Subject name: Security Architecture and DesignResearch PaperNotes: • Must be in APA Style –Recommend Research APA Style Before Residency Weekend• Research Paper Must Have at Least 5 Works Cited
1 Residency Re search Project Acme Enterprise Scenario Residency Week Acme E nterprise is a private company that is gearing up for a n initi al p ublic offer ing (IPO). Prior to going public Acme must be in c ompli ance with: GD PR, PCI DSS, and SOX. Ac me is in the wat er purification business with new technologies tha t purify water in any form wheth er it is sewage, ocean, la ke etc. Part of it s IPO process is to show due dil igence and due care . Acme has identified your team to conduct a threat assessment and analysis of its informa tion technology infrastructure to uncover any thr eats and exposur es and provide mitigations and controls to reduce those uncovered threat /exposures, so it can have a successful IPO. Using the Net work Infrastructure design of the Ac me Enterprise you a re to threat mod el Acme ’s: 1. Perimeter Security 2. Network Security 3. Endp oint Security 4. Application Security 5. Data Secur ity 6. Operat ions 7. Po licy Management Acme Perimeter Security Acme is currentl y protected by two du al Dynamic Sta teful I nspection Firewalls that are configured in active and s tand b y mode. Acm e is also configu red to use PAT (port address transla tion) where 200.200.200.1 represents Acme on the public Internet. Acme t ranslates this public IP through it s clustered firew all to the internal IP space of 10.100.0.0 /16 giv ing Acme 65334 useable IP addresses. As part of Acme ’s infrastructure, it also ac cess es cloud services for its business office tools through Office 365 and uses Dropbox for end user’s storage. Acme uses a web hosting service for its web front end and ecommerc e which is connected to a back -end Oracle Database us ing enterp rise My SQL . The d atabase administrators have f ull access to all database information, but the y lack ov ersight from anyone else. Ther e a re t wo DMZ’s, but the y are not u tilized. Net work Security Acme has a c olla psed core design which means all in ternal LAN routing and Intern et access occurs on its dist ribution level devices. This means, wi reless access, web proxy access, access control list s and entries are located at this layer o f the infrastructure. Curre ntly Acme is using 2 WPA 2 (wireless protected access 2) for is wireless security. The web proxy is configure d with the f ollowing: General , Limited, and Exc lusive Intern et access. Each of th ese c ategories dictates wh at type of Internet access an end user will experi ence if belongs to one of th ese groups. The Local area n etwork uses the IP block in the f oll owing way: 10.100.1.0/24 User VL AN, 10.100.2.0 /24 Research and Development VLAN. Current access control list s are permit 10.100.2.0 0.0.0.255, permit 10.100.1.0 0.0.0.255 . All other devices use the r est of the unallocated IP block of 10.100.0.0/16 . Also, all I P space is statically assigned. There is one default route to Inte rnet but users of complain abou t acces s to internal services. Endpoint Security Th ere is a mixture of MAC and Windows s ystems, XP, 7, and 10. J AMF is use d to cont rol and monitor MAC sy stems, the Windows devic es rel y on its end users to patch an d update syste ms. The current e ndpoint security is signature -based MacAfee with no centr alized con trol. Application Security DevOps is responsible for secur e codi ng and development of application s, but it has no formal overs ight. Policy for applicati on monitor ing tracking is a dhoc there are no formaliz ed proced ures. The server f arm houses all applicat ions , the operating sy stems range from Serv er 2003 to 2016. Mobile device management, med ia server, content man agement, file server, directory ser vices, database, are all the services being offered from the serv er farm. This server architecture is all hardware based there are no hypervisor systems in place. Dat a Security Data has not been classified , ide ntity acces s management rel ies on one factor a uthen tication ; encryption , digital signatures, PKI rely on self -signed certificates , protection in the cloud is a lso missing an d there is a lack of DLP (data loss prevention). Acme does store financial informat ion in its data c enter as well as p ersonal i denti fiable information. Operations Infor mati on technology is responsible for security however there is a security team under the IT department. The Chief Information Securi ty O fficer reports to the Chief Information Officer. Policy Management Acme has one Information Security Policy that address es its informa tion security ar chitecture and pro gram. It is not based on any of the ex isting in format ion security managem ent fram ewor ks such as: IS 0 27002, N IST CSF, or C OBIT 5. 3 Your team is goin g to co nduct a thr eat assessment on Ac me Enterprise using the threat modeling tools w e have learned about th us far. Ea ch of the areas of the infras tructure mention ed a bove is where you will concentrate your th reat assessment s. After you have comp leted your t hreat assessment , you will then provide recommendations for each area that you assessed to reduce e xposure and threat. Also, as part of your final submission dem onstr ate through a red esign where your mitigations will ta ke place within the architecture. You can use the image bel ow as guide for your threat analysis o f each area. 4