Assignment: Final Project

Antony Kungu

CSOL 500

Masters of Science in Cyber Security Operations and

Leadership

University of San Diego

March 14, 2017

 Antony Kungu CSOL500 – Final Project 2017

Table of Contents
Introduction ..................................................................................................................................... 4
Purpose and scope ........................................................................................................................... 4
Audience ..................................................................................................................................... 4
General goals of the laboratory ....................................................................................................... 4
i. Safety ................................................................................................................................... 4
ii. Flexibility (scalability) ......................................................................................................... 4
iii. Energy efficiency ............................................................................................................. 5
iv. Cost efficiency.................................................................................................................. 5
Network Security Design and Architecture .................................................................................... 5
i. Integrated threat focused network Security. ........................................................................ 5
ii. Security Architecture ........................................................................................................... 5
iii. Systems Access controls .................................................................................................. 5
iv. Identification and authentication ...................................................................................... 5
Security policies to consider ........................................................................................................... 6
i. Acceptable use policy .......................................................................................................... 6
ii. Enterprise Access control policy ......................................................................................... 6
Network Security Challenges ......................................................................................................... 6
i. Disparate solutions and technology ..................................................................................... 6
ii. Manual processes ................................................................................................................. 6
iii. Cyber Security skills shortage .......................................................................................... 6
iv. lack of adequate continuous network monitoring ............................................................ 6
Laboratory space planning .............................................................................................................. 7
i. Open plan ............................................................................................................................. 7
Engineering Considerations ............................................................................................................ 7
i. Electrical and Emergency power requirements ................................................................... 7
ii. Mechanical (Heating, Ventilating, and Air Conditioning) .................................................. 7
iii. Energy conservation ......................................................................................................... 7
Security threats................................................................................................................................ 7
i. Espionage ............................................................................................................................. 7
Cyber threats ................................................................................................................................... 7
ii. DDOS attacks ............................................................................................................... 7
iii. Advanced persistent threat............................................................................................ 8
iv. Phishing ........................................................................................................................ 8

2
 Antony Kungu CSOL500 – Final Project 2017

v. Hacking ................................................................................................................................ 8
Insider threat ............................................................................................................................... 8
i. Employees/Contractors .................................................................................................... 8
ii. Visitors.......................................................................................................................... 8
Physical Security controls ............................................................................................................... 8
Internal ........................................................................................................................................ 8
i. CCTV cameras ................................................................................................................. 9
ii. Motion/heat sensors ...................................................................................................... 9
iii. Security guards ............................................................................................................. 9
External ....................................................................................................................................... 9
i. Perimeter wall .................................................................................................................. 9
ii. Security guards..................................................................................................................... 9
iii. Flood lights ................................................................................................................... 9
iv. CCTV cameras ............................................................................................................. 9
Possible Vulnerabilities .................................................................................................................. 9
i. BYOD............................................................................................................................... 9
ii. Backdoors in network devices ........................................................................................... 10
iii. Compromised login credentials ...................................................................................... 10
iv. Sensitive data exposure .................................................................................................. 10
The Response to Incidents ............................................................................................................ 10
Works Cited .................................................................................................................................. 11

3
 Antony Kungu CSOL500 – Final Project 2017

Introduction

This is an outline of how the innovation computer lab will be designed to accommodate all its
stakeholders while ensuring security. This innovation lab will be used by diverse group of people
that will come from overseas, from governments, cyber security industry and academic leaders.
This facility will be built on site but in an isolated part of the complex with its own security, as
part of the entire enterprise. This lab will have an isolated network that will be a part of the main
architectural design with its own security mechanisms to ensure confidentiality, availability,
integrity and non-repudiation.

Purpose and scope

The purpose of this document is to assist the CEO and CIO make an informed decision regarding
the building of computer laboratory. This document will outline on design and architecture,
inherent threats, vulnerabilities and mitigation plan. This document will also help to outline
security policies that will be considered to ensure availability, confidentiality, integrity and non-
repudiation on the systems to be used. The scope of this document is design, architecture and
network security of the laboratory with the hope that the CEO and CIO will adopt. Conversely,
this document will attempt to outline on how to secure the facility as network security has
continued to be a huge task. Tools alone are not enough as large organizations needs and
interoperable network security architecture.

Audience

This document is meant for the CEO and all the stakeholders who will be using this computer
security laboratory. These stakeholders include;

(a) Users with information security management and oversight responsibilities e.g CEO, CIO
(b) Organizational officials having vested interest in building of the computer security lab
e.g. business and information owners
(c) Information systems developers
(d) Individuals with information security and operational implementation responsibilities.

General goals of the laboratory

i. Safety

This laboratory will be designed in a way that will be safe to all occupants. There will be
no hazardous elements to be used in this facility as it is strictly a computer research lab.
There are regulations, guidelines and standards to ensure that safety. Complying with
those requirements is an important step in achieving safety objectives

ii. Flexibility (scalability)

4
 Antony Kungu CSOL500 – Final Project 2017

This laboratory network design will be implemented using the integrated threat focused
network security architecture. This means that the network must be available, scalable,
dynamic and open to support business processes from creative innovations.

iii. Energy efficiency

This lab will be designed in a way that energy will be used effectively without
compromising overall safety. The design will incorporate natural sources of energy like
gas and solar.

iv. Cost efficiency

The cost of the building this lab will be differed to another meeting of stakeholders and
all the decision makers. Consequently, the cost of building is not being addressed at this
time.

Network Security Design and Architecture

i. Integrated threat focused network Security.

The laboratory once completed will be large and will need enterprise network to be
scalable, available, dynamic and able to support business processes. The design and
architecture will be in line with NIST SP 800-64 risk management framework by
providing road map for integrating security functionality and assurance.

ii. Security Architecture

Integrated system of network security hardware and software will be applied. The
network security architecture will also provide underlying communications to ensure that
all the security services and components will be able to share and respond to information
in real time to fine tune the security controls, detect security events, and also help to
remediate compromised systems. This will be in line with NIST SP 800-53 protecting the
confidentiality, integrity, and availability.

iii. Systems Access controls

Access controls will be implemented to determine which subject can access what
resources after identification and authentication. Auditing will be used to ensure that
users accessing the system access only what they are authorized to see. An access control
list besides a security control matrix will be implemented. The information will be
classified as the innovation that will arise from this laboratory will be intellectual
property.

iv. Identification and authentication

Identity of all the users and stake holders will be established using;

5
 Antony Kungu CSOL500 – Final Project 2017

i. something you know – i.e. passwords or PIN numbers

ii. something you have – i.e. smart card or security tolken
iii. Something you are - i.e. finger print, voice, retina scan, or even Iris scan.

Security policies to consider

i. Acceptable use policy

This is a policy that sets the rules that will be applied to owner, creator or even an administrator
of a network to restrict how and when a system or network resource can be used. This policy also
determines how resources shouldn’t be used and also stipulates the consequences of violating it.

ii. Enterprise Access control policy

This will involve the determination of allowed activities of legitimate users, mediating all access
attempts by a given user to access networked resources. The adequate security of information is a
fundamental responsibility of the management of this innovation laboratory.

Network Security Challenges

i. Disparate solutions and technology

The network security design and architecture will attempt to avoid overlapping policies and
controls to ensure that there will be cohesion across the entire laboratory network. Having too
many independent tools will make it more difficult to prevent, detect, or remediate security
incidents in a timely manner.

ii. Manual processes

The overall design and architecture of the security for this laboratory will try to reduce the
number of manual processes. This will be accomplished by tending to the network with more
proactive procedures and policies.

iii. Cyber Security skills shortage

The lab might have a shortage of qualified cyber security skill sets that address specifically to
cyber security. This is a well-known issue in the whole of cyber security industry.

iv. lack of adequate continuous network monitoring

This might be a challenge due the shortage of skill sets specifically trained in cyber security
continuous monitoring. Although automated tools can be implemented, a human analyst will be
placed in front of a common pane of glass to analyze and respond to security incidents depending
on the severity.

6
 Antony Kungu CSOL500 – Final Project 2017

Laboratory space planning

i. Open plan

This is an efficient floor plan that has fewer doors, walls, and dedicated hallways. Open
laboratory environment come from the net square footage to gross square footage ratio. This a
concepts that alter the building's design to include the use of dedicated corridors for transporting
evidence, incorporating a public tour route with the laboratory, and the open laboratory
environment.

Engineering Considerations

i. Electrical and Emergency power requirements

The lab will utilize renewable sources of energy besides being a part of the power grid. The lab
will also have a standby generator just in case power goes out.

ii. Mechanical (Heating, Ventilating, and Air Conditioning)

Roof mounted HVAC system will be installed to provide control environment inside the lab.
This will be very important especially when it comes to heavy computing systems as they
generate a lot of heat, and always need temperature controlled environment.

iii. Energy conservation

To conserve energy being in an area where it snows in the winter, windows will be opened to let
cold air cool the servers. This will be possible as the servers will be located in a controlled
environment where only authorized personnel will be allowed.

Security threats

i. Espionage

This is one of the most concerning threats as foreigners will be coming into the facility.
Although there will be metal detectors at the entrance, it might still be possible to
smuggle in a listening device, or even an image capturing device besides a device laden
with malware that can give an adversary a back door. To avoid this, the lab will be built
like a faraday cage.

Cyber threats
ii. DDOS attacks

7
 Antony Kungu CSOL500 – Final Project 2017

This can only be accomplished if the laboratory network will be connected to internet with no
DDOS protection in place. However, to counter this threat we will incorporate DDOS managed
security services from Verisign.

iii. Advanced persistent threat

This is another threat that we will be facing but we will be able to fight it by ensuring that all our
systems are patched, have antivirus on all lab hosts, and implement Host intrusion detection
systems on all hosts. To protect the perimeter, intrusion prevention systems will be implemented
using layer in depth suing different technologies as a precautionary measure.

iv. Phishing

Emails have become another weak point when it comes to security. To counter this threat, we
will FE inline and tune it to quarantine any emails with malicious url’s or attachments. Placing in
line will also block any attempts for an infected host to call its C2 server for more instructions.
User awareness training to not respond to or click embedded links in email will also help to
mitigate this threat.

v. Hacking

This although it is a threat, it won’t be immediate but will be reviewed after risk assessment is
done for the whole network. That doesn’t mean that our network defenses won’t be up and
running to keep would be intruders out.

Insider threat

i. Employees/Contractors

This is one of the greatest threat for this innovation laboratory. This is so because they already
will have access from inside the perimeter wall. However, proper hiring practices, background
checks , polygraph and references verification will help to hire the right folks. Besides frequent
access audits to determine who has access to what and why will help to eliminate access creep.
All employees will have their name tags visible above the waist at all times while in the
laboratory.

ii. Visitors

All visitors will be escorted around the facility at all times and won’t have access to any mission
critical systems in the facility.

Physical Security controls

Internal

8
 Antony Kungu CSOL500 – Final Project 2017

i. CCTV cameras

This cameras will be manned 24/7 throughout the year come rain come shine. This will ensure
that there will be continuous securities monitoring with on call stuff in case of an emergency.

ii. Motion/heat sensors

Motion sensors will be utilized in all areas of the facility so that they can act as another layer of
security, hence supplementing the CCTV cameras. These will be also accompanied by heat
sensors especially inside the server farm that will hold mission critical systems.

iii. Security guards

Security guards will be the physical deterrence when someone attempts to gain access to the
facility.

External

i. Perimeter wall

This will encircle the facility with only one main entrance to ensure that everyone comes and
goes through it. This will help control access to the facility.

ii. Security guards

Security guards will be placed around the facility with rotating shifts to ensure that the whole
facility will have continues security coverage.

iii. Flood lights

Flood lights will help to ensure that the compound is well lit during the night to deter would be
intruders. Motion sensors will be placed in the compound to send a passive alarm to the
command and control center inside the facility.

iv. CCTV cameras

CCTV cameras are important in maintaining security and acting as a physical deterrence to
would be intruder. All the footage will be archived and store for a minimum of 3 years.

Possible Vulnerabilities

i. BYOD

This is a vulnerability that can arise if a compartmentalized application likes blackberry for work
available for android and IOS.

9
 Antony Kungu CSOL500 – Final Project 2017

ii. Backdoors in network devices

The acquisition of computers, applications and network devices from unvetted suppliers can pose
a security threat to the lab.

iii. Compromised login credentials

These credentials can be obtained by malicious hackers if they can squat a domain and send the
malicious link via email while appealing to the gullible nature of people to click the link. This
has been done effectively and led to unsuspecting users giving up their login credentials e.g.
John Podesta hack.

iv. Sensitive data exposure

This might happen if a user misplaces unencrypted device wit sensitive information, or if
unauthorized users gain access to sensitive data. This could also be from zero day vulnerabilities
that are not yet remediated by the vendor.

The Response to Incidents

If there is ever a security breach occur, it will be advisable to have appropriate measures for
handling it already in place. These include evaluation and reporting of the incident as well as
how to solve the problems leading to preventing the issue from reoccurring again. All incidents
will be attended too using SAN’s incident response frame work.

In conclusion I can say that this is by no means final plan on the design of this facility. This
document is a living document that will be presented to the CEO and CIO for review and
approval to continue after they buy into the project.

10
 Antony Kungu CSOL500 – Final Project 2017

Works Cited
Bosworth, S., Kabay, M., & Whyne, E. (2014). ComputerSecurity Handbook (Vol. 1& 2).
Hoboken, New Jersey: John Wiley & Sons.
John, O. (2014). Intergrated Network SecurityArchitecture. Cisco.
Mohr, B. M. (2004, 06 04). Designing Open Laboratory Spaces. Retrieved 03 15, 2017, from
forensicmag: http://www.forensicmag.com/article/2004/06/designing-open-laboratory-
spaces
(2014). The Department of Defense Cyber Security Strategy. DOD.

11