IPI project management worked with Lam IT management to obtain user buy-in and orchestrate a smooth solution to deployment. Since solution implementation, Lam has experienced no denials of service or unplanned downtime due to malicious or inadvertent intrusions.
Denial of Service Attack Leads to Security Solution: Implementing Access Control

Background

  • Lam Research (founding member of CapOne Source Alliance) is recognized as a leading supplier of wafer fabrication equipment to the worldwide semiconductor industry.
  • Historically, Lam’s “trusted” network permitted access to a variety of users including, Lam employees, business partners, and guests.
  • After users were authenticated in the network’s single domain, their ability to access key computing resources had few restrictions.
  • Over the years, Lam outsourced most corporate functions—HR, facilities management, finance, telecommunications, security, and data center operations—extending potential access to vital intellectual property across a steadily increasing pool of users.
  • Access control lists and passwords appeared to provide adequate security, but there was concern that a test application in the company labs could deploy a harmful application company-wide or that guest access could propagate a virus.
  • Remote users, both Lam and non-Lam, could log onto the network via multiple access points, exposing the company to harm.
  • Industry Best Practices—to which Lam was committed—mandated enhanced security.
  • A virus attack in 2003 highlighted concerns for business continuity and demonstrated the need for stronger security measures.

Challenge

  • Prevent unauthenticated devices, such as printers, unauthorized hubs, and rogue devices from accessing the network while meeting the lab’s need for a flexible development environment.
  • Stage deployment to minimize disruption to users and business operations.
  • Develop a clear understanding of network access requirements for Lam business partners.
  • Devise a solution that business partnership owners would buy into.
  • Analyze the cross-functional impact to the existing infrastructure and other IT projects.

Solution

An IPI team of experts performed the following services for the client:

  •  Minimized the potentially harmful impact of remote users by requiring them to access the Lam network through key gateways.
  • Created virtual LANS (VLANs) that categorize users and machines into separate logical communities—business users, lab, and guests.
  •  Implemented an 802.1x-based solution that provides controlled access to network layers, rather than to a single network domain, and effectively addressed loss prevention.
  • Restricted guest users to Internet access only.
  • Placed robust virus controls between user communities and Lam network resources.

Results

  •   User computing devices are automatically assigned to the appropriate VLAN upon access.
  •   Devices requesting access are issued a certificate in advance or access is not permitted.
  •   IPI project management worked with Lam IT management to obtain user buy-in and orchestrate a smooth solution to deployment.
  •   Since solution implementation, Lam has experienced no denials of service or unplanned downtime due to malicious or inadvertent intrusions.