This document is a thesis prepared by Bhadreshsinh Gohil, a 3rd semester student at Gujarat Technological University. It is guided by three officials from the NPSF Group at C-DAC Pune. The thesis proposes a framework to streamline the process of releasing new websites and web portals to the public internet. It discusses some challenges with the current process and proposes a web-enabled framework using technologies like PHP, Java and databases. The framework would delegate tasks to stakeholders and support different user roles for activities like implementing security policies.

1. Prepared by :-
Bhadreshsinh Gohil
ME in Computer Engineering
3rd Sem.
Enroll no. :- 111060751030.
Gujarat Technological University,
Ahmedabad.
Guided by :-
Dr. Sandeep K. Joshi Rishi K. Pathak Satyaswarup Yerramilli
Principle Technical Officer Senior Technical Officer Seniour Technical Officer
NPSF Group NPSF Group NPSF Group
C-DAC C-DAC C-DAC
Pune Pune Pune
GTU 12/4/2012 1

2.  Introduction and Motivation
 The Identified Problem
 The Proposed Solution
 Illustrative Case Studies
 References
GTU 12/4/2012 2

3.  Internet is now ubiquitous
 Many Internet-based applications are in use
today
 Web services is an important paradigm for
designing Internet-based applications
 This all web services are hosted not only in DMZ
in datacenter but also with Public IPs using with
various Network Technology like NAT.
 For this we need implementation of Security
Devices and controls like firewalls.
GTU 12/4/2012 3

4. GTU 12/4/2012 4

5.  The web hosting setup and associated
network security and networking setup
being vast and there being multiple
stakeholders in the decision making
process, releasing new websites/ web
portals to the public internet becomes
very intricate, cumbersome and error
prone often leading to delays,
unsatisfied expectations and ownership
of responsibilities issues.
GTU 12/4/2012 5

6.  To resolve these issues it is proposed to build
a framework which will streamline the
process and also delegate most of the
activities to several of designated
stakeholders from each group.
 The framework will enable the users/groups
to do most of the work related to public
release of the websites/webportals and other
network based services on their own with the
intervention from the systems administrators
or network security experts coming in only
towards the final steps, if at all required. The
framework will also support different roles.
GTU 12/4/2012 6

7.  The proposed framework will be web enabled.
 It will be built using standard web development technologies
like PHP, Java, Javascripts and use databases like
mysql/postgresql in the backend.
 Apart from these the core networking technologies like
firewall, router, bandwidth management and
security/vulnerability assessment of web applications will be
exploited to their maximum capabilities.
 The framework will require extensive scripting in either bash
or python on linux platform to handle several of the backend
tasks like implementing policy changes on the security
device, enabling virtual hosting on apache server etc.
 The framework will use OpenAM based Single Sign-On or
LDAP for user authentication and authorization purpose.
GTU 12/4/2012 7

8.  Intranet Security Framework Based on
Shortlived Certificate
 Symantec Security Framework
 Cyberroam Security Framework
 IBM unified Threat Management
GTU 12/4/2012 8

9. Definition & Understanding
Threat Target Threat Direction
Attack!
Internal Data Asset Internal to Internal
Internal Disruption External to Internal
Information
Assets Computers
Attack! Applications Attack!
At Risk! Mobile Devices
Networks /
Threat Highway
Infrastructure
Threat Detection
Attack!
Internal Connection Required Network Based
Direct/Wireless/Remote/VPN Connection Oriented
GTU 12/4/2012 9

10. Key Elements of Delivering Security
Communication Security
• Protection of data and voice
communications between designated
endpoints. Network Infrastructure Protection
• Protection of routing and network
Authorisation & Access Control management infrastructure against
• Support of multi-level security both passive and active attacks, such
measures by implementing identity as rogue devices, insertion, deletion,
or role based access control on modification or replay of control
applications, application server, messages,
802.1x etc
Efficiency
Reliability & Resilience • Electrical, computing power, RF
• Tolerance to hardware and software resource and network bandwidth
failures, asymmetric and
unidirectional links, or limited range Transmission Security
of wireless communication • The services include
countermeasures against radio signal
Easy detection, jamming, control/user
• Deploying technology should not data acquisition, and eavesdropping
impact usability in a way that is
intolerable GTU 12/4/2012 10

11. GTU 12/4/2012 11

12. GTU 12/4/2012 12

13. GTU 12/4/2012 13

14. GTU 12/4/2012 14

15. GTU 12/4/2012 15

16. 1. Information Gathering and Discovery
 Example of tools: NMAP
2. Enumeration
 Example of tools: NMAP
3. Detection
 Example of tools: Retina,NESSUS.
GTU 12/4/2012 16

17. 1. Information Gathering and Discovery
◦ Network Scanning
◦ Ports Scanning
◦ Directory Service
◦ DNS Zones and Registers
GTU 12/4/2012 17

18. 2. Enumeration
◦ Hosts and OSs
◦ Ports (including the well-known: 0-1023)
◦ Services and their versions info
◦ SNMP Communities
GTU 12/4/2012 18

19. 3. Detection
◦ Weakness
◦ Vulnerabilities
◦ Reports are generated
◦ Remediation Tools
GTU 12/4/2012 19

20. GTU 12/4/2012 20

21.  Provide Access to the portal 24/7
 Security Intelligence Awareness And Alerting
 User Configuration & Policy Detail
 Security Incident & Service Ticket Information
 A Template Driven Reporting Dashboard
 Authorization to download log data.

GTU 12/4/2012 21

22.  Mr. Rishi K. Pathak (Seniour Technical Officer,NPSF
Group,C-DAC) for valuable comments and suggestions
 Satyaswarup Yerramilli(Seniour Technical Officer,NPSF
Group, C-DAC) for his review of the thesis
 Mr. Rishi K. Pathak , Seniour Technical Officer, NPSF Group
for continuous guidance and support
 Dr. Sandeep K. Joshi, Research Guide for his motivation
throughout
 All my colleagues and staff members of my department for
technical interactions
 The NPSF Group of C-DAC Pune for their administrative
support
GTU 12/4/2012 22

23.  Zachman, J. A. (1987). A framework for information
systems architecture. IBM Systems Journal, 26(3), 276-292.
Retrieved 18:15, January 21, 2009, from
http://www.research.ibm.com/journal/sj/263/ibmsj2603E.
pdf
 Zachman framework. (2009, January 19). In Wikipedia,
The Free Encyclopedia. Retrieved 21:40, January 20, 2009,
from
http://en.wikipedia.org/w/index.php?title=Zachman_fra
mework&oldid=267343979
 CCITT, “The Directory—Authentication Framework,”
Recommen-dation X.509, 1989.
 935.ibm.com/services/au/gts/juniper/pdf/ibm_managed
_security_services_for_unified_threat_management.pdf
 http://www-935.ibm.com/services/us/en/it-
services/unified-threat-management-utm-service.html
GTU 12/4/2012 23

24. GTU 12/4/2012 24

25. GTU 12/4/2012 25

26. GTU 12/4/2012 26