US-Visit computers failed due to a virus.

To me this is crazy that computers could be affected so badly by a virus. Lets assume that you haven’t installed the patch because you are testing it. That is a reasonable enough situation, but in security you don’t just rely on just one layer of protection instead you use multiple layers. For a moment lets assume that these machines are not used for reading email, surfing the web and only have the software needed to perform the US-visit program.

1) Virus software.
Any reasonable virus software will protect computers from known viruses. Some vendors will also give you the ability to block buffer over attacks and perform some behavioral blocking. All the machines should be managed from a central location that allows the machines to all be updated to the latest virus definition files.

2) physical or logical separation.
In this example they are running machines that have a single purpose, to collect and valid passports. This allows you to put the computers on a firewalled segment that only allow the specific traffic needed to run the us-visit machines. If they they are connected to an untrusted network then tie them back to a central secured network using a vpn connection.

3) Hostbased Firewall
Windows XP includes a very simple firewall that allows you to block traffic going to the machine. When dealing with a machine that is there to serve a single purpose it should be a fairly simple to create a set of firewall rules that blocks most traffic to the machines.

3) Hostbased application control
Again since these are single purpose machines you can install a security application that controls which applications are allowed to run and what types of network connections those applications are allowed to make.

What is even more amazing is that wired has published a copy of there Network Architecture

Leave a Reply

OpenID

Anonymous