Hacking and Countermeasures Thursday, December 19, 2013 Unit 10 Assignment 1: Controls Aim Higher College needs to ensure the safety of all its information. Recently we have seen suspicious and careless activity in the research data center. Data center technicians have reported lights left on, doors left open, successful logins to the research database, as well as login attempts in the backup business database after normal hours of operation. Because this is also the backup for our business information we need to keep this area as secure as possible.
In order maintain control over who has access to what in the center we need first ensure that only those that need access to the center are granted the appropriate permissions to the areas that they need. The revolving door should only allow one person through at a time, this will help to prevent someone without access from slipping by with some one that does have access or allow a person with access giving access to some that is not authorized in the build. This will be done with a using simple radio frequency identification (RFID) cards for the initial access to the buildings lobby.
Both entry and exit will require that the card be read so that a log of who enters and leaves the building can be kept. Entry to the staff offices will simply be with a RFID card reader. With these cards, we can select what areas they have access to according to their needs . The front double doors and access to the receiving area can only be opened from the inside of the building. By allowing one-way access we ensure that hacking of the reader is not possible. Biometric scanners should be used for all sensitive areas as a second method to prevent card cloning .
Those that have access to ensitive areas or doors that can allow more than one person through such as the shipping area and front double doors will be issued a Personal Identity Verification (PIV) cards. These card work with the biometric scans. When the card is scanned it relays to the biometric scanner the information that the scanner will need to make the identification . This means that even if the card’s RFID is cloned as soon as it is read it would be denied because the biometric information is not there. The biometric that we should use is an iris scanner.
Rather than hand dimensions that an change or fingerprints Fingerprints are easy to tool, it the tinger is dry the scan may not read correctly, the maintenance if high as the sensor must be cleaned, impurities on the hand or air can give false readings, and lastly to prevent the spread of disease . Iris scanners do not require physical contact, eyeglasses, and contracts normally do not disrupt the reading . To make things easier the iris scanning is much faster. The iris can be scanned as the person is walking up and then compared to the card when the PIV is read .
In addition, it is my recommendation hat the datacenter be physically separated between the backup site and the research site. This will allow students and staff to gain access to the research center but not the backup center. Only those that need to have access to the business side backup will be required to use biometrics and a PIV card. All servers will be locked in cabinets for the protection of the severs and SANS that are on site. This will deter theft of any equipment that might contain information. Security cameras will be used to monitor all access and movement within the building.
Thirteen stationary tatic cameras will need to be in use to watch all hallways, doors, and the datacenters. Two motion detecting pan / tilt / zoom (PTZ) cameras will be paced in the center of the data centers (one in each) to follow and watch the activity of persons entering. This should be accompanied with a security system that monitors movement, doors and windows. The diagrams below show the position of the cameras and access control equipment and measures that are recommended. In the event of a power outage, it is highly recommended there is enough UPS in place for at least 15 minutes to allow for proper shut down.
Preferable would be to have a backup generator so that information can be saved and moved to another site or to maintain functionality until the power comes back on. Protection of the systems will consist of the floor being raised by at least eight inches from the ground and an automatic pump system in place to mitigate flooding. Because there are people working in these areas we need to ensure that we have an adequate fire suppression and we need to keep in mind the equipment that is in the room.
The recommendation here is to use an waterless fire suppression. While it may not be as heap as using water, the damage of having a water system in the area will be much more expensive. Waterless systems work by lowering the oxygen in the area to a point that the fire cannot continue combustion without the harmful effects to persons like Halon or C02. The have been proven to put out fires faster without any damage people. This will give all persons enough time to evacuate calmly in case of fire .
Water systems only help in containing the fire until fire fghters can arrive, in the meantime, we are causing damage to our own equipment They cost of the damage ould be in the millions to replace servers and other equipment. The estimated time after a fire with a water system is approximately one month if data can be recovered. Not that we have the physical aspect of the data centered covered we need to look at the technical or logical side of protecting the information. Safeguarding the confidentiality, integrity, accessibility, and the non-repudiation (CIA) is vital.
As stated before an IDS and IPS will be put in to place to watch the system at all times to report and mitigate if not stop unauthorized activity to the business backup and esearch databases. This will help witn monitoring the network and see what and where unauthorized traffic and attempts are coming from. Ann-virus and anti- malware programs will be installed on all systems in both databases to protect the information and programs. Firewall implementation between the networks is necessary to keep unauthorized attempts from getting in to the business side of the database.
All information will be encrypted so that if the data is or any hardware is stolen then the information be more difficult to read and will hopefully discourage the thief. To prevent a brute force attack through a console connection after 3 attempts at a password the system will lock down that port and a flag will be sent to the data center technician on duty. To ensure that the person that is attempting to gain access to the server through a console connection a token that generates a random alphanumeric code will be used.
As we all know people are where we see the biggest problems in security breaches and problems on any computer or network system. People need to understand what they are allowed and not allowed to do, this is where policies, procedures, and training come in to play. By implementing policies that use best practices, such as an acceptable use policy for all staff and students, we make it known what they are allowed to do, and what the consequences are should they choose to ignore the rules. Training all staff and students on security awareness is something that is necessary so that people to go or do things that can jeopardize the network.
Making sure that procedures are documented help if there is a problem that can arise again, this reduces down time should the problem return. Making sure that a disaster recovery plan (DRP) is in place, practiced and trained on egularly. This is critical to make sure that down time is as minimal as possible. The separation of duties helps to break up the processes involved to complete a task prevents one individual from having total control over the whole system. Each person or team is responsible for his or her area only and if required forces collusion so that someone else is needed to meet the end goal.
It acts like a checks and balance. With these policies in place we need to ensure that they stay current with or business continuity plan and the goal of our mission statement. This will be ccomplished by security reviews and audits. This helps to ensure we do not get complacent as well. Performance evaluations help with ensuring that all staff is at their peak performance. Here is where performance correction for both Junior and senior members comes in to play. We always need to keep even our staff up to date and fine-tuned to keep one-step ahead.
Background checks from time to time are a good way of making she that all employees are acting honestly. There by safeguarding from any circumstance outside of work, that would lead one to perform maliciously with in work for a personal gain. Required vacations will help with employees with being overwrought with situations at work. As people, we need to step back, rest, and regain focus. Forcing staff to take vacations helps this happen. Finally, rotation of duties helps to make the team come to a better understanding of the network as a whole.