Security Through Failure Strategy And Diversity

Published Date: 02 Nov 2017

Introduction

The case study will examine the security implementation of ABC Motor Lanka network infrastructure and InfoERP system. InforERP is an ERP system which is used by ABC Motor Lanka at present.

While first parts of the case study the company’s network infrastructure will be discussed and the company’s ERP system will be introduced. Then second part of the case study will discuss various security implementations on both the company’s network infrastructure and its ERP system.

Due to competitive market environment and obtain competitive advantage the company has introduced an ERP system with online access to all its branches located in inland wide and the same time they can access their office mails and internet. Therefore company network infrastructure and its security controls should be able to safeguard the company’s valuable information and resources such as ERP system’s database, e-mails, source code of ERP system, documents and ERP application server. Not only the security, accessibility and availability of those systems should be considered within the network infrastructure.

This case study discusses much detail about the company’s network infrastructure and ERP system and the discussion is constructed on four main security principles which are Isolation, Redundancy, Diversity and Failure Strategies.

In the final part of the report security implementation of the company’s network infrastructure and ERP system is evaluated in respect of overall security point of view. Eventually the key security concerns are brief and potential improvements are discussed for better securing similar types of system under this section.

Background of Business Environment

Presently ABC Motors Lanka is authorized dealer of the renowned vehicle brands such as Mitsubishi (Japan), Perodua (Malaysia), JMC (Jiagling Motors Co.) and ZOTYE (China). In addition to that the company is authorized dealer of Valvoline Lubricants (USA). Moreover the company provides various services for vehicle owners in Sri Lanka. Among the various types of services vehicle repairs, vehicle services, mobile vehicle repair unit service, value addition for brand new vehicles and selling spare parts are dominated. Presently it is really important to provide maximum service to the company’s customers to retain the customers with company. However to provide good service to the company’s customers, accessibility and availability of the InforERP system and network infrastructure of the organization is extremely critical in business point of view.

Present Network Infrastructure Diagram of the company

Present the company’s network infrastructure and deployment of InfoERP system is depicted in the above diagram.

As shown in the above network diagram the company has installed firewall at Head Office. ADSL router is connected to the proxy server then proxy server connected to the CyberRoam firewall then LAN network is connected to the firewall. Thereafter email server is connected to the firewall and email server is located in DMZ (Demilitarized Zone). At the movement the company has twenty VPN links from Dialog for twenty locations and backup VPN for Orugodawatte branch from LankaCom. All branches are connected to the Head Office through these VPN links. Moreover there is a dedicated server for Kaspersky End Point Security. In addition to that InfoERP system is deployed in IIS 6.0 application server in dedicated Windows 2003 server. Its database is installed in Sun V880 server, operating system of this machine is Sun Solaris.

InfoERP system

InfoERP system is developed by using .Net and Oracle technologies. The system is deployed in IIS 6.0 (Internet Information Service) in Windows 2003 with service pack two. Its database is Oracle 9i installed in Sun Solaris Server. The ERP deals with most critical assets of the company, which is the central data store. Authorization of InfoERP system is done by using system ROLES.

Security Implementation on InfoERP system

Security through database server isolation

InfoERP system cope with most critical data of the organization therefore it is absolutely necessary to safeguard company data. The ERP system’s database is installed in dedicated Sun Solaris Server and it is not open to DMZ and outside as well its database communication port is secured through firewall rule. By isolating database server the company has given much security to protect the company’s critical data.

Security through duty of separation/data isolation

The ERP system is used by employees of all the levels in the company. The company makes sure that the data is properly authorized according to the company policy and access rights of the users and company has achieved this implementing role base authorization.

E.g. in InfoERP system purchasing officer can only raise purchase order but the authorization part should be done by purchasing manager. Not only that purchasing department cannot generate payment voucher it should be generated through a finance division and it should be authorized by assistant accountant or higher person in the finance division.

As a result of this the company has achieved following benefits.

It provides opportunity to check an error before a transaction is fully completed.

It discourages an employee to commit fraud or cheat.

Security through IIS user account isolation

As shown in the above network diagram InfoERP system is deployed in IIS web server. The web server executes the application within the permission of a system account having only the essential rights. For instance it is not allowed to access other than the intended file shares. In the user account perspective InfoERP system is used by the server user group having different level of privileges.

In the user account perspective, InfoERP system is used by the several user groups having different level of privileges. Most powerful user is administrator who can access and manipulate configuration information. User roles are defined in the system based on the user job descriptions and assign them to the users. For instances SK (store keeper), SR (sales officer), SA (service advisor) and TC (technician), system privileges are assigned to the each and every roles according to the company data classification policy. These roles are assigned to the each and every system user according to their designation. If a particular employee needs special permission that can be given through the additional rights module. For example some branches of the company there are no store keepers so in this situation sales officer has to play the store keeper role as well. To facilitate this type of requirements in the system there is a provision to grant multiple roles to the same user.

Security through memory isolation

InfoERP system is deployed on IIS 6.0 the configuration of the server as follows.

Operating system: Windows Server 2003 R2 standard x64 edition with service pack 2.

End point security: Kaspersky Endpoint Security 8 for Windows.

IIS assign a separate App-Domain for InfoERP system. This memory isolation the InfoERP is least affected by physical machine memory compromise from an intruder. In addition to that Microsoft .Net Framework provides sandboxes for .Net application. An App-Domain is a container/secure boundary for code and data used by the .Net runtime. Purpose of an App-Domain is to isolate the application within it from all the application running in other domains. Therefore applications are protected from being affected by other applications running in different application domains.

Security through perimeter isolation

Every physical machine of InfoERP system is deployed specially database and application server have been defined responsibility associate with it. Therefore according to the fail safe default principle it is necessary to access entry points from the physical machine to outside the world.

Security through redundant validation

Often input data validation is performed in presentation layer of InfoERP. However having client side validations are not substantial. An attacker may by pass the client layer and attack the data layer directly. Thereby all the critical data validations are redundantly performed in the data layer as well.

Security through redundant audits

Audit is taken at several levels to monitor any harm activities to the system. For example auditing is being taken at the firewall level and at the same time audit records are kept internally in the company’s data source level. At any time any suspicious activity can be monitored using these redundant audits.

Failure Strategy

Security through failure strategy

InfoERP system makes sure the possible failures do not put the system into insecure state. Any failure of the ERP system does not revoke security measures that are already put in place at the point of failure.

Security through information protection

InfoERP system implementation has taken measures to make sure the failures do not pave the path for any sensitive data exposure. For example InforERP system doesn’t show any error trace to the outside at any failure of the system. InfoERP redirect to the properly developed an error page without having any technical information once an error is occurred.

Security implementation on the company’s network infrastructure

Security through network isolation

Above network diagram shows latest configuration of the company’s network infrastructure. The company’s network infrastructure is basically can be divided into three zones namely external zone, demilitarized zone and internal zone. External zone is directly open to the internet and there is a proxy server and ADSL router. Though it is not displayed in the diagram there is a proxy backup server but it is not connected to the network. If proxy server fails the backup server will be replaced with the failed one. As a result of this the company can increase accessibility and availability of the internet service. Network traffic which is coming from the external zone is filtered by the CyberRoam firewall installed in this zone.

Demilitarized zone, the company’s e-mail server is in this zone with having very limited access to the internal zone. For example TCP/IP ports that are used by the company’s InfoERP application and database are not accessible from the demilitarized zone. As a result of this even if attacker obtains access to the DMZ still attacker does not have access to the database and other critical data source. By isolating which is exposed to the outside world provides much security for the company’s critical data sources.

Internal source, which is the zone the company’s most valuable data asset in placed therefore more limited access is given to outside the world. Access right to the company’s database is needed only InfoERP system thereby database access right is given only to the ERP system and database administrator. Therefore no data tampering is possible from even other zones are compromised.

Firewall configuration of the company in business point of view (UTM)

CyberRoam firewall plays critical role in terms of packet filtering, URL filter inspection of wire and wireless network and contents filtering. The company uses it for network traffic monitoring as well. The firewall provides various types of reports in order to perform network traffic monitoring and trouble shooting. The following are the configuration set up of CyberRoam firewall.

Internal use age: A certain amount of configuration is added to the CyberRoam firewall in order to conduct only company business activity during the company time using the internet. For example social network sites are not allowed to access the company staff and no pornography under any circumstances and it is not possible to use company computers to get any pornographic.

Internet downloads: In the firewall a few rules are added to prevent file downloading from the internet as a result of this the company staff is not be able to download files from the internet. However if there is an instance an employee wants to download a file from the internet to perform his/her duty necessary permission need to be taken from the MIS department. These types of firewall rules were added to save the limited bandwidth and improve network performance.

The company staff uses Mitsubishi Corporation’s web application in order to find spare parts and instruction which relevant to the company business. For instances claim warranty parts, order spare parts and vehicles. Therefore it is absolutely important good internet browsing performance in order to improve productivity of the employees and finally productivity of the company.

QoS (Quality of Service) rule: Presently the company is doing the business in twenty locations throughout the country all the branches are connected to the Head Office through Dialog VPNs. These limited bandwidths are used by those locations to connect to e-mail server, internet and work with InfoERP system. Nowadays InfoERP system is extremely essential to the company employees to carry out their work without the ERP system they cannot manage their work. In simple words InfoERP system is most important software for the company staff among the all software. Due to download e-mails by employees who are working in branch locations and browsing internet the company main system’s performance drastically reduce and leads to unacceptable performance of the ERP system. To overcome this situation there is a firewall rule to limit bandwidth both e-mail and internet can use. Therefor more portion of the bandwidth is reserved for InforERP system. As a result of this the company is able to provide good quality of service to its customers. This is one of the most important features that CyberRoam firewall provided.

Security through redundancy and diversity on e-mails

E-mail Server

E-mail is very crucial communication factor in the company. This contains very confidential information of the company, for examples employees’ salary information and business decision. Protecting this kind of crucial information is critical in business point of view. Therefore the company uses anti-spam techniques to prevent e-mail spamming.

By using anti-spam software can check authentication and reputation of e-mails. DNS list down the all authorized servers to get authentication that can send or receive e-mails and determine whether servers are reputed. In addition to that this anti-spam software can be used to e-mail filtering, black listing accounts and transaction pattern detection. In the company they have two different kind of anti-spam software one is in CyeperRoam firewall and other one is installed in the e-mail server. Therefore the company has given adequate security on e-mail by redundant anti-spam checking in two locations in the firewall and e-mail server. At the same time they use two different anti-spams software from two different vendors in order to provide security through diversity. Moreover the company improves CIA triad factors among its e-mail server.

Security through failure strategy and diversity

VPN Fail over

The biggest branch of the company is Orugodawatte Workshop. So there is great demand for company ERP system and they expecting always up system in company time. Therefore the company introduces two VPN links from two different vendors while the main link from Dialog and the other one is from LankaCom. In CyberRoam firewall there is facility to configure VPN fail over. This facility allows the company to configure if one VPN is failed it switches to other active VPN automatically. For instance if Dialog VPN is failed CyberRoam firewall switches connection to the LankaCom VPN automatically because of this facility even Dilog VPN link is failed Orugodawatte branch still they can connect to the Head Office and can carry out their work without knowing the link failure or any disruption. As a result of this the company is able to minimize the down time of the all systems for Orugodawatte branch through failure strategy and by obtaining VPN link from two different vendors.

Security through redundant, isolation, diversity and auditing

Kaspersky end point security

As you can see in the above network diagram Kaspersky end point security is installed in a different server. Somehow the following security is provided by Kaspersky end point security.

In the Kaspersky end point security application are categorized into four group based on KSN (Kaspersky Security Network) reputation. Further digital signatures used to make the validation.

High Trusted

Low Trusted

Trusted

Untrusted

In the Kaspersky end point security there is an inbuilt firewall this firewall monitors all the traffic and provides security through redundancy. Here monitoring network traffic is redundant, traffic monitoring is done by perimeter firewall level as well. In addition to that the company acquired security through diversity by introducing two different firewalls from two different vendors. If one firewall is compromised due its own vulnerability may not easily be used to compromise other firewall when they are different from each other.

According to the Kaspersky all windows level critical system folders are protected by default. Here Kaspersky isolate the windows level critical system folders and provides adequate security.

There is a web control module and this module monitors well known web site scriptures.

Kaspersky end point security monitors virus, worms, Throjan, dialers, and common network ports. Detected malware will be disinfected or deleted if disinfection fails.

There is an auditing mechanism this enable keep history for thirty days for trouble shooting. Here auditing is redundant while CyberRoam keeps audit for trouble shooting at perimeter firewall level Kaspersky keeps redundant audit sitting in internal network zone.

Password is added in order to prevent user changing the client settings of Kaspersky client.

Covering a lot of areas of the company’s network infrastructure Kaspersky end point security protects the company’s computers and network from unwanted, unnecessary and harmful programs.

Security through failure strategy

Backup and Recovery

The company ensures the accuracy of their backup procedure by using followings.

The daily backup is obtained in respect of the all relevant computer software and database at the end of the day. In addition to that database backup is taken during the day using Oracle RMAN backup tool.

Backup media: The Company regularly examined for readability of the data. Normally system administrator of the company tracks the usage of the backup media. The backup media (tape drive) is replaced by every three months. In addition to that backup media appropriately labeled and numbered and ensures the rotation of the backup media.

Backup Logs: Backup logs are maintained by the company’s system administrator. In addition to that system administrator maintains the backup movement logs for the backup at off-site location.

Backup restoration: The Company’s system administrator maintained a log which contains date and time along with the name and signature.

Security through preventive controls

Disabling inactive user account

The company’s system administrator disables user accounts that have been inactive for more than fourteen days. Normally HR division of the company inform list of inactive employees to system administrator. Inactive employees can be described as employees who resigned, terminated or transferred.

Control of physical access to network equipment

All network and server equipment including LAN-servers, routers, switches and wireless equipment are physically secured from unauthorized access by placing them in locked room.

Password and security control InfoERP system

The company’s ERP system does not accept week password it should consist of at least eight alpha numeric characters and password is expired after thirty days and even same password cannot be repeated. Moreover password is encrypted using SHA two and stored in database.

Preventing physical damage to the equipment

The company installed a fine alarm and maintain in the server room and smoke detectors be placed with the server room. In addition to that inflammable material such as paper is stored away from the server room. Apart from that fire extinguishing equipment placed within the IT section. The respective servicing personnel maintain this equipment regularly.

Security through detective controls

Helpdesk management

Helpdesk of the company logs the investigation work done for solving problems and result obtained.

Entry of IT system room

The company ensures tracking entry of all other personnel/people by maintaining visitor’s register. There is a dedicated locked system room.

Evaluating the discussion

In this report it is discussed various types of security measures that have taken placed in the company’s network infrastructure and InfoERP system in order to protect most critical asset of the company such as organization data and network infrastructure. It is apparent that they have made strenuous effort to provide security to protect their critical asset by limiting to their small IT budget and available resources. However I have seen one of the most important area which they have to consider which is the company is not implemented proper disaster recovery plan as a result of this if one of the server database server or application server is failed, they have to buy or hire a server and need to install all necessary software and run. This process takes at least two days. Somehow most dangerous factor is during this time they will not be able to do their business because of absence of InforERP system and proper manual process. Therefore a comprehensive disaster recovery plan should be developed by considering business continuations.

Conclusion

It is absolutely clear that there are several common best practices were taken by the company in order to protect their critical asset and that pave the path to continue successful business operation by using the ERP system and network infrastructure.

Moreover it is good thing the company has realized most of the security principle are correlated to each other and affected by each other. For instance redundant without diversity is not worth solution most of the situations if making redundant the same fire wall in two different network locations are identical therefore hacker can use the same hacking method that he used to break first one to break the second firewall as well.

Taking everything into accounts it is import to every organization to make sure their security implementation should not collide with each other and at the same time. Apart from that they must have enough knowledge about the main security principles which are isolation, redundancy and diversity and failure strategies. Furthermore they must ensure their security implementation should not disrupt their business process.

Finally not only having adequate knowledge about main security principle, but also working experience is absolutely crucial when implementing security measure in an organization.