Printer Friendly
The Free Library
19,607,050 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Flight plan


To keep up with its expansion, Denver-based Frontier Airlines This article is about Frontier Airlines that was founded in 1994. For the company known as Frontier Airlines from 1950 to 1986, see Frontier Airlines (1950-1986).

For the similarly named Frontier Flying Service see Frontier Flying Service.  sought to centralize its firewall needs, reports Greg Masters.

About four and a half years ago, when Frontier Airlines decided to do a server room re-design, IT security manager Steve Greenberg decided that the time was right for a re-design of the company's network, as well.

The airline, operating out of Denver International Airport This article is about Denver International Airport. For other uses, see KDEN (disambiguation).

Denver International Airport (IATA: DEN, ICAO: KDEN, FAA LID: DEN), often called DIA  with 62 aircraft and close to 6,000 employees, had been using two different firewall products in its general offices – a Cisco PIX firewall A family of network firewalls from Cisco. PIX units are high-performance, stand-alone devices that contain their own embedded operating systems and can support up to 64K simultaneous connections.  and a Microsoft ISA (1) (Instruction Set Architecture) See instruction set.

(2) (Interactive Services Association) See Internet Alliance.

(3) (Internet Security and Acceleration) See .NET.  firewall – but wanted to consolidate the functions onto one robust product that could improve network connectivity. As the airline was experiencing rapid expansion – at that time adding several new cities to its flight routes – the firewall product also needed to be flexible enough to grow along with the company.

“We had a lot of in-house experience with the Microsoft product, not so much with the Cisco stuff,” says Greenberg. “So, we wanted to consolidate onto one product and be consistent throughout the environment. We wanted to make a little more robust product, something that would grow with us.”

After testing the Secure Firewall, formerly Sidewinder sidewinder, common name for a rattlesnake, Crotalus cerastes, found in the deserts of the SW United States. This 2-ft (60-cm), pale yellow and pink snake is named for its curious method of locomotion. , Greenberg chose it for the implementation – despite the fact that network consultants he contracted suggested a different option. He liked the way the product stopped cross-site scripting See XSS. ; SQL injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not  attacks and directory traversals; inspected encrypted protocols; stopped botnets and zombies Zombies

Companies that continue to operate even though they are insolvent. Also known as living dead.

Notes:
It's advisable to avoid investing in zombies at all costs their life expectancies are highly unpredictable. ; and filtered traffic based on country codes.

“The product from Secure felt better. I liked it better,” he says.

And no wonder. The product comes with a pedigree. Scott Montgomery, vice president of product management of Secure Computing For the general concept, see .

Secure Computing Corporation, or SCC, is a public company (NASDAQ: SCUR) that develops and sells computer security products, such as:
  • Firewalls including Sidewinder, SnapGear and CyberGuard TSP
 Corp., says the tool was originally developed for the National Security Agency (NSA NSA
abbr.
National Security Agency

Noun 1. NSA - the United States cryptologic organization that coordinates and directs highly specialized activities to protect United States information systems and to produce foreign ) with a high degree of security in mind.

“The NSA needed to keep classified information on one side of a controlled interface A controlled interface is a multilevel security system used to transfer low-classification data between security domains. The data to be transferred may theoretically move in either direction; the purpose of the controlled interface is to ensure that the data meets the criteria for , and unclassified un·clas·si·fied  
adj.
1. Not placed or included in a class or category: unclassified mail.

2.  material on the other side of a controlled interface. The resulting product became the Secure Firewall,” says Montgomery.

The appliance is used in the most sensitive, high assurance networks in the world, he adds. But, he concedes that during the product's early years, there were issues with how complex it was.

“It's one thing to make a secure product. It's entirely another thing for it to be used by the mass market without an inordinate amount of training and professional services,” he says.

The company was able to achieve its goal with the most recent release, in April 2007, called Sidewinder 7.0, now called Secure Firewall 7.0.

“That release is where we focused several years of ergonomics and usability work in creating an interface that anybody – network or security folks – could use,” says Montgomery.

Frontier Airlines' Greenberg says his airline currently has 18 Secure Firewalls in production or test, and use them for the usual corporate firewall functions. All the B2B (Business to Business) Refers to one business communicating with or selling to another. See B2B e-commerce, B2C and B2G.

B2B - business to business  VPNs run through the firewall now.

The result: the company is realizing serious cost savings.

“It would have been cost-prohibitive to connect our station in Costa Rica via a permanent MPLS (1) (MultiProtocol Lambda Switching) The earlier name for GMPLS. See GMPLS.

(2) (MultiProtocol Label Switching) A standard from the IETF for including routing information in the packets of an IP network.  line, so we use a Secure Firewall to connect that station via a B2B VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. ,” says Greenberg.

Also, the tool allows the company to separate its internal network with the airport's network – for example, to allow display screens at the gates to work. And, the implementation of the Secure Firewall devices through the company went fine, says Greeberg.

“We went to their training. We had some help from Secure. They came out and helped setup our test network. It was not a problem. The only challenge was gathering and transferring rules from the extant servers over to the Secure Firewalls,” says Greenberg.

And there has been an evolution in the training process, as well.

“You go back to the mid-90s, every installation had to be done by our own professional services cadre,” says Secure's Montgomery. “It was a logistical nightmare, as well as costly to the customer. We developed a number of tools for installation and migration, a number of wizards. We also put the first levels of training online, so that once you had purchased a Secure Firewall and a support agreement, you had access to several administrative classes that would offer background training for any advanced training that we would do either onsite or at a Secure training facility or at a channel partner.”

Whereas the company once sought to perform all training by its own staff, things now just move too fast for that strategy, says Montgomery.

“We now enable our channel partners to be part of the solution and offer training on their own price book. We certify them to perform the same training that we would. We have a lot more feet on the street. Our new mantra is: Get the customer trained up. We assist with their first firewall, but then equip them during that first installation, or migration, to do the rest on their own.”

Greenberg says that everything is up and running at Frontier Airlines. And he adds that while one or two changes on average come through per week on the main corporate firewall, the firewall is working well.

“We're very pleased. We've gone from two different firewall brands and a VPN to one product that gives us a strong firewall and application defenses. It's working well for us,” he says.

Montgomery adds that Frontier is a good example of the kind of business that Secure Computing typically supplies.

“We're not a ubiquitous brand, like Cisco, but when people have a high assurance network, those are the places where Secure Firewall is deployed. With the amount of information on the web in the airline industry, Frontier fit that category. There's an intense amount of dollars and cents going through frontierairlines.com, so it's a great fit.”

Copyright 2008 SC Magazine
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright (c) Mochila, Inc.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Author:Greg Masters
Publication:SC Magazine
Date:Jul 28, 2008
Words:964
Previous Article:Breach laws: A mixed bag
Next Article:Adopting the right business model



Related Articles
Transforming the organization: one individual at a time.
Digital info device wins commercial jet application.
Flight Plan.
ARINC Direct SM is participating at EBACE 2008 in Geneva.
Discover Flying
Planning from Yuk to Yum!
Flight Planning Software
Keep Track of Your Diet Online

Terms of use | Copyright © 2012 Farlex, Inc. | Feedback | For webmasters | Submit articles