Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Deploying Security Facilities TwoHands Corporation December 21, 2007 Prepared by: Group 1 Jonathon Ben Chris Hinnerschietz Jimmy Mesta Ashley McCully Chris Pierce Brad Shively Shanieke Walters
  2. 2. Table of Contents Group 1 – Final Project, Phase 2 2
  3. 3. Introduction Most organizations (whether financial institutions, manufacturing plants, or government agencies) have come to depend very heavily on a solid IT infrastructure. TwoHands is no different in this respect. A firm IT foundation greatly enables the business to succeed. This report is composed of a series of recommendations based on the previously completed vulnerability analysis of the TwoHands corporate infrastructure. The investment required for these upgrades will more than pay for itself by increasing the efficiency of the business, improving the customer’s ability to easily place an order, simplify communication with business partners, and secure the valuable intellectual property developing within the organizations research area. In short, this initial overhead investment will improve the business functions of TwoHands and reduce the technology maintenance requirements greatly. We feel that these recommendations will help the business to operate more smoothly, reduce the technology hindrance placed upon employees, and consolidate current network appliances and infrastructure devices. Operations employees will be able to perform their jobs with fewer technology hurdles, IT employees will face a lighter workload due to reduced helpdesk call volumes, and executives will appreciate the inexpensive implementation strategy. In summary, our solution addresses the security and infrastructure concerns of the TwoHands corporation using a comprehensive but conservatively priced solution. Firewall Overview A firewall is one of the first and most basic forms of network security. Despite the fact that firewalls have been around for a very long time, and their basic task has not changed much, they are still invaluable to ensuring the security of data on the TwoHands network. The type of firewall that will be implemented using the Cisco ASA appliance is a packet filtering gateway. This common implementation essentially places the firewall at the edge of the network where all remote traffic comes in. Placing the firewall in this location ensures that each packet into and out of the TwoHands systems is evaluated against defined criteria and determined to be permissible or not. The firewall, in its simplest form, is a collection of rules that must be abided by all forms of network traffic. The two most fundamental rules are “permit all” and “deny all.” Deny all will be implemented within the TwoHands network to ensure that the only traffic on the network is that which meets rigidly defined criteria. Group 1 – Final Project, Phase 2 3
  4. 4. For example, the R&D section of the TwoHands network is one of the most critical to keep secured. This means that most services and ports will not be available in this portion of the LAN. The network administrator will want to block incoming port 80 (HTTP) connections, to prevent the intentional or inadvertent operation of a web server. Therefore, no rule will be created explicitly stating that port 80 packets are approved, and it will fall under the blanket of deny all. A service that will be permitted might be ICMP for network diagnostics. However, ICMP can be used maliciously to knock a server offline, and so the network infrastructure should also be configured to throttle this type of traffic if it arrives in bulk. Additional exceptions for each area may be made by network staff on a case-by-case basis, but in general unless a service is critical to business operations it should be disallowed. The R&D area, in particular, should be very strictly locked down to prevent compromising trade secrets. As stated, the Cisco ASA 5500 is a multifunctional network appliance. Included in this device is a Cisco PIX-like firewall implementation that will allow for advanced configuration of firewall preferences. The firewall, coupled with a well-designed network infrastructure that includes appropriate VLAN designations and well- placed network hardware, will provide a secure frontline for TwoHands. Policy Driven The key to a successful firewall implementation is a well-defined network security policy. This includes stating what specific job roles and areas are and aren’t permitted to do. This assignment of permissions can then be converted into a firewall configuration that grants only the access necessary for the network to be fully functional. User permissions should be assigned in a least-amount- necessary fashion, giving employees only the access, services, and protocols that are required in order to complete their jobs. A well-defined security policy should also be reviewed yearly. If it is found that an excessive number of exceptions and spontaneous modifications are being made to allow for successful completion of necessary tasks, then it is likely time to review the policy driving these changes. It may need to be updated to fit with the current vision and needs of the company. Cost/Benefit Analysis The use of an integrated appliance for all security functions drastically lowers the associated costs with operating a secure facility. TwoHands will save thousands of dollars in hardware by not having to separately operate a NIDS, firewall, and VPN concentrator autonomously. Additionally, the firewall system provides enough piece of mind that it would be a worthwhile investment even at a much higher price. The need for a firewall within a corporate environment is essentially Group 1 – Final Project, Phase 2 4
  5. 5. nonnegotiable, and the benefit is immeasurable. This piece of the ASA appliance is a must-have, regardless of cost. Maintenance & Management: Maintenance of the firewall should follow a regular schedule. As most functions of network security are being supplied through a single appliance, firmware patches and similar updates will be processed as a large group. Individual updates should be handled with the routine patch schedule, which will likely be one evening each month during nonpeak operating hours. In order to prevent exposure of vital network assets, it is best that if the firewall is down (due to upgrade, repair, or even unexpectedly) the network is taken offline entirely. While simply taking the system offline is not desirable, it is the lesser of two evils in a situation where financial assets and other pieces of data are at risk. Additionally, as modifications or specific exceptions are made to the security policy by the network administration team, there may be a need to add additional rules to the firewall’s filters. These will be handled on a case-by-case basis but should not result in any downtime as these changes can be made while the device is still “hot.” Lastly, the Cisco appliance will be setup with a redundant unit in order to prevent unexpected downtime due to hardware failure or similar occurrences. VPN Site to site VPN will be useful for TwoHands if it wishes to connect branch offices. Through the use of VPN routers, two sites can effectively be combined into a single network despite the distance between them. The Cisco ASA 5500 series of routers can be used to perform these tasks. These routers have IPsec (secure IP protocol) and SSL (Secure Sockets Layer) built in for security purposes. Any sensitive data traveling over the internet must be encrypted to ensure the data remains confidential. The 5500s have a variety of network settings. For connecting multiple sites at LAN speed, there is a full network VPN setting. This technology can easily allow the factory, warehouse, headquarters and research to be linked together. The secure communication channel used by the VPN router allows data to travel to the four different sites without concern. Each connection must be setup using a shared key to enable the routers to talk to each other. It would seem best if each connection that should be set up such as headquarters to factory or research to warehouse should have a different key. There would need to be four secure connections established: HQ to factory, HQ to research, HQ to warehouse and warehouse to factory. The router at HQ is used to forward traffic to and from research. With four different communication keys one compromised key Group 1 – Final Project, Phase 2 5
  6. 6. would not compromise the security of the entire network. For security reasons, these keys should also be changed occasionally. After a key is changed any previous information with regard to the key will be useless. The VPN routers have other uses as well that TwoHands can take advantage of. They have built in protocols for media streaming. This means that TwoHands can connect to a business partner to have a conference or meeting of some variety without giving that company access to TwoHands’ network infrastructure. Streaming media is becoming more important, as it is getting cheaper and more efficient. For example, before streaming media heads of companies would have to fly to different locations to hold meetings if they were based far from each other. This consumes time and money that could be better spent on other things. With streaming media, companies can communicate more quickly than ever before. Best of all, this data can also be sent using the routers’ built in encryption schemes, thus any potentially sensitive information will only be received by parties participating in the information session. Each business partner that wishes to be part of a communication session will need keys beforehand to setup the secure channel. These keys like the other should be changed occasionally to prevent the disclosure of sensitive information. Another useful feature of VPN is that it can allow remote access to a network. This can be useful for employees who cannot be in the office for whatever reason. When properly configured Cisco claims these routers can allow remote access to users through a Web Browser on any computer. This can mitigate problems related to client software that the machines would otherwise need to run. These connections contain all of the security mechanisms of the others as well. Also, instead of using a previously setup shared key they function using public key encryption. This allows temporary connections to be setup more easily. Group 1 – Final Project, Phase 2 6
  7. 7. The diagram below represents the TwoHands network after deployment of the Cisco ASA 5500 router. This diagram shows the many different possibilities of connecting to the network. For example, an Account Manager needing to access the network from home or on a business trip can connect securely with the VPN. Another scenario is communications between business partners. If a supply partner needs access to the network at TwoHands they can connect securely through the “tunnel” that the VPN creates over the internet. Using a properly configured Cisco ASA 5500 can ensure the following: • Confidentiality - Make sure it is hard for anyone but the receiver to understand what data has been communicated. Keeping passwords and other sensitive data is private is crucial. • Integrity - Guarantee that the data does not get changed along the way. This is important for tasks that require exact amounts and precision. • Authenticity - Sign your data so that others can see that it is really you who sent it. This is helpful in trusting the documents being used. • Replay protection - Need a way to ensure a transaction can only be carried out once there is an authorization to repeat it. Group 1 – Final Project, Phase 2 7
  8. 8. The Cisco ASA 5500 Series of routers can lower the total cost of network management significantly. It takes many different security solutions and tightly integrates them into one appliance. The built-in firewall and VPN capabilities make this a great choice for an expanding business like TwoHands. Company Savings with VPN Connectivity 1.VPN lowers costs by eliminating the need for expensive long-distance leased lines. With VPNs, an organization needs only a relatively short dedicated connection to the service provider. This connection could be a local leased line which is significantly less costly than a long-distance line. 2.VPNs reduce costs is by decreasing the need for long-distance telephone charges for remote access. To provide remote access service, VPN clients need only call into the nearest service provider's access point. In some cases this may require a long distance call, but in many cases a local call will work. 3.VPNs may lower costs is through offloading of the support burden. With VPNs, the service provider rather than the organization must support dial-up access, for example. Service providers can in theory charge much less for their support than it costs a company internally because the public provider's cost is shared amongst potentially thousands of customers. Compared to leased lines, Internet-based VPNs offer greater global reach, given that Internet access points are accessible in many places where dedicated lines are not available. The ability to share files and printers also makes for less dedicated money to upkeep and hardware and a decrease in data redundancy. TwoHands will benefit with a higher output in productivity and seamless integration of user and the company intranet. Maintenance Plan The staff in charge that manages IT and network security will handle the maintenance of the VPN configurations and settings. Staff must always be alerted to any threats or malfunctions that occur with the VPN connection. Having redundant ASA 5500 routers will help the company get instantly back online if a problem occurs with the appliance currently in operation during the failure. There are a few key points to regard before deployment of any VPN solution. The following must be maintained on a regular basis due to the constantly increasing and evolving network security demands: End-User Support There must be an efficient way of adding/removing users from the system. It is best to have an automated approach so that there is not one point of reference for the user to contact if there are questions about using the VPN solution. In general, the VPN solution will be maintained on the infrastructure end. User- Group 1 – Final Project, Phase 2 8
  9. 9. related calls should be few and far between, and will likely be of a technical support nature (i.e.: I am unable to connect to the VPN, the network, or other resources). Therefore, these types of calls will be handled in the routine way that all help desk calls are. Infrastructure-related calls (i.e.: Remote Site A cannot access HQ network resources) will be handled by a network engineer or administrator, as they are more critical to business operations and will also require greater access to hardware and configuration changes in order to resolve. Passphrase Management The burden of constantly changing passwords to gain access to the network needs constant attention. This is critical because only users with permissions to access the system should be on the network. A password management system should ideally include a single-sign on solution to simplify the user experience. This means that a user has one ID and password that are propagated throughout the network whenever changes are made, allowing the use of the same set of credentials for checking e-mail, signing into the VPN, logging into a workstation, or other tasks that utilize network resources. The system should also include an expiration period that depends on the criticality of the user role. For example, a team lead in research and design might need to change their password once each month, while an employee with a less vital role may only need a new password every six months. Hardware Maintenance TwoHands must be prepared to handle the hardware and software maintenance of the VPN platform itself. As the system is composed of a single in-line appliance, there will likely be an upgrade schedule, or pathway, that sets a definite date for the device to be retired and replaced with an improve model. The normal schedule of rotation for this type of hardware is three to five years, depending on industry trends, availability of funds within IT budget, desire for expansion, and overall performance needs. Therefore, TwoHands should schedule replacement of this appliance to take place a maximum of five years, and a minimum of three years from implementation. The exact time within this range should be decided by the chief network architect based on the aforementioned factors. Conclusion Overall, the company will greatly benefit from the use of the Cisco ASA 5500. Its multiple uses and high level of efficiency will make for a more productive and well-established company network. Maintenance is an on-going process that is very important to the performance of the VPN. While a Virtual Private Network is a great way to keep a network secure, it can not be the only method implemented. The internet is a wild place, many security measures need to be Group 1 – Final Project, Phase 2 9
  10. 10. taken. Once all factors are considered and actions are taken to handle any emergencies dealing with the VPN, TwoHands should deploy the Cisco ASA 5500 Series Solution. Intrusion Detection Systems Intrusion Detection Systems are critical in minimizing risks and the likelihood of a successful cyber attack against TwoHands’ Information Systems. If an attacker breaks into the systems, they can access and manipulate any data on the systems. Through IDS, one can examine and monitor intrusions and prevent similar attacks from occurring in the future. Intrusion Detection Systems can assist in decreasing the probability of significant security problems and possible financial loss for TwoHands. Intrusion Detection Systems identifies and responds to successful intrusions, and then takes action to mitigate the damage. IDS will aid in protecting TwoHands’ accounting, payroll, purchasing, and other important information systems on the company’s network. TwoHands wants to protect their Accounting systems because this is where they store their information on the amount of money they have at the end of each day and records all of their money transactions. The company’s payroll systems are also important because it maintains records on personnel data and assist in distributing paychecks and pay stubs. Purchasing systems are quite crucial to TwoHands’ business because it is used to determine which products to produce and how much of that product. Another important system that needs to be protected is their Research and Development systems because this is where all the information on their new and improved products is stored. To protect these information systems and prevent any future intrusions, three types of Intrusion Detection Systems will be implemented. The three Intrusion Detection systems are: Network-based, Host- based, and Application-based. Network-based Intrusion Detection System A Network-based Intrusion Detection System inspects network traffic for malicious packets. NIDS monitors incoming or outgoing packets to try and find any suspicious or anomalous behavior. The packets are usually gathered by packet sniffing with the network interface set to promiscuous mode to capture all traffic in real-time as they pass through the network. NIDS tries also to detect any malicious activity, such as denial service attacks and port scans. Based on TwoHands’ Network Topology, the Network-based Intrusion Detection System would be installed where the Accounting, Payroll, Purchasing, Research servers connect to the internet. The reason for installing NIDS at these particular locations is because that is where the incoming and outgoing traffic pass through the company’s network, so you want to make sure that only trusted users have access. Signature-based intrusion detection would be used to analyze the audit data and compare the packets on the network to a signature database of known malicious threats. There are three signatures that the system will look for: port Group 1 – Final Project, Phase 2 10
  11. 11. signatures, string signatures, and header signatures. This will determine whether there was any indication of an intrusion attempt on the network. If the intrusion detection does find something suspicious an alarm will be triggered and the event would be logged so the event can be investigated further. Below is a Cost and Benefit analysis of installing NIDS on TwoHands’ information systems: Cost and Benefits of NIDS Costs Benefits • The cost of implementing the • Effective in detecting attacks detection system at each server. from the outside. • NIDS is not effective in detecting • Detects abnormal behavior. trusted insider attacks. • Great for known attacks. • If NIDS is used to scan both • It is easy to evaluate the alerts, incoming and outgoing traffic, it since the activity is logged. will slow down the network. • Signature-based IDS are unable to detect unknown attacks. • Signature database has to be constantly updated. Host-based Intrusion Detection System A Host-based Intrusion Detection System monitors and analyzes suspicious activity on a particular host. HIDS does this by going thorough the stored information in the operating-system audit trails, system logs, and so forth. HIDS will also record each user’s activity on a host and create an audit trail for each. It will examine the audit trails from time to time to look for any anomalies. It will look at each session within an audit trail of a user to identify whether or not a session is not typical of the user. To do this the Intrusion Detection System will look at CPU time, the number of files used, and the number of commands used. HIDS can detect which programs accesses certain resources or files. It is also capable of detecting any modification to any files or programs by potential attackers. Usually, HIDS will use a database of system objects that it ought to monitor. If the Host-based Intrusion Detection System finds anything unusual, it will report it in logs. HIDS will also record each user’s activity and create and audit trail for each. In terms of TwoHands’ Information Systems, the Host-based Intrusion Detection System would be installed on the computers in Human Resources (Payroll Systems), the Accounting Systems, Purchasing Systems, and the Research and Development Systems. HIDS would be installed on these systems because these are where the companies most valuable information are held and a HIDS will make sure that only authorized users have access to this information. The Host- Group 1 – Final Project, Phase 2 11
  12. 12. based Intrusion Detection system will be anomaly-based to detect intrusions and misuse by looking for abnormal behavior of a user. The anomaly-based system will keep a profile of activities that are considered normal, so it will be able to tell when an activity is atypical. Here is a cost and benefit analysis of installing HIDS: Cost and Benefits of HIDS Costs Benefits • Initial Cost of implementing • Effective in detecting internal HIDS on TwoHands computers. attacks (disgruntled employees). • Vulnerable to attacks, such as • Great for detecting new or Denial of Service. unknown attacks. • Consumes processing time, • Works along with NIDS, so storage and memory. anything that NIDS misses, • It is difficult to analyze alerts HIDS might detect. with Anomaly-based IDS because they are not detailed enough. • Anomaly-based IDS are more prone to false positives. Application-based Intrusion Detection System An Application-based Intrusion Detection System monitors specific applications or services. It detects any suspicious activity at the application level and any packets that are directly communicating with applications. AIDS can detect and track malicious attacks, such as SQL injections just by analyzing application logs. AIDS looks for any interaction between the users and application programs and data. The Application-based Intrusion Detections System analyzes application’s transaction log files for any anomalies. Within TwoHands Information Systems, the Application-based Intrusion Detection System would be implemented on each computer in: Accounting, Human Resources (Payroll), Research, and Purchasing. The AIDS would focus on certain applications on these computers. For example, on the Human Resources computers, AIDS would monitor the applications that handle the payroll systems, to make sure that no one has altered the amount of money that is being distributed to employees. The IDS would be anomaly-based. Below is a cost and benefit analysis of implementing AIDS: Cost and Benefits of AIDS Costs Benefits • Initial costs of installing AIDS. • Useful in discovering • Vulnerable to attack vulnerabilities at the application- Group 1 – Final Project, Phase 2 12
  13. 13. • Consumes a significant amount level. of application and host • Can work with encrypted data, resources. using application-based encryption and decryption services. • Can track unauthorized activity by an individual user. Overall Cost and Benefit of Using IDS Intrusion Detection Systems are very helpful in examining intrusions and preventing them from happening again, which makes them very beneficial. One of the many benefits of IDS is that they can detect many types of malicious behaviors that can jeopardize the security and integrity of a computer system. Intrusion Detection Systems will help to protect the company’s assets by protecting their information systems. The biggest cost with IDS is the initial amount to install the systems. But, it will be well worth it, since it is important to protect the company’s information systems, which would be more costly if it was compromised. Using all three intrusion detection systems: NIDS, AIDS, and HIDS in conjunction with other security mechanisms, such as firewalls, is a sure fire way in securing ones computer systems from potential attackers. Having just a firewall is not the best way to secure your information because firewalls cannot identify any of the attack signatures or analyze any anomalies from the traffic that they monitor or from log files. Intrusion Detection Systems are capable of examining and interpreting the contents of log files from firewalls, routers, servers, and other forms of network devices. If IDS finds anything suspicious, it activates an alert and can take preventative actions, such as shutting down specific servers or attempt to trace back the activity to identify an attacker. This makes IDS a valuable system to have as a part of a company’s risk management plan. Intrusion Detection Post-Deployment Plan Deployment of an intrusion detection system is only the first step. A plan for managing the system post-deployment is imperative to ensure it works effectively and efficiently for TwoHands Corporation. The plan includes monitoring, incident response, and management and maintenance of the IDS after the system has be installed on TwoHands’ network. Monitoring Important information about users of the network should be recorded, in order to effectively monitor an intrusion detection system. It is essential to determine what kind of information is being sent through the network, who is sending this information, and where it is going. Monitoring packets can help an IDS determine whether or not there is suspicious activity on the network. In addition to Group 1 – Final Project, Phase 2 13
  14. 14. monitoring packets on the network, audit information regarding host access should be recorded in order to produce an anomaly-based intrusion detection system. Suspicious activity regarding a host can be determined by irregular behavior of a user. Also, a similar technique can be used to monitor applications. Audit data is important to protect applications from intrusions that may alter data. Incident Response Should there be a detection of an intrusion on TwoHands’ network, hosts, or applications, it is imperative to have an incident response plan in place to handle the intrusion and mitigate the damage that it may cause. There are a number of steps that should be followed to ensure that the incident is resolved and will not occur again in the future. These include the following: 1. Respond to the activity. This step includes the mitigation plan. It is important for this plan to mention who should be notified if an attack or intrusion is detected by one of the IDS. The hardware has real-time system monitoring with an alert system should any unusual activity be detected by it. If there is anomalous activity on the network, the system will respond in one of two ways. If it is a critical alert, a message will be sent to the primary lead via a pager or cell phone that notifies him of the issue. If the primary lead does not respond, the message will then be sent to a secondary lead or the individual who is designated on-call. If it is a minor concern, the alert will be added to the alert queue and dealt with at a later time. After notifying the proper individuals about critical issues, a quick-fix should be determined to minimize the damages that the intruder may cause to the data he gained access to during the intrusion. 2. Investigation of the incident. After the initial response to the intrusion, a full-scale investigation of the incident should be completed by the intrusion detection specialist. Initially, time should be spent gathering information on the intrusion. Information, such as the port number the intruder used to access the network, should be recorded in order to determine a solution for the vulnerability the intruder was able to utilize for his intrusion. It is crucial to determine the cause of the vulnerability during this step. A thorough investigation of the intrusion should be conducted in order to prevent a future exploit of the vulnerability. After the cause is investigated and determined, it is important to diagnose the problem. Formulating a plan to eliminate the vulnerability on TwoHands’ network is essential to protect it from a future intrusion. Upon the completion of analyzing the information gathered about the intrusion, a report should be written that details the nature of the attack and the information gathered during the investigation. This report will be useful in the future if an intrusion of the same nature occurs again. Information Group 1 – Final Project, Phase 2 14
  15. 15. technology professionals can use the report to help determine the cause of a similar attack. Creating records of past intrusions can aid the company in determining other vulnerabilities and it can also help determine the solution during or after a future intrusion. 3. Rectify the problem. This step is extremely important if an intrusion exploits vulnerability on the system and is then expected to be prevented in the future. Money spent on an intrusion detection system would be wasted if vulnerabilities determined by the system were left as they are instead of eliminating them. In order to prevent a future intrusion, operating system security patches should be installed on the network, hosts, and applications. Signatures used by the IDS should be updated to reflect the newly determined vulnerability. Any open ports that are not being used should be closed and access should be restricted to prevent an intrusion. Proper incident response can save TwoHands Corporation a significant amount of money and can help prevent the loss of assets in the form of electronic data. An intrusion detection system is only as effective as its incident response plan. Without an effective plan, the IDS would be useless to the company. Although intrusions could be detected, the inability to handle these intrusions could lead to catastrophic damages monetarily for TwoHands. Management and Maintenance Management and maintenance of an IDS are as important as having a strong incident response plan. In order to have an effective IDS, the system should be managed by a professional who specializes in IDS management. An IT Intrusion Detection Specialist will be hired to manage and maintain the IDS. This individual will be responsible for managing and maintaining the system, as well as investigating incidents and rectifying issues. The IT Intrusion Detection Specialist will be responsible for ensuring that the signatures are up-to-date with the latest known vulnerabilities. He will also be responsible for making sure that updates to the system are completed in a timely manner in order to prevent the exploitation of known vulnerabilities. Scanning and vulnerability testing are essential for a successful IDS. It is important that the network, hosts, and applications be scanned and tested daily by a third-party to determine vulnerabilities. In addition to ensuring that the software that manages the IDS is up-to-date, it is important that the hardware be tested daily to ensure its functionality. Hardware should be maintained and replaced when it no longer can perform the tasks of the IDS effectively. Thorough research on new technologies that may Group 1 – Final Project, Phase 2 15
  16. 16. increase security within TwoHands’ network should be completed often to ensure the most effective detection is taking place. Authentication Authentication is essential for everyday users let alone businesses. Most businesses have information in their databases that they don’t want customers or even competitors to know or find out about. For this reason we are implementing an authentication program that will secretly hide the users ID and Password from the outside world. The main program used is Kerberos and they act as an intermediary. User IDs and Passwords are sent through Kerberos, which checks and makes sure the user is who they say they are, and lets them have access to the database/server if their User ID and Password match what they have for them on file. Another strong suite of Kerberos is that it can be directly implemented into the company. We will be using Kerberos version 5, which is a protocol for authentication of users and services (collectively called principals.). Each principal has a symmetric (secret) key (The Users’ keys are hashed passwords and the Service keys are random bit-strings). All keys are known by the Key Distribution Center (KDC). Keys are used to decrypt short messages from the KDC. Knowledge of a key proves identity. Kerberos does not send passwords over the network; that would be too risky. Rather, session keys are sent, encrypted under user and service keys. Benefits For individuals unfamiliar with the Kerberos protocol, the benefits of deploying it in their network may not be clear or needed. However, all administrators are familiar with the problems Kerberos was designed to mitigate. • Password sniffing • Password filename/database stealing • The high level of effort necessary to maintain a large number of account databases. A properly deployed Kerberos Infrastructure will help us address these problems. It will make our enterprise more secure. The use of Kerberos will prevent plaintext passwords from being transmitted over the network. The Kerberos system will also centralize your username and password information which will make it easier to maintain and manage this data. Kerberos will also prevent you from having to store password information locally on a machine, whether it is a workstation or server, thereby reducing the likelihood that a single machine compromise will result in additional compromises. To summarize, in a large enterprise, the benefits of Kerberos will translate into reduced administration costs through easier account and password management Group 1 – Final Project, Phase 2 16
  17. 17. and through improved network security. In a smaller environment, scalable authentication infrastructure and improved network security are the clear benefits (Kerberos Infrastructure HOWTO). The diagram below is what the TwoHands network will look like after deployment of the Kerberos software. KERBEROS SECURED-ACCESS As you can see, there are several parts to the Authentication system. The only way to gain access to the server would be to go though Kerberos through the KDC. From there you will be sent to the Trusted Realm if and only if your User ID and Password check out. Since Kerberos can be accessed anywhere over the internet, the Trusted Realm can also be easily reached anywhere over the internet. Company Savings The initial cost to use Kerberos might be steep but in the long run it will save our company a lot of money and heartaches for several reasons. • Kerberos is a secure authentication protocol that is almost impossible to hack into Group 1 – Final Project, Phase 2 17
  18. 18. • They don’t send any personal information out over the internet, they even create session keys which are sent out in the place of passwords (then encrypted with the user/services keys) • Kerberos saves a lot of labor as well. Since Kerberos is automated, we don’t have to hire anybody to watch over it. Deployment Costs Due to the fact that Kerberos operates as an application on a Linux or Unix platform, the initial cost of establishing a Kerberos realm is not very significant. However, it is important to ensure that a powerful enough server is chosen to operate this critical service, and that the application is properly configured to function within the network. An estimated $10,000 should be allotted for the initial server installation and configuration to ensure that it is configured correctly, fully functional, and maintainable. Maintenance Plan The Kerberos system and its features are largely automated. Any anticipated downtimes would be as a result of hardware failure or scheduled updates. Due to the critical nature of the system in our network environment, any hardware failure would be considered a “red” flag and would take priority in the repair queue. These occurrences should be minimal, and will hopefully allow the Kerberos service to meet the five nines network goal (99.999% uptime) at TwoHands. The application, and the host operating system that it runs on, will follow a routine patch schedule (typically once per month, during evening hours) to ensure they are resistant to new security vulnerabilities and compatible with emerging software and hardware. Cost of Implementation The table below illustrates the estimated cost for implementation of the four security tools previously mentioned including labor. Monitoring and maintenance will be handled using full time equivalents (FTE). Two FTEs will be employed for application management (One for firewall and IDS, one for VPN management and network administration). ½ FTE will be hired for Kerberos management and ½ FTE will be hired for patch and change management. The total cost reflects the cost for implementation plus the first year of monitoring and maintenance. Group 1 – Final Project, Phase 2 18
  19. 19. Implementation $45,000 Labor 17,000 Hardware Costs 28,000 Cisco ASA 5500 4,000 VPN Licenses 10,000 Kerberos server 10,000 Redundancy hardware 4,000 Monitoring and Maintenance $140,000 Labor 135,000 FTE for firewall, IDS 45,000 FTE for VPN, Network Admin 45,000 ½ FTE for Kerberos 22,500 ½ FTE for patch/change mgmt 22,500 Misc. Costs 5,000 Total Cost $185,000 Conclusion Security is essential on today’s networks. Companies are at risk to a number of different malicious attacks. Without the proper mechanisms to secure their networks, they are putting assets, money, and private information at the fingertips of hackers. The plan developed for the TwoHands Corporation utilizes a variety of tools for securing the company’s network. Installing Firewall, VPN, IDS, and Authentication tools on the network is the minimum amount of effective security for a company wishing to move their business online. The plan was developed to be cost effective and utilize the most up to date technologies. Integrating these security tools into TwoHands’ network will offer the company the ability to use the Internet to increase income for the company without the risk of losing money due to security breaches. Division of Labor • Jonathon Ben – Wrote section on firewalls • Chris Hinnerschietz – Wrote section on VPN • Jimmy Mesta – Wrote section on VPN • Ashley McCully – Wrote section on Intrusion Detection System • Chris Pierce – Wrote section on Authentication • Brad Shively – Wrote section on firewalls • Shanieke Walters – Wrote section on Intrusion Detection System Group 1 – Final Project, Phase 2 19
  20. 20. Bibliography Bradley, Tony. “Introduction to Intrusion Detection Systems.” The New York Times Company. < a/aa030504.htm> Gong, Fengmin. “Deciphering Detection Techniques: Part II Anomaly-Based Intrusion Detection.” Network Associates. March 2003. McAfee. < y.pdf> “Kerberos Infrastructure HOWTO”. Retrieved: December 4, 2007 Website: Shimonski, Robert J. “What you need to know about Intrusion Detection System.” Windows Security. 18 November 2002. < ut_Intrusion_Detection_Systems.html> Wikimedia Foundation. “Host-based Intrusion Detection System.” Wikipedia. 30 October 2007. < based_intrusion_detection_system> Wikimedia Foundation. “Intrusion Detection System.” Wikipedia. 1 December 2007. <> Wikimedia Foundation. “Network Intrusion Detection System.” Wikipedia. 3 December 2007. <> Group 1 – Final Project, Phase 2 20