Securing Redmond: Microsoft Turns to Lumeta for Network Map
- By Scott Bekker
- July 16, 2001
A quickly growing network can leave the enterprise vulnerable to outages and loss of corporate information assets. Because many devices are added quickly, administrators may have a difficult time determining what is secure and what is open to the Internet.
In order to improve its network security, Microsoft turned to Lumeta Corp., a security startup headed by Bill Cheswick, former Bell Labs security researcher. Lumeta had created a process for comprehensive mapping of an intranet.
Mapping a network the size of Microsoft’s is no small task. With over 100,000 nodes and more than 3,000 routers, the network continues to grow and hackers could easily gain access with complete secrecy.
The Lumeta Network Discovery (LND) service required little action on the part of the Microsoft security team. According to Howard Schmidt, chief security officer at Microsoft, the LND mapping team only needed access to the Microsoft network, whether by VPN or dialup, in order to complete its work.
Microsoft’s Schmidt notes that the LND mapping was performed before the highly publicized Microsoft network break-in of last year. Networks should be mapped periodically, says Schmidt, in order to avoid major network hacks and outages.
The LND service, according to Lumeta spokesperson Diane Burley, provides foundation level information about networks. It maps all the routes within the networks, and unlike traditional mapping tools, it talks to the network routers themselves. In addition to the map, LND provides HTML reports for cross-referencing data.
The LND service maps network communities by color, and includes both IP addresses as well as canonical names of network segments. Burley notes that the most common vulnerabilities are open connections to universities, where a legitimate user to the network may be logging on without an authorized connection, and telecommuters logging on with a VPN but no firewall.
Schmidt reports that what LND found on Microsoft’s network were mostly legitimate connections, with a few segments that Microsoft did not officially recognize. These turned out mostly to be partner activity that had not gone through official Microsoft network authorization channels; they were business-appropriate, but technically unauthorized.
Schmidt sees LND being applied in the future for preemptive security purposes, as the service helps administrators to get a comprehensive picture of their networks. Lumeta’s Burley adds that companies -- such as Microsoft -- with a high volume of mergers and acquisitions will find LND helpful in order to determine how to best streamline the network as well as shut down unauthorized connections.
According to Burley, LND helps to answer the question of how to merge networks and the issues of private versus public network space. Isaac Slepner
Scott Bekker is editor in chief of Redmond Channel Partner magazine.