FY-2006 Networking and Security Engineering and Operations NASA Task TM: Richard Kurak

Transcription

1 FY-2006 Task A-03: Netwrking and Security Engineering and Operatins NASA Task TM: Richard Kurak Task Summary: The Office f Chief Infrmatin Office (OCIO) is respnsible fr prviding ttal cmmunicatins capabilities (vice, vide, and data) fr NASA GRC, and fr prviding nging supprt t varius cmputer and cmmunicatins research prgrams at GRC and thrughut the Agency. Within OCIO, the Netwrking and Security Branch is respnsible fr the entire life cycle f all GRC cmmunicatins systems and fr keeping GRC at the "bleeding edge" f advanced netwrk technlgy. The intent f this task is t prvide netwrk security supprt t the Netwrking and Security Branch in accmplishing its multifaceted missin. Currently, netwrk security supprt persnnel use a hst f IT hardware and sftware t preserve the integrity f the netwrk. Hardware includes: Sun Wrkstatins/Servers, Intel Wrkstatins/Servers, Cisc ruters, switches, Ethernet hubs, and cncentratrs. Sftware includes: Sun Slaris, Linux, Windws, Berkeley Internet Name Dmain (BIND), Sendmail, Apache Web Server, CiscWrks, CiscSecure, Netwrk Intrusin Detectin, Prxy-based Firewalls, Intrusin Detectin, Hacker deceptin tls, Secure Shell (SSH), Kerbers, and Secure Sckets Layer. Thse supprting this task currently maintain servers in the internal security services netwrk as well as distributed acrss the enterprise fr varius security purpses.

2 Subtask A-03.01: Netwrking and Security Engineering Descriptin NASA TM: Richard Kurak Fiscal Year f Wrk: 2006 Funding Organizatin: VIE and Operatins Overall Objectives: Team PACE will prvide engineering, implementatin, administratin, analysis and ther daily supprt in the area f Center wide area and lcal area netwrking as well as Center security systems deplyment and supprt. Operatins will fcus n meeting the security and netwrking requirements f the Center while maintaining a highly available and reliable netwrk infrastructure. Team PACE will maintain a secured, available, and reliable IT infrastructure as apprved by the Gvernment. Specific Wrk Requirements: The Team will perfrm the fllwing duties during the executin f this task:. Operate and maintain the GRC netwrk security envirnment while ensuring that the firewall system is peratinal 24 hurs per day, 7 days per week. This includes the system administratin and peratin f all machines and sftware within the firewall including the web prxy server as well as thse used t mnitr netwrk traffic.. Operate and manage the GRC netwrk gateway. Manage all access t the ESN and implementatin f hsts and systems n the GRC External Services Netwrk (ESN).. Operate and maintain an ESN web hsting service fr GRC users. Prvide netwrk prts and access t the ESN as requested and apprved.. Operate and maintain the brder ruters, switches, and interfaces t the Agency and public netwrks. This includes ruting prtcl cnfiguratin redundant links.. Operate and manage the GRC Remte Access Infrastructure fr ur. Administer the GRC VPN services (currently Juniper SSL VPN and InfExpress VTCP). Transitin all VPN users t the SSL VPN.. Admininster the GRS SSH prxy service.. Admininster the ACE ServerslSecurID systems..wrk with NASA t meet changing requirements. Prpse, test, and implement enhancements fr. NASA design specificatins and IT Security Plicies, and recmmend slutins and implement them upn apprval f the gvernment. (The element requires that the resurces are available frm the gvernment fr the labr and equipment required in these endeavrs).. Identify equipment/sftware/services necessary fr NASA GRC, and with apprpriate gvernment apprval, btain qutes frm vendrs, prcure, and deliver necessary prducts t NASA GRC.. Implement and maintain a data and systems backup slutin t prvide rapid recvery f applicable Netwrking and Security infrastructure. Mnitr critical lgs fr abnrmal activity and threat. -. Autmated daily summary reprts will be generated where available and distributed t the apprpriate cntractr and gvernment persnnel. Reprts t GRC will be prvided. when threats are nticed as well as the apprpriate external parties. Prvide data/lgs r a secure interface t the infrmatin in respnse t requests frm apprpriate parties.. Prvide requested technical dcumentatin fr existing and future netwrk security system designs..keep abreast f latest security threats and respnd t any threats t the GRC netwrk 24 hurs a day, 7 days per week and take the apprpriate actins t ntify the designated gvernment emplyee f threats, (.

3 then take the necessary steps t prevent further damage r intrusin. Actins shuld be initiated within 6 hurs f discvery.. Cnduct frensic investigatins f suspected IT Security incidents under the authrity f the Center's IT Security. Manager r GRC Incident Respnse Crdinatr. This may include, but is nt limited t, the fllwing: mnitring the netwrk, examining and mirrring hard drive files, examining files, reviewing netwrk and firewall lgs, discnnecting users' cmputers frm the netwrk, dcumenting the IT Security investigatin, and prviding testimny if required. The gvernment will dcument the bjective investigative tasks requireci f the technical persnnel. Excluded frm this task are any IT Security incidents categrized by the gvernment as within the geme f cmputer and systems mis-use. Prvi~e system lgs related t misuse cases after apprval f the cntractr team lead and in a timeframe as resurces permit Limited netcntext system administratin.. Vulerability scanning and reprts t meet the Agency Quarterly scam:iing requirements. This will cnsist f mnthly scans f the Agency list and a quarterly reprt.. As resurces permit r as funded directly by the custmer, wrk with GRC users and custmers t prvide risk mitigated slutins that m~et their requirements and maintain the security f NASA GRC. Citrix server applicatin hsting and user management.. VMWare systems management and virtual hst implementatin.. Helpdesk Security queue mnitring and dispsitin.. ODIN Remedy Queue supprt fr users interacting with Netwrk Security systems.. Prvide netwrk security supprt in the frm f the elements listed belw t the Telescience supprt. center (TSC) and as agreed upn between OCIOrrsc resurces allwed. management and the cntractr and within the. Assist in the cnfiguratin and maintanence f the TSC firewalls.. Cnfigure and maintain VPN hardware/sftware (currently Infexpress VPN sftware) and us~r database.. Assist in maintaining the TSC firewall equipment in building 322 (currently includes: 2 - Cisc 2924 switches, 3 - Sun Ultra's). Sftware and hardware supprt cntracts are the respnsibility f the TSC r TSC's cntractr.. Trublesht, diagnse, and supprt cnnectivity thrugh the firewall fr TSC IF traffic.. Prvide netwrk security engineering supprt and advice. Advise f risks and suggest alternatives fr traffic that pses a threat t either the TSC missin netwrk r the GRC ~ampus.. Attend meetings that are relevant t the wrk elements listed abve as needed. Adhere t TSC change cntrl requirements, prcedures, and prcesses. Additinal effrts as funded and requeste~:.".sseb Netwrking, Security, and Supprt. Assist in netwrk engineering, testing, and implementatin f SSEB netwrking r islatin netwrk.. Extend and supprt a temprary VIP netwrk n the ESN (LCNS Cnference)

4 . Engineering, cnfiguratin, testing, and supprt f the VIP netwrk fr the LCNS Includes cnfiguratin f External Services Netwrk t include a VLAN fr the VIP(LCNS) netwrk, additinal prts and switches cnfigured Crdinatin with the GNOC"andOCIO mgmt. Implementatin f a Linux DHCP server n a virtual machine Cnfig~atin f a samba (Windws file sharing) server fr file strage n the Linux bx Administratin and patching f the server. Trubleshting and diagnsis f the abve cmpnents. Clean up r remval f hardware and cnfiguratin at cmpletin. Attendance at meetings and availability during the cnference. VPN Embedded System Design and Deplyment Build a slid-state, embedded Seekris system t supprt visitr r guest netwrking needs frm GRC lcatins that can nt utilize fiber t the ESN r Open Netwrks. Testing f the wireless netwrking End Prducts: A highly reliable and available netwrk infrasturcture and security architecture/implementatin that prtects, detects, and respnds t the IT security threats f the Center while exceeding the peratinal requirements. Assumptins:. All netwrk hardware, flfidware,and sftware is prvided by NASA GRC..All Team PACE emplyee wrkstatin equipment is prvided by NASA GRC..Travel & Training is n an "as required" basis, and funded by NASA GRC. Deliverables:. Dcuments, plans, presentatins, drawings, designs and cmments as necessary/requested.. Integratin, testing, and implementatin f upgrades/infrastructure.. Operatins, maintenance, and supprt f the security infrastructure and WAN interfaces. Custmer and user supprt t reslve issues fr thse interacting with the netwrking and security infrastructure..._--- Additinal effrts as funded and requested:. A temprary extensin fr the LCNS Cnference t service visitrs n a VIP wireless and wired netwrk

5 Sub task A-03.02: IT Security Prgram, Plicy, Audit, and Supprt NASA TM: Richard Kurak Descriptin Fiscal Year f Wrk: 2006 Funding Organizatin: VP Overall Objectives: Team will prvide engineering, implementatin, administr;itin, analysis and ther daily supprt in th~ area f IT security as well as prgram ffice supprt as it relates t custmer utreach and plans/prgrams. Team will maintain a secured IT infrastructure as apprved by the Gvernment. Specific Wrk Requirements: Team PACE will prvide engineering, implementatin, administratin, analysis and ther daily supprt in the area f IT security as well as prgram ffice supprt as it relates t custmer utreach and plans/prgrams. Team will maintain a secured IT infrastructure as apprved by the Gvernment. Track and assist GRC Organizatins in the Security Planning prcess.. Wrk with Organizatinal Cmputer Security Representatives (OCSRs) t imprve the verall security knwledge and psture f NASA GRC thrugh layered defense strategies applied t.systemswithin the GRC Netwrk Perimeter. Facilitate and/r cnduct IT security risk assessments fr GRC Organizatins, as requested Develp and maintain Center OAIT Master IT Security Plans and assciated subrdinate plans. Dcumentatin and updates as necessary t cver the stated wrk requirements. Cnfiguratin Management effrts as they relate t the Center IT Security Prgram:. Audit and analysis f Center Patchlink data.. Physical access audits f the applicable netwrking and security spaces.. Cnfiguratin templates fr wrkstatin and server cnfiguratins. (Currently the CIS templates). Respnd t data calls and review plicies frm the Agency, ther gvernment rganizatins, and civilian authrities.. Cnduct security reviews Perfrm security cntrls audits. Perfrm analysis ffisma, NPR, NIST, r ther applicable dcuments r standards. Supprt the implementatin and administratin f the IT Security prgram at NASA GRC End Prducts: A team that prvides the fundatin fr successin the plans, prgrams, and custmer utreach activities f the IT Security Prgram Office. Assumptins:. All netwrk hardware, firmware, and sftware t cmplete the necessary tasking is prvided by NASA GRC. All Team emplyee wrkstatin equipment is prvided by NASA GRC.. Travel & Training is n an "as required" basis, and funded applied separately by NASA GRC.