Los Alamos County shores up security

Los Alamos County, New Mexico

Security within the Los Alamos (N.M.) County's information technology department wasn't quite up to par when systems manager Laura Gonzales came on board three years ago.

It was common practice to share passwords among her 16-member IT staff to enter systems, and when something did go wrong with the county's information systems, it was difficult to find who was responsible. On one occasion, the system went down for about 30 minutes, and "there was no way to know who caused it," she said.

Although she voiced her concern to the county's independent auditor, attention shifted toward battling destructive wildfires in 2000. After "getting things normalized," Gonzales focused on improving security for the Unix-based network server.

One concern was limiting the number of users who had access to critical systems. After researching security and access authorization technologies, she said she settled on California-based Symark Software's PowerBroker software, which sits on top of the servers and enables system administrators to assign administrative privileges and authorization without disclosing the root password.

The software also allows a system administrator to enforce polices across a heterogeneous network from a single machine and provides a comprehensive audit trail, by logging a person's use keystroke by keystroke, she said. The department also instituted new policies across the board regarding operations and access.

"They know the accountability is three and things don't tend to happen anymore," Gonzales said. "People come back and say, 'I have this problem.' You don't need to be reactive."

She said while security has become a high priority nationally, local governments are still not doing enough to boost defenses.

Since the well-renowned federal Los Alamos National Laboratory is located within the county, she said her government is keenly aware of its vulnerabilities. "People automatically look at it as a target because of the labs and national security," she said, adding that they are continually trying to improve all facets of information security.

"I would say more and more counties are becoming aware of [security]," Gonzales said. "They may not be quite aware of it as we are."