Planet-

eers
Russ Beck
Matt Dinkel
Matt Grimm
Chris Wisor

Term Paper
Planeteers

Introduction

Earlier, we performed a vulnerability analysis on the TwoHands Corporation to

see what we were up against. We discovered that the TwoHands Corporation had no
security and we were tasked with making it a secure place to work. The fields to
cover when implementing a security solution are: firewall, VPN, authentication, and
IDS. In order to help the company, we must research what products to use, and
what costs they must pay to reach the high level of security needed to compete in
today’s market. We must prevent thieves from stealing corporate information, com-
petitors from finding out what we are doing and getting a leg up, or insiders from
stealing information for personal gain. We feel that the task will be completed in a
way that satisfies the company greatly.

Work Breakdown

This project encompassed all of our group’s knowledge. Matt Grimm com-
pleted the firewall section, Matt Dinkel researched the VPN solution, Russell Beck
compiled the authentication solution, and Chris Wisor finished with the IDS. Also,
Russell put the report together and Matt Dinkel created the topology. Before this re-
port, we had to present an aspect of the solution to the class. Matt Grimm and Matt
Dinkel researched the Microlatch key-fobs, and Russell and Chris made the Power-
Point. The group worked extremely well together and each participated equally.

Firewall

For the each of the two divisions and TwoHands in general we have specific
needs in protection security requirements from a firewall, so only a unique firewall
combo set would work. For the overall firewall, the umbrella that is set to protect
the entire Corporation, I think that the Cisco ASA 5510 Firewall Edition is the
perfect fit. It has enough power and versatility to be able to handle the
entirety of both Department’s needs and then some. With top of the line
Cisco system coverage this firewall offers 5000IPsec VNP peers at once,
250 SSL VPN peers and two Virtual Interfaces (VLANs). Another particu-
larly useful option this firewall comes with is the 50 tunnels for direct VPN

Term Paper 2
Planeteers

connectivity and security. With such a great VPN capacity the usefulness
can be maximized for mobile, remote and business partners. The use of
this firewall would be very easily monitored and managed with Cisco’s
own Adaptive Security Device Manager, an all Web-based management ap-
plication. It offers great upgradability with expansion slots and ports to
offer a great degree of use and total coverage. The Triple DES Encryption
coupled with AES offers a nice combination for any and all encryption
needs. All of this along with the high-performance intrusion detection and
prevention system, made possible from the Security Services Module. Pos-
sibly one of the most useful aspects of this firewall is its ability to grow
with the company. As the needs of the business change so can the fire-
wall, it can be scaled to higher interface density with its added VLAN sup-
port.

Cisco ASA 5505 Firewall Bundle would work perfectly for either department.
This specific firewall offers not only the typical protection with SPI (Stateful Packet
Inspection) to stop major DNS (Denial of Service) attacks and a state-of-the-art In-
trusion Detection system that this model offers you are alerted to any hackers and
any attacks on your network but also offers secondary Cisco’s own AIM (Adaptive
Identification and Mitigation) system architecture. Among its other prominent fea-
tures it also has a DMZ port, VLAN support for added virtual versatility, and its own
VPN. This firewall can handle 25 SSL VPN peers at once and the Secure Socket Layer
VPN is perfect for the Research and Development department so that they have
totally secure communication throughout their network. This Cisco model offers pro-
active defense against any number of threats out there, stopping malicious attacks
before they can spread throughout the network. It also allows for a solid control of
network activity and control monitoring of applications on the network all while still
offering the pivotal VPN connectivity flexibility needed for the TwoHands Corpora-
tion’s Research Department. This firewall also offers both DES and SSL encryption
algorithms. Since DES Encryption Algorithms are now considered to be somewhat
insecure for many applications I chose this to be the Research Department’s firewall
and not the overall firewall since it will need less overall protection due to the great-
ness of the primary firewall.

Term Paper 3
Planeteers

Each Division has its own set of rules and regulations it would need to follow
in order to maintain secure computing within TwoHands but the good thing here is
that with all the versatility these Firewalls offer the policies are pretty loose. The Re-
search Division would be able to transmit any information within the internal net-
work through the VPN and SSL offerings while still being able to have contact with
outside sources using the Triple DES and AES encryption factors. As always the re-
moval of sensitive corporate information from the building would be disallowed un-
less needed and fully authorized prior to the act. The Accounting Department would
need to follow its own SSL VPN client policy to keep sensitive monetary records con-
fidential within the Corporation, again using the SSL/VPN to keep inter-office/depart-
ment communication within the office. If and when the Accounting Department
would need to send any of its records outside of the Corporations own VPN network
there again we have enough encryption to protect it all.

*Attached is a topology showing the firewall implementation.

VPN
As it currently stands, TwoHands Corp. currently sends all of its packets and
information across both the local network and the internet unencrypted. This leaves
the network open to a large number of attacks. For example, by simply sniffing out
the packets an attacker could attain any information which is sent over internet,
such as valuable accounting data or classified research.
Simply encrypting the packets easily solves part of the problem by making
the content of the packets unreadable; however, since the header cannot be en-
crypted if you want the packet to reach their destination, the attacker can still sniff
out the packets and use the headers (which contain source and destination IP and
port addresses) to analyze and map the network and network traffic, which he can
then use to plan his next attack.
This is where a Virtual Private Network (VPN) comes in. A VPN server acts as
a proxy for sending packets. All packets are sent from the source computer to the
VPN server (which is within the local private network) instead of directly over the in-
ternet. The VPN server then encrypts the ENTIRE packet (header included) and
places it inside another packet. This new packet is sent from the VPN server to an-
other VPN server, located at, for example, another branch of the TwoHands Corp.

Term Paper 4
Planeteers

This means that even if the packets are sniffed out, all source and destination
IP and port addresses will be for VPN servers. This is exponentially less useful to a
potential attacker. When the packets are then received by the destination VPN
(back within a local private network), they are decrypted, revealing the actual des-
tination. The VPN then forwards them to this destination with the local private net-
work.
We are recommending the use of the Cisco ASA 5510 Firewall Addition as our
VPN router. It is the same router which we recommended for the TwoHands overall
firewall. From a VPN standpoint, this router is ideal as it is easily scalable to up to
fifty VPN tunnels. These would be used to connect to the various geographically
distributed offices and warehouses.
These tunnels can also be used to connect common business partners (such
as materials providers) to the two hands extranet. This router is able to control ac-
cess for such partners so they only have access to specified extranet. Finally, tun-
nels could be established from employees personal computers connected to the in-
ternet. These machines would merely need to install the Cisco VPN software, which
is cheap and easy to use (1250 licenses can be purchased for $32).

Authentication
The authentication aspect of the TwoHands Corporation will be the high point.
The Microlatch solution offers a diversified array of options to ensure security of our
company. The product we will use is the finger print key fobs (FOB-13). A key fob is
a type of security token with built-in authentication mechanisms. The mechanisms
in the key fob control access to network services and information. The key fob
provides two-factor authentication: the user has a personal identification number,
which authenticates them as the device's owner; after the user correctly enters
their PIN, the device displays a number which allows them to log on to the network
(Search Security). They utilize biometrics, where an aspect of the person is used to
verify identity. These key fobs have a finger print scanner on them, allowing you to
roll your finger over the key fob and have access to whatever the company decides
you get access to. Once you are near an access point, you take out the fob, and
press one of the four buttons on the FOB-13. Each button signifies a different type
of access you desire. One could be used for doors, one for a computer, one for soft-
ware, and so on.

Term Paper 5
Planeteers

Our company will use them for access to offices, computers, and certain soft-
ware that we feel is secret. We will need three sets of key fobs, two for the two sec-
tions of the research lab and one for the accounting department. Also, one receiver
will oversee the entire building. For these three groups, we will buy 20 key fobs
which run at $200 per, with the receiver sitting at $250. Because the products were
made to work together by Microlatch, installation and compatibility will not be an is-
sue. We did not want to combine two different solutions because we wanted to
avoid headaches if they did not work well together.

Intrusion Detection System (IDS)

The intrusion detection software we are suggesting is Sourcefire. Sourcefire

is an intrusion detection system (hereafter referred to as IDS) that is becoming an
industry standard. Sourcefire is an IDS that is based on the widely used, open
source Snort software. While Snort is essentially the same thing, we chose to use
add on the higher-end Sourcefire. The reason being that, while Snort is free and
open source, adding Sourcefire will get us more technical and professional support.
Sourcefire is essentially piggybacks off of a server running Snort. The server that
runs Snort will have to be a dedicated system, as it must be running Linux Red Hat,
a free open source operating system. The relatively low cost Defense Center is
required to run Sourcefire Intrusion Agent, or so the website says. Cost on the
Defense Center is 17,000 dollars, but we feel that this onetime fee will be necessary
for the protection of the corporation. The system can be implemented relatively
quickly, as software doesn’t need to be installed on each client PC, only one single
server system. The Sourcefire system is definitely worth all of the costs involved.
With all of the proprietary information at the TwoHands Corporation, a top of the line
IDS is necessary to protect industry secrets. If this IDS was not implemented and
trade secrets were compromised, the costs of that loss would easily outweigh the
cost of implementing an effective IDS.

The Sourcefire Defense Center is, in itself, a firewall. It is a piece of hardware

that regulates traffic from the Internet to the TwoHands network. It will monitor all
of the activity while looking for anomalies in network activity. Sourcefire is
constantly communicating with the update website, so rule libraries are constantly
up to date, ensuring that the system is constantly secure.

Term Paper 6
Planeteers

Cost Analysis
For our security solution, we felt that cost was second to quality. If the cor-
poration wants to continue to be competitive, the security must be air tight. First
off we had the two firewall systems which encompass the VPN as well. We chose
the Cisco ASA 5505 and the 5510 firewalls. From Amazon.com they are $370 and
$2,300 respectively, add on the $32 fee for the VPN lisences and get a $2,702 total.
Spread out over two aspects, this price is very good. After that, we move to the au-
thentication system. For 20 key-fobs priced at $200 a piece, we are looking at
$4,000 plus the $250 receiver, bringing us to $6,952 total. Finally, we have the IDS.
After calling SourceFire four times and talking to three different people, we finally
discovered that the Defense Center costs $17,000. This was a setback in our
minds. However, we decided that it was a necessary hit to take because it’s the
best IDS out there. The grand total on our security solution comes to $23,952.
When we started, we thought that a $15,000 dollar budget was conceivable. The
Defense Center took us well over that, but once we reviewed our research, we could
not sacrifice quality products for better prices. At the end, we felt that our solution
to price ratio was satisfying.

Bibliography

"Cisco ASA 5505 Firewall Edition Bundle - Security appliance." Google. 10 Dec. 2008
<http://www.google.com/products/catalog?hl=en&safe=off&client=firefox-
a&rls=org.mozilla:en-
us:official&hs=wwp&resnum=0&q=firewall&um=1&ie=utf-
8&cid=5442477046110415416#ps-tech-specs>.

"Cisco ASA 5510 Firewall Edition - Security appliance." Google. 10 Dec. 2008
<http://www.google.com/products/catalog?q=firewall&n=10&cid=653093516
9800993324#ps-tech-specs>.

"FOB-13." Microlatch. 10 Dec. 2008

<http://www.microlatch.com/index.php?option=com_content&task=view&id=
71&itemid=36>.

Term Paper 7
Planeteers

"REC Series." Microlatch. 10 Dec. 2008 <http://www.microlatch.com.cn/en/productl-

ist.php?classid=8>.

Snyder, Joel. "Sourcefire's RNA provides instant visibility into your network." Net-
work World. 23 Aug. 2004. 10 Dec. 2008 <http://www.opus1.com/o/com-
pleted/sourcefire_s.html>.

"SourceFire Defense Center." SourceFire. 10 Dec. 2008

<http://www.sourcefire.com/products/3d/defense_center>.

"Sourcefire Intrusion Agent for SNORT." SourceFire. 10 Dec. 2008 <http://www.-

sourcefire.com/products/3d/agent>.

"Sourcefire Vulnerability Research Team." SNORT. 10 Dec. 2008 <http://www.s-

nort.org/vrt/>.

Walker, Robert. "Key Fob." Search Security. 15 Jan. 2002. 10 Dec. 2008
<http://searchsecurity.techtarget.com/sdefinition/0,,sid14_gci795968,00.html
>.

Term Paper 8