Lockheed Martin: How to Lock Down a Wireless Net

Jasyn Voshell remembers the white van. It had a “high-gain antenna. Just like you see in the movies.”

Voshell, who had been a network security manager for Lockheed Martin’s Aeronautics division, points out the spot where he saw the van, outside Lockheed Martin’s fighter-jet factory on the outskirts of Fort Worth, Texas. The van’s occupants were using a powerful radio beam to knock computers off Lockheed Martin’s wireless network. It was a nuisance, a denial-of-service attack, although it could have been a prelude to something more serious.

But the attackers never got the chance to go further. The factory’s wireless intrusion detection system alerted Voshell that someone was messing with his network. Minutes later, a Lockheed Martin security guard tapped on the window of the white van. The driver “knew he was busted,” Voshell says. But before he could drive away, the guard yanked the door open, threw the man to the ground and put a gun to his head.

“They were doing other stuff, too, which I can’t talk about,” Voshell tells a journalist during a visit in May, leaving unclear who was attacking his network and why. He recalls the incident, however, as “my favorite thing to have happened at Lockheed Martin, ever.”

Given its critical work on military aircraft, including the new F-35 Joint Strike Fighter as well as the established F-16, Lockheed Martin is an attractive target for hackers, plus actual spies and terrorists. Voshell—the architect of the wireless security plan that covers more than 100 buildings at facilities in Texas, Georgia and California—is paid to be paranoid. Though the plan he implemented remains in place, Voshell left in November for an information security job with Textron.

7 Elements of a Secure Wireless Network

To achieve maximum wireless security, Lockheed Martin Aeronautics:
1. Deploys an intrusion detection system, with dedicated sensors even where no wireless network is supposed to exist.
2. Has network managers follow a checklist of procedures when responding to alerts from the intrusion detection system.
3. Establishes written policies so network managers can confiscate wireless equipment brought in-house without notice or used improperly.
4. Requires strong authentication—users must plug a hardware security device into the computer, and supply
a password.
5. Configures laptops with a dedicated firewall installed, hard drives encrypted and ad hoc networking (direct computer-to-computer connections) disabled.
6. Uses software that disables the wireless port when a laptop is plugged into
a wired network.
7. Requires wireless computers to use VPN software, rather than rely on the still-evolving encryption built into wireless devices. Wireless access point traffic is routed from outside the Internet firewall, even when the access points are inside the building.

During his stint at Lockheed Martin, Voshell put a lot of time and effort into defining the technologies and procedures that would allow the company to take advantage of the convenience and portability of wireless computing without compromising on security. Among other things, that meant finding ways to detect attacks on the wireless network and, just as important, detect when wireless equipment within the plant is configured incorrectly.

In addition to deploying a wireless intrusion detection system from AirDefense of Alpharetta, Ga., the company had to define policies and procedures on how to respond to a wireless security incident.

The white-van episode was an extreme case, of course. “We don’t always take out guns and pull people out of cars,” Voshell says, reassuringly. But by developing standard action plans for common types of incidents, he hopes to ensure appropriate, and consistent, responses.

The AirDefense system has picked up attacks from downtown Fort Worth, more than 10 miles away, but there are also potential threats within the plant. On a tour of the facility, Voshell points out a United Arab Emirates jet and a U.S. Air Force fighter receiving finishing touches in adjacent hangars. Foreign nationals with contracts to buy U.S. military equipment are allowed to check out the merchandise, for example, but information on other projects at the plant is off limits to them. Boeing, a defense industry competitor, may have personnel on site because of joint ventures with Lockheed Martin. And since, increasingly, the laptops these guests bring with them have wireless networking capability, Voshell needs to be able to detect and shut down any misuse of that capability.

Next page: Intrusion Detection on WLANs