Friday, November 15, 2019

Aircraft Solutions Security Assessment And Recommendations Information Technology Essay

Aircraft Solutions Security Assessment And Recommendations Information Technology Essay The purpose of this assessment is to address weaknesses and provide recommendations on the network security of Aircraft Solutions. Aircraft Solutions is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Aircraft Solutions mission is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. Two weaknesses were found in regards to the companys network security. The first weakness is a hardware weakness; not having an AAA server for user authentication and authorization; second, not having a Network-based Intrusion Detection System (IDS) in use. The recommended solutions are to deploy an AAA server for user authentication and authorization to company resources, and deploy a combination Host and Network-based IDS for overall monitoring of the companys enterprise. Company Overview Aircraft Solutions designs and fabricates component products and services for companies in the electronics, commercial, defense, and aerospace industry. The mission of Aircraft Solutions is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. Much of its equipment is automated to increase production while reducing costs. The companys workforce has a large skill base: design engineers, programmers, machinists, and assembly personnel to work its highly-automated production systems. The company strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. Aircraft Solutions uses Business Process Management (BPM) to handle end-to-end processes that span multiple systems and organizations. The BPM system is designed to connect customers, vendors, and suppliers to share information and maintain a timely business dialogue. BPM also aligns internal business operations with IT support to maintain production in support of customer requirements. Security Weaknesses Two security vulnerabilities were found in regards to the companys network security. The first vulnerability is a hardware weakness; not having an Authorization, Authentication, and Accounting (AAA) server for user authentication and authorization; second, not having a Network-based Intrusion Detection System (IDS) in use. Hardware Weakness AAA Server Aircraft Solution has a need for an AAA server to authenticate and authorize legitimate user credentials for its on-site headquarters, intranet remote offices, and extranet for suppliers, contractors, and suppliers. An AAA infrastructure is required in order to authorize and authenticate users to company resources; access control. AAA servers provide a mechanism for encrypted authentication of users and can be used to control access to the network. Authentication verifies the identity of a user by employing a database of usernames and passwords. Authorization assigns network rights or permissions to an authenticated user. Authorization records or logs network usage of authentication and authorized users. Accounting can be used to record information about security breaches. (Kaeo, 2004) Software Weakness Combination Host and Network-based IDS Aircraft Solutions employs a host-based IDS on the servers in the corporate office. I think having a combination of host-based IDS on critical servers and a network-based IDS by the firewall for each network segment is better. A good strategy for IDS would be to use a combination of host and network IDS. A Network-based IDS provides an overall perspective of your network and is useful for identifying distributed attacks, whereas a Host-based IDS would stop most valid threats at the host level. (Kaeo, 2004) An IDS protects a network like an alarm system. When an IDS detects that something is wrong and sees it as an attack, it can take corrective action itself or notify a management system, which would alert a network administrator to take some action. Intrusion Detection Systems are important not only in terms of stopping an attack, but also in maintaining a permanent time-stamped log of intrusion attempts on a host system. An IDS allows a company to know that they are being attacked and who is attacking them, how they are doing it, and what they might be looking for. An IDS is the watchdog that adds a layer of defense over all network security systems and policies. Definition of Solution Deployment of AAA Server Aircraft Solutions needs to centrally manage who has authorization to remotely access network resources from anywhere, which network resource are those remote users authorized to access, and any related issues. Terminal Access Controller Access Control System Plus (TACACS+) and Remote Authentication Dial-In User Service (RADIUS) are the two protocols for implementing the AAA technology framework. A centralized AAA server that uses TACACS+ protocol will provide a centralized location for Authentication, Authorization, and Accounting for Cisco devices. User authentication on Cisco devices can be done in one or two ways; a local database of users on the server, or by a TACACS+ server.   TACACS+ is a Cisco proprietary protocol that uses TCP as a transport protocol and has the ability to separate authentication, authorization, and accounting as separate services. The AAA server acts as a proxy server by using TACACS+ to authentication, authorize, and accounting for access to Cisco routers and network access servers. The Authentication function of an AAA server can provide access control; this proves a useful function in environments where theres a requirement to restrict access to network devices or applications per individual authenticated user. (Kaeo, 2004) Software Weakness Combination Host and Network-based IDS Aircraft Solutions needs to deploy a Network-based IDS in combination with its Host-based IDS. I think Aircraft Solutions should have a Network-based IDS in order to monitor all traffic to and from the Internet to see how many hackers or other malicious activities are trying to access the companys network. In addition to seeing Internet traffic, a Network-based IDS can see traffic going to a firewall or VPN and to other attached devices. A combination IDS will also enable Aircraft Solutions to better monitor and effectively respond to a security incident by employing real-time capability. A Network-base IDS is designed to sense malicious activity occurring on a network and provides real-time alerting to Administrators to investigate. The lack of not having such a system leaves Aircraft Solutions at risk by not having the ability to see malicious network traffic and relying on system events to be alerted of malicious activity. (Kaeo, 2004) Justification Deployment of AAA Server The vendor solution Id select would be Cisco hardware. Cisco Secure Access Control Server (ACS) would be best suited for use as an AAA Server. My justification for that is Cisco ACS server covers the three main functions of Authentication, Authorization, and Accounting; and the use of TACACS+ protocol is Cisco proprietary protocol. Aircraft Solutions has multiple users that take part in end-to-end processes that span multiple systems and organizations. A Business Process Management (BPM) system is in place to handle all of these processes. Systems are access by users at different levels of need to know and these users are responsible for entering, processing data, and information in order to generate reports to be used for decision-making. Customer data such as project information, computer-aided design, and development models are sorted and stored in designated servers. The Design Engineering department is responsible for reviewing the electronic models, interacting with the customer and making necessary modifications with customer approval, then placing them in an Engineering Release (ER) directory for programming. As soon as these electronic models are released, programmers use them to create production programs. All final programs must be thoroughly verified for accuracy before releasing to the Proof For Production (PFP) directory for manufacturing to make the production first article. From the production floor, machinists download PFP programs directly to their DCNC (Direct Computer Numerical Control) machines for execution. After any further processing completed products are inspected for verification to customer requirements, then they are moved to the shipping department for delivery. Looking at how Aircraft Solutions BPM works, there is definitely a need for central user authentication and authorization. An AAA server with TACACS+ can be used to manage the large numbers of user IDs and passwords in a centralized database, providing a scalable network security solution. (Oppenheimer, 2004). An AAA server will ensure access to design, production, accounting, sales, and HR servers only go to authorized engineers and personnel. An AAA server will also track all users activity and attempts to access network resources; event logging. Example, if someone is trying to access production programs and theyre not authorized it will be logged, allowing for an investigation of the incident if required. Software Weakness Combination Host and Network-based IDS Aircraft Solutions has many users accessing its network, be it suppliers, customers, branch office employees etc A Network-based IDS is needed to protect the network. Similar to a home owner having an alarm system to ward off or to alert them of an intruder. I see an IDS in this fashion. An IDS detects if someone tries to break in through the firewall or manages to break in the firewall security and tries to have access on any system in the trusted side and alerts the system administrator in case there is a breach in security. (SANS Institute, 2001) Here are some advantages of Network-based IDS: Easier to deploy: Network based IDS are easier to deploy as it does not affect existing systems or infrastructure. The network-based IDS systems are Operating system independent. A network based IDS sensor will listen for all the attacks on a network segment regardless of the type of the operating system the target host is running. Detect network based attacks: Network based IDS sensors can detect attacks, which host-based sensors fail to detect. A network based IDS checks for all the packet headers for any malicious attack. Many IP-based denial of service attacks like TCP SYN attack, fragmented packet attack etc. can be identified only by looking at the packet headers as they travel across a network. A network based IDS sensor can quickly detect this type of attack by looking at the contents of the packets at the real time. Retaining evidence: Network based IDS use live network traffic and does real time intrusion detection. Therefore, the attacker cannot remove evidence of attack. This data can be used for forensic analysis. On the other hand, a host-based sensor detects attacks by looking at the system log files. Lot of hackers are capable of making changes in the log files so as to remove any evidence of an attack. Real Time detection and quick response: Network based IDS monitors traffic on a real time. So, network based IDS can detect malicious activity as they occur. Based on how the sensor is configured, such attack can be stopped even before they can get to a host and compromise the system. On the other hand, host based systems detect attacks by looking at changes made to system files. By this time critical systems may have already been compromised. Detection of failed attacks: A network based IDS sensor deployed outside the firewall can detect malicious attacks on resources behind the firewall, even though the firewall may be rejecting these attempts. This information can be very useful for forensic analysis. Host based sensors do not see rejected attacks that could never hit a host inside the firewall. (SANS Institute, 2001) Impact on Business Processes I think Aircraft Solutions will have a positive result from deploying an AAA server and adding Network-based IDS to its network enterprise. The impact to its business processes should be transparent, having little negative effect. Using an AAA server to provide authentication and authorization and accounting gives network administrators an added layer of protection in securing Aircraft Solutions network infrastructure. It allows access to network resources to be better controlled and delegated. An example could be branch office users connecting to the network; they can be screened against the user database and a custom policy that controls what device a user can access and what services on a particular device that a user can access. If a users account is compromised that account can be disabled. Using these two tools to correct the identified security weaknesses is a benefit. The only thing that may be viewed as negative is the access speed may be slightly slower. However, I think a slight decrease in access speed to the user is out weighted by having the access control and network monitoring needed to ensure Aircraft Solutions network infrastructure has a more layered defense. Security trumps a speedy user†¦ Summary In conclusion, I identified two areas of security weakness in Aircraft Solutions deployment of an AAA server and Network-based IDS. These are two tools that are necessary in any network enterprise environment. Implementing these recommendations will better ensure security of the companys resources, better overall enterprise integrity, and provide added layers of defense by having access control over network resources and real-time monitoring of network activity. Figure 1: Revised Aircraft Solutions Network Infrastructure

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.