MSc DEGREE IN NETWORK AND INFORMATION SECURITY

KINGSTON UNIVERSITY
FACULTY OF ENGINEERING AND
COMPUTING
School of Computing
MSc. DEGREE
IN
Network and Information Security
Name: Chanaka Lasantha Nanayakkara Wawage
ID Number: 1658833
Project Title: The Solution for Storage Cluster with
Database Grid Infrastructure by Research on Security
Weakness Mitigation and Changers.
Supervisor: Dr. Ruwan Abeysekara
PhD(Doc.Eng.)MSc(CS),BSc,Dip.(Tec.Sc.),DFA, MBCS, MCS, MIEEE, MIEEECS, MIET, MIDES
Date: 12th
September 2018
WARRANTY STATEMENT
This is a student project. Therefore, neither the student nor University makes any
warranty, express or implied, as to the accuracy of the data or conclusion of the work
performed in the project and will not be held responsible for any consequences arising
out of any inaccuracies or omissions therein.

Page | 2
Name: Chanaka Lasantha Nanayakkara Wawage Student ID: K1658833 Due Date:
04/04/2018

Page | 3
04/04/2018
ACKNOWLEDGEMENT.
I wish to extend my profound gratitude to Dr Ruvan Abeysekara, Dean and Senior
Lecturer of the ESOFT Metro Campus, who as my supervisor guided me with utmost
care and concern towards the successful completion of this report. His subject
knowledge, advice, directions, highly constructive comments and encouragement
became crucial factors in making this study a success.
Next, I wish to thank Mr Uditha Priyanga, Head of the Program Manager of ESOFT
Metro Campus for his highly constructive comments. Also, I express my sincere
gratitude for the ESOFT Metro Campus and its entire lecture panel for providing me
with the valuable knowledge, highly constructive comments and fruitful ideas which
strengthens me to complete this research project successfully.
I wish to extend a special thanks to the selected sample of resource persons who
willingly participated in the questionnaire survey and without whose corporation this
study would never have been a success. Further, my batch-mates who as a team assisted
me to carry out the questionnaire survey successfully are also gratefully remembered.
My heartfelt gratitude and appreciation are expressed to all my dearest colleagues and
friends of Commercial Credit and Finance PLC, for their unwavering support.
Also, I get this opportunity to deep thank my family. Words cannot express how
grateful I am to my wife for encouraging me to complete this project successfully and
for all of the sacrifices that you’ve made on my behalf. I feel very indebted to my
parents, their prayers, moral support and which precious assets are for me.
Finally, I would like to express appreciation to my beloved daughter MIHINDEE who
brightens up my days with her smiles and infinite laughs that always made me keep
going.

Page | 4
04/04/2018
ABSTRACT.
The main focuses on this research project were deeply exploring the security
enhancements, mitigation of security weaknesses, and scalable storage cluster solution
with low cost for over the world geographical areas.
The best practice of security enhancements against to the cybercriminals and the benefit
of third-party clients for the storage cluster in the remote area in Sri Lanka was one of
the major expectations of this project.
This research has been studied heavily explores the issues of storage cluster security
weaknesses when they are connected with each other over the internet as an exciting
traditional way of interconnection methods.
Finally, that the final validation process was illustrated in that six hypothesis statements
were validated due to various effected size over among the independent variables.
Additionally, that the output has been directly inherited into the Octave Framework for
the further technical level of vulnerability assessment with organizational risk factors
in the particle way.
But after the OS, Kernel and application update process, it was reduced up to the
successful level. The organizational vulnerabilities were reduced with the Security
policy of the ABC LTD after the embedded with Octave stage with existing ABC LTD
own security policy.
Also, the Pen Test was occurred to attacked the over the IT assets as an anonymous
way of the test method and got the sufficient level of the good security level of the
provided solution with the above stages.
Therefore, it was required a continuous structured process of evaluating storage cluster
for Oracle Grid Infrastructure environment’s regarding the current state of security
practices against the constant and stable changes were brought such that by innovations
in technology using four different architectures into on solution and an increase in
awareness concerning security issues.

Page | 5
04/04/2018
Table of Contents
Title…………………………………………………………………………………001
Declaration………………………………………………………………………….002
Acknowledgement…………………………………………………………………. 003
Abstract……………………………………………………………………………..004
Table of Contents………………………………………………………………...... 005
List of Figures……………………………………………………………............... 009
List of Tables………………………………………………………………………. 011
List of Annexures………………………………………………………………...... 013
Abbreviations……………………………………………………………………….014
CHAPTER 01: INTRODUCTION AND BACKGROUND…………………… 015
1.1. Background of the Project………………………….............................. 015
1.2. Statement of the Problem………………………………………………016
1.3. Aim and Objectives………………………………………………….....016
1.3.1. Aim………………………………………………………….. 016
1.3.2. Objectives…………………………………………………… 016
1.3.3. Hypothesis…………………………………………………... 017
1.4. Significance of The Study…………………………………………….. 018
1.5. Summarized Overview of Methodology……………………………… 019
1.6. Concept of Proposed Architectural Solution………………………….. 020
1.7. Chapter Organization of the Dissertation……………………………... 021
1.8. Summery……………………………………………………………….021
CHAPTER 02: LITERATURE REVIEW……………………………………… 022
2.1. Introduction…………………………………………………………….022
2.2. Existing Security Mechanisms and Weakness…………………………022
2.2.1. The SPARC Architecture and Major Security Threats………022
2.2.2. ZFS File System and Security Weakness…………………… 025
2.3. Advantages of Proposed Solution…………………………………….. 026
2.3.1. Linear Scaling and Introducing GlusterFS………………….. 026
2.3.2. The Ultimate GlusterFS Architecture………………………..028
2.3.3. Storage Scale Out Process of The GlusterFS………………...029
2.3.4. The algorithmic approach and metadata model of GlusterFS. 032
2.3.5. GlusterFS Compression over the OpenVPN…………………034

Page | 6
04/04/2018
2.3.6. The SSL/TLS Connectivity over The GlusterFS…………….035
2.3.7. Benefit and OpenVPN Mechanism over GlusterFS………….037
2.4. Summery……………………………………………………………….040
CHAPTER 03: DISASTER RECOVERY ………………………………………041
3.1. Introduction…………………………………………………………….041
3.2. Aims and Outcomes of DR…………………………………………….041
3.3. DR Scope…………………………………………………………….... 041
3.4. DR Scenario……………………………………………………………042
3.5. The DR Strategy……………………………………………..................043
3.6. Recovery Phases………………………………………………………. 044
3.7. Description of Business Continuity Plan………………………………045
3.8. Overview of the Security Policy……………………………………… 045
3.9. Responsibilities……………………………………………………….. 046
3.10. Security Policy on GlusterFS Cluster and Oracle Grid……................ 047
3.11. Summery……………………………………………………………...048
CHAPTER 04: RESEARCH DESIGN…………………………………………..049
4.1. Introduction…………………………………………………………….049
4.2. Questionnaire on Target Groups Data Collection…………………….. 049
4.3. Sampling Calculation and Process……………………………………. 050
4.4. Information Generated…………………………………………………051
4.5. Organization of Survey………………………………………………...052
4.6. The Diagrammatic Representation of Methodology…………………...053
4.7. The Diagrammatic Representation of Conceptual Framework……….. 054
4.8. Summery……………………………………………………………….054
CHAPTER 05: BACKGROUND OF THE RESEARCH STUDY AREA…..... 055
5.1. Introduction…………………………………………………………….055
5.2. Study Area of the Project………………………………………………055
5.3. Limitations of the Study and Compliance…………………………….. 056
5.4. Summery……………………………………………………………….056
CHAPTER 06: DATA ANALYZE……………………………………………….057
6.1. Introduction…………………………………………………………….057
6.2. SPSS Analysis (Phase I) ……………………………………………… 057
6.2.1. Chi Square Analysis………………………………………… 057
6.2.2. Correlational Analysis………………………………………. 078

Page | 7
04/04/2018
6.3. OCTAVE Framework Based Annalise (Phase II) ……………………. 082
6.3.1. Phase I: Build the Asset-Based Categorised Threat Profiles...082
6.3.2. Phase II: Clearly Identified the Infrastructure Vulnerabilities.083
6.3.3. Phase III: Risk Mitigation and Security Strategy Plans…….. 083
6.4. Potential Members of the Team………………………………………. 084
6.5. Critical Assets with Priority under area of Concern…………………... 084
6.6. Identification Security Requirements on Critical Assets………………084
6.6.1. GlsuterFS Framework Servers……………………………….084
6.6.2. OpenVPN Servers……………………………………………085
6.6.3. Firewalld Servers……………………………………………. 085
6.7. Identification of the Current Security Practices………………………..085
6.8. Organizational Vulnerabilities…………………………………………086
6.9. Threat Profiles………………………………………………………….086
6.9.1. OpenVPN Server Threat Profile……………………………..087
6.9.2. GlsuterFS Servers Threat Profile…………………………….088
6.9.3. Firewall Threat Profile……………………………………….089
6.9.4. Critical Assets Classification………………………………...090
6.A. Identifying Infrastructure Vulnerabilities…………………………….. 090
6.A.1. Identified Infrastructure Components………………………. 090
6.B. Evaluated Selected Components………………………………………091
6.B.1. Vulnerability Severity Levels………………………………. 091
6.B.2. Preliminary Summary………………………………………. 091
6.B.3. Reviewed Technology Vulnerabilities Results……………... 092
6.C. Penetration Testing (Phase III)……………………………………….. 093
6.D. The Metasploit Framework and Pen Test…………………………….. 093
6.D.1. Attacks Methods Over the GlusterFS………………………. 093
6.E. Result of NMAP and Services Verification…………………………... 094
6.E.1. NMAP Scan Over GlusterFS Nodes………………………... 094
6.E.2. Backdoors over the RAC…………………………………….095
6.E.3. NMAP Scan of the GlusterFS………………………………. 095
6.F. Result of MSF Attacks………………………………………………... 096
6.F.1. Illustration of Failed to Exploited over RAC……………….. 096
6.F.2. Illustration of Exploitation over GlusterFS…………………. 096
6.F.3.Pentest Final Result………………………………………….. 097

Page | 8
04/04/2018
6.G. Summery………………………………………………………………097
CHAPTER 07: CONCLUSIONS AND RECOMMENDATIONS …….............098
7.1. Introduction…………………………………………………………….098
7.2. Discussion……………………………………………………………...098
7.3. Conclusion…………………………………………………………….. 099
7.3.1. Correlation Analysis Phase-I………………………………... 099
7.3.2. Chi-Square Analysis Phase-I………………………………... 099
7.3.3. Octave Analysis Phase-II…………………………………….101
7.3.4. Penetration testing Analysis Phase-III……………………….101
7.4. The Overall Conclusion with Three Analysed Stages………………… 101
7.5. Proposed Solution and Future Research………………………………. 102
7.6. Summery……………………………………………………………….103
REFERENCES…………………………………………………………………… 104
INDEX…………………………………………………………………………….. 153

Page | 9
04/04/2018
List of Figures.
Figure 1.1: Overview of Method and Plan………………………………………… 019
Figure 1.2: The Proposed Network Architecture…………………………………...020
Figure 2.1: Common CPU vs Oracle S7 CPU……………………………………...022
Figure 2.2: SQL in Silicon………………………………………………………….023
Figure 2.3: Silicon Secured Memory……………………………………………….023
Figure 2.4: Transparent Data Encryption………………………………………….. 024
Figure 2.5: Logarithmic Vs Linear Improvement…………………………………. 029
Figure 2.6: GlsuterFS 4x Performance and 4x capacity…………………………… 030
Figure 2.7: GlsuterFS 20x Performance…………………………………………… 031
Figure 2.8: Linear Scaling of GlsuterFS……………………………………………031
Figure 2.9: Node add and delete effect mitigation………………………………… 033
Figure 2.A: LZO High Compression Process………………………………………035
Figure 2.B: Speed test of RSA with Private Keys…………………………………. 036
Figure 2.C: Speed test of AES-256-GCM…………………………………………. 036
Figure 2.D: Speed test of BF-CBC………………………………………………… 037
Figure 2.E: Anti DDOS and DH……………………………………………………038
Figure 2.F: Traffic Flow over VPN Tunnel………………………………………...039
Figure 2.G: Cryptographic Operations with OpenSSL……………………………. 040
Figure 3.1: DR Risk Identification………………………………………………….041
Figure 3.2: DR Process Overview…………………………………………………. 042
Figure 3.3: DR Methodology……………………………………………………….043
Figure 3.4: DR and Rollback Overview…………………………………………… 044
Figure 3.5: BCP Life Cycle………………………………………………………... 045
Figure 3.6: Information Security Goal…………………………………………….. 045
Figure 4.1: The Survey Management……………………………………………….052
Figure 4.2: The Methodology of the Research Project……………………………..053
Figure 4.3: The Conceptual Framework ………………………………………….. 054
Figure 6.1: Critical Value Identification……………………………………………057
Figure 6.2: The Illustration of Correlation Coefficient……………………………..078
Figure 6.3: Illustration of Infrastructure Vulnerability……………………………..090
Figure 6.4: NMAP Scan Over GlusterFS Nodes…………………………………... 094
Figure 6.5: Backdoors over the RAC……………………………………………….095

Page | 10
04/04/2018
Figure 6.6: NMAP Scan of the GlusterFS…………………………………………. 095
Figure 6.7: Illustration of Failed to Exploited over RAC…………………………..096
Figure 6.8: Illustration of Exploitation over GlusterFS…………………………….096
Figure 7.1: The Solution with Enhancements ……………………………………. 102
Figure A.1: GlsuterFS Distributed Strip Replica………………………………….. 110
Figure A.2: GlusterFS Client Sheared Locations………………………………….. 111
Figure A.3: Gird Initial Installation………………………………………………... 124
Figure A.4: Assigned the SCAN Name…………………………………………….124
Figure A.5: Adding Grid Nodes…………………………………………………… 125
Figure A.6: Network Isolation…………………………………………………….. 125
Figure A.7: Mapped the Sheared Location…………………………………………126
Figure A.8: Assigned DBA Roles…………………………………………………. 127
Figure A.9: Located Grid Installation………………………………………………127
Figure A.10: Located Oracle Inventory…………………………………………….128
Figure A.11: Grid Installation Process……………………………………………...128
Figure A.12: Database Cluster Installation…………………………………………129
Figure A.13: Assigned Policy………………………………………………………129
Figure A.14: Granted Privileges on DB…………………………………………… 130
Figure A.15: Configured Memory Management…………………………………... 130
Figure A.16: Datafiles………………………………………………………………131
Figure A.17: Assigned DBA Roles…………………………………………………131
Figure A.18: Final Stage of DB installation……………………………………….. 132

Page | 11
04/04/2018
List of Tables.
Table 4.1: Morgan table…………………………………………………………….049
Table 4.2: Classified Sample Sizes Summery……………………………………... 051
Table 6.1: Crosstab-A………………………………………………………………058
Table 6.2: CSQ Test-A…………………………………………………………….. 058
Table 6.3: Symmetric Measures-A………………………………………………… 058
Table 6.4: Crosstab-B……………………………………………………………… 059
Table 6.5: CSQ Test-B…………………………………………………………….. 059
Table 6.6: Symmetric Measures-B………………………………………………… 060
Table 6.7: Crosstab-C……………………………………………………………… 061
Table 6.8: CSQ Test-C…………………………………………………………….. 061
Table 6.9: Symmetric Measures-C………………………………………………… 061
Table 6.10: Crosstab-D……………………………………………………………. 062
Table 6.11: CSQ Test-D…………………………………………………………… 063
Table 6.12: Symmetric Measures-D……………………………………………….. 063
Table 6.13: Crosstab-E…………………………………………………………….. 064
Table 6.14: CSQ Test-E…………………………………………………………….064
Table 6.15: Symmetric Measures-E……………………………………………….. 064
Table 6.16: Crosstab-F…………………………………………………………….. 065
Table 6.17: CSQ Test-F…………………………………………………………… 066
Table 6.18: Symmetric Measures-F……………………………………………….. 066
Table 6.19: Crosstab-G……………………………………………………………..067
Table 6.20: CSQ Test-G…………………………………………………………… 067
Table 6.21: Symmetric Measures-G……………………………………………….. 067
Table 6.22: Crosstab-H……………………………………………………………..069
Table 6.23: CSQ Test-H…………………………………………………………… 069
Table 6.24: Symmetric Measures-H……………………………………………….. 069
Table 6.25: Crosstab-I………………………………………………………………069
Table 6.26: CSQ Test-I……………………………………………………………. 070
Table 6.27: Symmetric Measures-I…………………………………………………071
Table 6.28: Crosstab-J………………………………………………………………072
Table 6.29: CSQ Test-J……………………………………………………………. 072
Table 6.30: Symmetric Measures-J……………………………………………….. 072

Page | 12
04/04/2018
Table 6.31: Crosstab-K……………………………………………………………. 073
Table 6.32: CSQ Test-K…………………………………………………………… 074
Table 6.33: Symmetric Measures-K..……………………………………………… 074
Table 6.34: Crosstab-L…………………………………………………………….. 075
Table 6.35: CSQ Test-L…………………………………………………………….075
Table 6.36: Symmetric Measures-L……………………………………………….. 075
Table 6.37: Crosstab-M……………………………………………………………. 076
Table 6.38: CSQ Test-M…………………………………………………………... 077
Table 6.39: Symmetric Measures-M………………………………………………..077
Table 6.40: Correlation-A…………………………………………………………..079
Table 6.41: Correlation-B…………………………………………………………..079
Table 6.42: Correlation-C…………………………………………………………..080
Table 6.43: Correlation-D…………………………………………………………..080
Table 6.44: Correlation-E………………………………………………………….. 081
Table 6.45: Correlation-F………………………………………………………….. 081
Table 6.46: Assets Categorization…………………………………………………. 084
Table 6.47: Organizational Vulnerabilities…………………………………………086
Table 6.48: OpenVPN Server Threat Profile……………………………………….087
Table 6.49: GlsuterFS Servers Threat Profile………………………………………088
Table 6.50: Firewall Threat Profile…………………………………………………089
Table 6.51: Critical Assets Classification…………………………………………..090
Table 6.52: Identifying Infrastructure Components………………………………...091
Table 6.53: Vulnerability Severity Levels………………………………………….091
Table 6.54: Preliminary Summary………………………………………………….091
Table 6.55: Reviewed Technology Vulnerabilities Results………………………...092
Table A.1: Hardware Requirements……………………………………………….. 110
Table A.2: Software Requirements…………………………………………………110

Page | 13
04/04/2018
List of Appendixes.
APPENDIX A – SYSTEM DOCUMENTATION……………………………… 110
A.1. Hardware and Software Requirements……………………………….. 110
A.2. Setting Up Pre-Requirements………………………………………… 110
A.2.1. GlsuterFS Cluster Deployment over the LVM Volumes……110
A.2.2. OpenVPN Cryptography Performance Test……………….. 111
A.2.3. The Oracle Grid Environment Application Configuration.... 113
A.2.4. The Oracle users, groups and OS variables configuration…. 114
A.2.5. Node Level DNS and Network Bonding…………………… 118
A.2.6. Installing DNS Server……………………………………….120
A.2.7. Installing Oracle Gird Infrastructure……………………….. 124
A.2.8. Installing Oracle Database Cluster Instances………………..129
A.2.9. The Verification of The Grid Infrastructure on RAC………. 132
APPENDIX B – CODE LISTING………………………………………………..134
B.1. OpenVPN Clients Tunnelling over GlsuterFS Nodes…………………134
B.2. OpenVPN Server Configurations…………………………………….. 136
B.3. OpenVPN Client Configurations……………………………………... 137
B.4. Firewall Configuration Over Server Nodes…………………………... 138
APPENDIX C – QUESTIONNAIRE ……………………………………………144
C.1. Questionnaire for Storage Cluster with Oracle Grid…………………..144

Page | 14
04/04/2018
Abbreviations.
SDSC
ERP
OGISC
ETE
RSA
AES
HMAC
SPARC
ZLIB
CRC32
LZ4
ZFS
OpenSSL
UDP
TCP
HTTPS
PKCS
DOS
MFC
ISSC
IDS
VPN
RHEL
CPU
HDD
CISO
PAP
CSQ
IKE
H0
ISSC
Secured database storage cluster.
Enterprise resource planning.
Oracle gird infrastructure storage cluster.
End-to-end.
Rivest Shamir Adleman.
Advanced encryption standard.
Hash message authentication code.
Scalable Processor Architecture.
Zlib is a software library used for data compression.
Cyclic redundancy check.
Lossless data compression algorithm.
Z File System.
Open source Secure Sockets Layer.
User datagram protocol.
Transport control protocol.
Hypertext transfer protocol secure.
Public key cryptography standards.
Denial of service.
Metasploit framework console.
Information Security Steering Committee.
Intrusion detection system.
Virtual private network.
RedHat enterprise Linux.
Central processing unit.
Hard disk drive.
Chief Information Security Officer.
Project affected peoples.
Chi-square.
Initial Key Exchange.
Null hypothesis.
Information Security Steering Committee.

Page | 15
04/04/2018
CHAPTER 01: INTRODUCTION AND
BACKGROUND.
1. 1. Background of the Project.
This project has been definitely extended and generated important benefits for the
various stakeholders by enhancing security availability of the cluster system in secured
Oracle grid infrastructure storage cluster (OGISC) delivery as well as evaluation. Also,
it was heavily focused on security weaknesses and cryptographic backdoors over the
distributed storage structure with high availability under low cost than expensive
alternatives.
Similarly, users, administrators, engineers, operation and senior managers have strong
benefits to deliver smooth operations with OGISC to provide fast and secure data access
from the ERP web applications to the end users including the chief executive officer,
head of IT and branch managers as well. “Stakeholders are individuals, groups or
organizations that are affected by the activity of the business” (BBC 2014).
The OGISC were strongly addressed, the specific major problems by facilitates
adaptive software and hardware resources, that make very efficient and, also provides
usage capacity on demand over the securing mechanism. “Oracle RAC enables you to
cluster Oracle databases” (Oracle 2018). In additionally it is very low-cost effective
compared to the traditional system, which is effectively balancing the load, sessions
and security weakness over the grid shard secured infrastructure concept.
The main conceptual idea of the OGISC was such that the computing process must have
reliability, scalability, resource sheared, easily maintainability and transparent as the
utility. It does not matter whenever user applications and data in different geographical
locations, also the specific computer process that anyone has requested.
The proposed secured architectural solution operates over different geographical
clustered database behaviour including secure sheared concept. “The Oracle grid
infrastructure lays the foundation for highly available and scalable Oracle RAC
systems” (Skillsoft 2017).

Page | 16
04/04/2018
1.2. Statement of the Problem.
The connection-oriented globally OGISC has the security threats while connecting
individual among storage cluster nodes. The OGISC has been affected due to a cyber
threat on the physical file level encryption of data files such that the ORACLE SPAC-
M7/M8 were failed to secured end-to-end encryption among storage nodes.
The shared mount point of the OGISC leads cyber threat over the selected critical IT
assets in the ABC LTD and the physical file level storage encryption methods only
protect the data files from unauthorized access. But it does not protect cluster
connectivity pointed with storage level pointed the major problem statement over the
OGISC.
1.3. Aim and Objectives.
1.3.1. Aim.
The main aim is to give a solution for the distributed and high secure shared storage
cluster solution on OGISC over separate SSL/TLS compressed tunnels to provide the
secured and distributed solution by applied and practiced theoretical concept.
Additionally, Industrial experiences were further developed an in-depth better
knowledge regarding the particularly advanced cryptography concepts by practiced
theoretical concept has been learned during the MSc Program as well as from published
research publications.
1.3.2. Objectives.
The list of main objectives will be implemented, mitigated and enhanced as follows,
1. To determine end-to-end (ETE) encrypted independent tunnels establishment
can strengthen among the OGISC nodes and the remote oracle shared mount
points.
2. To determine secured initial key exchange mechanism can implement prior to
the establishment of SSL connectivity over the OGISC.
3. To determine digital certificate and signature can archive in order to certify the
genuine VPN certificate were given by an author.

Page | 17
04/04/2018
4. To determine the GlsuterFS storage cluster can have infinite scalability and
secured connectivity over the OGISC.
5. To determine high compressed data connectivity behaviour can smoothly
enhance high-performance operations among the OGISC.
6. To determine limitation of shared file system capability on Oracle database
application can secure and effectiveness over GlusterFS mechanism with
encrypted tunnelling.
1.3.3. Hypothesis.
1. The SSL/TLS ETE encryption at which storage cluster can have to perform
secured tunnel security and accessibility among server nodes against to
compromising situations over the shearing storage area by using encryption
algorithms such as RSA, AES were incorporated while the HMAC function
makes use of a hashing algorithm were built in OpenVPN.
2. The Initial key exchange (IKE) mechanism of the SSL/TLS process can have
tightly coupled with HMAC handshake method over the DH and STC keys
exchange algorithms. Also, a static key among both peer nodes before the
certain tunnel was started of OpenVPN architecture to mitigate risk by adhering
The X.509 global standard according to the formation of the public key
certificate with periodically key origin renegotiation process.
3. The digital signature and certificate make the concept of fingerprinting security
mechanism which can digitally sign by genuine message sender by the trusted
originator of the content. Also, the one-way hash function can check the
integrity of the message. The multifactor authentications of OpenVPN have
strongly mitigated account hijack situation. Also, it can have powerful firewall
itself with manageable routing framework.
4. The intelligent self-driven metadata algorithm of the GlusterFS have mainly
focused on the brick server to relocate files which can provide flexibility to add
and delete VMs by continuing operations instead of traditional systems. Also,

Page | 18
04/04/2018
it provides large scale-out architecture and minimum overhead on the cluster
including the ability of data performance.
5. The OpenVPN can engage for highly compressed data packets in order to
improve the performance without adding an extra overhead towards OpenVPN
protocol such that inherited from cryptographic functionality using AES-256-
GCM. Also, its contained pushed routing feature among TCP or UDP traffics
with fail-safe functionality.
6. The mechanism of the SPARC-M8 processor has hardware-assisted encryption
data which can tightly couple with Linux kernel while Oracle ZFS storage
appliances encrypt only at the file system level. Also, it does not provide
compressions, replication, reduplication direct NFS support while direct NFS
client that optimizes NFS operations.
1.4. Significance of The Study.
The thesis will analyse whether major security, scalability, availability, and
performance aspects have seen an improvement after the project and also to find out
the best way to establish the Solution.
A thorough search on literature revealed that studies addressing above areas and studies
of their achievement were scarce or almost nil.
Therefore, this study will serve as a base for those who wish to look deeper into these
areas. In addition, it will be very much important for the parties who expect to
implement secure and scalable OGISC.

Page | 19
04/04/2018
1.5. Summarized Overview of Methodology.
Figure 1.1: Overview of Method and Plan.
It is necessary to follow a certain methodology or scientific approach to conduct a
research. because it ensures the accuracy of the research. Literature review plays a
major role in a research report. There are numbers of definitions in the literature. In this
research books, internet, etc.
During literature review, a research gap was found in case of the security impact of
secured OGISC in ABC LTD. and it was identified as the research problem to be
addressed in this study. Thereafter a questionnaire was designed to obtain necessary
information from a sample and a pilot survey was carried out.
The final survey was carried out by rectifying the mistakes in questionnaire noticed
during the pilot survey. (Refer Annexure 01 for Questionnaires).

Page | 20
04/04/2018
1.6. Concept of Proposed Architectural Solution.
Secured OGISC service facilitation has been achieved on more remote location well as
in urban backend areas to access the Oracle database in any time without zero downtime
under heavy encryption algorithms support with ultimate data compression mechanism
to provide maximum performance between peers’ nodes.
Figure 1.2: The Proposed Network Architecture.
The encrypted connectivity tightly binds with the GlusterFS nodes before the mounting
process to provide secure connectivity for the strong reaction against to cybercrimes
mitigation situations successfully instead of open connectivity among the storage
cluster.
The OGISC which was running with DNS based front-end side by integration of
secured and sheared mount-point over entire database instances. In addition, the overall
system based on the latest version of RHEL OS with iptables firewall services between
each other with hardware level firewall boxes.
The database quarry section came from the front end of the Grid System as the round
robin virtual IPs were bound with predefined fixed scan URI.

Page | 21
04/04/2018
1.7. Chapter Organization of the Dissertation.
The first chapter of the dissertation is the Introduction, which addresses the background,
problem, research needs, objectives, methodology of the study.
The second chapter was literature review, comprising general key concepts as well as
theories on the solution for secured OGISC. The methods used in this project include
literature studies about the related projects and the cluster-based storage systems.
The chapter three was disaster recovery were illustrated in depth of security policy
specified on OGISC. Also, it was contained DR plan and initiatives in strategical way.
The chapter four was the methodological approach which explains the process of case
study selection and analysis. Next, the case study, in which the investigations and
discussions of the study area are presented. Primary data was collected through a
questionnaire survey. 50 PAPs in the solution for secured OGISC Project, selected by
stratified sampling method were interviewed. Questions were asked to obtain
information about occupational pattern, security conditions, performance factors and
scalability and limitation overcome procedures of supported shared file system.
Secondary data sources in this study have been collected from the ABC LTD, official
documents and other reports related to the topic under study.
The chapter six was the analysis. SPSS based analysis was carried out by means of a
survey of PAPs through a questionnaire and interviews.
In the chapter seven, the discussion is presented of the key aspects of the secured
OGISC, followed by the conclusions.
1.8. Summery.
The Chapter one has been clearly described the background motivation of the research
project and focused on the statement of the problem. Also, it was speared over the
dependent variable as well as independent variables as well. Also, this chapter has
summarized an illustration of proposed architecture solution before the chapter
organization.

Page | 22
04/04/2018
CHAPTER 02: LITERATURE REVIEW.
2.1. Introduction.
This chapter describes general key concepts as well as theories on storage scalability,
security weakness, comparison, VPN integration on Storage clusters and participation.
The methods used in this project include literature studies about the related projects and
the strong comparison among proposed technologies.
2.2. Existing Security Mechanisms and Weakness.
2.2.1. The SPARC Architecture and Major Security Threats.
Figure 2.1: Common CPU vs Oracle S7 CPU.
The Operation of Oracle SPARC Processor has an advanced encryption capability for
threat mitigation while the database instances faced to a huge prime number de-
factorization attack force by cryptanalyst. The SPARC servers used its own and
dedicated contribution of hardware-assisted encryption security devices, instead,
Oracle enhanced database enabled secure and encryption capability without any
additional software resources as well as hardware resources investment required. “The
Solaris Cryptographic Framework provides a common store of algorithms and PKCS”
(Oracle 2017).
Furthermore, a production migration under operational condition had the facility for
clones and live migration from a one active master domain to the secondary passive
domain without interrupting over the operational process of an organization. The
mechanism for on-chip based programmed cryptographic accelerators has been enabled
secured and high-speed communication without additional cryptographic accelerators
in such that domains enabled to support for the secured migration process, even over

Page | 23
04/04/2018
the public networks as well. “On-chip cryptographic accelerators enable secure wire-
speed encryption” (Oracle 2016). Also, The Oracle has been developed the powerful
and identical high-performance processor was the target on security against to known
threats by hackers, in addition, the Oracle created the powerful CPU called SPARC M7.
It was made-up from traditional 32 CPU cores to extended 512 CPU cores successfully.
Figure 2.2: SQL in Silicon.
The 4.1GHz 32 cores and 256 threads CPU touted to focused the high demanding
workload flow with the specific enhanced high-performance architecture design
through all factors of the physical memory, Input and output as well as scalability. But
the SPARC M7 processor has been incorporated advanced software techniques and not
only focused to increase the performance of the CPU with major improvements to
mitigate against programming errors were caused to happened serious security
breaches. “SPARC M7 TeraSort benchmark results prove superiority over IBM”
(Oracle 2016).
Figure 2.3: Silicon Secured Memory.
After the SPARC M7 CPU, the M8 has come to the operation with most of the advanced
features over the exciting cryptographic frameworks. The SPARC M8 processor has its

Page | 24
04/04/2018
own powerful encryption engine were associated it, and stronger encryptions and
hashing algorithms are included itself such as RSA, 3DES, SHA 256, SHA 512, DH,
MD5, and ECC. Therefore, to protect physical files from security threats. In addition,
the bandwidth for encryption successfully matches the average I/O bandwidth of the
CPU cores and CPU cores scalability in the dynamic way of predictable optimization
to overcome slowness of encryption process under heavy load. “A block diagram that
shows how all of the features of this monster chip fit together” (Oracle 2016).
Figure 2.4: Transparent Data Encryption.
In the general computer architecture, the stack pointer is the register to store memory
address including instructions which interrupt it as the specific memory address, and
process for the fetch was pointed at that address. Also, these are the memory address
location is used to get data. In the form, of normal environment of a program has been
used the stack pointer to find the next section of the temporary allocated memory
location and executed the mentioned machine code instruction in that section.
The execution of certain machine code was very straightforward and it became very
complex. At the same time, a poorly programmed code examples have been caused
pointers attempting to get access for an allocated loaded memory location. This
behaviour was maliciously exploited situation called the buffer overflow (over-read
attack). The attacker was taken the advantages in the security weakness of the code
section in such that buffer overflow attack. Also, this was badly allowed the attacker to
modified(write) to an adjacent physical memory location in the flow of buffer overflow
attack.
The above condition of attack was obtained data segments of the memory due to the
case of random overread attack. The side effect of the possibility of altering the ability
to a program and executing attackable malicious code returned as informative details

Page | 25
04/04/2018
and access to exploited by an attacker, else its breach system security. "Implementation
of what Oracle is calling Silicon Secured Memory" (Oracle 2016).
In the middle of the year 2018, that there were three major vulnerabilities has been
published by black hat hackers over the world by providing, unprivileged unauthorized
users to successfully bypass the hardware level of SPARC Processor security barrier in
between kernel memory and applications. These kinds of vulnerabilities all have been
made use of intelligent execution pattern to performed as side channel disclosure attack
regarding on information. The CVE-2018-3639 vulnerability was the side channel
discloser attack to exposed confidential information. All of them identified in the same
category of attacks. but it was different from the formation of remote code execution
was exploited. In addition, these are the attacks never allowed for an unauthorized party
to obtained access to a machine. But it would have allowed to a certain external party
to access confidential unauthorized data. “A fourth variant was identified, CVE-2018-
3639” (IBM 2018).
The Solaris-10 SPARC were allowed to a third party unauthenticated cyber-attacker
with the ICMP enabled platform to compromise SPARC system. After the successful
attempts of attacks of this identified vulnerability was enabled backdoor access as the
unauthorized ability to crash the system with DOS attacks over the SPARC systems
successfully. In additionally, version 10 and 11.3 are already affected by it.
Furthermore, that the above exploitable vulnerability which was allowed deliberative
outside low privileges attacker to login into the operation infrastructure with remote
shell execution privileges. The side effect of that attack type was unauthorized physical
sensitive creation, deletion as well as modification access towards to the Solaris-10
SPARC. “Vulnerability in the Solaris component of Oracle Sun Systems Products
Suite” (Tenable 2018).
2.2.2. ZFS File System and Security Weakness.
The ZFS appliance provides compressions, replication, reduplication direct NFS
support, also the Oracle ZFS level appliance have an ability to encrypt at the stage of
file level of an operating system by providing enhanced security controls. The Oracle
has made changes on ZFS and containers on immutable zones to prevent from

Page | 26
04/04/2018
unauthorized deliberative attacks on all created virtual machines as an additional layer
protection mechanism also called immutable zoning. The system administrator was the
only one person who can unlock the VMs when it was automatically switched into the
VMs Lock state. if the unauthorized continues access attempts have been triggered by
an attacker. In addition, this effective prevention support on opened vulnerable ports as
well as unnecessary protocols as well. “Direct NFS, you can also enable the Direct NFS
dispatcher” (Oracle 2016).
Due to latest discovered vulnerability was the major challenge with Sun ZFS storage
appliance of the product component in the oracle sun system product suite, were enable
such that subcomponent of HTTP data path subsystem. All versions prior to 8.7.17, the
vulnerability has been easily exploitable which was gained to access privileges for the
attacker with insecure HTTP protocol access to compromise ZFS Storage. The
successful attempt of attacks of that have been identified vulnerability caused that result
regarding the unauthorized update, delete as well as insert privileges over the ZFS
storage appliances accessible information and read-only access unauthorized ability to
perform Partial Daniel of Services (DOS) attacks. “Affected is Prior to 8.7.17” (Serkan
2018).
2.3. Advantages of Proposed Solution.
2.3.1. Linear Scaling and Introducing GlusterFS.
Due to limitation of the lightweight and globally available low-cost cluster-wise storage
solution, the GlusterFS came into the scene, GlusterFS was also known highest scalable
network file system on top of dedicated hardware, that can have implemented on large
scale distributed replicant clusters storage clustering solution such as data centres,
database applications, data analysis process and important intensive tasks. The
GlsuterFS Striped volume successfully except strips which are able to distribute over
the very large amount of bricks, in additionally, the numbers of bricks must be of the
multiplication of numbers of bricks, were lead to increased volume size.
The method of linear scaling was the much cuticle phrase within the traditional cluster
storage field. Also, when an organization needs to increased performance by twice, that
there is clustered storage system must be delivered twice performance and throughput

Page | 27
04/04/2018
within the same average response of time gap per external clustered file system. equally,
if a they wanted to increase either capacity without decreasing performance or having
non-linear return back in capacity. unfortunately, most of storage clustering systems do
not perform linear scaling. Simply, when an organization needs to double the disk size
of the available storage pool, then it must be required to provide enough peak CPU
processing power. Therefore, the metadata concept was illustrated, where all of the
physical files located and how the scalability expands when the additional disks are
added into the cluster. “Striped Glusterfs volume except that the stripes can now be
distributed across a greater number of bricks” Gluster Community 2016).
Therefore, the traditional file system architectures were failed to scaled up due to this
manner. also, it was never achieved the real linear calling with the required
performance. The traditional type of distributed storage systems and every server node
must depend on the overhead of interreacting with two or more server nodes for file-
level operation, and that the overhead extract from the storage cluster scalability by
adding into the list of clustering tasks and the summation of workload needs to
complete. Even, if those kinds of the additional tasks must be done with the effort called
near-zero including CPU and other storage servers’ resources sensed of the required
terms over the network latency problems. The latency takes place the result of responses
over across the storage cluster network connected over the distributed cluster server
nodes in those traditional type of storage system architectures and recently always
impacted the overall performance.
As a result, this type of latency problems was increased proportionally relativeness into
the average speed and responsiveness of the cluster nodes including lack of the
interconnecting ability among each storage cluster nodes. The overhead was the major
risk while each node in an unacceptable situation led to risk. This was the one of the
main reasons for linear scalability cause to reduced performance of traditional storage
distributed architectures. Most of the traditional storage systems which were
demonstrated the logarithmic scalability when capacity grows up very slowly as it got
very larger. This was due to the rapid increased average overhead required to maintain
data flexibility. Also, the performance of some well-known storage cluster network
reflected overhead limitation as it bigger units caused slower average aggregate

Page | 28
04/04/2018
performance rather than small counterparts accordingly. “In practice, both performance
and capacity can be scaled out linearly” (RedHat Inc 2014).
2.3.2. The Ultimate GlusterFS Architecture.
The GlusterFS high-performance concept was designed using a way of stackable and
modular advanced architecture. To implement and configure GlusterFS for the highly
scalable environment was the simple case were including or excluding a certain number
of particular modules. In the GlusterFS, the known set of data was stored into the disk
of arrays using existing native formats with various healing techniques process for data
streams. As a result, the GlsuterFS storage cluster system has been extremely flexible
in the operation. Also, the files have been stored as readable wherever the GlusterFS
removed or not. If an organization need to migrate from the GlusterFS, then all of the
data files were completely usable without doing any modifications as well. This
becomes an even bigger challenge if the workload consists primarily of small files. and
the ratio of metadata to data increases.
One of the biggest cuticle challenges while scale-out the storage system was kept
tracking data locations of the physical and logical file metadata. due to this situation,
most of the storage systems already solved this problem by separately implementing a
metadata server which was created indexes with certain file names mapped with the
location of metadata. unfortunately, that centralized concept caused central signal point
of failure and very high-performance level bottleneck over the cluster storage system.
when a traditional storage system added more and more files, more server nodes with
more disk arrays, then the centralized metadata server has been becoming as the
performance chokepoint. “Gluster’s unique architecture is designed to deliver the
benefits of scale-out” (Gluster Inc 2018).
The GlsuterFS had the mechanism to find a file algorithmically. therefore, all GlsuterFS
storage server nodes within the cluster have the specially developed intelligent
algorithm to locate any piece of physical data without depending on the metadata were
located in a separate server instead of a traditional system. In additionally, to locate any
file within the cluster was required pathname as well as the filename to applied over
the specially developed algorithm.

Page | 29
04/04/2018
As a result, this new method has been fully optimized and parallelized the way of data
access to ensure the required expectation of linear scaling with better performance. also,
was improved the availability, performance and the stability in the enhanced way of file
handling process. The elastic Hashing Algorithm was used when scale-out a storage
system, data, and workload. when the storage nodes have been physically located in a
large number of different locations as independent storage and cluster nodes to resolve
difficulties while retrieving file and locations. “Gluster storage doesn’t need a metadata
server and locates files algorithmically”. (Azure Inc 2017).
2.3.3. Storage Scale Out Process of The GlusterFS.
The GlusterFS was designed to successfully provides the extended scalable architecture
on both capacity and performance with minimized overhead problems. This illustrated
that the storage cluster system must be able to scale-down or scale-up among multiple
dimensions. Also, by aggregating the CPU, HDD arrays and I/O busses of very large
numbers of a low-cost system without expending lots of money on expensive resources
as well. In general, an enterprise organization must be able to implement a very scalable
and performant cluster storage pool. In addition, if the certain organization wanted to
add more HDD capacity in order to scale-out the system, then they can have archived
it by adding and deploying HDD disks in between very inexpensive server cluster nodes
instead of expensive components.
Figure 2.5: Logarithmic Vs Linear Improvement.
The GlusterFS has unique and advanced architecture was designed to deliver the huge
benefits for expanding the scalability. Simply, it can define as, more units for more
capacity, more CPUs as well as more I/O capability which was archived over the
storage cluster based on GlusterFS while successfully avoiding the system overhead

Page | 30
04/04/2018
and, the critical risk associated when it having very large numbers of server nodes in
the synchronization process. In practically, both of performance and the capacity of
storage cluster have to need scaling out under the manner of linearly in the GlusterFS
architecture. The Illustration of GlusterFS cluster storage scalability, Figure x, bellow
shown how the enhancements of both performance and capacity have been archived
over the baseline system as well. As an example, if they expected to obtain both four
times capacity and performance, they must be distributed among 8 servers. “GlusterFS
aggregates capacity and performance across multiple servers” (Gluster Inc 2018).
Figure 2.6: GlsuterFS 4x Performance & 4x capacity.
The bottleneck of performance factor has been already switched into the network. Also,
to maximize the overall performance, the organization must be upgraded from 1-gigabit
network interface cards to the 10-gigabit network interface cards. In additionally, that
the performance factor in this solution was more than 25 times faster were illustrated
in the above baseline. Therefore, the above-given solution has been already increased
the performance from the 200MB/s to the 5,000MB/s in the baseline storage
configuration accordingly.

Page | 31
04/04/2018
Figure 2.7: GlsuterFS 20x Performance.
The GlusterFS scalable architecture model has the massive capability on both
performance and capacity factors to meet scale linearly. Also, it was not definite to
knew what level of performance will need within a couple of years back to scale out
the storage cluster. Instead, high-end configurations have powerful features to adjusted
as the demand of an organization required. The above diagram showed the illustration
of theoretical numbers only for example purpose to demonstrate and actual storage
performance has been tested to proven the credibility of the linear scaling. The resultant
of the storage cluster linearity has been demonstrated in bellow Figure X to show data
write process of throughput scaling linearly started from the 100MB/s to the 800MS/s
among the eight servers using the 1 Gigabit Interface environment.
Figure 2.8: Linear Scaling of GlsuterFS.

Page | 32
04/04/2018
Therefore, the GlsuterFS storage cluster has been successfully deployed in the massive
scale-out concept in practice. As a result, it has an ability to successfully deployed in
the petabyte size clustering solution. “Gluster storage can be easily configured to serve
different kinds of file storage” (RedHat Inc 2016).
2.3.4. The Algorithmic Approach and Metadata Model of GlusterFS.
The metadata separate location was the main single point of failure, performance
overhead as well as reliability concerns of a most of distributed cluster-based storages.
But it has been designed the intelligent system which does not have separate metadata
server from the data, as a result, it based data always located the data algorithmically
whether the system distributed or centralized. The path of the file name, any cluster-
based storage system nodes and clients basically required to write and read grant
permission to access a file in the GlsuterFS storage cluster illustrated the mathematical
algorithm-based operation, that can effectively calculate the location of a file. Simply,
there was now any sperate metadata server form the information data, that because the
location has an ability to determined independently when the other nodes are up or
down. Therefore, GlusterFS called the above algorithmic file location mechanism
called Elastic Hashing Algorithm, and it was benefited to had unique advantages of the
GlusterFS architecture. “Client intelligence bases DHT algorithm is used in glusterfs
which is alternative for metadata storage” (Sudarshan 2015).
The hash-based mathematical functionality that converted the variable arbitrary length
of string into the fixed length of constant value called the hash function such as SHA1,
SHA2 hashing function in cryptography. The GlusterFS elastic hashing algorithm has
been based on the special mechanism called Davies-Meyer hashing algorithm. In the
GlsuterFS way of algorithmic approach, which was very unique in any clustered
directory tree and ran it through the GlusterFS elastic hashing algorithm. In the real
infrastructure environment, if the array of disks failed, the capacity of the cluster was
used up, and files need to redistributed over the cluster to get back into the smooth
working sate without interrupting saved data.
The GlsuterFS have been introduced the elastic hashing algorithm to assigned files over
virtual volumes and introduced a special separate process to map virtual volumes to the

Page | 33
04/04/2018
multiplication of physical devices. therefore, when the HDD disk or cluster nodes have
been added or deleted, the elastic hashing algorithm itself does not require to rearrange.
But the virtual volumes have an ability to migrated or reassigned to a new physical
location as expected. “Red Hat Gluster Storage does not create, store, or use a separate
metadata index” (RedHat Inc 2018).
Figure 2.9: Node add and delete effect mitigation.
The GlsuterFS storage physical servers have an ability to either adding or removed
while running condition, then the data stored in the storage were automatically
rebalanced through the cluster. Also, the data over cluster always in online mode and
there was no any application downtime accordingly. In addition, the file system
advanced configuration changes have been accepted at the running condition, and
successfully propagated through the GlusterFS cluster by allowing required changes
were made dynamically as the performance fine-tuning and heavy workload
fluctuation. The GlsuterFS has special feature if a file over cluster was renamed. The
advanced hashing algorithm has accurately correct result in a different value, which
was frequently emitting the result, in the file have been assigned to another different
logical volume over logical volume management were located in a totally different
physical location within the cluster. Since physical files either to larger and rewritten
and keep moving files are commonly not behave as the real-time operation. But the
GlsuterFS has been effectively resolved this problem successfully by creating via

Page | 34
04/04/2018
algorithm-controlled pointer at the time of either a physical file or set of files were
renamed.
Therefore, a remote client has notified the modified file under the newly generated
name, that would place in a logical volume and already redirected to the location of old
logical volume location automatically. after the file migration process, the logical
pointer has removed. similarly, if the storage needed to reassigned or moved a file, the
reassignment action has been triggered in the real-time, while the certain physical file
migration action was executed as the same manner of the background process. The main
benefit of this massive strategy was full control of fault tolerance. failure of a separate
single cluster-based storage server was entirely completely transparent to the GlsuterFS
clients. In additionally, data reads have been spread accurse over all members of the
cluster unlimited number mirror. While the hashing algorithm was assigned files to the
identical unique logical volume, the GlusterFS ensured, that every physical file was
located on at least within the two different numbers of storage node servers. “The linear
scalability of Red Hat Gluster Storage” (RedHat Inc 2017).
2.3.5. GlusterFS Compression over the OpenVPN.
The dedicated compression translator mechanism which was embedded into the
GlsuterFS architecture in order to archive high data compression and decompression
process while transferring in between clients and bricks over Cluster nodes. when a data
writes operation call occurred, the client-side agent compressed the data segments
before sending into a brick of the cluster. also, after the received compressed data from
a client side, the highly compressed data has been decompressed. similarly, when a data
read request call occurred, the bricks of the server nodes compress the data before
transferring to the client side. The overall throughput measurement has been calculated
using the opensource tool called iperf after turn off all pre-configured authentication
and encryption operational process as the cipher none state, and then only triggered
iperf connectivity test. as a result, the way of compression comparison was illustrated
actuality over the existing GlsuterFS storage cluster.

Page | 35
04/04/2018
Figure 2.A: LZO High Compression Process.
The above-measured numbers were even very close to the real line speed, Also, due to
the verification there was no encryption overhead and archived the optimal space
regarding on payload as well. At the client end, the compressed data fragment was
decompressed. As a result, the large amount of uncompressed data sent over the
network has been minimized using the compression stage.
The process of decompression and compression operations was done by using the
developed ZLIB library bundle. In addition, the enhanced speed of the compressed data,
the LZ4 plugin has been introduced to the OpenVPN compression mechanism to deliver
high data throughput while transmitting over the network. “Client compresses the data
before sending it to brick.” (Gluster Inc 2018).
2.3.6. The SSL/TLS Connectivity over The GlusterFS.
GlusterFS framework has greater facility to add and remove bricks from globally
distributed storage cluster. but the ZFS appliances did not provide secured cluster
interconnectivity between individual storage nodes. Also, that was the major weakness
over the ZFS level appliance storage technology. “ZFS is that it is not distributed”
(James 2013).
The ZFS has only the file level encryption. On the other hand, that the. Therefore,
GlsuterFS has the in-built SSL/TLS mechanism which can built over the OpenSSL
library using of SSL/TLS concept. “GlusterFS allows its communication to be secured
using the Transport Layer Security standard, using the OpenSSL library” (Gluster
Community 2017).

Page | 36
04/04/2018
Figure 2.B: Speed test of RSA with Private Keys.
Therefore, there were a set of OpenSSL speed test commands to show that the
decryption and encryption absolute performance over the different network depends on
identical hardware units upon encryption key already used.
By default, the OpenVPN packets were configured on 1500 bytes. Also, The BlowFish
cipher has been divided with CPU clock speed and its performance hardly bound purely
by CPU clock rate. But Older types of CPUs operating at a higher clock plus speed,
actually cause to outperform compared with newer CPUs.
Figure 2.C: Speed test of AES-256-GCM.

Page | 37
04/04/2018
Figure 2.D: Speed test of BF-CBC.
In generally, OpenVPN server has to severed many numbers of VPN client connections,
then because of that cryptographic cipher was a proper choice. The above recipe has
been provided simple test regarding the different cryptographic method and focused,
which method was the finest way of chipper suite accordingly. “They are actually
picked up by the underlying OpenSSL library” (Packt 2017).
2.3.7. Benefit and OpenVPN Mechanism over GlusterFS.
The OpenVPN system had had two main methods over TCP/IP stack while
implementing such as TLS over UDP and TLS over TCP. This can define as more
correct or less true, but the interconnection way of OpenVPN used TLS was most
different from, that the way of web browser was used it.
Also, when the OpenVPN was running over TCP by using the port number 443, that
the bunch of traffics was distinguishable from the general way of TLS traffic. The Deep
Packet Inspection process can use to filter out over OpenVPN traffics. In addition, the
main major differences between Browser based TLS and OpenVPN TLS was the way
of packets has been signed.
The OpenVPN has been offered to mitigate security attacks from DoS attacks by using
special signing packets using the method over the control channel by using static key
were generated randomly called TLS auth Key. Also, data packet, which was sent over
the existing UDP or TCP connection has been completely differed and rapidly
distinguished mainly from HTTPS traffics. “The traffic is distinguishable from normal
TLS traffic” (Packt 2017).

Page | 38
04/04/2018
The behaviour of the two different methods for authentication and encryption for the
control channel as well as data channel has been determined differently. Mainly, the
control channel was established using the TLS style protocol, most similarly, the way
of securing a secured website connection was initiated.
During the initialization of the control channel, the hashing algorithm and encryption
ciphers successfully negotiated between the server and the client. The authentication
and encryption algorithms for the certain data channel does not negotiable. But that
they have been set in both server and client advanced configuration files regarding
OpenVPN. “The ability to also negotiate cipher and hashing algorithms for the data
channel” (Packt 2017).
Figure 2.E: Anti DDOS and DH.
The OpenVPN highly supported a massive and wider range of hashing algorithms and
encryption chippers. The adaptation of chippers has been used to encrypt the payload,
during the HMAC based function made used of a message digest or advanced hashing
algorithm to validate via authenticating over incoming packets. Also, the above VPN
architecture already based on two type of channels called control and data channels.
In addition, there were two major types of hashing and cipher algorithms can have
configured in a customizable way. The negotiation process of the hashing & ciphers
algorithms has been taken place to trigger at the beginning of the start-up.
In the data channel, hashing and encryption algorithm has been controlled by using the
authentication option as well as the cipher option as well. But if the suitable
authentication and cipher were not specified, then it will automatically select own
default configuration values such as BF-CBC and SHA1 of the OpenVPN.

Page | 39
04/04/2018
Also, each spate cipher algorithms had customizable advanced parameter option needed
to change at the first stage of the configuration as well as later configuration if required.
“Digests depends on the exact version of the underlying crypto library” (Packt 2017).
Figure 2.F: Traffic Flow over VPN Tunnel.
The OpenVPN has been supported by the two factor and three-factor authentications
by providing public key cryptography service (PKCS#11) support. The PKCS#11 was
an industrial standard for the communication process with hardware tokens and smart
cards. Also, there were both open sources as well as the commercial type of drivers
available.
The PKCS#11 global standard has been genuinely published by the RSA laboratories
as well as the cryptoki standard, such that stand for the cryptographic token interface.
It was highly applicable to securely stored and managed on cryptographic keys. Also,
it was provided enhanced speed and accelerations regarding while decryption and
encryption.
A type of hardware token and smart cards were typically a very small device which can
embed into a chip. Also, it was highly responsible for securely generated, stored and
managed SSL based private keys.
Simply, that feature was validated certificates and private key pairs where securely
stored in a portable single device. “The PKCS#11 standard was originally published by
RSA Laboratories” (Packt 2017).

Page | 40
04/04/2018
Figure 2.G: Cryptographic Operations with OpenSSL.
Latest versions of OpenVPN were fixed some of major vulnerability weakness onward
the version 2.4 as well. But they had some bugs on the previous version (before the
version 2.4) of OpenVPN by allowing pre-authentication DOS vulnerability.
“OpenVPN developers are carrying out a hard work to make future versions of the
project compatible with the older ones” (OSTIF 2017).
Therefore, it has an improvement with separate encryption and decryption framework
among remote cluster shared mount points as well as file-level encryption and
decryption mechanism by combining 256-bit Encrypted SSL-VPN Tunnels over each
mount points as well as GlsuterFS storages.
2.4. Summery.
The overall brief of this chapter was focused on the literature review with advantages,
disadvantages, and review. Also, it was included such as SPARC hardware-based
architecture and major security threats, shared file systems, linear and logarithmic
scaling of GlusterFS, scalability of the GlusterFS.
The algorithmic approach of metadata model in the GlusterFS, compression, and
decompression over the OpenVPN and SSL/TLS connectivity among GlusterFS over
the Oracle Grid.

Page | 41
04/04/2018
CHAPTER 03: DISASTER RECOVERY.
3.1. Introduction.
Disaster recovery (DR) planning process must be covered with the temporary and
intermediate action of the restoration of storage clustering including databases and
network operations under natural or mandate sudden disaster were defined timeframes.
3.2. Aims and Outcomes of DR.
The primary requirement of the DR policy was to provide the credibility to initiated
specific and critical business functionalities at the redundant secondary site events of
an occurrence of disasters at the primary site, then returns back to the primary site with
resumed capability for continuing business operations within a defined or average time
frame duration period, which was minimized the business impact with data loss and
caused to archived, the opportunity to the ABC LTD by executed task oriented rapid
recovery procedure.
Figure 3.1: DR Risk Identification.
3.3. DR Scope.
The major DR scope of the pre-defined policy was to evolved and specifically outline
in an organized way of decision make, either if a disaster or disruptive event toward IT
services occurred with minimum amount of isolation and disruptions as well as
enhancement the higher ability of the ABC LTD to successfully deal with uncertainty
of a crisis including major key areas as follows,

Page | 42
04/04/2018
❖ Strongly protected the ABC LTD from major storage and cluster services
failure.
❖ Strongly minimized the risk levels from delays gap when provided cluster
services.
❖ Certified on the storage reliability of standby cluster and secondary DR through
Simulation and testing.
❖ The average time required must be minimized for specific decision making and
rapidly facilitated by personnel while happening a disaster period.
3.4. DR Scenario.
The DR scenario has been specified and addressed within the organizational scope of
DR plan. Also, the DR operational plan was mainly addressed to the recovery of the
essential communication between the cluster and the critical systems. In addition, this
scenario also specifically assumed that all equipment in the datacentre was not
salvageable, such that all of the critical internetworking communication processes has
been lost.
Figure 3.2: DR Process Overview.
Therefore, when a disaster has happened and declared, then the responsible key person
must be taken immediate action to assigned pre-defined task on their technical
operational team after the triggered alarm and SMS notification into the DR centre
accordingly. Also, the restoration of rectified critical coverage has been provided when

Page | 43
04/04/2018
a disaster was declared including turnover of the DR restoration backup secondary site
as well. Furthermore, DR recover plane have been included major key point without
limitation as shown below,
❖ Must be delivered of the authorized information and database instances and
applications archived in the local off-site storage cluster to the DR centre.
❖ Must be applied an alternative dedicated network links towards to the DR
Centre.
❖ Must be initiated and operated required critical level applications on the proper
configurations at the DR Centre.
❖ Must be provided protected and serious critical coverage at the DR centre as
possible.
❖ Decennially must be provided certain reasonable workspace area and DR
process required necessary equipment.
3.5. The DR Strategy.
Figure 3.3: DR Methodology.
The recovery strategy that will be discussed as part of this DR plan will be to relocate
critical information systems processing to an alternate computer-processing centre. The
processes will be recovered at the DR services provider name and location of the hot-
Site. The DR services provider name is responsible for ensuring that the system
configurations and the associated network requirements are accurate and technically

Page | 44
04/04/2018
feasible at all times. Therefore, yearly testing will be a part of the alternate processing
strategy.
3.6. Recovery Phases.
The restoration and recovery process of the DR has been conducted in a manner of a
phased approach. It was considered to recovered such that critical applications,
middleware, storage data, database instances as well as VM instances effectively and
efficiently.
Figure 3.4: DR and Rollback Overview.
Phase I
In Phase 1, The main operations over the DR backup site and rapids response
emergency operation centre must be initiated the process of activation of DR plan.
There was a time period of up to over 24hrs which allowed for an organization and
recoverability of the DR remote backup site.
Phase II
In this phase 2, The requirement to recover the identified critical business operational
function and the restoration, if the information has been lost of the higher critical
databases, storage clusters as well as network connectivity. Also, the main goal was to
recover the storage systems, other integrated supporting systems and network to
continue the smooth business process.
Phase III
The process of data restoration activities was a high priority primary facility, such that
included two main stages if met, it must be a successful recovery process as follows,
❖ The process of data restoration of critical applications to the very recent current
date must be available on backup site or tapes media were stored as the off-site

Page | 45
04/04/2018
mode. The storage cluster and the instance of the database were taken place as
the maximum recovery effort progresses.
❖ Due to the uncertainty of either emergency situation or disaster, that the average
response times period has been slower than compared to normal production
operation situations.
3.7. Description of Business Continuity Plan (BCP).
Figure 3.5: BCP Life Cycle.
“A business continuity plan enables critical services or products to be continually
delivered to clients. Instead of focusing on resuming a business after critical operations
have ceased, or recovering after a disaster, a business continuity plan endeavours to
ensure that critical operations continue to be available.” (Government of Canada 2016).
3.8. Overview of the Security Policy.
Figure 3.6: Information Security Goal.
All data communication of the ABC LTD over the secured cluster storage system has
not been especially being identified due to the property of different involved parties. It

Page | 46
04/04/2018
was the policy of the ABC LTD has too limited unauthorized partied get entered into,
information disclosure, data duplication, destruction, amendment, misuse of
information and data, diversion, data loss or stolen of these statistics. Furthermore, it
was coverage of ABC LTD in order to protected statistics among to third parties, which
must be entrusted to the ABC LTD in a Sri Lanka regularly with its own sensitivity,
according to with all aspect of applicable agreements.
3.9. Responsibilities.
All employee in ABC LTD, contractors, domain experts, outsource peoples at the ABC
LTD, must be included all affiliated with external parties such that preserve, that the
secured storage cluster devices on behalf of ABC LTD in order to strongly adhere
subjected the organization security policy and applied over the entire storage cluster
infrastructure, network, ICT assets which are connected with ABC LTD system over
endpoints devices. The senior management of ABC LTD represents Information
Security Steering Committee (ISSC) has been responsible for implementation on this
security policy by identified adequate resources and assigned specific suitable security
roles among dedicated individuals who responded with proper competency and trained.
❖ ABC LTD must be established ISSC which was responsible for the information
security initiatives perspectives at ABC LTD. The ISSC must be responsible
for,
➢ ABC LTD must be Supported the organization's information security
achievement and principles as well as initiatives in a clear direction such
that demonstrated the continuous expectation of commitment, the certain
explicit assignment. Also, acknowledgement of organizational information
security responsibilities.
❖ ISSC must be established, support resource of the ABC LTD information
security.
➢ Communication to the ABC LTD, the impotency of scheduled meeting
regarding information security objectives and additional contribution for
confirmation to the information security policy.

Page | 47
04/04/2018
➢ The Management reviews of the Information Security Management System
(ISMS) must be conducted by annually.
➢ The standing members were defined in the ISSC, must be constituted by the
following responsible officers at ABC LTD.
1. Head of IT at ABC LTD.
2. Chief Information Security Officer (CISO) at ABC LTD.
➢ The additional following members inherited the permission in order to
attend the meetings of ISSC by invitation if required:
1. The legal representative from the Legal department.
2. ISMS Auditor.
3. External Auditors.
❖ The ISSC must have assisted by the CISO, who shall coordinate the identified
implementation as well as maintenance of information security controls
mechanism.
❖ Security roles and responsibilities have been communicated to the IT
professionals and included in their respective dedicated job descriptions as
well. Also, these responsibilities must be included any general responsibilities
regarding on implementation as well as maintenance of the security policy and
specific responsibilities for the protection of either particular storage cluster
IT assets or for the triggering of particular security activities.
3.10. Security Policy on GlusterFS Cluster and Oracle Grid.
The organization security policy of the ABC LTD were designed to reduce on all
unauthorized access, information disclosure, modifications, abuse, misuse, data loss,
diversion, destruction, duplication and theft of the ABC LTD confidential information.
In addition, it was the security policy of the ABC LTD in order to protected confidential
information such that belongs over the third parties were entrusted to ABC LTD in a
pre-determined manner of consistent with organizational property and level of
sensitivity in accordance as described in applicable agreements,

Page | 48
04/04/2018
❖ Must be agreed by the standards were specified in the storage clustering
standard.
❖ Must be agreed by the standards were specified in the cryptographic standard.
❖ Must be agreed by the standards were specified in the firewall security standard.
❖ Must be agreed by the standards were specified in the application security
standard.
❖ Must be agreed by the standards were specified in the access control of cluster
infrastructure.
❖ Must be installed, managed, supported and maintained by an approved support
team.
❖ Must be used the ABC LTD approved access grant, revoke and deny standard.
❖ Must be used ABC LTD approved secured infrastructure and authentication
protocols.
❖ Must be used ABC LTD approved DR standard for the storage and network
cluster infrastructure.
❖ Must be used ABC LTD approved recovery, backups and restoration procedures
for network system infrastructure over the storage cluster.
❖ Must be used only ABC LTD approved encryption protocols with global
standards.
❖ Must be installed ABC LTD approved security patches of the server
infrastructure using patch management system.
❖ Must be maintained a MAC address such that possible to registered and tracked
using centralized log management system.
❖ Must be prohibited to interfere with storage and network connectivity
deployments which are maintained by third party support providers.
3.11. Summery.
As the primary site, that the secondary site (DR site) infrastructure must have inverter
or UPS power with RAW power, air conditions, physically secure environment,
identical Cybersecurity as the primary site, IT assets, same storage capacity spaces as
same as the primary site were located in Kandy. The DR site has been designed to carry
on and take over complete operation compared with the primary site operations. as a
result, the primary site must be either identical or higher with a secondary DR site.

Page | 49
04/04/2018
CHAPTER 04: RESEARCH DESIGN.
4.1. Introduction.
The purpose of this chapter is to present the theoretical assumptions underpinning this
research, as well as to introduce the research strategy and the empirical techniques
applied. This chapter is divided into five sections i.e. research design, research
methodology, theoretical framework, conceptual framework and research process.
4.2. Questionnaire on Target Groups Data Collection.
This research intends to obtain the sample size of 50 people to collect the information
which related to the certain research topic. It is the very practical methods to gather a
large amount of information data including scheduled site visits to topic related ICT
companies in Sri Lanka.
The professional consultant plus advice gives most accurate and valid information data
instead of the randomly selected general group for sample collection process. “The
researcher should be interested in the problem for the reasons mentioned”
Philomination et al. (2018).
Target group’s questionnaire-based data collection method has been used to gather
relevant information data for the analysing phase. pre-prepared and categorized
grouped questionnaire has been distributed among domain experts and technical
management. Also, it was engaged in making technical decisions in technical
management aspects. The required data will be gathered from the sample size of 50
people out of 100 populations by using Morgan table.
Table 4.1: Morgan table.

Page | 50
04/04/2018
4.3. Sampling Calculation and Process.
The chapter three deals with the collection of data. primary data will be collected
through a questionnaire survey. 50 PAPs in the solution for storage cluster with
database grid infrastructure by research on security weaknesses mitigation and changers
project, were selected by stratified sampling method will be interviewed.
The questions have been asked to obtain information gathering about the occupational
pattern, potential members of the team, critical assets with priority under the area of
concern, identification, security requirements on critical assets.
The primary data collection method is highly depending on key persons in the ABC
LTD including ICT Managers, Database Administrators, System Engineers, Network
Engineers, DevOps Engineer, QA Engineers, and Support Engineers.
In addition, there were the secondary data sources such as of ABC General ICT Stuff,
Official BCP and Security Policy Documents, IT Project Related Critical Assets.
“There are three factors that determine the size of the confidence interval for a given
confidence level” (MaCorr Research 2018).
Sample Size = [Z2
* (P) * (1-P)] / C2
]
= [1.962
* (0.4) * (1-0.4)] / 0.0972
= 97.98.
Where:
The Z value 1.96 for 95% was selected as the confidence level.
p = percentage picking a choice, expressed as decimal (0.4 used for sample size
needed)
c = confidence interval, expressed as decimal (e.g., 0.097 = ±9.7%).
Correction for Finite Population.
New SS = ss / (1+ (ss -1)/pop), Where: pop = population
New SS = 97.98 / (1+ (97.98 -1)/100)
= 49.7 => 50.

Page | 51
04/04/2018
Table 4.2: Classified Sample Sizes Summery.
Stratum Total APs
Parties
Proportion Sample
ICT Managers 04 4% 02
Business Analyst 04 4% 02
Database Engineers 10 10% 05
System Engineers 16 16% 08
Network Engineers 16 16% 08
Support Engineers 20 20% 10
DevOps Engineer 10 10% 05
QA Engineers 20 20% 10
Total 100 100% 50
Among the probability sampling methods, stratified sampling method was carried out
to select the sample. A total population of 100 APs was separated into homogeneous
segments as illustrated in Table-01 and a sample was taken from each segment
proportionately and subsequently a total of 50 APs was selected representing each
segment.
The chapter four consist of the data analysis. The SPSS based analysis has been carried
out by means of a survey of PAPs through a questionnaire and interviews. The
penetration testing process was applied for the more attackable and resolvable technical
criticalness mitigation process by focused solution-oriented research. “vulnerability
and produce a numerical score reflecting its severity” (FIRST Inc 2018).
4.4. Information Generated.
It is necessary to follow a certain methodology or scientific approach to prepare a study
research because it ensures the accuracy of the research. The process of Literature
Review acts the major role in this research project, also there are most important
definitions are in the literature process and content.
This research is mainly focused on searching the literature from books, internet,
newspapers, dictionaries, magazines, journal articles and field survey. In case of
identification the problem, it is very important to identify the feasibility of security
threats, performance, availability of the globally distributed storage cluster.

Page | 52
04/04/2018
4.5. Organization of Survey.
Figure 4.1: The Survey Management.

Page | 53
04/04/2018
4.6. The Diagrammatic Representation of Methodology.
This section refers to the overall approach to the research process from the formulation
of objective to analysis and conclusion. Figure 4.2 shows the methodology diagram of
the research approach as follows,
Figure 4.2: The Methodology of the Research Project.
As per Figure 4.2, in order to find the security, performance and scalability impact of
OGISC a comprehensive literature search has been completed and the security,
performance, and scalability areas were identified.
Also, the questionnaire has been designed including the after the process of the pilot
survey was carried out. In addition, the final survey was carried out to find out security,
performance, disaster recovery and scalability data.
It was followed by the analysis of the above aspects in terms of before and after the
project implementation based on measurements used to assess the security,
performance and scalability standards of AP’s. Thereafter scrutinizing the security,
performance, DR and scalability impact of OGISC, conclusions were drawn.

Page | 54
04/04/2018
4.7. The Diagrammatic Representation of Conceptual
Framework.
Figure 4.3 shows the theoretical framework that structures the sections of the study that
need to be covered and it can help to determine the problem area, research questions
need to be addressed and methodology to find the solution for this problem.
The relationship between ETE encryption, initial key exchange, limitation overcome,
data compression, storage cluster was looked into further subfactors and inherent to
each of the above six were already identified.
Figure 4.3: The Conceptual Framework.
4.8. Summery.
This chapter has been focused in order to gathered questionnaire based on target group
which for the data collection process according to the sampling method calculations at
the first stage after the proper organization of the research hypothesis testing plan. Also,
this chapter has clearly mentioned the overview and way of the methodology of the
entire project. Therefore, the conceptual framework was based on the sub-objects of the
questionnaire as well.

Page | 55
04/04/2018
CHAPTER 05: BACKGROUND OF THE
RESEARCH STUDY AREA.
5.1. Introduction.
This research project was deeply explored the security enhancements, mitigation of
security weaknesses, and scalable storage cluster solution with low cost for over the
world geographical areas.
This research has been studied heavily explores the issues of storage cluster security
weaknesses when they are connected with each other over the internet as the exciting
traditional way of interconnection methods.
5.2. Study Area of the Project.
The pre-identified study area has been classified into the specific section of the
proposed solution as follows,
ETE Encryption:
❖ SSL/TLS storage shearing.
❖ RSA and AES Encryption.
❖ HMAC functionality.
❖ Handshake process.
OpenVPN functionality:
❖ Encrypted data channels.
❖ PKI.
❖ Onaway hashes.
❖ Certificate and signatures.
❖ Traffic routing and firewall.
DR and limitation overcome:
❖ OpenSSL Speed and
performance.
❖ SPARC technology.
Initial key exchange functionality:
❖ Bidirectional authentication.
❖ Two & three factor
authentications.
❖ Initial key exchange.
❖ .X509 functionality.
Storage Clustering:
❖ Brick server functionality.
❖ Volume management of the
Storage.
❖ Linear and logarithmic
scalability.
Data Compression:
❖ Compression process on storage.

Page | 56
04/04/2018
❖ HW-assisted encryption devices.
❖ Oracle ZFS Appliances.
❖ Strip and replication
functionality.
❖ Distributed memory
management.
❖ Glsuter Performance
functionality.
5.3. Limitations of the Study and Compliance.
The Connectivity and physical factors have been considered as the direct indication of
security factor and further subfactors inherit to each of above mentioned were
identified.
The SPARC-M7 CPU were Analyzed only on the SPSS Phase but not in the Pentest as
well as OCTAVE due to lack of SPARC-M8 availability.
The IT management team of ABC LTD has been confirmed compliance with this
storage policy through ICT strategies according to the organizational security policy.
The IT management team of ABC LTD has been confirmed compliance with this
storage policy through ICT strategies according to the security policy of Chapter 06.
5.4. Summery.
In this chapter has been described in brief and border way of research study area by
simply categorizing among the research area which based on the main hypothesis. Also,
it has compliance was based on the inherits of direct and indirect organizations policy
and behaviours.

Page | 57
04/04/2018
CHAPTER 06: DATA ANALYSIS.
6.1. Introduction.
This research was deals with the security, scalability, availability and feasibility of
OGISC in ABC LTD. The aim of this dissertation was to study whether there was
positive security, scalability and availability impact on PAPs after the solution through
investigation, analysis, explanation, and comparison of the gathered information. Also,
to obtain an overall conclusion regarding the security, scalability and availability
impact by the project, a composite index exclusively applicable to this OGISC Project
was formulated.
6.2. SPSS Analysis (Phase I).
At Phase 1, the data analytical process shall be selected for the sample by using a
random sampling method using SPSS software and the SPSS Analysis done by using
the correlational and Chi-Square analysis.
6.2.1. Chi Square (CSQ) Analysis.
The CSQ was used to effectively tested hypotheses regarding the distribution of certain
observations in between different categories. “chi-square tests depending on the way
the data was collected and the hypothesis being tested” (David 2013).
CSQ (X2) = (O – E)2 / E
Where, O = observed frequency in each category, E = expected frequency in the
corresponding category, df = degree of freedom (n-1). “Critical values and reject the
null hypothesis if the test statistic is greater than the tabled value” (DJS Research 2018).
Figure 6.1: Critical Value Identification.

Page | 58
04/04/2018
❖ SPAC-M7/M8, GlusterFS and OpenVPN by ETE encryption.
Table 6.1: Crosstab.
Table 6.2: CSQ Test.
Table 6.3: Symmetric Measures.
The degrees of freedom(df) was (5 – 1) = 4, where (k - l). Also, the critical value was
determined from the CSQ Table as shown above.
The statistic test has been calculated by using the formula of (X2
= (O – E)2
/ E) in order
to get the X2
. As a result, X2
equal to 178.178.
The Hypothesis has been rested either H0(False) or H1(True). Also, it was rejected
when H0 if X2
was larger than the critical value. As a result, from the α = 0.001 and (k
– 1) = 4.
Critical Value Observation:
Where, X2
cv = critical value, c = column, r = row and the ∝ values have been derived
from the SPSS result. Also, (r -1) * (c -1) = dy.

MSc DEGREE IN NETWORK AND INFORMATION SECURITY

MSc DEGREE IN NETWORK AND INFORMATION SECURITY

Recommended

Recommended

More Related Content

Similar to MSc DEGREE IN NETWORK AND INFORMATION SECURITY

Similar to MSc DEGREE IN NETWORK AND INFORMATION SECURITY (20)

More from Chanaka Lasantha

More from Chanaka Lasantha (20)

Recently uploaded

Recently uploaded (20)

MSc DEGREE IN NETWORK AND INFORMATION SECURITY