Extranet for Security Professionals Essential Services Analysis

1. Extranet for Security ProfessionalsEssential Services Analysis Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Oct. 31, 2000

2. Review • Business Mission - Central Repository of Security Information- Central Location for Information Sharing - Secure Environment, Manageable Resource • System Requirements- SECURITY OVER RELIABILITY - Exchange of Information- Responsible for Information Only While on ESP System- User Driven and Maintained • System Environment - Dell Power Edge Servers- Windows NT 4.0 (SP6)- SSL- Cold Fusion Middleware - Only Minimal Options Activated • System Architecture

3. ESP – Architecture The Internet Firewall Router Web Servers To: George Marty From: Steve Workstation

4. Topics of Today • ESP Services overview • Essential Services/Asset Analysis • Essential Services/Asset Usage Scenario • Essential Component Analysis

5. ESP Services Overview

6. ESP Essential Services • Site Administration • Virtual Security Office (VSO) • Collaboration Realm (CR) • Organizational Management • Library • Message Center

7. Users • ESP User • VSO & CR Owners • Site Manager • Organizational Manager • Site Administrator

8. Site Administration • Maintain Hardware Assets • Implement Hardware Security Process • Database Management

9. DNS RedHat 6.2 Router Cisco 7200 128.237.144.1 IPchains IDS-1 Windows NT 4.0 (SP6) Hot Fixes Firewall-2 Windows NT 4.0 (SP6) Hot Fixes IDS-2 Windows NT 4.0 (SP6) Hot Fixes RealSecure 3.2 RealSecure 3.2 Guardian Pro V5 Web Server Windows NT 4.0 (SP6), Hot Fixes Console NES 3.63 Cold Fusion 4.5.1 DNS RedHat 6.2 Database IPchains ActiveState Perl 5.5 Tripwire 2.2.1 Visual FoxPro

10. Virtual Security Office • Restricted Web Page • Function- Information Sharing - Information Dissemination - Communication between Security Activity Groups • Security ConsiderationsPublic Site - READ access for ALL users Private Site - Access granted by VSO Owner to CERTAIN users - Administrator Rights granted by VSO Owner to SPECIFIC users

11. Virtual Security Office

12. VSO Public View

13. VSO Private View

14. Collaboration Realm • Function- Provide Selected Users with Areas to Collaborate on Projects • Security Considerations- Owners have total control of access - View - Comment - Vote - Admin

15. Collaboration Realm

16. Organizational Management • Functions • Access Control to ESP website • Validate Users • Enforce ESP Policy • Create Further Push Down of Management • Security Considerations • Site Manager grants Administrative Rights to Organizational Manager • Organizational Manager controls Users in Organization ONLY

17. Organizational Management

18. Library • The Library Tool is used to make common reports and documentation available on-line to all ESP users. • The Library is Full Text Searchable.

19. Message Center • ESP Internal “Post Office” • Message never Leaves the Secure Web Server • Users can be Notified via an External Mail System

20. Primary Users IP||TCP/UDP||SSL Router (FW1) Client WorkStation IP||TCP/UDP||SSL Firewall-2 IDS DNS1 IP||TCP/UDP||SSL Database Web Server DNS2 IDS

21. Primary Users DNS RedHat 6.2 Router (FW1) Cisco 7200 128.237.144.1 Client WorkStation IPchains IDS-1 Windows NT 4.0 (SP6) Hot Fixes Firewall-2 Windows NT 4.0 (SP6) Hot Fixes IDS-2 Windows NT 4.0 (SP6) Hot Fixes RealSecure 3.2 RealSecure 3.2 Guardian Pro V5 Web Server Windows NT 4.0 (SP6), Hot Fixes NES 3.63 Cold Fusion 4.5.1 DNS RedHat 6.2 Database IPchains ActiveState Perl 5.5 Tripwire 2.2.1 Visual FoxPro

22. Future Plans • Regular Saturday Team Meetings • Planned Meeting with Client • Goals: • Find Vulnerabilities • Identify Compromisable Components • Simulate Intrusions & Attacks • Survivability Analysis