Have you ever wondered what goes on in the world of IT inside an airline? You hear about various verticals all the time, but rarely do you see conversations about airline network security. On a whim, after hearing about Frontier Airline’s movement into UTM using Secure Computing’s technology, I got to talk with Steve Greenberg, their IT Security Manager.
Steve Greenberg sits down with The Tech Herald for a quick Q&A. (IMG: Tim Samples)
Steve Greenberg has worked at Frontier Airlines for nine years. He spent four of them in his current position as Manager of IT Security reporting directly to the CIO. He describes his job as a great marriage of his love for aviation and computers. Steve has spent fifteen years in the aviation industry, you name it, he has likely done it. He has worked in positions such as flight instructor, baggage handler, ground operations, flight follower, and charter coordinator.
With an established strong interest in computers from the earliest days of PC's, Steve decided to pursue IT full-time in the late 90’s and became MCSE certified. Joining Frontier Airlines in 1999 as Y2K Analyst, he quickly moved up to his current position. Currently, he holds a BS in Aviation and CISSP & GCFA (GIAC Certified Forensics Analyst) certifications.
As you can tell from the image below, Steve is happy when he is with his servers. What true IT geek isn’t happy with servers though?
[Disclosure Note: Secure Computing provided access to Steve on request. Frontier Airlines is a Secure Computing client. The Tech Herald has a working relationship with Secure Computing for information, quotes, and news sourcing. In the past they have been covered on this site, including two reviews. The Q&A is to offer a glimpse into what one vertical is doing with regard to security. This Q&A is not intended to push one product over another.]
Q: What types of problems was Frontier Airlines facing that led to a planned upgrade in security?
A: We needed a strong solution that would be able to grow with the business. And consolidating on one solution to reduce the footprint was also a key driver.
Q: Why choose a UTM based security solution instead of a layered approach?
A: We continue to use a layered approach, however Secure Computing’s Secure Firewall and UTM appliances permit us to effectively layer our security that much deeper and stronger at the edge, and in between our network and untrusted network segments.
Q: Can you describe how the layered approach is designed?
A: In general, we use border routers with ACLs and Ingress/Egress filtering, firewalls, IPS and IDS devices, host-based monitoring and protections. And then we conduct extensive auditing and testing to ensure everything is working as it should.
Q: What did you use before Secure Computing and why did it get replaced?
A: We used Cisco PIX and Microsoft ISA servers. We replaced them to consolidate on one firewall and improve our security posture. We needed something that would grow with us. We’re still currently using the Microsoft ISA firewall for our internet proxy and publishing an extranet site to the Internet. However, we will very soon be replacing the ISA Proxy server with Secure Web from Secure Computing.
Q: How often do you change security vendors?
A: Not often - only when necessary. We always strive to develop good relationships with our vendors and foster that through the years. If we encounter a need that a current vendor cannot provide, we look elsewhere.
Q: From a scope of operations, how large is the environment you have to secure and manage?
A: We secure 6,000 users, 2,500 PCs, 200+ servers, multiple B2B VPNs and vendor connections, hundreds of remote workers, and 60+ satellite offices (airports).
Q: What is a typical day for you when dealing with security monitoring and management?
A: We use SecureWorks, a 24x7x365 MSSP (Managed Security Service Provider) for monitoring and incident investigation. So typically we log into their portal every day and get an overview of what is going on. Incidents that are escalated from SecureWorks are investigated on an as-needed basis.
Q: Without giving details, do you have a disaster recovery plan? How long would it take to recover from an all out network failure? How often is it updated and tested?
A: This is always a work in progress. We have an office dedicated to a DR/BC planning, which is actively working on an enterprise plan. Our network (including security devices) was rebuilt a few years ago from the ground up to reduce the risk of outages. So from that perspective we are resilient and protected against a complete and total outage by using high availability designs, redundant routing and more than one carrier.
Q: How does your job cross over with general airline security and/or with TSA (DHS)?
A: My job does not cover TSA or DHS. I only communicate with airport security authorities to ensure our networks kept separate.
Q: What types of compliance issues does Frontier Airlines have to comply with?
A: From a networking/security perspective, we must comply with SOX, PCI and some HIPPA regulations.
Q: Our readers love battle field type stories. What is your most challenging problem you have had to face at Frontier Airlines?
A: Oh, good question. In such a fast paced and competitive business, we face new challenges all the time. The biggest challenge I’ve dealt with is transforming Frontier from an entrepreneurial business to a mature organization.
As we develop processes and procedures to further nurture Frontier, it has been a challenge at times to shift business out of the old way of doing things. But now that we have defined processes and procedures in place, including change control and SDLC, the stability and reliability of IT and our infrastructure has greatly improved as a whole. Frontier’s business transformation of course includes IT Security as well.
With all the compliancy, privacy and regulatory issues we face, IT Security must be consulted in the earliest stages of a project - not at the end, which was at one time more common than not. The IT Security department is more frequently being consulted by the business about projects and issues, rather than hearing about them through the grapevine and after the fact.
Previous Secure Computing related articles:
Review: SnapGear SG565
Review: Secure Computing’s SecurityReporter
Secure Computing adds VM security
Q: What’s on the minds of IT Directors? A: Fear
Comment on this Story