Aircraft Solutions: Security Assessment and Recommendations

Aircraft Solutions is aircraft Design Company that allows internal and external users to access its system. As a result of this, the company has made itself vulnerability to certain threats.

This paper identifies two vulnerabilities. One is the threat of data loss or data leak. The other is intrusion by way of the internet firewall. Based on the known vulnerabilities, it was recommended that the Check Point Software Blade application is used to prevent the data loss and the Check Point Power-1 appliance be used to address the firewall vulnerability.

Company Overview

Aircraft Solutions (AS) design and fabricate component products and services for companies in the electronics, commercial defense, and aerospace industry. The mission of AS is to provide the customer success through machined products and related services, and to meet cost, quality, and scheduled requirements.

Aircraft Solution uses Business Process Management (BPM) to handle end to end processes that span multiple systems and organizations. BPM system is designed to connect customers, vendors, and suppliers to share information and maintain timely business dialogue. The system is capable of handling multiple projects simultaneously across every department of the company. It is set up to manage all aspects of business operations, including accounting, human resources, sales and marketing and compliance activities concurrently.

The system administrators are responsible for selecting and installing hardware, software and related upgrades, implementing information security measures, and maintaining support to ensure the manufacturing execution system is working properly. The users at AS are employees, suppliers, and contractors who need to access the company network. System access by users at different levels of the network is set strictly on need to know basis.

The current security controls include independent anti-virus software on every workstation and server; host-based intrusion detection systems on the servers in the corporate office. Security policy requires that all firewalls and router rule sets are evaluated every two years and that all servers are backed up to network attached storage devices maintained at the server location.

Company’s Assets

The assets for AS are the Business Process Management, BPM, system and the servers used to store customer data such as project information, computer aided design and development models, and intellectual properties.

Security Vulnerability

Software

The software vulnerabilities at Aircraft Solutions range from the risk of industrial espionage to malicious hacking and other external threats. Because internal and external users have access to the system, ssecurity can be compromised by hardware and software malpractice, human error, and faulty operating environments. The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, and network outages.

Although several vulnerabilities exist within Aircraft Solutions, this paper will focus on the software vulnerability such as data theft or loss from software corruption and viruses. Software corruption, which might include damage, caused by a software diagnostic program, accounts for 13 percent of data loss incidents. Computer viruses including boot sector and file infecting viruses account for 6 percent of data loss episodes. An episode of severe data loss will result in one of two outcomes: either the data are recoverable with the assistance of a technical support person, or the data are permanently lost and must be rekeyed. A calculation of the average cost of each data loss incident must take into account both possibilities. The ability to recover data depends on the cause of the data loss episode (Smith, 2003).

Because Aircraft Solutions has valuable intellectual property, the cost of data loss can be astronomical. In fact, 17 percent of data loss incidents cannot be retrieved. It is worth noting that the value of the lost data varies widely depending on the incident and, most critically, on the amount of data lost. Should AS experience a data loss, it may take hundreds of man-hours over several weeks to recover and reconstruct. Such prolonged effort could cost a company thousands, even potentially millions, of dollars. Although it is difficult to precisely measure the intrinsic value of data, and the value of different types of data varies, several sources in the computer literature suggest that the value of 100 megabytes of data is valued at approximately $1 million, translating to $10,000 for each MB of lost data (Smith, 2003). The National Archives and Records report that 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster. 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately (Global, 2011).

Hardware

The second vulnerability that exists within the Aircraft Solutions infrastructure is firewall or routers. One such vulnerability is social engineering. Social engineering is when someone tries to gain access through social means by pretending to be a legitimate system user or administrator; thereby, tricking people into revealing secrets (Wikipedia, 2011). Industry analysts have estimated that over 90% of all computers connected to the Internet are infected with spyware. Knowing this information, the firewall within AS environment should provide the highest possible level of service while remaining cost-effective. However; failure to provide the needed protection can be quite costly. The downtime costs in the organization if the service is suspended by a denial of service attack can skyrocket to the millions. According to a survey by Symantec, they surveyed 2,100 enterprise CIOs, CISOs and IT managers from 27 countries found that 42 percent of organizations rate cyberattacks their top security issue.

Moreover, 75 percent of respondents said their organization has experienced at least a few cyberattacks in the past 12 months. And, cyberattacks cost enterprises an average of $2 million per year due to a loss of productivity, revenue and customer trust associated with such events, the survey found (Moscaritolo, 2010). Ensuring that company systems are secure and free of vulnerabilities is essential to a business’s continued development and growth. Arming Information Technology (IT) professionals with the tools and the education to identify and repair the system’s vulnerabilities is the best method for securing against attacks. Unfortunately, IT security is a dynamic process in an organizational environment and IT professionals must be ever vigilant. Regular network- and host-based vulnerability assessments of company systems are needed to ensure that these systems are continually free of vulnerabilities and that they are compliant with the business security policies. Recommended Solutions/Justification

Data Loss /Data Leak Prevention Solution— Check Point DLP Software Blade

To address the vulnerability of data loss prevention, the Check Point DLP Software Blade combines technology and processes to revolutionize Data Loss Prevention (DLP) helping businesses to preemptively protect sensitive information from unintentional loss, educating users on proper data handling policies and empowering them to remediate incidents in real-time.

The specific pre-defined system of software for Aircraft Solutions is the Check Point DLP Software Blade Series 1200. This series is designed for environments that demand the highest level of performance ideal for the large campus networks and data centers, it is optimized for a 12 core system (CheckPoint Software Technologies, 2011). 12 core systems is a high performance security that can meet the needs of the Aircraft Solution’s environment. In addition to the data loss prevention, it includes a firewall, Identity awareness, IPSEC VPN, Advance Networking Acceleration and Clustering, IPS and Application Control.

Cost: $30,000.00 plus yearly maintenance of $7000.00
Features:
• Check Point UserCheck empower users to remediate incidents in real time. • Check Point MultiSpect this data classification engine combines users, content and process into accurate decisions to deliver exceptionally high accuracy in identifying sensitive information. • Network-wide Protection Coverage

• Central Policy Management
• Event Management
• Rapid and Flexible Deployment
System requirements:
See Appendices for system software and hardware requirements. Firewall Solution– Security Gateways – Appliances – Power-1 The second vulnerability which is firewall/router can be addressed by the use of Check Point IP Appliances. These appliances offer turnkey and modular security functionality. With integrated firewall, VPN, IPS, Application Control, Identity Awareness and more, IP Appliances deliver unmatched extensibility, broad deployment options and lower total cost of ownership (CheckPoint Software Technologies, 2011). The specific appliance to use is the Security Gateways – Appliances – Power-1.

This appliance enables companies such as Aircraft Solution to maximize security in high performance environments. It combines integrated firewall, IPSEC, VPN and intrusion prevention with advanced acceleration technologies delivering a high performance security platform that can block application layer threats in multi-Gbps environments. Even as new threats appear, Power-1 appliances maintain increased performance while protecting network against attacks (CheckPoint Software Technologies, 2011). This is an excellent complement to the Check Point Data Loss Prevention software blade. This appliance supports an unlimited amount of concurrent users. It is recommended that this appliance is placed at

Cost: $64,000.00 each (one year warranty).

Features:
• Proven, enterprise –class firewall, VPN and high performance IPS • Accelerated security performance, including Secure XL, and Core XL, technologies • Centrally managed from Security Management Server and Provider -1 • Automatic security protection updates from IPS Services • 2U rack mountable form factor

• Redundant dual hot-swappable hard Drives and Power supplies
• Lights out Management (optional)
• Power-1 11XXX field upgradable architecture
• Up to 18 GbE ports
o 8 on board 1 GbE ports
o 2 expansion slots – 4 1GbE ports module included o 1 Sync port, 1 Mgmt port
See Appendices for: Revised Network Infrastructure using – Security Gateway
Appliance –Power 1

Impact on Business processes

Impact on the installation of the new software and hardware are as follows:

• Operations will be impeded for 24 to 48 hours while the software and hardware is installed. It is recommended that installation is done at a time in the day when the network experience low activity.

• There is expected to be some resistance from staff as they adjust to the new system. This may include authorization requirements for copying or transmitting data.

• The network may experience some slight lag time as the new firewall perform its checks. This will depend upon the size or volume of activity.

Summary

By implementing the Check Point software, Aircraft Solution has minimized the vulnerability of a network intrusion be it internally or externally. The impact of using this software can create comprehensive data flow and usage map to identify data leakage points in the company’s system. By using the data loss prevention software, it makes for a holistic solution that enables content awareness among all communication channels and all systems at all times. The loss of data can impact the organization’s reputation; damage its competitive standing, and tarnish the Aircraft Solutions name.

The Security Gateways – Appliances – Power-1 fire wall hardware will eliminate or minimize the intrusion of spyware, malware, or any harmful virus that could potentially bring the network to a halt costing the company thousands. The firewall solution in combination with the software makes for a thorough security system.

APPENDIX

Software Specifications
The DLP Software Blade is a software solution based on the Software Blade architecture. For deployment on open servers, it is tested for compatibility with a wide variety of currently shipping and pre-release hardware platforms. Inspection Inspection Options Over 250 pre-defined data content types Pattern, keyword matching and dictionaries Multi-parameter data classification and correlation Advanced inspection based on structured content Similarity to commonly-used templates File attribute-based matching Use open scripting language to tailor and create specific data types File Types Inspection of content for more than 600 file types Protocols HTTP, SMTP, FTP Supported Regulations PCI-DSS, HIPAA, PII and more Non-regulated Data Types Intellectual property data Financial and legal terms National ID numbers International Bank Account Number (IBAN) Multi-language Support Detection of content in multiple languages, including singe and double-byte fonts (UTF-8)

Enforcement Types Ask User (self-prevent with UserCheck) – places message in quarantine, send notification to end-user, request self-remediation Prevent – block message from being sent and notifying the end-user Detect – log incidents UserCheck Enabled and customized per policy with individual editable notification to end-user (multi-language) Self-learning – prevents recurring incident management within same mail thread Two notification methods – email reply (no need for agent installation) or system tray pop-up (requires thin agent installation ) Enforcement Features Policy exceptions per user, user group, network, protocol or data type Send notification of potential breaches to owner of data asset (e.g., CFO for financial documents) Log all incidents – with option to correlate events and audit incidents View Incident An administrator with DLP permissions (a dedicated password) can view the actual message sent, including attachments. An audit log is created each time a message is viewed.

References:

CheckPoint Software Technologies, L. (2011). CheckPoint Software Products Application. Retrieved March 23, 2011, from CheckPoint Software Technologies, Ltd: http://www.checkpoint.com/products/application-control-software-blade/index.html

Global, E. I. (2011). Diaster REcovery: Enterprise IT Global. Retrieved March 25, 2011, from Enterprise IT Global: https://enterpriseitglobal.com/AU/Content.aspx?contentK=44

Moscaritolo, A. (2010, February 22). Study finds cyberthreats to be largest security concern: SC Magazine Retrieved March 25, 2011, from SC Magazine:
http://www.scmagazineus.com/study-finds-cyberthreats-to-be-largest-security-concern/article/164294/

Smith, D. A. (2003). The Cost of Lost Data. Retrieved March 14, 2011, from Graziadio Business Review: http://gbr.pepperdine.edu/2010/08/the-cost-of-lost-data/

Wikipedia. (2011, March 17). Social Engineering: Wikipedia. Retrieved March 25, 2011, from Wikipedia: http://en.wikipedia.org/wiki/Social_engineering_(security)