SlideShare a Scribd company logo

Security Assessment of Keruak’s Informative Outdoor Safe Keeper

K
Konstantinos Stamatakis

Security assessment report case study scenario

Engineering
1 of 15
Download to read offline
FACULTY OF ENGINEERING DEPARTMENTS OF ELECTRONICS ENGINEERING AND AUTOMATION ENGINEERING PIRAEUS UNIVERSITY OF APPLIED SCIENCES Module: CI7130: Network and Information Security Module Coordinator: Dr. Dionisis Adamopoulos & Dr. Harris Katopodis MSc IN NETWORKING AND DATA COMMUNICATIONS COURSEWORK MODULE: CI7130: Network and Information Security Module Coordinator: Dr. Dionisis Adamopoulos & Dr. Harris Katopodis Date of Module: 23/05/2015 Name of Student: Stamatakis Konstantinos Kingston University London
FACULTY OF ENGINEERING DEPARTMENTS OF ELECTRONICS ENGINEERING AND AUTOMATION ENGINEERING PIRAEUS UNIVERSITY OF APPLIED SCIENCES Module: CI7130: Network and Information Security Module Coordinator: Dr. Dionisis Adamopoulos & Dr. Harris Katopodis Subject: Security Assessment of Keruak’s Informative Outdoor Safe Keeper Submission Date: 23/05/2015 Kingston University London
- 1 - Executive Summary The following security assessment report, addresses all the latest challenges and security issues that have been brought up since the late installation and six month’s initial operation of the Keruak’s Outdoor Cabinet Monitoring System, the “Keruak Informative Outdoor Safe Keeper”, also known as KIOSK. As KIOSK monitors outdoor cabinets that are characterized as most critical for Keruak communications company, it is essential to evaluate security threats and vulnerabilities that have been identified during recent workshops and interviews of staff members from all implicated divisions but also to determine any additional ones in terms to technology solutions used to protect the secrecy of information data from various communication services provided through these cabinets to major clients and public sector’s entities that demand exceptional support and security, especially in the areas that affect system’s availability, integrity and confidentiality. Due to its nature, KIOSK is monitoring units exposed almost to anyone, vulnerable to numerous threats, from physical ones that are usually monitored in real time to most sophisticated such as network access related threats, therefore a security assessment of KIOSK will assist further to create profiles of threats that may or already being identified in KIOSK with respective motives and outcomes, allowing Information Security Department to develop new strategies and technological solutions for KIOSK with greater precision and success in confronting the outcomes these threats may have. Preparation The following security assessment report is being conducted, using the Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) methodology, which systematize and enhance security risks that have been recognized and analyzed in security assessments’ allowing companies such as Keruak, to retrieve sufficing results in regards to security evaluation, without excessive use on resources and funds [1], by utilizing our own valuable human resources, like IT experts, employers and stuff that are related to Keruak’s KIOSK, enabling them being better informed about security issues and improve they way they handle vulnerabilities of the supported system’s security state, allowing us this way to gain excellent results without having to resort or rely on outside security experts. According to Software Engineering Institute, OCTAVE “is designed to allow broad assessment of an organization’s operational risk environment with the goal of producing more robust results without the need for extensive risk assessment knowledge”[2] and the reason OCTAVE framework is considered to be most appropriate for our security assessment needs is because it focuses mostly on information assets and specifically “of how these assets used, stored, transported and processed”[2], but of also “how they are exposed to potential vulnerabilities and threats” [2]. Members of the team KIOSK department is considered to be part of Keruak’s IT infrastructure. Despite it was originally planned to operate as a self-governing department, completely independent from all other divisions, technical, logistic or HR ones and therefore any issues reported from KIOSK staff members are forwarded directly to Chief Director of Security Department, as originally planned through the initial developmental design of KIOSK by Chief Director of IT Department, from information emitted by workshops that took place with Keruak executives, IT experts and staff members, analyzing and examining KIOSK current operation architecture, more divisions are implicated in it’s current operational status as presented in the organization overview that follows, therefore the analysis team of experts created correspondingly, from all implicated divisions to KIOSK operation and grouped together, in order to have the most successive outcome. The members of analysis team are:  Chief Director of Security Department  Chief Director of IT Department  Team/Senior Supervisor of KIOSK Department  Administrative Head Assistants of KIOSK Department  Director of Communication Network Department  Chief Engineer of Communication Network Department
- 2 -  Team/Senior Supervisor of Outdoor Cabinets Maintenance Office Organization Overview KIOSK’s system infrastructure is consisted of three areas that are operated by different departments of Keruak. The Outdoor Cabinet Cloud Network (OCCN), supported by the Outdoor Cabinets Maintenance Office, which is a sub-division of the Communication Network Department, the KIOSK Central Administration System (CAS) which is supported and maintained entirely by KIOSK Department and finally low level appliance of KIOSK User interface (kUI) and Keruak Information Network Database (KiND), both supported, maintained and co-operated by Keruak’s Security Department. Fig. 1 KIOSK system architecture diagram (for higher resolution diagram, see the Appendix, Figure 9) The components of KIOSK, as presented in Figure 1 are:  PSTN Control Card, installed in each outdoor cabinet, sends and receives inbound and outbound calls to the Media Gateway of GVP, thought TDMF signaling and Caller ID Support via the SIP and PSTN connectors of Voice Platform (GVP), in order to verify the identity of person accessing the outdoor cabinet [3][5]. The total of all outdoor cabinets monitored by KIOSK, characterized as Outdoor Cabinet Cloud Network (OCCN).  Voice Platform Solution (VPS), an all-in-one solution, constituted by:  Genesys Voice Platform (GVP) containing Resource Manager, CTI and PSTN connectors, Media Control Platform, Call Control Platform and Reporting Server (GVP Reporting Server Database)  Session Initiation Protocol Server (SIP), delivering services such as Universal Routing Server and backup Outbound Connectivity  Management Framework, administrating all VPS and GVP components  Genesys Administrator system, a Web-based GUI for configuration, management, monitoring of components installed and data collection & logging [4][5].  Outbound Contact server (OCS), responsible for creating, executing and reporting outbound and inbound campaigns (call and user events) by performing periodic check calls, every 10 minutes, to monitor cabinets’ state condition through the PSTN and the CTI interface of GVP, or any incoming events from PSTN Control Card (alarms, alerts or verified calls). Logging files of CDRs created, containing records and events information to GUI and User Event Attributes (such as Event Type and Call Result), are forwarded to OCIM for storage and future processing [4][6]. OCS also uses the Caller ID Support, transmitted to PSTN and CTI interface of GVP [6,p90].  Outdoor Cabinets Information and Media server (OCIM), interacts between OCS and any authorized agent that uses DTFM signaling through phone call to inform the system that a cabinet is going to be accessed. OCIM provides prompt, collection, detection and handling of DTMF inputs and call events, Geo-Location, logging storage of all outbound data and Call Detail Records (CDRs) of events took place through the periodic checks or any other incoming events (alarms, alerts or verified calls in response to Event Types and Call Results coming from OCS [6][7].
- 3 -  KIOSK server interacts with VPS, containing an Oracle Database 12c - Enterprise Edition in order to store information coming from VPS’s components to create the GVP Reporting Server Database in order to provide Web Service [8][9].  Resource Manager providing Session management and Service selection data of any incoming request [10].  Media Control Platform, providing tables of functions of outbound calls, network and application initiated calls, data logging and analysis from metrics Call Progress Detection (CPD) [11].  Call Control Platform containing data of outbound calls being made through the PSTN gateway and requests from incoming calls [12].  GVP Reporting Server Database (RSD) submitting real-time call events, CDRs and processing information coming from OCIM, organizing them into partitioning CDR and Call Event tables, providing to each partition the ability to represent user’s pre-specified periods of time, allowing this way database functions better performed. RSD also provides tables with open data access interfaces via Reporting Web Services maintained by the administrators KIOSK, allowing having multiple different user interfaces, set by administrators, while kUI access call related data entries of events from database, categorizing users to various User Access Groups [13].  Sensage Data Warehouse (SDW) is a CISCO’s cloud vendor providing storage and real time analyzing of log data of multiple and diverse security events. In KIOSK both VPS and KIOSK server are connected to SDW to provide redundancy, in case of failure at critical components of the system [14].  Keruak Information Network Database (KiND), is a system of servers initially created at 2007, containing records of communication network architecture details of all customers and subscribers, based on Apache Web Servers, using PHP 5.3+ and MySQL 5+, running, a custom modified version by IT department, of TYPO3 CMS system and it is used to correlate with KIOSK Server’s Oracle database, through the Oracle Enterprise manager for MySQL extension, to retrieve all necessary network details for subscribers’ communication services provided through the outdoor cabinets monitored by KIOSK [15][16].  KIOSK User Interface (kUI) is a GUI that presents, through an HTML web application, all CDRs and events take place in real time, containing history of events for a period of 15 days, before moved permanently to OCIM and SDW. kUI is based on Hippo CMS Enterprise Edition 10, using database entries from both Oracle Database 12c of KIOSK server and the MySQL 5.5 of KiND. As an application server, kUI uses Oracle’s WebLogic Server 12c with Oracle JVM - Java 8 for desktop’s web application environment. [17][18][19][20]. Users of kUI are classified into 3 categories: Administrators, Super Users and Users, with privileges that correspond accordingly (User Access Groups). Security Assessment The analysis team members after conducted all necessary interviews, reports and workshops concluded to the following results, reviewing and identifying important assets and areas of concern that concern these assets, as well as the security requirements and current practices applied for protecting them: PSTN Control Cards Areas of Concern An interruption of the operational status of the PSTN control card, due to potential failure of hardware or communication network medium that connect physically the outdoor cabinet with the KIOSK system, will result to isolation of cabinet without actual knowledge about it’s status (interruption of service). In addition, throughout repairments or installations of communication services and products performed by authorized technicians inside an outdoor cabinet of OCCN, accidental interruption or outage of service might occur, due to failure based on human faults. Security Requirements Confidentiality PSTN control card is monitoring the core network and services provided to
- 4 - subscribers, by monitoring cabinet door state status (open/close). Any violation of this, without a prior system update through standard procedures, will lead to alert signaling. Integrity Access is granted only to authorized technicians who belong to KIOSK’s task force, prior verified with TDMF entry (PIN access code), unique for each outdoor cabinet. Also for each technical operation performed in the cabinet (repairs, modifications, installations) the KIOSK department is aware of, as technicians receive their daily work schedule directly through the KIOSK Dispatchers. Availability The control card must be available 24/7/365 because, except it must be available to technicians or any other authorized person who wishes to verify his legitimate access to the outdoor cabinet, it must be constantly connected with the OCS in order to respond to the frequent periodic polling. Current protection strategies Short outage of service provided by the control card would not cause significant problems if not exceeds the proposed polling period (10 minutes). In case of power supply failure, UPS system is launched automatically and standby technicians are activated. In any other failure, Mobile Patrol Security is contacted. KIOSK Central Administration System (CAS) - VPS, OCS, OCIM and KIOSK server Areas of Concern Any hardware or software failures due to potential malfunction, tampering or destruction of equipment and power supply loss might lead to temporary system malfunction or break down. Security Requirements Confidentiality Chief Director of the IT Department originally performed the initial installation and configuration of all components included in the Central Administration System. No modifications or alterations are allowed without his prior approval. Operational status, of all components included, is real time monitoring by Chief Director of IT Department and Administrative Assistants, rotating into standby shifts, providing 24/7/365 QoS. Integrity All assets are maintained by the Administrative Assistants, who are responsible for routine inspections and maintenances. Availability All assets should be available 24/7/365 as part of Central Administration System Current protection strategies KIOSK system is using SDW cloud vendor for real time redundancy, allowing temporary break down of components. VPS, OCS, OCIM and KIOSK server physical location (Server Room) is protected with a 2-way Authentication mechanism (PIN access code and fingerprint biometric system). All connections to other components of CAS, such as KiND, kUI terminals and SDW are protected with hardware firewalls, VPN tunneling and IDS system Keruak Information Network Database (KiND) Areas of Concern Potential failure of KiND due to hardware or software tampering, destruction of equipment, power supply loss might lead to an instant system’s break down. Also accidental or deliberate entries or modifications of data of subscribers will lead to a serious system’s malfunction such as operational interruption. Furthermore “sensitive” network information of clients that runs through outdoor cabinets KIOSK monitors, is exposed to all users of KiND, e.g. Network Dispatchers from other technical departments who automatically supply technicians with network details making KiND to be subject to threats such as deliberate or accidental information disclosure, illegal processing of data, unauthorized use of equipment, forging and abuse of rights Security Requirements Confidentiality Any network data, that involve clients and communication services using outdoor cabinets KIOSK monitors, must be protected and secured from unauthorized access. Information exposed even to KIOSK users should be
- 5 - classified according to their privileges. Integrity Any modification or update to such network data must take place only by authorized and trained personnel. Availability Network information must be available 24/7/365. Current protection strategies KiND is using a multiple mirroring server system for redundancy with additional UPS support for power supply outage. Analytical details of the network are available only to Dispatchers and technicians who have been granted access. Information from TYPO3 CMS to all applications requiring data, including kUI, is acquired through VPN tunneling therefore no outside actor could gain access through the network. KIOSK User interface (kUI) Areas of Concern CDRs and events monitoring is also performed by members of the Security Department after recent re-organization of company, no appropriate training or background check has been applied to new low-end-users, therefore it is possible to have accidental handling and false justification of incidents or events that might lead to interruption or even inappropriate modification of information records, accidentally or deliberately. Additionally, as kUI is also accessed through terminals and computer offices, located in areas outside KIOSK department, there is a potential threat of disclosure, through physical access, in case a kUI terminal remains active in the absence of its user. Security Requirements Confidentiality Information appears to KIOSK users should be categorized according to their privileges. Integrity All users of KIOSK must know how to deal with any incidents Availability kUI interface must be monitored and available 24/7/365. Current protection strategies All kUI users using authentication mechanism to enter the Web Application and are classified into different User Access Groups with different information access rights. Access to kUI is granted through VPN tunneling avoiding outside network access in case of authentication information leakage. Sensage Data Warehouse (SDW) As SDW is an external cloud vendor, no qualitative security assessment through the OCTAVE framework can be performed, as it must be treated as “black box” because there is no true knowledge of assets contained inside. Therefore SDW considered as untrusted. After the analysis team identified important assets and recognized areas of concern in relation to security requirements and current protection strategies, a further examination applied by generating threat profiles for assets that considered as critical. Combining information derived previously, the analysis team recognized specific assets as critical and related them to areas of concern identified previously for these assets with additional potential threats, extracted through gap analysis, that are presented below [21]. Keruak Information Network Database (KiND) Areas of Concern Threat Properties 1. Insider accidentally tampers software or causes hardware failure  Asset: KiND  Access: physical  Actor: insiders  Motive: accidental  Outcome: loss/destruction & interruption 2. Insider intentionally or accidentally tampers software, causing failure or alters/retrieve the data of critical information entries  Asset: KiND  Access: physical & network  Actor: insiders  Motive: accidental & deliberate  Outcome: disclosure, modification, loss/destruction & interruption
- 6 - PSTN Control Cards Areas of Concern Threat Properties 1. Technicians or any other authorized personnel accidentally break the PSTN control card  Asset: PSTN control card  Access: physical  Actor: insiders  Motive: accidental  Outcome: loss/destruction & interruption 2. Technicians or any other authorized personnel set control card permanently to provide negative/false condition (no alerts/no intrusion)  Asset: PSTN control card  Access: physical  Actor: insiders  Motive: deliberate  Outcome: disclosure & modification 3. Outsiders accidentally break down the cabinet (car accident or any other similar incident)  Asset: PSTN control card  Access: physical & network  Actor: outsiders  Motive: accidental  Outcome: loss/destruction & interruption 4. Terrorists or Vandals damage outdoor cabinet  Asset: PSTN control card  Access: physical & network  Actor: outsiders  Motive: deliberate  Outcome: loss/destruction & interruption 5. Technicians or any other authorized personnel accidentally break communication line of the PSTN control card  Asset: PSTN control card  Access: network  Actor: insiders  Motive: accidental  Outcome: loss/destruction & interruption 6. Technicians or any other authorized personnel intentionally trap communication line of the PSTN control card to remotely control access  Asset: PSTN control card  Access: network  Actor: insiders  Motive: deliberate  Outcome: disclosure & modification Analysis team recorded all upper information, into Critical Threat profiles trees for Human Actors using Network Access but also for Human Actors using Physical Access for both critical assets identified (the PSTN control card and KiND), which can be found at Appendix (Figure 2, 3, 4 and 5). Following, the analysis team focused at KIOSK information infrastructure, examining and determining key components to system’s technology architecture that could drive to unauthorized actions against the critical assets identified before, by taking into consideration technological weaknesses pointed out, which human threat actors could use to exploit and also proposing solutions that could minimize or mitigate exploitation [21]. As key components, in terms of technology architecture and technology weaknesses, the analysis team recognized the following: Key Components Technology Vulnerabilities Solution Communication between OCCN and KIOSK Communication is taking place by PSTN connection used by control card. In case of total network failure, no communication is possible between the OCCN and KIOSK, therefore cabinet’s Installing additional GSM connectors, to control cards in order to have multiple ISPs through different communication paths, providing network redundancy between OCCN
- 7 - condition is unknown. The outcome is Interruption of service (accidental or deliberate) and KIOSK.  Location of KiND  Access to data through KiND related to the KIOSK Physical location of KiND and a potential network or physical access from unauthorized insiders to information related to KIOSK, result to disclosure Creating a new information network database, separated from KiND, that would host all relative information data related and required by KIOSK to operate, installed inside the KIOSK department and maintained exclusively by KIOSK’s Administrative Assistants. Sensage Data Warehouse (SDW) Using an external cloud vendor storage and real time analyzing of log data is outside the logic of OCTAVE framework. SDW must be treated as untrusted, despite the fact that the network connection is protected through VPN tunnelling and firewall Replace SDW redundancy system with a new one, installed KIOSK department and exclusively maintained and supported by the Administrative Assistants of KIOSK.  New-entry kUI users  New-entry kUI users’ terminal physical location Physical location of new- entry kUI users’ computers may lead to accidental or deliberate disclosure by insiders. Also the fact that no training has been provided to new-entry users might lead to false justification of incidents and therefore to modification or loss. Transfer all employers considered as “kUI users” to the KIOSK department and provide them with proper training about policies and practices in terms of security and KIOSK operational requirements of all systems procedures. Simultaneous service outage on both OCS and SIP’s server backup outbound connectivity In the worst case scenario, where both OCS and VPS’s SIP server, simultaneously having service outage, outbound connectivity to OCCN is impossible and this leads to interruption. A Business-Continuity approach must be applied, installing an additional system server with outbound connectivity to OCCN and KIOSK components, such as KIOSK server and OCIM. This Business Continuity server must be located inside KIOSK, configured and maintained by Chief Director of IT Department. Revising all the above, the analysis team of experts, concluded into final Threat Trees for Human Actors using Network Access for both critical assets previously identified, that also represent the way key components and technological weaknesses correspond with these threat trees [21]. KiND’s and PSTN control cards Threat Trees for Human Actors using Network Access, combining key components and technology weakness are presented in Appendix (Figure 6,7). All suggestions and architecture proposed and analyzed through the final stages of this security assessment are presented below (Figure 8). Notice that in this final diagram, all new systems proposed appear inside CAS and have replaced previous ones. Specifically, KiND
- 8 - has been replaced with Critical Network Information Server. The SDW cloud is no longer present and has been replaced with a secondary Reporting Database Server. All kUI users and their terminals have been transferred inside KIOSK department and the Business Continuity server is being installed and connected to all components accordingly, for treating the worst-case scenario. Furthermore PSTN and GSM connectivity has been applied to both VPS and Business Continuity server, ensuring network redundancy to all KIOSK components. Finally IDS system is no longer needed and will be used for future needs of department. Fig. 8 KIOSK new system architecture diagram Conclusion Through the security assessment took place, analysis team managed to identify successfully major technological vulnerabilities of KIOSK that would eventually have lead to security issues. The analysis team, under the scope of OCTAVE framework managed to address all weaknesses identified through security evaluation and through workshops took place with the collaboration of the experts participated, specific solutions proposed in order to take actions against the issues that were identified, by implementing advanced security practices within the KIOSK department. Future repetition of security assessment must be considered as essential and current assessment will be used as reference guide for any forthcoming security evaluation of KIOSK department. Please note that this security assessment approached security risks in a qualitative perspective, for reasons analyzed previously. Supplementary risk analyses is advised as OCTAVE can be combined with quantitative risk analyses methods, such as DREAD or CVSS Version 2.0.
- 9 - References [1] Januszkiewicz Paulina, Pyka Marek (2007). «Designing a Security Policy According to BS 7799 Using the OCTAVE Methodology» [Internet] pp.4-5 <http://ieeexplore.ieee.org.ezproxy.kingston.ac.uk/stamp/stamp.jsp?tp=&arnumber=4 159867> [Accessed April 2015] [2] R. Caralli, J. Stevens, L. Young, W.Wilson (2007). «Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process» [Internet] pp.14-16 <http://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf > [Accessed April 2015] [3] Voice Platform Solution 8.1 «Integration Guide» (2013) [Internet] Genesys. p.90 http://docs.genesys.com/Special:Repository/81gvp_ig- vps.pdf?id=51370a50-6039-4c4c-9ef1-758621427e14 [Accessed May 2015] [4] Voice Platform 8.5 «GVP Architecture» (2015) [Internet] Genesys. <http://docs.genesys.com/Documentation/GVP/85/GDG/ARCH> [Accessed May 2015] [5] GVP Architecture «Resource Manager» (2015) [Internet] Genesys. < http://docs.genesys.com/Documentation/GVP/85/GDG/GCRM> [Accessed May 2015] [6] Outbound Contact 8.1 «Reference manual» (2013) [Internet] Genesys. pp. 7-16, pp.87-88 http://docs.genesys.com/Special:Repository/81ou_ref.pdf?id=f7675552- 8d66-4283-81df-f22ede9e3825 [Accessed May 2015] [7] Genesys Media Server 8.5 «Deployment Guide» (2013) [Internet] Genesys. pp.14- 20 <http://docs.genesys.com/Special:Repository/85gvp_dep-gms.pdf?id=ee7c3617- 3882-434a-9e28-52a1d1cab433> [Accessed May 2015] [8] Configuring GVP «Configuring the GVP Reporting Server Database» (2015) [Internet] Genesys. <http://docs.genesys.com/Documentation/GVP/85/GDG/CGRSD#BYB> [Accessed May 2015] [9] Oracle Database Consolidation «Manage Many Databases As One» (2015) [Internet] Oracle. <https://www.oracle.com/database/solutions/consolidation.html> [Accessed May 2015] [10] GVP Architecture «Media Control Platfrom» (2015) [Internet] Genesys. <http://docs.genesys.com/Documentation/GVP/85/GDG/GCRM#RMRMF> [Accessed May 2015] [11] GVP Architecture «Resource Manager Functions» (2015) [Internet] Genesys <http://docs.genesys.com/Documentation/GVP/85/GDG/GCMCP#MCPF> [12] GVP Architecture «Call Control Functions» (2015) [Internet] Genesys <http://docs.genesys.com/Documentation/GVP/85/GDG/GCCCP#GCCCPF> [Accessed May 2015] [13] GVP Architecture «Reporting Server Functions» (2015) [Internet] Genesys <http://docs.genesys.com/Documentation/GVP/85/GDG/GCRS#ARCHRSF> [Accessed May 2015] [14] Sensage «Event Data Warehouse» (2015) [Internet] CISCO <https://marketplace.cisco.com/catalog/products/2168> [Accessed May 2015] [15] MySQL Enterprise Edition «Oracle Enterprise Manager for MySQL» (2015) [Internet] MySQL. <https://www.mysql.com/products/enterprise/em.html> [Accessed May 2015] [16] TYPO3 «TYPO3 CMS» (2015) [Internet] TYPO3. <http://typo3.org/typo3-cms/> [Accessed May 2015] [17] TYPO3 Extension Repository «What are Extensions» (2015) [Internet] TYPO3. <http://typo3.org/extensions/what-are-extensions/> [Accessed May 2015] [18] Oracle WebLogic Server «WebLogic Server Overview» (2015) [Internet] Oracle. <http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html> [Accessed May 2015] [19] Java Platform Standard Edition «Java Platform SE Overview» (2015) [Internet] Oracle. <http://www.oracle.com/technetwork/java/javase/overview/index.html> [Accessed May 2015]
- 10 - [20] Hippo CMS 10 «System Requirements Hippo CMS 10» (2015) [Internet] Hippo. <http://www.onehippo.org/library/about/system-requirements.html> [Accessed May 2015] [21] Christopher Alberts, Audrey Dorofee (2001). «Designing a Security Policy According to BS 7799 Using the OCTAVE Methodology» [Internet] p.8, pp.11-12 <http://people.tuke.sk/dezider.guspan/security/___bezpecnost%20OCTAVE%20CERT/OCT AVE%20Threat%20Profiles-OCTAVEthreatProfiles.pdf> > [Accessed May 2015] Appendix Fig. 2 Threat Tree for Human Actors using Physical Access Fig. 3 Threat Tree for Human Actors using Network Access Fig. 4 Threat Tree for Human Actors using Physical Access Fig. 5 Threat Tree for Human Actors using Network Access
- 11 -
- 12 - Fig. 6 Technology Vulnerabilities and Network Access Paths for PSTN Control Card
- 13 - Fig. 7 Technology Vulnerabilities and Network Access Paths for KiND Fig. 9 KIOSK system architecture diagram (high resolution)

Recommended

Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748
Unanet
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12
Mustafa Jarrar
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
James W. De Rienzo
 
DIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements DocumentDIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements Document
Nicole Gaehle, MSIST
 
Binghamton Bank Analysis
Binghamton Bank AnalysisBinghamton Bank Analysis
Binghamton Bank Analysis
Alex Cai
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure Code
Caleb Jenkins
 

Recommended

Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748
Unanet
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12
Mustafa Jarrar
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
James W. De Rienzo
 
DIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements DocumentDIACAP IA CONTROLS Requirements Document
DIACAP IA CONTROLS Requirements Document
Nicole Gaehle, MSIST
 
Binghamton Bank Analysis
Binghamton Bank AnalysisBinghamton Bank Analysis
Binghamton Bank Analysis
Alex Cai
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure Code
Caleb Jenkins
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
Cisco Service Provider
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Russia
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochure
George Wainblat
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdf
dhanywahyudi17
 
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET Journal
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
Infosec
 
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
IJMER
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
IJMER
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
IJMER
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
IJMER
 
NIS.docx
NIS.docxNIS.docx
NIS.docx
PremBorse1
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
Elasticsearch
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
International Communications Corporation
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
International Communications Corporation
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
Nirmal Thaliyil
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Shakeel Ali
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFix
HCLSoftware
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
Alan Tatourian
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence System
Joseph Yosi Margalit
 
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemDynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Radita Apriana
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
HenryBriggs2
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
Ramkumar k
 

More Related Content

Similar to Security Assessment of Keruak’s Informative Outdoor Safe Keeper

Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
Cisco Service Provider
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
IJMER
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
IJMER
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
IJMER
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
Alan Tatourian
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence System
Joseph Yosi Margalit
 
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemDynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Radita Apriana
 

Similar to Security Assessment of Keruak’s Informative Outdoor Safe Keeper (20)

Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochure
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdf
 
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
IRJET- Detection of Intrinsic Intrusion and Auspice System by Utilizing Data ...
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
 
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
Secure Multi-Owner Group Signature Based Secure M-Health Records in Cloud
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
 
Ijmer 41025357
Ijmer 41025357Ijmer 41025357
Ijmer 41025357
 
NIS.docx
NIS.docxNIS.docx
NIS.docx
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFix
 
Will future vehicles be secure?
Will future vehicles be secure?Will future vehicles be secure?
Will future vehicles be secure?
 
Secure Financial Intelligence System
Secure Financial Intelligence SystemSecure Financial Intelligence System
Secure Financial Intelligence System
 
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File SystemDynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
Dynamic RWX ACM Model Optimizing the Risk on Real Time Unix File System
 

Recently uploaded

scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
HenryBriggs2
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
dannyijwest
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
NANDHAKUMARA10
 

Recently uploaded (20)

scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
Danikor Product Catalog- Screw Feeder.pdf
Danikor Product Catalog- Screw Feeder.pdfDanikor Product Catalog- Screw Feeder.pdf
Danikor Product Catalog- Screw Feeder.pdf
 
Augmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptxAugmented Reality (AR) with Augin Software.pptx
Augmented Reality (AR) with Augin Software.pptx
 
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
 
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
Unsatisfied Bhabhi ℂall Girls Ahmedabad Book Esha 6378878445 Top Class ℂall G...
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Signal Processing and Linear System Analysis
Signal Processing and Linear System AnalysisSignal Processing and Linear System Analysis
Signal Processing and Linear System Analysis
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
fitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .pptfitting shop and tools used in fitting shop .ppt
fitting shop and tools used in fitting shop .ppt
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To Curves
 
Compressing and Sparsifying LLM in GenAI Applications
Compressing and Sparsifying LLM in GenAI ApplicationsCompressing and Sparsifying LLM in GenAI Applications
Compressing and Sparsifying LLM in GenAI Applications
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptx
 
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
Cybercrimes in the Darknet and Their Detections: A Comprehensive Analysis and...
 
Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2Fundamentals of Internet of Things (IoT) Part-2
Fundamentals of Internet of Things (IoT) Part-2
 
Electromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptxElectromagnetic relays used for power system .pptx
Electromagnetic relays used for power system .pptx
 

Security Assessment of Keruak’s Informative Outdoor Safe Keeper

  • 1. FACULTY OF ENGINEERING DEPARTMENTS OF ELECTRONICS ENGINEERING AND AUTOMATION ENGINEERING PIRAEUS UNIVERSITY OF APPLIED SCIENCES Module: CI7130: Network and Information Security Module Coordinator: Dr. Dionisis Adamopoulos & Dr. Harris Katopodis MSc IN NETWORKING AND DATA COMMUNICATIONS COURSEWORK MODULE: CI7130: Network and Information Security Module Coordinator: Dr. Dionisis Adamopoulos & Dr. Harris Katopodis Date of Module: 23/05/2015 Name of Student: Stamatakis Konstantinos Kingston University London
  • 2. FACULTY OF ENGINEERING DEPARTMENTS OF ELECTRONICS ENGINEERING AND AUTOMATION ENGINEERING PIRAEUS UNIVERSITY OF APPLIED SCIENCES Module: CI7130: Network and Information Security Module Coordinator: Dr. Dionisis Adamopoulos & Dr. Harris Katopodis Subject: Security Assessment of Keruak’s Informative Outdoor Safe Keeper Submission Date: 23/05/2015 Kingston University London
  • 3. - 1 - Executive Summary The following security assessment report, addresses all the latest challenges and security issues that have been brought up since the late installation and six month’s initial operation of the Keruak’s Outdoor Cabinet Monitoring System, the “Keruak Informative Outdoor Safe Keeper”, also known as KIOSK. As KIOSK monitors outdoor cabinets that are characterized as most critical for Keruak communications company, it is essential to evaluate security threats and vulnerabilities that have been identified during recent workshops and interviews of staff members from all implicated divisions but also to determine any additional ones in terms to technology solutions used to protect the secrecy of information data from various communication services provided through these cabinets to major clients and public sector’s entities that demand exceptional support and security, especially in the areas that affect system’s availability, integrity and confidentiality. Due to its nature, KIOSK is monitoring units exposed almost to anyone, vulnerable to numerous threats, from physical ones that are usually monitored in real time to most sophisticated such as network access related threats, therefore a security assessment of KIOSK will assist further to create profiles of threats that may or already being identified in KIOSK with respective motives and outcomes, allowing Information Security Department to develop new strategies and technological solutions for KIOSK with greater precision and success in confronting the outcomes these threats may have. Preparation The following security assessment report is being conducted, using the Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) methodology, which systematize and enhance security risks that have been recognized and analyzed in security assessments’ allowing companies such as Keruak, to retrieve sufficing results in regards to security evaluation, without excessive use on resources and funds [1], by utilizing our own valuable human resources, like IT experts, employers and stuff that are related to Keruak’s KIOSK, enabling them being better informed about security issues and improve they way they handle vulnerabilities of the supported system’s security state, allowing us this way to gain excellent results without having to resort or rely on outside security experts. According to Software Engineering Institute, OCTAVE “is designed to allow broad assessment of an organization’s operational risk environment with the goal of producing more robust results without the need for extensive risk assessment knowledge”[2] and the reason OCTAVE framework is considered to be most appropriate for our security assessment needs is because it focuses mostly on information assets and specifically “of how these assets used, stored, transported and processed”[2], but of also “how they are exposed to potential vulnerabilities and threats” [2]. Members of the team KIOSK department is considered to be part of Keruak’s IT infrastructure. Despite it was originally planned to operate as a self-governing department, completely independent from all other divisions, technical, logistic or HR ones and therefore any issues reported from KIOSK staff members are forwarded directly to Chief Director of Security Department, as originally planned through the initial developmental design of KIOSK by Chief Director of IT Department, from information emitted by workshops that took place with Keruak executives, IT experts and staff members, analyzing and examining KIOSK current operation architecture, more divisions are implicated in it’s current operational status as presented in the organization overview that follows, therefore the analysis team of experts created correspondingly, from all implicated divisions to KIOSK operation and grouped together, in order to have the most successive outcome. The members of analysis team are:  Chief Director of Security Department  Chief Director of IT Department  Team/Senior Supervisor of KIOSK Department  Administrative Head Assistants of KIOSK Department  Director of Communication Network Department  Chief Engineer of Communication Network Department
  • 4. - 2 -  Team/Senior Supervisor of Outdoor Cabinets Maintenance Office Organization Overview KIOSK’s system infrastructure is consisted of three areas that are operated by different departments of Keruak. The Outdoor Cabinet Cloud Network (OCCN), supported by the Outdoor Cabinets Maintenance Office, which is a sub-division of the Communication Network Department, the KIOSK Central Administration System (CAS) which is supported and maintained entirely by KIOSK Department and finally low level appliance of KIOSK User interface (kUI) and Keruak Information Network Database (KiND), both supported, maintained and co-operated by Keruak’s Security Department. Fig. 1 KIOSK system architecture diagram (for higher resolution diagram, see the Appendix, Figure 9) The components of KIOSK, as presented in Figure 1 are:  PSTN Control Card, installed in each outdoor cabinet, sends and receives inbound and outbound calls to the Media Gateway of GVP, thought TDMF signaling and Caller ID Support via the SIP and PSTN connectors of Voice Platform (GVP), in order to verify the identity of person accessing the outdoor cabinet [3][5]. The total of all outdoor cabinets monitored by KIOSK, characterized as Outdoor Cabinet Cloud Network (OCCN).  Voice Platform Solution (VPS), an all-in-one solution, constituted by:  Genesys Voice Platform (GVP) containing Resource Manager, CTI and PSTN connectors, Media Control Platform, Call Control Platform and Reporting Server (GVP Reporting Server Database)  Session Initiation Protocol Server (SIP), delivering services such as Universal Routing Server and backup Outbound Connectivity  Management Framework, administrating all VPS and GVP components  Genesys Administrator system, a Web-based GUI for configuration, management, monitoring of components installed and data collection & logging [4][5].  Outbound Contact server (OCS), responsible for creating, executing and reporting outbound and inbound campaigns (call and user events) by performing periodic check calls, every 10 minutes, to monitor cabinets’ state condition through the PSTN and the CTI interface of GVP, or any incoming events from PSTN Control Card (alarms, alerts or verified calls). Logging files of CDRs created, containing records and events information to GUI and User Event Attributes (such as Event Type and Call Result), are forwarded to OCIM for storage and future processing [4][6]. OCS also uses the Caller ID Support, transmitted to PSTN and CTI interface of GVP [6,p90].  Outdoor Cabinets Information and Media server (OCIM), interacts between OCS and any authorized agent that uses DTFM signaling through phone call to inform the system that a cabinet is going to be accessed. OCIM provides prompt, collection, detection and handling of DTMF inputs and call events, Geo-Location, logging storage of all outbound data and Call Detail Records (CDRs) of events took place through the periodic checks or any other incoming events (alarms, alerts or verified calls in response to Event Types and Call Results coming from OCS [6][7].
  • 5. - 3 -  KIOSK server interacts with VPS, containing an Oracle Database 12c - Enterprise Edition in order to store information coming from VPS’s components to create the GVP Reporting Server Database in order to provide Web Service [8][9].  Resource Manager providing Session management and Service selection data of any incoming request [10].  Media Control Platform, providing tables of functions of outbound calls, network and application initiated calls, data logging and analysis from metrics Call Progress Detection (CPD) [11].  Call Control Platform containing data of outbound calls being made through the PSTN gateway and requests from incoming calls [12].  GVP Reporting Server Database (RSD) submitting real-time call events, CDRs and processing information coming from OCIM, organizing them into partitioning CDR and Call Event tables, providing to each partition the ability to represent user’s pre-specified periods of time, allowing this way database functions better performed. RSD also provides tables with open data access interfaces via Reporting Web Services maintained by the administrators KIOSK, allowing having multiple different user interfaces, set by administrators, while kUI access call related data entries of events from database, categorizing users to various User Access Groups [13].  Sensage Data Warehouse (SDW) is a CISCO’s cloud vendor providing storage and real time analyzing of log data of multiple and diverse security events. In KIOSK both VPS and KIOSK server are connected to SDW to provide redundancy, in case of failure at critical components of the system [14].  Keruak Information Network Database (KiND), is a system of servers initially created at 2007, containing records of communication network architecture details of all customers and subscribers, based on Apache Web Servers, using PHP 5.3+ and MySQL 5+, running, a custom modified version by IT department, of TYPO3 CMS system and it is used to correlate with KIOSK Server’s Oracle database, through the Oracle Enterprise manager for MySQL extension, to retrieve all necessary network details for subscribers’ communication services provided through the outdoor cabinets monitored by KIOSK [15][16].  KIOSK User Interface (kUI) is a GUI that presents, through an HTML web application, all CDRs and events take place in real time, containing history of events for a period of 15 days, before moved permanently to OCIM and SDW. kUI is based on Hippo CMS Enterprise Edition 10, using database entries from both Oracle Database 12c of KIOSK server and the MySQL 5.5 of KiND. As an application server, kUI uses Oracle’s WebLogic Server 12c with Oracle JVM - Java 8 for desktop’s web application environment. [17][18][19][20]. Users of kUI are classified into 3 categories: Administrators, Super Users and Users, with privileges that correspond accordingly (User Access Groups). Security Assessment The analysis team members after conducted all necessary interviews, reports and workshops concluded to the following results, reviewing and identifying important assets and areas of concern that concern these assets, as well as the security requirements and current practices applied for protecting them: PSTN Control Cards Areas of Concern An interruption of the operational status of the PSTN control card, due to potential failure of hardware or communication network medium that connect physically the outdoor cabinet with the KIOSK system, will result to isolation of cabinet without actual knowledge about it’s status (interruption of service). In addition, throughout repairments or installations of communication services and products performed by authorized technicians inside an outdoor cabinet of OCCN, accidental interruption or outage of service might occur, due to failure based on human faults. Security Requirements Confidentiality PSTN control card is monitoring the core network and services provided to
  • 6. - 4 - subscribers, by monitoring cabinet door state status (open/close). Any violation of this, without a prior system update through standard procedures, will lead to alert signaling. Integrity Access is granted only to authorized technicians who belong to KIOSK’s task force, prior verified with TDMF entry (PIN access code), unique for each outdoor cabinet. Also for each technical operation performed in the cabinet (repairs, modifications, installations) the KIOSK department is aware of, as technicians receive their daily work schedule directly through the KIOSK Dispatchers. Availability The control card must be available 24/7/365 because, except it must be available to technicians or any other authorized person who wishes to verify his legitimate access to the outdoor cabinet, it must be constantly connected with the OCS in order to respond to the frequent periodic polling. Current protection strategies Short outage of service provided by the control card would not cause significant problems if not exceeds the proposed polling period (10 minutes). In case of power supply failure, UPS system is launched automatically and standby technicians are activated. In any other failure, Mobile Patrol Security is contacted. KIOSK Central Administration System (CAS) - VPS, OCS, OCIM and KIOSK server Areas of Concern Any hardware or software failures due to potential malfunction, tampering or destruction of equipment and power supply loss might lead to temporary system malfunction or break down. Security Requirements Confidentiality Chief Director of the IT Department originally performed the initial installation and configuration of all components included in the Central Administration System. No modifications or alterations are allowed without his prior approval. Operational status, of all components included, is real time monitoring by Chief Director of IT Department and Administrative Assistants, rotating into standby shifts, providing 24/7/365 QoS. Integrity All assets are maintained by the Administrative Assistants, who are responsible for routine inspections and maintenances. Availability All assets should be available 24/7/365 as part of Central Administration System Current protection strategies KIOSK system is using SDW cloud vendor for real time redundancy, allowing temporary break down of components. VPS, OCS, OCIM and KIOSK server physical location (Server Room) is protected with a 2-way Authentication mechanism (PIN access code and fingerprint biometric system). All connections to other components of CAS, such as KiND, kUI terminals and SDW are protected with hardware firewalls, VPN tunneling and IDS system Keruak Information Network Database (KiND) Areas of Concern Potential failure of KiND due to hardware or software tampering, destruction of equipment, power supply loss might lead to an instant system’s break down. Also accidental or deliberate entries or modifications of data of subscribers will lead to a serious system’s malfunction such as operational interruption. Furthermore “sensitive” network information of clients that runs through outdoor cabinets KIOSK monitors, is exposed to all users of KiND, e.g. Network Dispatchers from other technical departments who automatically supply technicians with network details making KiND to be subject to threats such as deliberate or accidental information disclosure, illegal processing of data, unauthorized use of equipment, forging and abuse of rights Security Requirements Confidentiality Any network data, that involve clients and communication services using outdoor cabinets KIOSK monitors, must be protected and secured from unauthorized access. Information exposed even to KIOSK users should be
  • 7. - 5 - classified according to their privileges. Integrity Any modification or update to such network data must take place only by authorized and trained personnel. Availability Network information must be available 24/7/365. Current protection strategies KiND is using a multiple mirroring server system for redundancy with additional UPS support for power supply outage. Analytical details of the network are available only to Dispatchers and technicians who have been granted access. Information from TYPO3 CMS to all applications requiring data, including kUI, is acquired through VPN tunneling therefore no outside actor could gain access through the network. KIOSK User interface (kUI) Areas of Concern CDRs and events monitoring is also performed by members of the Security Department after recent re-organization of company, no appropriate training or background check has been applied to new low-end-users, therefore it is possible to have accidental handling and false justification of incidents or events that might lead to interruption or even inappropriate modification of information records, accidentally or deliberately. Additionally, as kUI is also accessed through terminals and computer offices, located in areas outside KIOSK department, there is a potential threat of disclosure, through physical access, in case a kUI terminal remains active in the absence of its user. Security Requirements Confidentiality Information appears to KIOSK users should be categorized according to their privileges. Integrity All users of KIOSK must know how to deal with any incidents Availability kUI interface must be monitored and available 24/7/365. Current protection strategies All kUI users using authentication mechanism to enter the Web Application and are classified into different User Access Groups with different information access rights. Access to kUI is granted through VPN tunneling avoiding outside network access in case of authentication information leakage. Sensage Data Warehouse (SDW) As SDW is an external cloud vendor, no qualitative security assessment through the OCTAVE framework can be performed, as it must be treated as “black box” because there is no true knowledge of assets contained inside. Therefore SDW considered as untrusted. After the analysis team identified important assets and recognized areas of concern in relation to security requirements and current protection strategies, a further examination applied by generating threat profiles for assets that considered as critical. Combining information derived previously, the analysis team recognized specific assets as critical and related them to areas of concern identified previously for these assets with additional potential threats, extracted through gap analysis, that are presented below [21]. Keruak Information Network Database (KiND) Areas of Concern Threat Properties 1. Insider accidentally tampers software or causes hardware failure  Asset: KiND  Access: physical  Actor: insiders  Motive: accidental  Outcome: loss/destruction & interruption 2. Insider intentionally or accidentally tampers software, causing failure or alters/retrieve the data of critical information entries  Asset: KiND  Access: physical & network  Actor: insiders  Motive: accidental & deliberate  Outcome: disclosure, modification, loss/destruction & interruption
  • 8. - 6 - PSTN Control Cards Areas of Concern Threat Properties 1. Technicians or any other authorized personnel accidentally break the PSTN control card  Asset: PSTN control card  Access: physical  Actor: insiders  Motive: accidental  Outcome: loss/destruction & interruption 2. Technicians or any other authorized personnel set control card permanently to provide negative/false condition (no alerts/no intrusion)  Asset: PSTN control card  Access: physical  Actor: insiders  Motive: deliberate  Outcome: disclosure & modification 3. Outsiders accidentally break down the cabinet (car accident or any other similar incident)  Asset: PSTN control card  Access: physical & network  Actor: outsiders  Motive: accidental  Outcome: loss/destruction & interruption 4. Terrorists or Vandals damage outdoor cabinet  Asset: PSTN control card  Access: physical & network  Actor: outsiders  Motive: deliberate  Outcome: loss/destruction & interruption 5. Technicians or any other authorized personnel accidentally break communication line of the PSTN control card  Asset: PSTN control card  Access: network  Actor: insiders  Motive: accidental  Outcome: loss/destruction & interruption 6. Technicians or any other authorized personnel intentionally trap communication line of the PSTN control card to remotely control access  Asset: PSTN control card  Access: network  Actor: insiders  Motive: deliberate  Outcome: disclosure & modification Analysis team recorded all upper information, into Critical Threat profiles trees for Human Actors using Network Access but also for Human Actors using Physical Access for both critical assets identified (the PSTN control card and KiND), which can be found at Appendix (Figure 2, 3, 4 and 5). Following, the analysis team focused at KIOSK information infrastructure, examining and determining key components to system’s technology architecture that could drive to unauthorized actions against the critical assets identified before, by taking into consideration technological weaknesses pointed out, which human threat actors could use to exploit and also proposing solutions that could minimize or mitigate exploitation [21]. As key components, in terms of technology architecture and technology weaknesses, the analysis team recognized the following: Key Components Technology Vulnerabilities Solution Communication between OCCN and KIOSK Communication is taking place by PSTN connection used by control card. In case of total network failure, no communication is possible between the OCCN and KIOSK, therefore cabinet’s Installing additional GSM connectors, to control cards in order to have multiple ISPs through different communication paths, providing network redundancy between OCCN
  • 9. - 7 - condition is unknown. The outcome is Interruption of service (accidental or deliberate) and KIOSK.  Location of KiND  Access to data through KiND related to the KIOSK Physical location of KiND and a potential network or physical access from unauthorized insiders to information related to KIOSK, result to disclosure Creating a new information network database, separated from KiND, that would host all relative information data related and required by KIOSK to operate, installed inside the KIOSK department and maintained exclusively by KIOSK’s Administrative Assistants. Sensage Data Warehouse (SDW) Using an external cloud vendor storage and real time analyzing of log data is outside the logic of OCTAVE framework. SDW must be treated as untrusted, despite the fact that the network connection is protected through VPN tunnelling and firewall Replace SDW redundancy system with a new one, installed KIOSK department and exclusively maintained and supported by the Administrative Assistants of KIOSK.  New-entry kUI users  New-entry kUI users’ terminal physical location Physical location of new- entry kUI users’ computers may lead to accidental or deliberate disclosure by insiders. Also the fact that no training has been provided to new-entry users might lead to false justification of incidents and therefore to modification or loss. Transfer all employers considered as “kUI users” to the KIOSK department and provide them with proper training about policies and practices in terms of security and KIOSK operational requirements of all systems procedures. Simultaneous service outage on both OCS and SIP’s server backup outbound connectivity In the worst case scenario, where both OCS and VPS’s SIP server, simultaneously having service outage, outbound connectivity to OCCN is impossible and this leads to interruption. A Business-Continuity approach must be applied, installing an additional system server with outbound connectivity to OCCN and KIOSK components, such as KIOSK server and OCIM. This Business Continuity server must be located inside KIOSK, configured and maintained by Chief Director of IT Department. Revising all the above, the analysis team of experts, concluded into final Threat Trees for Human Actors using Network Access for both critical assets previously identified, that also represent the way key components and technological weaknesses correspond with these threat trees [21]. KiND’s and PSTN control cards Threat Trees for Human Actors using Network Access, combining key components and technology weakness are presented in Appendix (Figure 6,7). All suggestions and architecture proposed and analyzed through the final stages of this security assessment are presented below (Figure 8). Notice that in this final diagram, all new systems proposed appear inside CAS and have replaced previous ones. Specifically, KiND
  • 10. - 8 - has been replaced with Critical Network Information Server. The SDW cloud is no longer present and has been replaced with a secondary Reporting Database Server. All kUI users and their terminals have been transferred inside KIOSK department and the Business Continuity server is being installed and connected to all components accordingly, for treating the worst-case scenario. Furthermore PSTN and GSM connectivity has been applied to both VPS and Business Continuity server, ensuring network redundancy to all KIOSK components. Finally IDS system is no longer needed and will be used for future needs of department. Fig. 8 KIOSK new system architecture diagram Conclusion Through the security assessment took place, analysis team managed to identify successfully major technological vulnerabilities of KIOSK that would eventually have lead to security issues. The analysis team, under the scope of OCTAVE framework managed to address all weaknesses identified through security evaluation and through workshops took place with the collaboration of the experts participated, specific solutions proposed in order to take actions against the issues that were identified, by implementing advanced security practices within the KIOSK department. Future repetition of security assessment must be considered as essential and current assessment will be used as reference guide for any forthcoming security evaluation of KIOSK department. Please note that this security assessment approached security risks in a qualitative perspective, for reasons analyzed previously. Supplementary risk analyses is advised as OCTAVE can be combined with quantitative risk analyses methods, such as DREAD or CVSS Version 2.0.
  • 11. - 9 - References [1] Januszkiewicz Paulina, Pyka Marek (2007). «Designing a Security Policy According to BS 7799 Using the OCTAVE Methodology» [Internet] pp.4-5 <http://ieeexplore.ieee.org.ezproxy.kingston.ac.uk/stamp/stamp.jsp?tp=&arnumber=4 159867> [Accessed April 2015] [2] R. Caralli, J. Stevens, L. Young, W.Wilson (2007). «Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process» [Internet] pp.14-16 <http://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf > [Accessed April 2015] [3] Voice Platform Solution 8.1 «Integration Guide» (2013) [Internet] Genesys. p.90 http://docs.genesys.com/Special:Repository/81gvp_ig- vps.pdf?id=51370a50-6039-4c4c-9ef1-758621427e14 [Accessed May 2015] [4] Voice Platform 8.5 «GVP Architecture» (2015) [Internet] Genesys. <http://docs.genesys.com/Documentation/GVP/85/GDG/ARCH> [Accessed May 2015] [5] GVP Architecture «Resource Manager» (2015) [Internet] Genesys. < http://docs.genesys.com/Documentation/GVP/85/GDG/GCRM> [Accessed May 2015] [6] Outbound Contact 8.1 «Reference manual» (2013) [Internet] Genesys. pp. 7-16, pp.87-88 http://docs.genesys.com/Special:Repository/81ou_ref.pdf?id=f7675552- 8d66-4283-81df-f22ede9e3825 [Accessed May 2015] [7] Genesys Media Server 8.5 «Deployment Guide» (2013) [Internet] Genesys. pp.14- 20 <http://docs.genesys.com/Special:Repository/85gvp_dep-gms.pdf?id=ee7c3617- 3882-434a-9e28-52a1d1cab433> [Accessed May 2015] [8] Configuring GVP «Configuring the GVP Reporting Server Database» (2015) [Internet] Genesys. <http://docs.genesys.com/Documentation/GVP/85/GDG/CGRSD#BYB> [Accessed May 2015] [9] Oracle Database Consolidation «Manage Many Databases As One» (2015) [Internet] Oracle. <https://www.oracle.com/database/solutions/consolidation.html> [Accessed May 2015] [10] GVP Architecture «Media Control Platfrom» (2015) [Internet] Genesys. <http://docs.genesys.com/Documentation/GVP/85/GDG/GCRM#RMRMF> [Accessed May 2015] [11] GVP Architecture «Resource Manager Functions» (2015) [Internet] Genesys <http://docs.genesys.com/Documentation/GVP/85/GDG/GCMCP#MCPF> [12] GVP Architecture «Call Control Functions» (2015) [Internet] Genesys <http://docs.genesys.com/Documentation/GVP/85/GDG/GCCCP#GCCCPF> [Accessed May 2015] [13] GVP Architecture «Reporting Server Functions» (2015) [Internet] Genesys <http://docs.genesys.com/Documentation/GVP/85/GDG/GCRS#ARCHRSF> [Accessed May 2015] [14] Sensage «Event Data Warehouse» (2015) [Internet] CISCO <https://marketplace.cisco.com/catalog/products/2168> [Accessed May 2015] [15] MySQL Enterprise Edition «Oracle Enterprise Manager for MySQL» (2015) [Internet] MySQL. <https://www.mysql.com/products/enterprise/em.html> [Accessed May 2015] [16] TYPO3 «TYPO3 CMS» (2015) [Internet] TYPO3. <http://typo3.org/typo3-cms/> [Accessed May 2015] [17] TYPO3 Extension Repository «What are Extensions» (2015) [Internet] TYPO3. <http://typo3.org/extensions/what-are-extensions/> [Accessed May 2015] [18] Oracle WebLogic Server «WebLogic Server Overview» (2015) [Internet] Oracle. <http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html> [Accessed May 2015] [19] Java Platform Standard Edition «Java Platform SE Overview» (2015) [Internet] Oracle. <http://www.oracle.com/technetwork/java/javase/overview/index.html> [Accessed May 2015]
  • 12. - 10 - [20] Hippo CMS 10 «System Requirements Hippo CMS 10» (2015) [Internet] Hippo. <http://www.onehippo.org/library/about/system-requirements.html> [Accessed May 2015] [21] Christopher Alberts, Audrey Dorofee (2001). «Designing a Security Policy According to BS 7799 Using the OCTAVE Methodology» [Internet] p.8, pp.11-12 <http://people.tuke.sk/dezider.guspan/security/___bezpecnost%20OCTAVE%20CERT/OCT AVE%20Threat%20Profiles-OCTAVEthreatProfiles.pdf> > [Accessed May 2015] Appendix Fig. 2 Threat Tree for Human Actors using Physical Access Fig. 3 Threat Tree for Human Actors using Network Access Fig. 4 Threat Tree for Human Actors using Physical Access Fig. 5 Threat Tree for Human Actors using Network Access
  • 14. - 12 - Fig. 6 Technology Vulnerabilities and Network Access Paths for PSTN Control Card
  • 15. - 13 - Fig. 7 Technology Vulnerabilities and Network Access Paths for KiND Fig. 9 KIOSK system architecture diagram (high resolution)