⬆️ ⬇️

Cybersecurity games in Rio: how it was

The Olympic Games in Brazil ended a little more than a month ago, at which Cisco has traditionally been responsible for network and server infrastructure, including their security. And today we can already share our experience in providing network security for the Rio Summer Olympics, especially since we can already compare what is happening with the games in London in 2012, where Cisco also provided network security for all sports facilities and events.



Cisco in Rio

For the first time, the serious informatization of the Olympic Games was talked about before the Winter Games in the Canadian Vancouver in 2010. Yes, oddly enough, but up to this point the world's largest sporting events could not boast of a serious IT infrastructure, although various stadiums and smaller events rather actively introduced modern information technologies into their operations. Cybersecurity was seriously dealt with only during the preparation for the London games in 2012. According to published statistics, 166 million cybersecurity events were recorded in London (in Beijing, about 12 million events were recorded daily), of which 783 required a detailed investigation. Serious attacks were 6 and one could even disrupt the opening ceremony - while hackers tried to attack the power supply system of the Olympic Stadium. In Rio, experts expected a fourfold increase in the number of cyber attacks; in reality, there were about 510 million, or about 400 attacks per second. During the Paralympic Games in Rio, hacker activity dropped to 120 attacks per second, which is understandable - interest in them is much lower than in the main games.



Obviously, the Olympic two weeks is a paradise for fraudsters and criminals of all stripes, especially in Brazil, which has never been on the list of countries that are prosperous in terms of crime. From the point of view of cybercrime, Brazil is considered one of the most dysfunctional - the growth of serious cyber attacks in it grew from 2010 to 2015 by 400%, with a noticeable 200% surge in 2014, when the country hosted the World Cup. And although according to Jane Weinwright, who headed the security of the organizing committee of the Olympic Games in London, there were no specific attacks on the Olympic infrastructure, this does not mean that there was nothing to fight with. It is enough to remember how many people attend sporting events in person and online in order to understand that the scale of the problem is serious enough.

')

In London, the five key threats to information security were considered:





In Rio, the situation was not very different; the problems were exactly the same - spam advertising fake ticketing sites, reports of allegedly won free tickets to sports events or other near-sports events, mailings with malicious attachments hiding under calendars and maps of Olympic events, phishing sites with Olympic news ( we have recorded and blocked several hundred such malicious domains), etc.



The task we faced was rather difficult - to provide in a short time a secure connection to the network and server infrastructure:





Olympic infrastructure



In ensuring the security of 113472 LAN ports and 5159 Wi-Fi wireless access points, the following principles were laid down:





In fact, they differed little from the similar infrastructure in London, where we also provided network security:







Considering the traditional nature of threats and defensive technologies, we used traditional ones. Of the 60 tons and 8115 units of equipment supplied for network security were responsible:





The main tool for the segmentation of steel firewalls Cisco ASA 5585-X and ASA 5515-X, which provide the separation of traffic between different zones of the Olympic infrastructure. Cisco ASR9000 and Cisco ASR1000 routers helped them with this. At the level of virtualization, the Nexus 7000, Nexus 2000, MDS 9000 switches, as well as the UCS 5000 and Fabric Interconnect 6000 computing systems were responsible for the segmentation.



Design of the main data center



Since the Olympic Games are many different users with different tasks and access rights, we used a cluster of Cisco ISE devices that authenticated and authorized wired and wireless users to control and delimit them. So, for example, the portal of access for journalists of the press center looked like:



Olympic portal for journalists



Considering the number of people who needed access to various services and services provided by the Olympic Organizing Committee, a self-service portal was raised on the Cisco ISE, which reduced the workload of the IT specialists of the Games. This self-service related to the registration of accounts:



Cisco ISE self-service portal



registering mobile devices and recovering forgotten passwords:



Cisco ISE self-service portal



With the help of Cisco ISE, journalists, athletes, volunteers, sponsors, and others could access all necessary services during the entire Olympic and Paralympic Games, as well as in the process of preparing for them. At the same time, access was not limited to any network segments (unless it was required by security policies) or device types — Cisco ISE allowed you to receive secure wireless access when sportsmen were brought from the Olympic Village to sports events (Wi-Fi was deployed on buses) while journalists are working at the press center and at sports events themselves from their personal devices. The total number of unique devices (without visitors) connected to the infrastructure of the Olympic Games and managed using Cisco ISE exceeded 235 thousand by the end of the games (27 thousand devices were connected to the infrastructure at its peak during the closing ceremony of the Olympic Games in Rio):



The closing ceremony of the Olympic Games in Cisco ISE



For detection of attacks on the perimeter and inside the network, the Cisco Firepower NGIPS intrusion prevention system, the Cisco OpenDNS DNS threat monitoring system, and the Netflow-based anomaly neutralization system - Cisco Stealthwatch were responsible. At the same time, the last of the mentioned solutions monitored the virtual infrastructure in the primary and backup data centers of the Olympic infrastructure. Each of the mentioned solutions used network traffic as a source of data, but from different points of view, which made it possible to ensure the principle of echeloned defense and to prevent the penetration of attacks inside the Olympic network infrastructure.



An interesting experience was gained when using Cisco OpenDNS Umbrella, the task of which was to monitor DNS requests from the Olympic infrastructure and cut off everything that was associated with malicious activity:





We managed to implement Cisco OpenDNS Umbrella throughout the infrastructure in just 2 (!) Hours 2 days before the opening ceremony of the Games and already during its operation this service passed 22 million DNS requests through itself daily and 23 thousand of them blocked due to harmfulness.



Of the other interesting numbers that we could share, I would call the following:







Opening ceremony of the Olympic Games in security events



These were for us the Olympic Games in Brazil in 2016. We have strengthened our competence in the field of mass sports protection and are planning to re-apply our experience at the games in Japan in 2020. It is already known that Japan plans to spend more than $ 190 million on this area, considering it as one of its priorities. Well, Cisco is ready to help this International Olympic Committee and Atos, the official provider of IT services for the Olympic Games.

Source: https://habr.com/ru/post/312140/



All Articles