Security Plan

Security Plan Scenario : Widget Warehouse is a medium sized e-commerce company that supports 200 customers daily. The student has been hired to assist in the development of a new security policy. An assignment has been received to analyse the current network of Widget Warehouse. The Widget Warehouse network is comprised of an intranet with 200 users, and a public Web server that processes the company e-commerce traffic. The internal network is logically divided into an information technology (IT) department branch, an accounting branch, a customer service branch, a sales branch, and an inventory branch. Step 1 Create a list of various attack intruders: a. The IT department for Widget Warehouse has a general understanding of security but they are very inexperienced with the various attacks an intruder can use to exploit their network resources. Create a list of various attacks intruders can use maliciously against the Widget Warehouse network. Also, provide a brief description of possible attacks, including their purpose. Attack Name Attack Description Brute force attack This attack uses a specific character set (such as A-Z, 0-9) and computes the hash for every possible password made up of those characters. Eavesdropping When an attacker is eavesdropping on our communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, our data can be read by others as it traverses the network. Denial-of-Service Attack The denial-of-service attack prevents normal use of your computer or network by valid users. After gaining access to the network the attacker can send invalid data to applications or network services, which causes abnormal termination or behaviour of the applications or services, attacker can flood a computer or the entire network with traffic until a shutdown occurs because of the overload, attacker can Block traffic, which may result in loss of access our network resources by the users. Data Modification After an attacker has read our data, the next logical step is to alter it. An attacker can modify the data in the packet without the knowledge of the sender or receiver. Even if we do not require confidentiality for all communications or we do not want any of the messages to be modified in transit. For example, if one is exchanging purchase requisitions, he does not want the items, amounts, or billing information to be modified. Identity Spoofing (IP Address Spoofing) Most networks and operating systems use the IP address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to be falsely assumed— identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet. After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data. Password-Based Attacks A common denominator of most operating system and network security plans is password-based access control. Thus the access rights to a computer and network resources are determined by the person, the user name and the password. Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user. Sniffer Attack A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunnelled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key. Man-in-the-Middle Attack The man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data. Trojan horses and worms Trojan horses are often associated with viruses which are they are dangerous programs that masquerade as benign programs. Step 2 Make a List of Security Requirements: a. One of the first steps in creating a security policy is gathering the requirements for the company. Create a list of questions to ask the Widget Warehouse executives, in order to better understand their security requirements and business goals. 1. Widget Warehouse requirements: a) What are the specifications required for the network operation? b) What access controls are needed to be applied on the users? c) Which departments are needed to be interconnected? d) What are the login policies and to which extent are they needed to be applied? (day, time range etc) e) A list of various applications which are required for the different branches? f) To what extent the policies are to be applied on the users? g) How group policies should be applied on the server which allows the users to access information? h) What are the policies to be implied on the web access? i) Specifications of file policies to all the users? j) What are the password policies needed to be applied on the users? Step 3 Identify Security Implementation Options a. Based on the questions, it is discovered that mission-critical information is passed between remote departments in the company over the LAN and the Internet. What security implementation could be used to keep this information out of unauthorized hands? Provide a brief explanation with each answer. Company will have the information about their employees, customers, products, sales, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. In the company one department is needed to access the information of another department. We should maintain a firewall to the server. And we have to give the access between the departments where it is required. Authorization: Authorization addresses the question: what can you do? It is the process that governs the resources and operations that the authenticated client is permitted to access. Resources include files, databases, tables, rows, and so on, together with system-level resources such as registry keys and configuration data. Operations include performing transactions such as purchasing a product, transferring money from one account to another, or increasing a customers credit rating. Virtual Private Network ‘VPN One of the most important solutions to viruses and hackers threats is VPN [4] that makes the network between companies and users secured; it is also authenticated and encrypted for security. VPNs provide the ability for two offices to communicate with each other in such a way that it looks like theyre directly connected over a private leased line. Basically, a VPN is a private network that uses a public network usually the Internet to connect remote sites or users together. Instead of using a dedicated, real world connection such as leased line, a VPN [11] uses virtual connections routed through the Internet from the companys private network to the remote site or employee. IPSec: IPSec [3] is defined as a set of standards that verifies, authenticates, and encrypts data at the IP packet level. It is used to provide data security for network transmissions. IPSec is a suite of protocols that allows secure, encrypted communication between two computers over an unsecured network. It has two goals: to protect IP packets, and to provide a defense against network attacks. Step 4 Create a Description of the Security Wheel a. The Widget Warehouse executives do not completely understand the continual process of security. They appear to be under the impression that once a security policy is implemented it will be sufficient for an extended period of time. Create a description of the security wheel and discuss the benefits of such a model. Sol: The network security wheel is a methodology of how the network security of an enterprise is maintained. Here the notion of ‘wheel is a depiction that says that network security is a continuous process. In other words, in order to keep the wheel rolling have a continual security policy, the security engineers in an enterprise should always maintain four steps: Step Name Step Description 1. Secure We have to secure our networks. This is the step where we implement our security solutions in the enterprise. Firewalls, authentication, encryption are included in this step 2. Monitor This is the step where we monitor our security solutions implemented in the previous step. We should monitor if a security breach exists. We can think about IDS or IPS in this stage. This step can also be used to validate our security solutions. 3. Test This is the step where the security engineers/specialists try to break their own security solutions. We can think of this step as penetration testers kind of job. 4. Improve This step is a continuation of the previous step. Once we find a breach or something that hinders employees productivity, then we can improve it here. This step may also be a good place to change our security policies. Step 5 Passive Monitoring a. The management of Widget Warehouse wishes to see some of the available options in security monitoring. As the consultant, suggest that a passive monitoring scheme may be an option they should pursue. Write a description of passive monitoring that is to be presented to Widget Warehouse management. Sol: Security monitoring focuses on the activities and condition of network traffic and network hosts. Activity monitoring is primarily performed to assess policy compliance, identify non-compliance with the institutions policies, and identify intrusions and support an effective intrusion response. Because activity monitoring is typically an operational procedure performed over time, it is capable of providing continual assurance. Through passive monitoring, a security admin can gain a thorough understanding of the networks topology: what services are available, what operating systems are in use, and what vulnerabilities may be exposed on the network. Much of this data can be gathered in an automated, non-intrusive manner through the use of standard tools, Step 6 Explain Using a Security Policy a. Explain to the IT Department how using a security policy can provide advantages to the company as a way to secure sensitive information. 1. Developing a security policy. †¢ By using a security policy, we can achieve confidentiality, integrity and availability over the network. †¢ The security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by the users of different branches. †¢ Information will be protected against unauthorised access. †¢ By using access control lists and password policies, certain important data can be protected from unauthorised users. †¢ All breaches of Information Security, actual or suspected, can be reported and investigated. †¢ Retaining confidential and proprietary information. †¢ Securing applications †¢ Assuring standardization and consistency †¢ At the network level, we can minimise the spread and impact of harmful worms †¢ and viruses. †¢ Business requirements for the availability of information and information systems will be met.