Friday, March 29, 2019
Aircraft Solutions Security Assessment And Recommendations Information Technology Essay
Aircraft Solutions Security Assessment And Recommendations Information Technology screenThe purpose of this assessment is to address impuissancees and provide recommendations on the electronic cyberspace gage measures of Aircraft Solutions. Aircraft Solutions is a recognized leader in the design and fabrication of region products and values for companies in the electronics, commercial, defense, and aerospace industry. Aircraft Solutions mission is to provide customs dutyer success by dint of machined products and related work, and to adopt cost, quality, and schedule requirements.Two weaknesses were found in regards to the comp exclusivelys ne twork security schema measure. The first weakness is a computer hardw ar weakness not having an abdominal aortic aneurysm horde for substance abuser hallmark and ascendancy second, not having a vane- ground onslaught sensing System (IDS) in use. The recommended solutions argon to deploy an abdominal aortic aneurysm legion for user earmark and authorization to comp whatsoever resources, and deploy a cabal Host and web-establish IDS for overall observeing of the companys enterprise.Company OverviewAircraft Solutions designs and fabricates component products and services for companies in the electronics, commercial, defense, and aerospace industry. The mission of Aircraft Solutions is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements.Much of its equipment is automated to increase mathematical product while trim down costs. The companys workforce has a large skill base design engineers, programmers, machinists, and fictionalisation personnel to work its highly-automated production systems.The company strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their cultivation expenses. Aircraft Solutions uses Business puzzle out trouble (BPM) to handle end-to-end processes that s pan multiple systems and organizations. The BPM system is intentional to connect customers, traffickers, and suppliers to sh be instruction and fend for a quantifyly origin dialogue. BPM too aligns internal business operations with IT support to maintain production in support of customer requirements.Security helplessnessesTwo security vulnerabilities were found in regards to the companys mesh topology security. The first vulnerability is a hardw atomic number 18 weakness not having an Authorization, stylemark, and accountancy (AAA) server for user authentication and authorization second, not having a engagement- base Intrusion Detection System (IDS) in use.computer hardw ar Weakness AAA ServerAircraft Solution has a drive for an AAA server to authenticate and pass legitimate user credentials for its on-site headquarters, intranet remote functions, and extranet for suppliers, contractors, and suppliers. An AAA base is required in order to authorize and authenticate users to company resources plan of attack insure. AAA servers provide a mechanics for encrypted authentication of users and send word be used to control access to the network. trademark verifies the identity of a user by employing a database of usernames and passwords. Authorization assigns network rights or permissions to an authenticated user. Authorization records or logs network usage of authentication and authoritative users. Accounting tooshie be used to record information about security breaches. (Kaeo, 2004)Softw ar Weakness Combination Host and Network-based IDSAircraft Solutions employs a host-based IDS on the servers in the corporate office. I think having a conspiracy of host-based IDS on critical servers and a network-based IDS by the firewall for each network section is better. A good strategy for IDS would be to use a junto of host and network IDS. A Network-based IDS provides an overall perspective of your network and is utilitarian for identifying distri buted attacks, whereas a Host-based IDS would stop most valid threats at the host level. (Kaeo, 2004)An IDS protects a network like an alarm system. When an IDS detects that something is wrong and sees it as an attack, it can propose corrective action itself or notify a allotment system, which would dapper a network administrator to take some action.Intrusion Detection Systems are important not only in terms of fish filet an attack, but also in maintaining a permanent time-stamped log of irreverence attempts on a host system. An IDS allows a company to know that they are being attacked and who is attacking them, how they are doing it, and what they might be looking for. An IDS is the guard dog that adds a layer of defense over all network security systems and policies.Definition of SolutionDeployment of AAA ServerAircraft Solutions needs to centrally manage who has authorization to remotely access network resources from anywhere, which network resource are those remote users au thorized to access, and any related issues. Terminal assenting mastery Access Control System Plus (TACACS+) and Remote Authentication Dial-In substance abuser Service (RADIUS) are the two protocols for implementing the AAA technology framework.A centralize AAA server that uses TACACS+ protocol will provide a alter location for Authentication, Authorization, and Accounting for cisco devices. User authentication on Cisco devices can be done in one or two ways a local database of users on the server, or by a TACACS+ server. TACACS+ is a Cisco proprietary protocol that uses TCP as a transport protocol and has the ability to damp authentication, authorization, and accounting as separate services. The AAA server acts as a proxy server by using TACACS+ to authentication, authorize, and accounting for access to Cisco routers and network access servers. The Authentication function of an AAA server can provide access control this proves a profitable function in environments where theres a requirement to determine access to network devices or applications per individual authenticated user. (Kaeo, 2004) computer software Weakness Combination Host and Network-based IDSAircraft Solutions needs to deploy a Network-based IDS in combining with itsHost-based IDS. I think Aircraft Solutions should stimulate a Network-based IDS in order to monitor all traffic to and from the Internet to see how many hackers or separate vicious activities are trying to access the companys network. In addition to eyesight Internet traffic, a Network-based IDS can see traffic going to a firewall or VPN and to other attached devices. A combination IDS will also enable Aircraft Solutions to better monitor and effectively respond to a security incident by employing real-time capability. A Network-base IDS is designed to sense malicious exertion occurring on a network and provides real-time alerting to Administrators to investigate. The wish of not having such a system leaves Aircraft Solu tions at risk by not having the ability to see malicious network traffic and relying on system counterbalancets to be alerted of malicious activity. (Kaeo, 2004)JustificationDeployment of AAA ServerThe vendor solution Id select would be Cisco hardware. Cisco Secure AccessControl Server (ACS) would be best suited for use as an AAA Server. My justification for that is Cisco ACS server covers the three main functions of Authentication, Authorization, and Accounting and the use of TACACS+ protocol is Cisco proprietary protocol.Aircraft Solutions has multiple users that take section in end-to-end processes that span multiple systems and organizations. A Business Process Management (BPM) system is in place to handle all of these processes. Systems are access by users at different levels of need to know and these users are amenable for entering, processing data, and information in order to generate reports to be used for decision-making.Customer data such as project information, compute r-aided design, and development models are sorted and stored in designated servers. The Design Engineering section is responsible for reviewing the electronic models, interacting with the customer and making requisite modifications with customer approval, then placing them in an Engineering Release (ER) directory for programming. As soon as these electronic models are released, programmers use them to create production programs. All final programs must be thoroughly verified for accuracy before releasing to the Proof For mathematical product (PFP) directory for manufacturing to make the production first article. From the production floor, machinists download PFP programs directly to their DCNC (Direct computing device Numerical Control) machines for execution. After any further processing completed products are inspected for verification to customer requirements, then they are moved to the shipping department for delivery.Looking at how Aircraft Solutions BPM works, there is def initely a need for central user authentication and authorization. An AAA server with TACACS+ can be used to manage the large numbers of user IDs and passwords in a centralized database, providing a scalable network security solution. (Oppenheimer, 2004). An AAA server will examine access to design, production, accounting, sales, and HR servers only go to authorized engineers and personnel. An AAA server will also track all users activity and attempts to access network resources event logging. Example, if someone is trying to access production programs and theyre not authorized it will be logged, allowing for an investigation of the incident if required.Software Weakness Combination Host and Network-based IDSAircraft Solutions has many users accessing its network, be it suppliers, customers, showtime office employees etc A Network-based IDS is needed to protect the network. Similar to a home proprietor having an alarm system to ward off or to alert them of an intruder. I see an ID S in this fashion. An IDS detects if someone tries to break in through the firewall or manages to break in the firewall security and tries to have access on any system in the trusted side and alerts the system administrator in case there is a breach in security. (SANS Institute, 2001)Here are some advantages of Network-based IDSEasier to deploy Network based IDS are easier to deploy as it does not affectexisting systems or infrastructure. The network-based IDS systems are Operatingsystem independent. A network based IDS sensor will listen for all the attacks on a network segment regardless of the type of the operate system the target host isrunning.Detect network based attacks Network based IDS sensors can detect attacks,which host-based sensors fail to detect. A network based IDS checks for all the big money headers for any malicious attack. Many IP-based denial of service attacks like TCP SYN attack, fragmented packet attack etc. can be identified only by looking at the packet h eaders as they travel across a network. A network based IDS sensor can quickly detect this type of attack by looking at the contents of the packets at the real time.Retaining evidence Network based IDS use live network traffic and does real time intrusion detection. Therefore, the attacker cannot remove evidence of attack. This data can be used for forensic analysis. On the other hand, a host-based sensor detects attacks by looking at the system log files. Lot of hackers are loose of making changes in the log files so as to remove any evidence of an attack.Real Time detection and quick response Network based IDS monitors traffic on a real time. So, network based IDS can detect malicious activity as they occur. Based on how the sensor is configured, such attack can be stopped even before they can get to a host and compromise the system. On the other hand, host based systems detect attacks by looking at changes made to system files. By this time critical systems may have already bee n compromised.Detection of failed attacks A network based IDS sensor deployed external thefirewall can detect malicious attacks on resources behind the firewall, even though the firewall may be rejecting these attempts. This information can be very useful for forensic analysis. Host based sensors do not see spurned attacks that could never hit a host inside the firewall. (SANS Institute, 2001)Impact on Business ProcessesI think Aircraft Solutions will have a exacting result from deploying an AAA server and adding Network-based IDS to its network enterprise. The impact to its business processes should be transparent, having little negative effect. Using an AAA server to provide authentication and authorization and accounting gives network administrators an added layer of protection in securing Aircraft Solutions network infrastructure. It allows access to network resources to be better controlled and delegated. An example could be branch office users connecting to the network they can be screened against the user database and a custom policy that controls what device a user can access and what services on a particular device that a user can access. If a users account is compromised that account can be disabled.Using these two tools to correct the identified security weaknesses is a benefit. The only thing that may be viewed as negative is the access speed may be slightly slower. However, I think a slight decrease in access speed to the user is out weighted by having the access control and network monitoring needed to ensure Aircraft Solutions network infrastructure has a more layered defense. Security trumps a speedy userSummaryIn conclusion, I identified two areas of security weakness in Aircraft Solutions deployment of an AAA server and Network-based IDS. These are two tools that are necessary in any network enterprise environment. Implementing these recommendations will better ensure security of the companys resources, better overall enterprise integrity, and provide added layers of defense by having access control over network resources and real-time monitoring of network activity.Figure 1 Revised Aircraft Solutions Network Infrastructure
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.