TS-301 Case Project Shaun DeRosa



Similar documents
Ovation Security Center Data Sheet

Chapter 9 Firewalls and Intrusion Prevention Systems

Security Policy JUNE 1, SalesNOW. Security Policy v v

Tk20 Network Infrastructure

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

74% 96 Action Items. Compliance

Introduction of Intrusion Detection Systems

Information Technology Security Procedures

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Small Business Server Part 2

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Altus UC Security Overview

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Architecture Overview

Ovation Security Center Data Sheet

MANAGED SECURITY SERVICES

Multi-Homing Dual WAN Firewall Router

INTRODUCTION TO FIREWALL SECURITY

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

SITECATALYST SECURITY

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

SonicWALL PCI 1.1 Implementation Guide

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

IBM. Vulnerability scanning and best practices

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Best Practices For Department Server and Enterprise System Checklist

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

CMPT 471 Networking II

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Lesson 5: Network perimeter security

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Service Descriptions

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

SSL-VPN 200 Getting Started Guide

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewalls, Tunnels, and Network Intrusion Detection

8. Firewall Design & Implementation

Firewall Firewall August, 2003

Setting Up Scan to SMB on TaskALFA series MFP s.

Sage ERP Accpac Online

Sage 300 ERP Online. Mac Resource Guide. (Formerly Sage ERP Accpac Online) Updated June 1, Page 1

How To Manage Your Information Systems At Aerosoft.Com

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Figure 41-1 IP Filter Rules

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Managed Services Agreement. Hilliard Office Solutions, Ltd. PO Box Phone: Midland, Texas Fax:

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

INTRUSION DETECTION SYSTEMS and Network Security

Cisco IPS Tuning Overview

Lab Configuring Access Policies and DMZ Settings

Networking for Caribbean Development

Step-by-Step Configuration

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library

Network & Information Security Policy

McAfee.com Personal Firewall

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

H.I.P.A.A. Compliance Made Easy Products and Services

F-SECURE MESSAGING SECURITY GATEWAY

Achieving PCI-Compliance through Cyberoam

FIREWALL POLICY November 2006 TNS POL - 008

Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

PROTECTING NETWORKS WITH FIREWALLS

Technical Glossary from Frontier

Payment Card Industry Self-Assessment Questionnaire

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

How To Protect Your Data From Being Stolen

RuggedCom Solutions for

1B1 SECURITY RESPONSIBILITY

Chapter 3 Security and Firewall Protection

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Client Security Risk Assessment Questionnaire

Overview of WebMux Load Balancer and Live Communications Server 2005

Password Reset PRO INSTALLATION GUIDE

Inter Tribal Council of Arizona STARS Project

Retention & Destruction

This chapter covers the following topics:

Computer Security Maintenance Information and Self-Check Activities

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Recommended IP Telephony Architecture

Global Partner Management Notice

Network Terminology Review

Security Policy for External Customers

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Managed Service Plans

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

CTS2134 Introduction to Networking. Module Network Security

Firewalls. Ahmad Almulhem March 10, 2012

Firewalls and Network Defence

ADM:49 DPS POLICY MANUAL Page 1 of 5

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

Transcription:

TS-301 Case Project Shaun DeRosa

Case Project 1-1: Defining and Designing a etwork Inventory: 6-24 port 10/100 es 3 - Firewalls to protect Accounting and Payroll/Order Proc., Research and Development and the LAN 1 - Router for Internet connection 500 - CAT6 UTP cable with terminations 6 s (one for each switch) 6 - servers running MS Server 2003 - Web/FTP (outside firewall) - E-commerce (outside firewall) - e-mail server - application server - database server - management server with monitor, keyboard and mouse 62 - computers running MS Windows XP Pro SP2 with monitor, keyboard and mouse -Accounting and Payroll: - 4 computers with payroll software, accounting package, MS Office and anti-virus suite -Order Processing - 4 computers with POS software, inventory control, MS Office and antivirus suite -Sales and Marketing - 10 computers with MS Office, anti-virus suite and access to inventory control software -Research and Development - 12 computers with development suite (rendering engine, debugger, compiler, etc.) and anti-virus suite -Shipping and Receiving - 10 computers with Fed-Ex and UPS direct connect software, anti-virus suite and MS Office -Office Management - 4 computers with anti-virus suite and MS Office -Upper Management - 10 computers with anti-virus suite and MS Office -Customer Relations and Support - 6 computers with anti-virus suite, MS Office and Virtual PC -Tech Support - 2 computers with anti-virus suite and Virtual PC

Case Project 2-1: Conducting Risk Assessment and Analysis Process Priority Departments Asset Used Web Sales Necessary - Order Processing - Shipping and Receiving - Sales and Marketing - ISP - Server (2) - Router - Firewall Accounts Receivable Critical - Accounting and Payroll - Order Processing Shipping Critical - Shipping and Receiving Tech support Necessary - Customer Relations and Support Receiving Desirable - Shipping and Receiving Order processing Product Development Critical Desirable - Order Processing - Shipping and Receiving - Accounting and Payroll - Research and Development Accounts Payable Critical - Accounting and Payroll Central Management - Workstation (8) -24 port 10/100 -Firewall - Workstation (10) - 24 port 10/100 -Workstation (10) - 24 port 10/100 - Workstation (10) - 24 port 10/100 -Workstation (18) -24 port 10/100 (2) (2) - firewall - Workstation (12) - 24 port 10/100 - firewall - Workstation (4) - 24 port 10/100 - firewall -network printer Necessary - Administrative - Workstation (12) -24 port 10/100 - Server (4)

Asset Location/Detail Appox. Value 24 port 10/100 switch (6) Throughout office $325.00 x 6 units Firewall (3) Server room $460.00 x 3 units Router (1) Server Room $1300.00 CAT6 UTP cable (500 ) Throughout office $100.00 Network printer (6) Throughout office $600.00 x 6 units Servers (6) Server room $2500.00 x 6 units Workstations (62) Throughout office $1500.00 x 62 units Electricity ISP Threat Possibility of Assets Affected Consequences Occurrence Act of Nature (rain, snow, fire, 5 All Severe earthquake) Structure collapse/explosion 2 All Catastrophic Unauthorized intrusion 10 - firewall (3) Moderate (external/internal) - router - servers (6) - workstations (62) Complete power outage 7 All Severe Climate control failure 8 - servers (4) Severe Mechanical failure (plumbing, 6 All Severe fire suppression, etc.) Hardware failure 8 - workstations - router - server Insignificant Case Project 3-1: Mapping Risk Analysis to a Security Policy 1. With the website coming online it is important to be sure all current security patches are installed as well as current virus signatures. 2. The employees who were laid off should have their user accounts deactivated as soon as possible to avoid any chance of them using the accounts to do harm to the network. 3. The security policy should include requirements for encryption and strong password protection policies on all computers that contain company data off-site.

Case Project 4-2: Researching Security Products Tool Comparison Chart Instructions Look over the examples in the following chart, and then simply run a Google search on log file analysis tools. You might want to revise your search terms to get more specific results. Visit several pages, and enter the information here. (More rows can be added as needed.) You can customize your search to look for specific tools, such as log file analysis tools for Snort, Apache Web Server, IIS, or any other tool you have integrated into your design. Remember that you re looking for tools to use on your network design from Chapter 1. If a tool isn t compatible with the Windows environment and you have designed an exclusively Windows-compatible network, the tool won t be much use to you. If you already know you have an Apache Web server, a tool specifically for Apache is great, but a tool that s compatible with Apache as well as other platforms is better. Those are the rules. Now go have some fun researching tools! Hint: You might want to customize this form for use on other product searches or perhaps find another tool comparison chart that gives more information. If so, remember to cite your sources and attach those pages. Tool Vendor Cost Notes Location Compatibility Updating AWStats Sourceforge Free (open source) Offers log file analysis of Web, e- mail, and some FTP servers. GUI or commandline interface; requires Perl version http://awstats.sourceforge.net All platforms Manual to new versions; plug-ins available to expand features Squid Multi Varied Listing of multiple tools and add-ons for Squid scripts Web log analyzers, traffic analyzers, access, and more. www.squid-cache.org/scripts/ Multi/varied Varied

Logrep Itef!x Open source SSH, low overhead on clients, HTML reports logrep (Tip: If the actual address is too long, type an identifying name, and insert a hyperlink. Select the text, click Insert, Hyperlink from the menu, and paste the address into the file or Web page address box or select the page from the list of recently used links. You can also browse for the file or link.) Multi/varied Manual reinstall of new versions Sawmill Flowerfire $99 - $30000 hierarchical log analysis tool, extremely flexible and easy to implement http://www.sawmill.net/ All Platforms Manually re-install new versions as they become available. FastStats Mach 5 $199.95/license Extremely fast http://www.mach5.com/ Varied Manual ELM Log Manager TNT varied Data stored in MS SQL database TNT ELM Log Manager Windows Server Manual W3 Perl Varied Open source Works with many types of servers and log files http://www.w3perl.com/softs/ Varied Manual Case Project 5-1: Planning Remote Access 25 users and 2 vendors is a relatively small group of clients and as such it is unnecessary to spend a large amount of money of hardware and software for this application. 1. SONICWALL SSL VPN 200 5 x 10/100 Ethernet VPN at $445.00 is good choice for our needs based on cost and features. The unit installs seamlessly behind the firewall and client software is provided. Implementation should be clean and simple. 2. Once the employee is initially trained on how to use the client software additional training and costs should be minimal. 3. The appliance will be installed on the network while the business is closed so as to avoid any possible down time that would affect normal business. Once the appliance is installed and working correctly each client will be tested after the client software is installed but before the machine is issued to a user.

4. The unit will simply be added to the network directly behind the firewall and in front of the LAN. Case Project 6-1: Implementing Your Remote Access Solution 1. The only thing that has changed is the addition of a VPN appliance behind the first firewall. Asset Threat Risk Recommendations Sonicwall VPN appliance - attacks attempting unauthorized access to the LAN - fire / flood - high risk - negligible risk Adjust firewall settings and rule base to ensure security, place the appliance with the servers in the locked server room, be sure the server room has fire suppression rated for electronics (ie: not water) 3. The section in the security policy that refers to remote access and acceptable use both need to be revised to account for the change in the network structure. 4. Memo: Now that a VPN appliance has been added to the network additional care must be taken to ensure the security of the network. Users with VPN clients who connect from remote locations must take extra care to ensure the physical safety of their machine. In addition all remote users should take extra care to maintain proper password policies to further secure the data on the client machine. 5. Vendors: LedGrafix has taken steps to allow remote access to our network for your use. We have taken additional steps to reassess and revise our security policies to reflect the change in our network. We expect you to take responsibility of ensuring that our data is kept secure through your own security policies regarding access of our network. Case Project 7-3: Designing an IDS for LedGrafix 1. The goal of the IDS is to provide adequate traffic logging on all segments of the network. The IDS also needs to be able to adapt and change with the network, scalability is important. Sensors will be deployed between each department (ie: shipping and receiving) and the main backbone of the network. These sensors will provide adequate traffic logging for the departments and workstations,

7. The IDS administrative program will be installed on the management server reducing the cost of a dedicated IDS server. 8. Seven sensors will be used and the management server will receive the NIDS administrative software. 9. The best NIDS for our particular application is SNORT. Free, highly scalable and with a track record and abundant support it makes a perfect candidate for LedGrafix. 10. Snort offers real time packet analysis as well as traffic logging and analysis; this negates the need for additional logging analysis software. 11. By subscribing to Sourcefire VRT Certified Rules we will automatically receive rulesets in real time keeping our IDS up to date. 12. SNORT.org offers a wealth of information as well as a community of users exchanging information. Along with the annual subscription to Sourcefire, LedGraix will receive professional product support and updates. Case Project 8-4: Designing an Incident Response Strategy SIRT Member Department Assets Help Desk Tech Customer relations and support Direct link with customers, daily experience with current issues customers are having, relates to the common employee. Accountant Accounting and Payroll Familiar with the company s fiscal situation and the impact a breech could have on the company financially. Game developer Research and Development Familiar with the primary product and can help identify any damage that may have been done to the product itself. Network Administrator Administrative Can help pinpoint the access point of an attacker, identify the type of attack and possible targets and suggest changes that can be made to avoid the same problem in the future. Human Resource Manager Accounting and Payroll Can help notify personnel

of any loss of function in the network, can also be the direct link between the SIRT team and employees, deciding what information is to be shared with whom. First Team Meeting agenda: Discuss what each member of the team brings to the table, what their capabilities inside the company are and how they can be an important part of the SIRT team. Using an anonymous paper vote select a team leader based on the information shared in the beginning of the meeting. Begin designing a plan by identifying needs and roles needing to be filled in the event of an attack. Once the plan is hatched out, assign responsibilities and roles to each member based on their qualifications and place within the company. Discuss what the response from the SIRT team will be in case of an attack so everyone is on the same page should an attack occur and can act without delay knowing what he other team members are doing. Initial Response checklist: Step Action Explanation Notification Is it IDS, Anti-Virus or How were you alerted? human notification? SIRT involvement Should SIRT be notified? Decide if the notification warrants SIRT response. Personnel Who should be notified specifically? If SIRT is warranted, which SIRT member do you notify, if SIRT is not needed is there anyone else who should be made aware? Assessment of threat Who assess the threat? Can this be assessed yourself or should the threat be passed up the ladder and escalated? Response What will be the response to the threat? If handled alone what will you do to handle the threat? If escalated, what are your responsibilities after handing it off to an upper level responder? Recovery How will you recover? What will be necessary to fully recover from the threat? What needs to be documented?

Forensics Are forensic steps needed? Does the threat warrant the need for forensic investigation? If so what is the next step in contacting the proper personnel to conduct the forensic investigation? Meeting with Jon Smith: Discuss the Security Policy and his role in keeping it updated and maintained. Discuss the methods used to develop each portion of the Security Policy and answer any questions he may have. Explain the concepts of risk analysis cycles and awareness training so he can implement these tools in the future. Be sure he has no questions regarding Security Policy maintenance before leaving. Case Project 9-2: Designing a Perimeter etwork for LedGrafix Application or Service Vulnerabilities Solution HTTP Malicious scripts, malware IDS, firewall FTP port scanning, malware IDS, firewall SMTP Malware IDS, firewall POP3 Malware IDS, firewall TCP Fragmentation abuse, IP header tampering, illegal flags, false port or protocol headers IDS, packet filtering Application or Service Internal Host Location Host Security Policy HTTP Windows Any Antivirus, security patches FTP Windows Any Antivirus, Firewall Internal Security Policy permit permit Firewall External Security Policy With user authentication Deny user groups SMTP Windows DMZ Server permit With user authentication POP3 Windows DMZ Server permit deny Future Web Server Windows DMZ Server permit Permit

IP list: LAN 192.168.200.0 thru 192.168.200.255 Firewall 192.168.200.1 E-mail server 192168.200.2 Web server 192.168.200.3 DNS server 192.68.200.4 FTP server 192.168.200.5 Rule Source IP Source Destination Destination Action port IP port 1 any any 192.168.200.1 any Deny 2 192.168.200.0 any 192.168.200.2 110 Allow to 192.168.200.255 3 any any 192.168.200.2 25 Allow 4 192.168.200.0 any 192.168.200.4 53 Allow to 192.168.200.25 5 any any 192.168.200.3 80 Allow 6 any any 192.168.200.5 any Allow 7 any any any any Deny Expansion can be accomplished using a subnet for the future web and e-commerce servers. Additional rules would need to be made on the new firewall to account for them when they are on-line. In addition to the two servers needed, another IDS sensor and firewall will help keep traffic flowing smoothly. Case Project 10-1: Designing a Test Methodology for the LedGrafix etwork What to test: VPN (remote access) o Be sure remote clients can access the resources they are meant to access and no more. o Be sure the user is aware of security practices when taking a client machine off-site. IDS o Be sure all sensors are running correctly and are sending the proper alerts to the proper machine. o Check log files for redundant entries and unnecessary ones. o Be sure the rule base is still up to date and is not longer than it needs to be. o Attempt to gain access from an external machine that is not an authorized VPN client. Check the logs to be sure the proper alerts went off. Workstations o Be sure the workstations in each department have access to the network resources they are supposed to. (ie. Network printers, server, etc)

o Be sure all workstations have up to date security patches and antivirus signatures. Physical Security o Check to be sure the server room is secured with working locks or other means of physical security. o Be sure the server room has proper environmental controls working to keep temperature and airflow where they should be for optimal performance and longevity. Original Configuration Change ew Configuration Test Performed Result Solution if ecessary

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information