COMPUTER SECURITY EXERCISE: Make this environment more secure
The purpose of this computer security exercise is to help you develop a better approach to implementing security and identifying faults in your own security architecture.
When it comes to computer and network security, everyone has their own ideas on how it should be done. A person will implement security based on their education, experience, referenced resources, checklists, security vendor recommendations, and suggestions made by colleagues. Each environment has unique requirements, so it’s not always possible to follow a “recipe” when implementing security. In addition, “best practices” are often constrained by budget and the ability of an organization to manage and maintain the security after initial implementation.
The security architecture depicted above is by no means a primer on how to implement security. Some elements are good and others are not so good. Really put your thinking cap on and see if you can make this environment as secure as possible.
Words to live by
Before an organization purchases anything, some thought should be given to the security architecture. Too many organizations buy the individual pieces of hardware and software (shopping list) with functionality in mind, without thinking how to best secure each device relative to other devices on the network. Unfortunately, there are always situations when everything is already purchased and the implementer is expected to make due with what is on hand. If an implementer doesn’t have what he needs to make the environment secure, it’s important that he revise the security architecture, document why the new architecture is better than the existing architecture and present his recommendations to management. Management then needs to decide if it wants to implement the recommendations.
Notes for this architecture
Firewall: There is a big brick wall there, but that could be 1 to 3 devices depending on what you think is most appropriate.
Switches: I like switches that have built in routing capabilities. You may want to use a separate switch and router if you think it makes the architecture more secure.
Network Interface Cards: Each line’s termination point represents a physical connection. Each desktop, laptop and server has its own software firewall to restrict access to/from specific devices over specific protocols and ports. You need to be as restrictive as possible.
VLANS: The green lines represent the management VLAN. The blue lines represents the desktop-to-information VLAN. The yellow line represents the desktop-to-Internet/mail VLAN. All three VLANS are isolated from each other, so no packets can route from one VLAN to another. Need move VLANS? Think you can do with less? It’s up to you.
Desktops/Laptops: Each desktop/laptop uses a virtual machine to access the desktop-to-Internet/mail VLAN. The host operating system resides on the desktop-to-information VLAN.
Administrator Desktop #1: Used to administer devices in the green zone.
Administrator Desktop #2: Used to administer devices in the yellow zone.
Internet Access: The only devices are allowed to access the Internet are:
- Email gateway
- Anti-virus & update servers #1 and #2
- All desktops/laptops via the desktop-to-Internet/mail VLAN
- Administrator desktop #2
Database servers: The database servers are physically connected directly to the intranet server and application server(s) (purple lines).
Application server(s): There are several applications residing on this server. Are there any benefits to running each application in a virtual machine? Should each application run on a separate server?
Update Servers: All anti-virus/NIDS signature updates, operating system patches and application patches are downloaded and hosted on these servers before being applied to other devices connected to the network.
Network IDS: The red lines indicate a sensor port on each switch.
The review process
Print the diagram on a sheet of paper. If possible, find someone that can do this exercise with you, so you can benefit from each other’s knowledge and ideas. Ask the following questions for each device:
- What devices should be allowed to initiate a connection to this device? What protocols and ports?
- What devices should this device be allowed to initiate a connection? What protocols and ports?
- How can this device be compromised?
- How will someone know that this device is being probed or attacked?
- If this device is compromised: (a) What other devices can it attack? (b) What information can it access? (c) What configuration on other devices prevents access to those devices from this device?
- How will someone know if this device is probing or attacking other devices?
- What architectural changes can be made to make this device more secure?
Something to think about
After you’ve completed the exercise, think about how this review process differs from your current review process. If another organization architected your security, did someone from that organization explain all of these things to you? Is it documented? If not, how do you know that your systems are properly secured?
Review a diagram of your own network. With any luck, you’ll find a few things that can be done to make your environment more secure.