systems. When you have so much customer-related credit and financial information, you have to think of how to secure it, while opening up more access to not only internal people, but customers and partners as well.

You have to think about how to balance the need to protect with the need to allow business folks to be productive and to allow customers to be in control more. As the average user downloads PDFs, for example, we have to think of how that compromises systems and adjust how we dole out access rights to certain servers without inhibiting productivity. You have to be as diligent as possible to assess your risk and exposure, and to track down compromises so you can “lock down” machines that are vulnerable.

CP: What are some of the challenges to how “diligent” a smaller company can be?

JL: One problem is the fact customers as a whole are demanding more access to change their settings, and you don’t have to be as skilled to “break” a system anymore, so there is always evidence in all companies that people are trying to break in.

Another big issue is that some of the more innovative tools and solutions are geared toward bigger providers; there are barriers to entry for smaller players with smaller budgets and smaller staffs, were people wear many hats. As a result, you end up using home made or open source solutions. There are products smaller players would implement if they could be scaled down to smaller budgets.

But despite that, there are tools and mechanisms of great value that have helped us to automate the process of watching patterns and monitoring networks for changes. You use a combination of analytics—automated and manual—to detect any changes that might be indicative of compromises.

We use Sourcefire to link users to traffic and to monitor traffic among machines so we can build profiles of how users, traffic and ports are interacting and interconnected. This helps us do away with “generic accounts” to link usage to actual users. Sourcefire also helps us wade through the noise by letting us know which patterns and which abnormalities are worth looking at. We also use Splunk to collect logs on server, perimeter and workstation levels.And we use OSSEC cross all systems as well.

We also try to configure networks in such a way that wireless and wireline operations are independent of the back office and separated from what customers access. And, we lock down core servers even further. We want controls for how critical systems are accessed and managed.

CP: Other than actual “tools” what can be done?

JL: We make sure we get into the meetings with marketing and communications during the planning phases of what they are doing. We sit in meetings and try to make suggestions and consider risks before contracts are signed and before RFPs are evaluated. We talk about expectations and speculations.