Aircraft Solutions Security Assessment And Recommendations Information Technology Essay

Aircraft Solutions Security Assessment And Recommendations Information Technology EssayThe purpose of this estimation is to address weaknesses and provide recommendations on the nedeucerk security of Aircraft Solutions. Aircraft Solutions is a recognized leader in the role and fabrication of component products and service for companies in the electronics, commercial, defense, and aerospace industry. Aircraft Solutions agency is to provide guest success through machined products and related services, and to meet cost, quality, and schedule requirements.Two weaknesses were found in regards to the comp whatsoevers net security. The first weakness is a computer hardw ar weakness not having an abdominal aortic aneurysm master of ceremonies for user authentication and authorization second, not having a Network-based Intrusion Detection System (IDS) in use. The recommended solutions are to deploy an AAA server for user authentication and authorization to company resources, and deploy a combination Host and Network-based IDS for overall monitoring of the companys enterprise.Company OverviewAircraft Solutions designs and fabricates component products and services for companies in the electronics, commercial, defense, and aerospace industry. The mission of Aircraft Solutions is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements.Much of its equipment is automated to increase production while minify costs. The companys workforce has a large skill base design engineers, programmers, machinists, and assembly personnel to work its highly-automated production systems.The company scheme is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. Aircraft Solutions uses Business Process Management (BPM) to handle throughout processes that span multiple systems and organizations. The BPM system is intentional to connect customers, markete rs, and suppliers to distribute information and maintain a magazinely business dialogue. BPM also aligns internal business operations with IT tin to maintain production in support of customer requirements.Security WeaknessesTwo security vulnerabilities were found in regards to the companys network security. The first vulnerability is a hardware weakness not having an Authorization, earmark, and Accounting (AAA) server for user authentication and authorization second, not having a Network-based Intrusion Detection System (IDS) in use.Hardware Weakness AAA ServerAircraft Solution has a need for an AAA server to authenticate and authorize legitimate user credentials for its on-site headquarters, intranet remote offices, and extranet for suppliers, contractors, and suppliers. An AAA basis is required in erect to authorize and authenticate users to company resources coming control. AAA servers provide a mechanism for encrypted authentication of users and underside be used to cont rol memory access to the network. hallmark verifies the identity of a user by employing a database of usernames and passwords. Authorization assigns network rights or permissions to an authenticated user. Authorization records or logs network usage of authentication and current users. Accounting can be used to record information about security breaches. (Kaeo, 2004)Software Weakness Combination Host and Network-based IDSAircraft Solutions employs a army-based IDS on the servers in the corporate office. I conceive of having a combination of host-based IDS on decisive servers and a network-based IDS by the firewall for each network segment is snap off. A good strategy for IDS would be to use a combination of host and network IDS. A Network-based IDS provides an overall perspective of your network and is useful for identifying distributed firings, whereas a Host-based IDS would stop most binding threats at the host level. (Kaeo, 2004)An IDS protects a network like an alarm sys tem. When an IDS detects that virtuallything is wrong and sees it as an attack, it can take corrective action itself or notify a dispensement system, which would nippy a network administrator to take some action.Intrusion Detection Systems are important not altogether in basis of stopping an attack, but also in maintaining a permanent time-stamped log of intrusion attempts on a host system. An IDS allows a company to know that they are being attacked and who is attacking them, how they are doing it, and what they might be aspect at for. An IDS is the watchdog that adds a layer of defense over all network security systems and policies. translation of SolutionDeployment of AAA ServerAircraft Solutions needs to centrally manage who has authorization to remotely access network resources from anywhere, which network resource are those remote users permit to access, and any related issues. Terminal Access Controller Access Control System Plus (TACACS+) and Remote Authentication Di al-In user Service (RADIUS) are the two protocols for implementing the AAA technology framework.A centralized AAA server that uses TACACS+ protocol will provide a centralized location for Authentication, Authorization, and Accounting for Cisco artifices. User authentication on Cisco devices can be done in one or two ways a local database of users on the server, or by a TACACS+ server. TACACS+ is a Cisco proprietary protocol that uses TCP as a transport protocol and has the ability to separate authentication, authorization, and invoice as separate services. The AAA server acts as a proxy server by using TACACS+ to authentication, authorize, and accounting for access to Cisco routers and network access servers. The Authentication function of an AAA server can provide access control this proves a useful function in environments where theres a requirement to restrict access to network devices or applications per individual authenticated user. (Kaeo, 2004)Software Weakness Combinatio n Host and Network-based IDSAircraft Solutions needs to deploy a Network-based IDS in combination with itsHost-based IDS. I think Aircraft Solutions should have a Network-based IDS in order to monitor all traffic to and from the Internet to see how many hackers or other bitchy activities are nerve-racking to access the companys network. In addition to seeing Internet traffic, a Network-based IDS can see traffic going to a firewall or VPN and to other attached devices. A combination IDS will also enable Aircraft Solutions to better monitor and effectively respond to a security incident by employing real-time capability. A Network-base IDS is designed to sense leering activity occurring on a network and provides real-time alerting to Administrators to investigate. The lack of not having such a system leaves Aircraft Solutions at hazard by not having the ability to see malicious network traffic and relying on system nonethelessts to be alerted of malicious activity. (Kaeo, 2004)J ustificationDeployment of AAA ServerThe vendor solution Id select would be Cisco hardware. Cisco Secure AccessControl Server (ACS) would be best suited for use as an AAA Server. My justification for that is Cisco ACS server covers the three main functions of Authentication, Authorization, and Accounting and the use of TACACS+ protocol is Cisco proprietary protocol.Aircraft Solutions has multiple users that take part in end-to-end processes that span multiple systems and organizations. A Business Process Management (BPM) system is in place to handle all of these processes. Systems are access by users at different levels of need to know and these users are responsible for entering, processing data, and information in order to generate reports to be used for decision-making.Customer data such as project information, computer-aided design, and development models are sorted and stored in designated servers. The Design Engineering department is responsible for reviewing the electronic mod els, interacting with the customer and making necessary modifications with customer approval, then placing them in an Engineering Release (ER) directory for programming. As soon as these electronic models are released, programmers use them to create production programs. All final programs mustiness be thoroughly verified for accuracy before releasing to the Proof For Production (PFP) directory for manufacturing to make the production first article. From the production floor, machinists download PFP programs directly to their DCNC (Direct figurer Numerical Control) machines for execution. After any further processing completed products are inspected for verification to customer requirements, then they are moved to the shipping department for delivery. looking for at how Aircraft Solutions BPM works, there is definitely a need for central user authentication and authorization. An AAA server with TACACS+ can be used to manage the large numbers of user IDs and passwords in a centralize d database, providing a scalable network security solution. (Oppenheimer, 2004). An AAA server will ensure access to design, production, accounting, sales, and HR servers only go to authorized engineers and personnel. An AAA server will also track all users activity and attempts to access network resources event logging. Example, if soul is trying to access production programs and theyre not authorized it will be logged, allowing for an investigation of the incident if required.Software Weakness Combination Host and Network-based IDSAircraft Solutions has many users accessing its network, be it suppliers, customers, branch office employees etc A Network-based IDS is needed to protect the network. Similar to a home owner having an alarm system to ward off or to alert them of an intruder. I see an IDS in this fashion. An IDS detects if someone tries to break in through the firewall or manages to break in the firewall security and tries to have access on any system in the trusted sid e and alerts the system administrator in case there is a breach in security. (SANS Institute, 2001)Here are some advantages of Network-based IDSEasier to deploy Network based IDS are easier to deploy as it does not affectexisting systems or infrastructure. The network-based IDS systems are Operatingsystem independent. A network based IDS sensor will listen for all the attacks on a network segment regardless of the type of the operating system the target host isrunning.Detect network based attacks Network based IDS sensors can detect attacks,which host-based sensors fail to detect. A network based IDS checks for all the packet headers for any malicious attack. Many IP-based denial of service attacks like TCP SYN attack, fragmented packet attack etc. can be identified only by looking at the packet headers as they travel across a network. A network based IDS sensor can quickly detect this type of attack by looking at the contents of the packets at the real time.Retaining evidence Netwo rk based IDS use live network traffic and does real time intrusion detection. Therefore, the attacker cannot remove evidence of attack. This data can be used for forensic analysis. On the other hand, a host-based sensor detects attacks by looking at the system log files. Lot of hackers are capable of making changes in the log files so as to remove any evidence of an attack. original Time detection and quick response Network based IDS monitors traffic on a real time. So, network based IDS can detect malicious activity as they occur. Based on how the sensor is configured, such attack can be stopped even before they can get to a host and compromise the system. On the other hand, host based systems detect attacks by looking at changes made to system files. By this time critical systems may have already been compromised.Detection of failed attacks A network based IDS sensor deployed outside thefirewall can detect malicious attacks on resources behind the firewall, even though the firewal l may be rejecting these attempts. This information can be very useful for forensic analysis. Host based sensors do not see rejected attacks that could never hit a host inside the firewall. (SANS Institute, 2001)Impact on Business ProcessesI think Aircraft Solutions will have a positive consequence from deploying an AAA server and adding Network-based IDS to its network enterprise. The impact to its business processes should be transparent, having little negative effect. Using an AAA server to provide authentication and authorization and accounting gives network administrators an added layer of protection in securing Aircraft Solutions network infrastructure. It allows access to network resources to be better controlled and delegated. An example could be branch office users connecting to the network they can be screened against the user database and a custom policy that controls what device a user can access and what services on a particular device that a user can access. If a user s account is compromised that account can be disabled.Using these two tools to correct the identified security weaknesses is a benefit. The only thing that may be viewed as negative is the access speed may be slightly slower. However, I think a slight abate in access speed to the user is out weighted by having the access control and network monitoring needed to ensure Aircraft Solutions network infrastructure has a more layered defense. Security trumps a speedy userSummaryIn conclusion, I identified two areas of security weakness in Aircraft Solutions deployment of an AAA server and Network-based IDS. These are two tools that are necessary in any network enterprise environment. Implementing these recommendations will better ensure security of the companys resources, better overall enterprise integrity, and provide added layers of defense by having access control over network resources and real-time monitoring of network activity.Figure 1 rewrite Aircraft Solutions Network Infrastr ucture