Aircraft Solutions (AS) company located in Southern California design and fabricates component products and provide services for companies in the electronics, commercial, defense, and aerospace industry. The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. AS uses Business Process Management (BPM) to handle end-to-end processes. BPM system is designed to connect customers, vendors, and suppliers. Security Weakness In the communication between AS’s headquarter and its two departments make the AS’s headquarter assets are targeted, I will discuss here about the vulnerabilities in software and the policy.
The assets for AS are the Business Process Management, BPM, system and the servers used to store customer data such as project information, computer aided design and development models, and intellectual properties.
Aircraft Solution Company has a major weakness in the network architecture as we noticed within the AS’s headquarter there is insufficient number of firewalls. There are two routers with only one Firewall between them. If this firewall went down the routers will be without any physical or technical security support. This configuration will make the company network access gates open to the public. The company network infrastructure is vulnerable to many cyber threats. Our main concern is those attacks, which are trying to improperly modify data, gain authentication, or gain authorization to exploit the sensitive information of the company. The threats from this weak network infrastructure come mainly from two sources, external and internal.
External threats come from outside hackers, crackers, whose unauthorized users. External networks must be carefully considered as part of the overall security strategy. “A new survey published by the Business Continuity Institute (BCI) in association with BSI has revealed that 65% of organizations are extremely concerned or concerned about a cyber attack in 2013. The survey also reveals that 71% see the use of the Internet for malicious attacks as a major trend that requires a business continuity response with 42% seeking to manage the prevalence and high adoption of Internet-dependent services, such as the cloud, within their preparedness activities [http://www.studymode.com/essays/Se571-Aircraft-Solutions-1101760.html]”.
Internal threats come from authorized users like, employees, suppliers, customers and contractors. The inside threat where the employees can use this system for personal use making the system exposed to the outer world, like using social networking sites, a survey undertaken by ISACA in the fourth quarter of 2012, “89.7% of respondents believe that the use of social networking sites increases the likelihood of a successful APT attack [http://hackmageddon.com/2013/02/14/advanced-persistent-threats-are-among-us-survey-reveals/]”. There might be an outside chance for the company’s competitors know about their applications and software being used which reduces the company’s competitive edge. “A very high risk level may require possible system shut down or stopping of all IT system integration and testing efforts [http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf]”. The consequences If this risk becomes real, the company’s data is lost or hijacked, client orders are stolen, budget scheduling and their deposit sections are exposed, and fund transfers get out of hands and create devastation in the company and its clients.
AS company shows significant weaknesses in its policy that requires all firewalls and routers sets to be evaluated every two years. This policy will leave the system of AS vulnerable to various malicious and non-malicious threats if its not configured when an update or patch is needed. “Firewalls, security appliances and anti-virus software are patched multiple times per month in an attempt to keep pace with new threats. Without these critical patches – your network, data, customer information, banking information and other critical business data are vulnerable to theft [http://www.mirifex.com/uploads/7/6/0/9/7609325/mirifex_managed_firewall.pdf]”. Firewall are not evaluated is like not updated antivirus, since the firewall does not inspect the contents of the packet there is no underlying need. Two years evaluation is not smart policy for any industrial companies especially like AS’s company who possess intellectual information. A virus or any malware could be deployed when novice attacker access to obtain sensitive system files. Many of these threats may be unintentional as some users may not be aware of the risks and how their processes and procedures open the door for such attacks.
The likelihood of the threat is medium based our assessment on two factors. First, the motivations, its easy to perform an attack with a simple and common equipment also its not too much costly, personal computer is enough, The value is significant if the attack succeeded and sensitive information obtained, competitive advantage Economic espionage maybe desired. Second, Cost, its easy by attacker to practice few prior attacks to assess the type of security controls are used and the time it takes to break the system and what is the correct time to perform the attack. If any business information hijacked by the attacker he could sell it to any competitive company and this will affect the competitive edge of AS’s company.
The most valuable asset at AS’s company is the information so the risk of data exploitation is significant and evaluated as a high risk, there is a strong need for corrective measures in the policy. An existing system may continue to operate, but a corrective action plan must be put in place as soon as possible. Based on a survey undertaken by ISACA in the fourth quarter of 2012, “The biggest risk for the enterprise is the Loss of Intellectual Property (25.5%) and the Loss of Personal Information (23.6%). Reputational damage is the third biggest risk (20.5%) [http://hackmageddon.com/2013/02/14/advanced-persistent-threats-are-among-us-survey-reveals/]”.
The consequences could be from unintentional destruction as much as adware. Few IT members could take few hours or few days to repair and assess the damage. But the consequences could be catastrophic if the attacker created a backdoor to have an access to AS’s system without an authorization. Accessing to AS headquarter without an authorization is a major risk and the consequences associated to this risk could bring the entire company to halt because all the data business process, business management system, BPM is in AS Headquarter. IT members could take along time to mitigate the risk and assess the system, procedures, and policies. And the availability of the system will be impacted. “If the mission critical IT system is unavailable to its end users, the organization’s mission maybe affected.
Loss of system functionality and operational effectiveness, for example, may result in loss of productive time, thus impeding the end users’ performance of their function in supporting the organization’s mission [http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf]” The consequences on the mission critical could be significant because it will take a lot of effort in the assessment to make sure that the information has been compromised or not. Financial loss will be significant to AS’s business. Projects will be canceled due to the delay associated with the impact.
As a recommendation for AS’s firewall misconfiguration and overall hardware footprint, it’s recommended that AS invest in their future and virtualizes their IT infrastructure. The benefits of virtualization are very great, from a security perspective there are several benefits that really high quality. It will give us a layer of abstraction between the virtual machine and the underlying physical hardware. The abstraction will limit the amount of damage that might occur when a system is successfully tampered with. Virtualization also has the ability to perform back up and disaster recovery. Due to the hardware and the independence of virtualization, the process of copying the different workloads is greatly simplified. In the event of a security breach, a virtual machine on the host can detect and shut down, as another virtual machine in standby mode can boot on another system.
This allows little downtime between getting the system back up and running and allowing for the IT department to troubleshoot the issue on the down machine. From a Physical Security perspective, the reduced footprint will allow ease in securing only a minimal amount of equipment, since we can virtualizes a majority of the current assets into a couple single assets. This will prove beneficial in asset accountability and finding a secure storage space. A VPN firewall should be installed in both AS branches, at Chula Vista and Santa Ana. And of course most important at AS Headquarter. Cisco ASA 5500 Series Adaptive Security Appliances offer state-of-the-art security that is still flexible enough to meet your company’s needs as it grows and changes.
Cisco ASA 5500 Series Adaptive Security Appliances support:
1. Customization: Personalize security for your specific access needs and business policies. 2. Flexibility: As your business grows and needs change, you can easily add capabilities or upgrade from one device to another. 3. Advanced Security: Take advantage of the latest in content security, encryption, identity authentication, authorization, and intrusion prevention. 4. Simplicity: Use one device that’s easy to install, manage, and monitor. 5. Advanced Networking: Set up virtual private networks (VPNs) that give mobile and remote workers secure access to company resources or create VPNs between partners, other offices, or employees based on roles.
When a VPN connection is established between the two gateways (firewalls between the Headquarter and the Branch), users at branch locations are unaware of the connection and do not require any special settings on their computers. VPN software enables private information to be shared over the public network while being encrypted. Aircraft Solutions has many groups and users that need different levels of access to the internal network. Clients need access to the company website, employees need to be granted different levels of access to certain facets of the internal network. With all of these parties accessing the business, the VPN gives security to those whom feel that the information they are viewing not be available to others.
The below diagrams indicates our current hardware assets would be if we virtualized the IT infrastructure.
Current IT Assets:
Suggested IT Assets:
Virtualization will bring much needed change, but the most significant change would be the use of Firewall protection and the reduction in the total number of servers. It is proposed that a public router be installed to handle all the inbound traffics for contractors, customers, suppliers, and the traffic from AS’s sister sites in Chula Vista and Santa Ana, California. Once the inbound traffic has made it past the AS Headquarter router, two main gateway Firewalls will filter all inbound for authentication. The firewalls will provide the needed security and business management case of one Firewall failed, need to be patched, maintenance, or need to be replaced. The firewalls will be configured on Intrusion prevention system mode (IPS Mode) and Intrusion Detection System (IDS), to give more sophistication to AS’s internal network against any intrusion, viruses and the other threats mentioned in page 2.
Firewalls play a very big rule in securing the internal network infrastructure of AS’s company. Also the extra firewall in AS’s headquarter network infrastructure will support the availability of AS’s business management system, and this configuration will help AS to implement or develop a better business continuity plan and more comprehensive Disaster recovery plan. Firewalls are very important components in securing any network connectivity because, firewalls is the primary controls against any malware, adware, viruses and other unauthorized accesses, “A firewall does the screening that is less appropriate for a router to do. A router’s primary function is addressing, whereas a firewall’s primary function is filtering. Firewalls can also do auditing. (Charles P. Pfleeger and Shari Lawrence, 2006).”
Another reason why we chose firewalls is we do not need to put more pressure on the router and expect them to secure the packets, because the routers are designed normally for routing. Configuring the routers to prevent unauthorized packets will slow down their performance. “Firewalls can examine an entire packet’s contents, including the data portion, whereas a router is concerned only with source and destination MAC and IP addresses, because they are an extremely important network security control. (Charles P. Pfleeger and Shari Lawrence, 2006).” AS’s company should consider IPSec in communicating with its two sisters, the CD in Chula Vista and DD in Santa
The Diagram below illustrates the virtual design of AS San Diego IT infrastructure.
Part of the suggestion is the installation of Dell R710 Server; the following servers will be able to be carved into individual VLAN’s within one (1) physical machine.
The DCNC Server, HR & Compliance Server, Accounting Server, S&M Server, Database Server, and Public Interface.
Switches will be configured to handle the traffic and maintain the integrity of the individual VLANs. Virtual firewall being proposed between the database server and the public interface. The use of the virtual firewall will secure the link between AS’s internal and external virtual networks. Another feature is the ability to distinguish the difference between the site/system boundary and the users of the system. Firewalls have been installed to ensure all inbound traffic have some sort of authentication and protection.
Impact on Business Processes
The impact on business processes will be noticed in that through virtualization, AS will be able to reduce the cost of IT growth and improve the organizations responsiveness to business needs. The reduction in hardware will reduce management costs, as well as the cost of power, cooling and physical space. There will be financial impact up front, in that AS’s investment will cost approximately $63,694.60 in new hardware. We feel that virtualization is expensive in the short term, but AS should understand the cost savings associated with the change in technology in the long run, it will take several years to recoup the investment financially.
More detailed Security policy need to be implemented. We suggest that all the items of the security infrastructure assets have to be listed and identified. “The security policy is basically a plan, outlining what the company’s critical assets are, and how they must (and can) be protected. Its main purpose is to provide staff with a brief overview of the “acceptable use” of any of the Information Assets, as well as to explain what is deemed as allowable and what is not, thus engaging them in securing the company’s critical systems. [http://www.windowsecurity.com/pages/security-policy.pdf].” Firewall Vulnerabilities needs to be identified in the policy. Open Ports, network scans, infiltration, modification or loss of data, and DOS need to be identified in the security policy as well because all incoming and outgoing traffics need to be permitted to traverse the AS network. Specifics regarding individual employees, customers, clients alike will need to be identified.
We suggest that AS’s company conduct a firewall update twice every year with the latest software versions, if time and budget warrant delay. Then AS need to describe who will be conducting the work, and what actions will be taken in the event of a security event. Another suggestion is to provide an extra support to the firewall management because, firewall management is resource intensive and requires a high level of expertise to prevent unauthorized access and costly infiltrations. Devices must be provisioned, deployed, upgraded and patched to keep up with the latest threats. Security policies and configurations must be updated to ensure appropriate access controls are consistent with changing business environments. According to windowsecurity.com stated that is; “Several companies and security patch administrators consider the patching process to be a single step that provides a secure computing landscape. In reality, the patching process is a continuous cycle that must be strictly followed.
Each step in the process must be tuned and modified based on previous successes and failures. As many realize, patching computers is a fact of life as part of the defense in depth security strategy. By spending time up front to create policies and procedures, companies can minimize the time and resource requirements needed to fulfill the patching demands.
Network traffic must be monitored continuously to identify and respond to threats before damage is done. Applying security updates or bug fixes may simply involve the time and skills of the internal staff. Keeping software updated is a critical defense to recently discovered vulnerabilities.
Dell SecureWorks’ Firewall Management service provides 24×7 firewall administration, log monitoring, and response to security and device health events. Organizations rely on Dell SecureWorks’ Firewall Management service reduce the cost of managing and monitoring firewalls in-house, while supplementing their security efforts with Dell SecureWorks’ proven expertise. With the Firewall Management service by Dell secureworks, AS’s firewall infrastructure will be monitored 24×7 to detect and respond to threats before damage is done. Security and health events are correlated across your environment and analyzed by Dell certified security analysts, using global threat intelligence and proven expertise to assess threats. When a threat is detected, Dell SecureWorks’ experts respond immediately to counter the threat and protect AS organization. Intelligence from Dell SecureWorks’ global visibility and Counter Threat Unit (CTU) research is fed into the Firewall Management service to strengthen policies and analysis of firewall logs. This intelligence is integrated into the service to provide advanced protection.
This Firewall Management service allows AS’s company to extend its IT resources with one of the largest concentrations of certified firewall engineers in the world. Dell Secureworks’ experts support end-to-end firewall management from provisioning to ongoing administration and monitoring, working with AS’s IT team to ensure peak firewall performance. Dell SecureWorks’ Firewall Management service is tailored to AS environment, leveraging industry best practices to ensure appropriate network access while preserving the availability, integrity and privacy of information. Remove the management and monitoring burden using the Firewall Management service simplifies and streamlines the management and monitoring of AS firewall appliances. Dell SecureWorks’ certified experts perform all tasks needed to make the most of AS firewall infrastructure, alleviating the burden of administering, maintaining and monitoring appliances.
This reduces operational overhead, allowing AS’s company spending time and resources on other key initiatives. The suggested Firewall Management service reduces the risk of network and service interruptions due to poorly maintained or improperly configured firewall appliances. Dell SecureWorks’ certified firewall engineers keep managed firewall devices patched with the latest vendor releases. To ensure auditable and accurate deployment of firewall changes, Dell SecureWorks experts use mature operational support systems and procedures that include health checks, staging, peer reviews and change validation. Additionally, daily backups are performed to ensure fast recovery in the event of firewall hardware or software failure. The Firewall Management service helps AS more easily fill compliance gaps requiring perimeter security, access control and log analysis. With our experts managing and monitoring firewalls, AS can satisfy compliance requirements of PCI, HIPAA, ISO and other standards. By using the service’s on-demand reporting in the Customer Portal, AS can also demonstrate compliance and control effectiveness to auditors and senior management.
Full lifecycle management by certified experts:
1. Device provisioning and deployment.
2. Performance and availability management.
3. Device upgrades and patch management.
4. Real-time security and health monitoring.
5. Expert response to threats and health issues.
6. Intelligence-enhanced threat protection.
7. Backup and recovery.
8. On-demand security and compliance reporting.
9. Unlimited and unmetered expert support.
Dell SecureWorks maintains one of the largest concentrations of certified firewall engineers in the world. They have years of experience managing market-leading firewalls:
Supported platforms include:
1. Check Point.
Impact on Business Processes
The impact of security policy on business processes is pretty minimal. The importance of the policy is that it will outline what is required from a security perspective and will define what will happen and who will be involved. It allows the business to plan accordingly for future updates and changes without disrupting normal operations. The positive impact on business is reducing the cost of IT growth, increasing the response speed towards the business, and reducing management cost.
ASR1004-10G/K9 – Cisco ASR 1004 Router
ASA 5510 Security Plus
Catalyst 3750-X 24port – switch
PowerEdge R710 Server
Trade Live Technology Solutions
In summary, AS has significant issues in IT security. It is suggested to AS to invest their money in virtualization so that it will be able to reduce their vulnerabilities in those areas. It is also suggested that AS should upgrade their software versions every six months. Also through virtualization, AS will be able to reduce their footprint and security vulnerabilities. In addition, it has been suggested that AS redefine their security policy regarding the frequency of updates to their firewalls to be semiannual or at a maximum annual updates.
Bsigroup. (2013). Press release. Caversham (UK). 14th January 2013: http://www.bsigroup.com/en-GB/about-bsi/media-centre/press-releases/2013/1/65-percent-of-firms-fear-a-cyber-attack-in-2013/ Cisco. Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide-Configuration Guide.