Deep inside the Finance Ministry's electric dungeon and security secrets

Snort, squid and Tehila
26.9.06 | 09:36 By Lior Haner haaretz themarker
Deep inside the Finance Ministry's electric dungeon and security secrets


The Israeli government's Tehila project is responsible not only for building the gov.il payments portal, but also serves as the government's Internet service provider (ISP). It is impossible to prevent all security breach attempts, and when the information being safeguarded belongs to the Israeli government, the responsibility is tremendous.


Down a side corridor on the ground floor of the Finance Ministry building is a large, but inconspicuous unmarked brown door. The stairwell beyond this door houses several flights of stairs leading down to a small anteroom with a white door. Beyond this white door is another small room, crowded with computer towers connected to one another with a tangle of cables.


"We have 500 servers here," says Boaz Dolev, director of the Tehila project at the accountant general's department at the Finance Ministry, shouting over the din from all the fans and air conditioners required to cool the computers, and even so the room is warm. "All the government offices have just one exit to the Internet, via these servers. We began discussing the government's use of the Internet back in 1997 but at that point we received approval for Internet access to individual, separate computers. We wanted the computers used by government ministry workers to have Internet access from their desktops all the time."


The debate over how this would be accomplished lasted six months, but finally Dolev and Itzik Cohen, head of computing at the accountant general's department gained the upper hand.


Recent advancements in the government ministries' attitude toward the Internet include the launching three years ago of the government portal, in the framework of the Tehila "accessible government" project. When such extensive Internet infrastructure is being built, including information and payment systems, the security risks are substantial.


Risks of Internet


"No one will tell you there are no risks involved in offering services via the Internet," says Dolev, while in the same breath offering assurances that the chances of computer fraud are slim, since risk in the government's payments system is that someone might use a stolen credit card, and this can be traced easily.


Dolev notes that the ministry's sites face a greater risk from cyber attacks, e-mail assaults or server overloads, and from the theft of data. To prevent such attacks, Tehila uses security services from big companies like Check Point, which was the first partner to be brought into the project and which provides the firewall for data communication.


Tehila's virus protection is provided by Aladdin Knowledge Systems and Trend Micro, while the hardware is purchased from big companies such as HP, IBM, RAD Bynet, and Netcom Systems. Even so, since the security field is complicated and requires supplementary services, a few surprising open-code tools are used.


Snort network breach-detection software and Squid, a proxy server that separates the data serves and the computers that are hooked up to the Internet, are two tools developed by the open code community, meaning they do not require a user license.


Dolev relates that the site visited most by hackers is mossad.gov.il.


"That is one site that actually has no link to crucial information," says Dolev, "but rather only public relations information and data on employee recruitment."


While no information has been stolen from the mossad's information system, some National Insurance Institute employees have been arrested on suspicion of selling confidential information to private investigators. This alerted Dolev and his team to the need for systems that not only track external infiltration attempts, but also the movement of information within the system.


In addition to a team of eight systems analysts who oversee the maintenance and development of the Tehila project, 17 computer science students monitor the systems 24 hours a day.


The CRET


Another aspect of Tehila is the CRET (Computer Emergency Response Team), which coordinates its efforts and shares information with other CRETs around the world in identifying and combating Internet security breaches.


"ISPs in Israel could learn from our experience, but it is no small task to build an information sharing mechanism in the security world," says Dolev. "Everyone conceals data, particularly concerning [Internet security systems] failures."


Dolev notes that there are several systems security bodies in the United States that share information with Tehila's CRET, but most of them are associated with universities, rather than government bodies. "We are far more exposed than other Israeli Internet sites, and also disclose information on this subject," continues Dolev, adding that next month he will contact Israeli ISPs regarding joining Tehila's CRET.