University of Maryland University College Security Vulnerabilities
University of Maryland University College aspires to provide students with the finest learning and success environment possible. We, at Security One, believe that students and faculty should be safe from all forms of vulnerability, both physically and online. A vulnerability is defined as any flaw in security that allows a threat to be carried out. These risks can range from the trivial, such as an unauthorized person entering the server room, to the complicated, such as hackers seeking to steal personal information about students or faculty.
Physical Building Vulnerabilities
Giving unauthorized people access to the building is a huge vulnerability. A person can walk into the building and try to access information about faculty or students, or try to get access to other databases of UMUC.
Recommendation:
There are a few ways to tackle these vulnerabilities. You do not want to restrict students' access to the building, but you also do not want unauthorized persons entering the building either. UMUC can implement smart card locks that will open for student's unique student ID that is stored on a smart card. During school hours, the doors can stay unlocked so students and faculty can enter and exit without having to swipe the smart card. However, after hours all doors, including library doors and computer lab, will automatically lock. The only way to get access to be a student at UMUC with their unique school ID stored on a smart card.
Justification:
Smart card readers are the most streamlined resolution to unauthorized access into the building. This allows UMUC to set times where doors will only open when a smart card is present. This is the most budget-friendly way to deter threat agents from having access into the building. This also gives UMUC the ability to track when the building was accessed and by who.
Unauthorized Access to Server Rooms and Closets
Issue: If a person does get authorized access to the building, UMUC does not want anyone with insufficient privileges to gain access to any of the servers. This can allow threat agents to spread exploits throughout the system or get access to confidential information.
Recommendation:
Multiple levels of security are required to tackle this vulnerability. First, a door that cannot be breached via power tools must be installed. The entry will contain at least three distinct levels of security: biometric, physical key, and smart card. Biometrics will allow only authorized personnel to have access to the room, and no one else. If biometrics are somehow by-passed, the threat agent will also need a key to that specific room which a staff member will have. There will be one copy of the key which is kept in a secure area, and both will be labeled "Do Not Duplicate." There will be one master key, which will be held at an undisclosed location only known to selected faculty members. The smart key is for keeping track of who accessed the room and when the server room was accessed. The smart key will also verify the biometric scan belongs to the person the smart card belongs.
Justification:
Server rooms need to be highly guarded protected from all threat agents because data needs to stay confidential. The three distinct security measures will make sure that only authorized personnel have access to the servers, and thwart any threat agents from accessing the server.
Student and Faculty Username and Password
Issue: Students and faculty may avoid creating a unique and robust username and passwords, allowing it to be easily exploited. Alternatively, they might be keen on storing passwords in a single location such as 1Pass or notepad on their laptop.
Recommendation:
UMUC creates unique usernames (possibly their Student ID number) and password. Allow students and faculty to change the password to whatever they wish. However, they should change it at random intervals (30-60 days between each change). Faculty should be required to use a two-step authentication process. They will need a password, and a number generated by an asynchronous security token that generates a unique password at the push of a button. Students can also opt into using the security token. However, it will be using a service provided by Google (or a similar company). If students or faculty input the incorrect password when they try to access their account, then they will be locked out until they can verify their identity via phone call or in person.
Justification:
Password changes at random interval will make it hard threat agents to use an old password. A unique password will also make it difficult for threat agents to guess or brute force a students or faculty's password [1]. The security token is required by the department because they have an elevated access to data which can affect students and their work. If a faculty members password is stolen or compromised, the threat agent cannot get into the account and data without the security token, which will be the faculty member. Allowing students to opt into a 2-step verification process will also reduce the risk of data breaches. If a person gets locked out of their account, they must answer some questions over the phone or provide federal ID in person to unlock the account.
E-Mail Server Security
Issue: E-Mail server needs to be void of any vulnerabilities since this will be a crucial method of communication for UMUC. All data and communication must stay confidential either through secure servers, service, or encryption.
Recommendation:
Security One recommends using an email service such as Google Email and Apps.
Justification:
Services that specialize in E-Mail are better equipped to make sure all emails and data are secure.
Loss of Data
Issue: Loss of data can occur many ways, and it usually happens due to unforeseen events.
Recommendation:
Daily backups of crucial data, and weekly backups of non-crucial data. The backups should stay off-site to avoid any repeat attacks or events from destroying it. The back-up should also be backed up once every six months. This redundancy allows the school to keep all of its data in the event of failure or attacks.
Justification:
All data is essential to the school, the faculty, and students. Any loss can reduce how effectively a student learns.
Transfer of Data
Issue: Crucial and confidential data can be stolen fairly easy without proper security.
Recommendation:
All crucial and confidential data must be encrypted before it is transfers or shared. Any student or faculty working with essential data must use a virtual private network (VPN) to ensure all data is encrypted and secure.
Other Vulnerabilities
Issue: Not all vulnerabilities can be noticed at this writing of this proposal.
Recommendation:
UMUC should scan, with software such as OpenVAS and Retina CS, for vulnerabilities in their systems on a regular basis to stay on top of any new weaknesses and quickly shutting them down. They should also regularly go through their building and visually inspect all areas that can be compromised. UMUC should also have a task force that focuses on finding and patching vulnerabilities, as our company cannot stay on campus to monitor.
Justification:
Vulnerabilities evolve as do threat agents, UMUC needs to stay on top of things to make sure the vulnerabilities do not turn into exploits. They may not have the knowledge or workforce to shut down vulnerabilities by themselves, but monitoring will give UMUC information on how to act on and patch up vulnerability.
Security Policy and Risk Management
There will be multiple security policies implemented at UMUC. The plans will differ based on the type of access an individual has to the database and equipment. Policies will spell out specific rules and regulations that must be followed, as well as, legal regulations. Failure to comply with these policies can lead to dismissal from UMUC and legal action.
First policy that all students, and faculty at UMUC must accept is the Acceptable Use Policy. APU will tell the students and faculty what is expected of them when they are on the school's network or hardware. For example, the APU may state that students are free to access the internet from anywhere on campus via WiFi as long as no illegal content is being accessed. The APU between student, and faculty will slightly differ as the latter will have more freedom to access specific data on their server.
When APU is accepted, they must also accept that they will attend a network security seminar [2]. The students will only need to attend once unless their account gets compromised more than once during their enrollment. The faculty will need to participate in the seminar on a yearly or bi-yearly basis. The workshop will cover primary network and personal security, how to avoid social engineering attacks, and how to properly document any vulnerabilities or attacks they witness or are part of. This seminar will greatly reduce the risk of compromised accounts and unauthorized access to the network and school's building.
Next will be the Code of Ethics that faculty must agree to. These will layout the type of behavior that will be expected of them on campus. It will also contain rules and regulation they must adhere to when it comes to UMUC and its reputation when off campus. Not following these will allow administrators of UMUC to take disciplinary actions. The code of ethics is not about reducing risk but keeping the standards of the school.
Privacy Policies will need to be created to inform anyone connecting to the UMUCs network what kind of information is collected and shared. This policy needs to be regularly updated as equipment and software are updated on the system. The privacy policy is to make sure that data isn't being shared without consent, as well as, reducing the risk of legal liability for UMUC.
The final required policy is the Authorized Access Policy. This is meant for the faculty who are responsible for the upkeep and security of UMUC servers, hardware, and network. The policy will explain the various levels of access and who has that level access. It may not explicitly name everyone, but there will be few key people who have top access to everything except classroom grades. If an unauthorized faculty accesses data or the network, they can face dismissal from UMUC. This policy will reduce the number of potential threats and human vulnerabilities to the school's network.
Business Continuity Plan
Preliminary Steps
- Set up BCP team members who are on-call for when catastrophe occurs
- Insure all hardware in the building
- Keep backups of crucial hardware such as servers and switches.
- Set up data back-ups, and verify regularly
- Set up plan of attack during attacks and natural disasters (student's physical and virtual safety must be a priority)
- Run through hypothetical drills, to make sure staff are up to date with equipment and procedures
- Have regular maintenance and verifications on hardware and software
All these steps need to be taken to reduce downtime after a catastrophic event. The event could be a cyber attack or a natural disaster. UMUC's goal to have students and faculty up and running, so the learning process is not disturbed.
Hardware
UMUC should take steps to insure all hardware in the building. This will reduce total cost, as the crucial hardware can be expensive. They should also keep backups of important hardware off-site. If the hardware gets taken down or breaks down, the school quickly bring the backup units to restore some functionality of the building.
Hardware should also be monitored 24 hours a day. Software can do the monitoring during off hours, but during school hours all the hardware connected to the network should be monitored. The software should be able to automatically disconnect and log devices that are acting maliciously or causing networking issues.
Data
Data should be backed up and verified regularly. All backs should be off-site and should be able to retrieve it quickly by BCP team member. The school cannot run without the data since there will be nothing for the students or faculty to work with.
References
[1]G. Fleishman, "Why a strong password doesn't help as much as a unique one.," Macworld - Digital Edition, pp. 94--97, September 2015.
[2] F. Santini, "Prioritizing Cybersecurity on a Limited Budget.," Law Practice: The Business of Practicing Law, vol. 43, no. 5, pp. 58-61, September 2017.
II. Securing Boundary Devices, Hosts, and Software
A. Physical Security and Perimeter Defenses
Requirements and Proposed Solutions
Physical security is the protection of physical property in and around the UMUC building. UMUC needs to make sure students and professors feel safe from any form of physical threats, such as theft or damage to their devices. This means there needs to be reliable ways filter out unwanted threats from entering the building, continuous surveillance of all property.
To reduce unauthorized access to the building, I recommend the use of doors that require a smart key or security token to gain access. The door will have five main components for a secure entry and exit way. First is how will the door be authorized to be opened, such as a proximity card or token access scanner, such as a Cobra Controls PRX-5R, controlling the doors into the UMUC building. The proximity access reader will only allow students and professors with the school provided smart card or security token. However, if piggybacking becomes an extreme problem into the building a security guard may need to be posted when classes are not in session. The second component is how will doors open when someone needs to exit. I recommend something like the SDC Security Door Controls PSB560 [1], which will allow a person to press the bar to unlock the door. This is the simplest and most efficient way for a high traffic entryway for students and professors to exit the building. The third component is the type of locking mechanism of the door. Maglock, such as SDC 352 Narrow Line Double EMLock, or strike lock, such as the SDC Security Door Controls 24-4U, are two types of locks I recommend for the door [1]. Maglock maybe the most secure physically, but it may not be budget friendly like a door strike lock. The fourth component is the software to accompany the entryway. UMUC needs to decide what the software is capable, such as entry auditing, time-based opening, or battery backups. [1]
Perimeter defenses will have to be kept discrete as this is a learning facility and needs to be welcoming to the students and professors. First would be to make sure the building and surrounding areas are well lit. I recommend environment-friendly LED lights for directly around the building solar-powered lighting for the parking lot and other surrounding areas that are not directly illuminated by lighting attached to the building. I recommend a specialist such as SPECO who specialize in solar-powered lighting. [2]
The final aspect of physical security I would like to recommend is a form of surveillance of the building. A CCTV or another form of continuous recording of the exterior and interior. I would recommend a system that can have a high resolution than 1080, scalable, secure, and allows for easy backup. A third party company, such as SCW, should be brought in for consultation and implementation of CCTV at the location. [3]
Justification
The entry access system will keep reducing threats of an unwanted person or persons entering the building when classes are not in session. A guard can further mitigate unwanted persons from entering the building, however, implementing this should be only done in extreme cases. Lighting around the building will help students and professors feel safe, and light up possible threats to them. It also provides the visual aid to detect any physical threats to the building and respond to them quicker. CCTV can further help reduce physical threats by having continuous monitoring of the building and surrounding.
B. Mobile Device Security
Requirements
I predict that students and professors will use multiple mobile devices that may or may not be connected to the network, as well as loan mobile equipment from the library. UMUC will allow students to bring their own devices and have individual access to their network. These devices can range from laptops and tablets. The library will also enable students to loan out devices when needed, which means UMUC needs a way to keep track of who checked out what device.
Proposed Solution
UMUC will implement a mobile BYOD policy that requires the students to accept and add devices to their UMUC ID. Students will need to accept the policy as well a privacy policy stating that certain data may be kept on record to reduce liability to UMUC and may be handed over to federal court if subpoenaed. The devices will also have extremely restricted access to the UMUC's internal network but can have unrestricted access to the internet. UMUC can state in the policy that they can change the policy at any time to restrict access to certain areas of the internet.
When students rent out equipment from the library, they should first sign a logout sheet as well provide two forms of ID; one must be their UMUC ID and the other with a photo. The UMUC ID will be kept as collateral. Staff handing devices over to students must state that they are accepting the acceptable use policy and all data saved on the laptop will be erased once it has been shut down. After students are done with the device, they must sign the device in with another signature from staff. The staff's signature verifies that the device was returned in working word.
Justification
BYOD policy gives students comfort to learn in their own personal space, and still allows UMUC to maintain the security of their network. The APU will also reduce UMUCs chances of being caught in legal bouts if a student decides to perform any illegal actions while on their own network as well as restricting network access to devices when needed.
UMUC reduces cost due to loss and damages by making students responsible for equipment that is checked out. Keeping collateral also allows staff to know who and when equipment was checked. This means that if a student is known to break the APU, the library can keep track and deny them any more rentals.
C. Network Defense Devices
Requirements
Network architect was submitted in the Network Design proposal; therefore, all the equipment should be implemented by now. These equipment needs to be protected from unwanted physical and virtual access. As well as secure data communication for students and professors. Server rooms need to be protected from all physical access unless, authorized to do so, and all access must be logged. Virtual access to a server must be set up through protection provided by hardware features such as firewalls. Students and professors that are communicating and storing information on the network must be done through secure channels.
Proposed Solutions
The server rooms (except teaching server closets) will be in a protected room with a door having a smart card or token reader and biometric scanner. A person accessing the server rooms must have the proper privileges and must follow the correct procedure to access server room. The person must first use smart card or token to unlock biometric scanner, which then they must use their fingerprint to open the door. After that, they must sign in via network console or another device provided by UMUC such as a tablet. The smart card and biometric scanners will log all attempts in which the server room was accessed. The logs of scanners must match the log of personnel. Personnel will also need to log when they left the server room. The server will also be under a separate CCTV system which will be kept to need to basis.
The firewall must be configured to detect and log all unknown and malicious access attempts into the server. UMUC may implement MAC filtering to disallow known devices that can allow unwanted access to the network.
All information on UMUC websites must use HTTPS when communicating with students and professors, as well as anyone visiting web pages. [4] Students and professors must use SSH and FTPS when accessing and transferring information to UMUCs servers. Professors should require students to use VPNs and emulator software such as PUTTY when students need to access servers when not directly connected to the UMUCs network.
Justification
Server rooms are the most crucial part of UMUCs network since they contain confidential information about faculty, staff, professors, and students. Multiple levels of security and logs will reduce threats from entering the rooms, therefore, thwarting any attempts at stealing or destroying hardware or information. If a disgruntled employee attempts to be a threat, logs can be used to track down which personnel had access when there was a physical breach.
Firewalls will prevent unwanted virtual access to the server and its information. By logging all attempts, admins can check to see what kind of attack or attempt of an attack it was and work towards to strengthening the server to completely shut down the threat. Logs can also help prevent false-positives.
Students and professors need to have all their information being sent to and from servers to be secure since the data could contain confidential information. Using HTTPS, UMUC provides a certain level of security for their web pages ensuring information will not be stolen. Forcing students to use VPN and PUTTY to access the UMUCs server ensures that all data is being channeled through a secure path, as well as ensures the students and professors system is secure.
D. Host Defenses
Requirements
UMUC needs to be prepared for any and all attacks. There will be thousands of students using their systems and be accessing millions of websites. Therefore, UMUC needs to have some type of antivirus and malware installed to protect from threats and reduce damage done to the network.
Proposed Solutions
It is recommended that UMUC implement an enterprise level antivirus and malware suite on its system and network. I would recommend BitDefender’s Gravity Zone to be installed on every system that is directly connected to the network via Ethernet since these systems have a direct link to the switches that connect to the server.
Justification
UMUC needs to prepare for students to open infected emails and files since UMUC cannot prevent students from doing so. Having software, such as BitDefender’s Gravity Zone, prevents malicious files and code from accessing the system and network. The software can also monitor file changes and other threat attempts at the system.
References
[1] "Door Access Control System Buyer's Guide and How To Manual," Maglocks.com, 2015. [Online]. Available: http://www.maglocks.com/access-guide. [Accessed 26 October 2017].
[2] "Commerical Solar LED Parking Lot Lighting," Solar Electric Power Company, 2016. [Online]. Available: http://www.sepco-solarlighting.com/solar-parking-lot-lighting. [Accessed 27 October 2017].
[3] "Commercial-Grade Security Cameras that come with SCW Know-How," Security Camera Warehouse, 2017. [Online]. Available: https://www.security-camera-warehouse.com/commercial-cctv-systems.php. [Accessed 27 October 2017].
[4] K. Basques, "Why HTTPS Matters," Google, 26 September 2017. [Online]. Available: https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https. [Accessed 2017 October 2017].
III. Securing Data at Rest and in Transit
A. Public Key Infrastructure
Requirements
Public Key Infrastructure (PKI) is a hierarchy of computers that issue and manage certificates which are issued by the Certificate Authority (CA). The certificate is an electronic document that shows proof of ownership of a public key. Certificate management is required to ensure security and encryption of data that is being sent and received. A certificate database which stores requests, issues, and revokes the certificate. A certificate store is where certificates are locally stored for issued private keys.
Proposed Solutions
UMUC will need to obtain a find a regional CA to provide public and private keys to ensure constant security. UMUC may rely on companies such as Comodo or Symantec to be their CA if they are available in their region. If UMUC does not want to rely on third-party to provide certificates, they can build their own. [1] [2] This will depend on the network UMUC has implemented as well as the budget of the new building.
Justification
PKI will be required if UMUC wants to keep transmitted data secure and keep away any possible theft. Hiring a third-party can reduce the time needed to implement encryption of data and secure everyone as soon as possible, since the PKI infrastructure is already set up and ready to use for UMUC. However, this may not give UMUC the control they would want over the certificates. If they design and construct their own PKI, it will give UMUC the ability to make changes on the fly, and scale the infrastructure when needed. One downfall of this is that it may take longer to implement, take up extra resources UMUC may not have, and hardware may be out of the budget range.
B. Secure Protocol Implementation
Requirements
Most protocols were created with little or no security controls, therefore, UMUC will need to use secure protocols to ensure the security of data and communication on to and from the UMUCs network.
Proposed Solution
SSL or TLS should be implemented for all web communication between UMUC, professors, and students. TLS is recommended as it is the current secure protocol. HTTPS for their main website that doesn’t require encrypted communication or contain any confidential information, such as the UMUC Home page. S/MIME should be implemented for all email communication on the network. Only all professor and staff systems, IPSec should be implemented to encrypt all IP traffic. [3] However, UMUC will have to decide how they want to implement IPSec: transport mode, encrypt payload of packet, or tunnel mode, encrypt header and data. Finally, SSH and SFTP needs to be applied when students need to use UMUC server space for assignments and storage. For example, if UMUC provides web space for students to practice web design and hosting, all communication between student and server should be done through SSH or SFTP. [3]
Justification
Without having securing protocols, data can be easily stolen, or the network breached. Professors, staff, and students need to have a secure and reliable channel of communicating. The data and communication between them contain confidential information such as name, grades, address, ID, etc. that needs to be encrypted during transmission, even if the data was stolen it could not be read without the public and private keys to decrypt it. However, the UMUC website does not to be SSL/TLS secure since it should not contain any confidential information.
C. File Encryption
Requirement
Files need to be encrypted when not in transmission or being stored on a non-network device. All files stored on networks storage should be encrypted in case of a breach, the data will not be read easily. Encrypting individual systems will be infeasible because students will be bringing their own and UMUC systems will be set up to erase all user data from the system.
Proposed Solution
All files storage system will be Windows OS and NTFS drives to take advantage of the Encrypting File System (EFS). [4] EFS uses symmetric key encryption because it is fast at encrypting and decrypting large amounts of data. UMUC can use an asymmetric key encryption, however, it will be much slower. UMUC can choose from AES, Triple DES, or DESX encrypting algorithm. Advanced Encryption Standard (AES) is what is the standard in the industry. AES uses Rijndael algorithm to encrypt and decrypt files and data. [5]
D. Hashing
Requirements
All confidential and top-level privilege data will require hashing to verify integrity. Other data will not require hashing; however, professors will have the option to create hashes for their data when communicating with other professors, staffs, and students.
Proposed Solution
UMUC has three types hashing algorithms: Message Digest 5 (MD5), Secure Hash Algorithm 1 (SHA-1), and (RACE Integrity Primitives Evaluation Message Digest) RIPEMD. I recommend using RIPEMD because it allows for different message digest of 128, 160, 256, and 320 bits.
Justification
Students do not need to use hashing as they should not have access to data requires hashing. Professors and staff may need to or be required to use hashing depending on the data that is being shared between them. However, confidential and top-level privileges will be required hashing and will need to be verified when received. RIPEMD is the recommended because it allows multiple levels of the digest, which means if the sender is sending data that requires more security they can send it with a 320-bit message digest.
E. Backup and Restore
Requirements
The schools should back up all their data and system configuration on a regular basis, which are kept off-site. Yearly full backups followed by weekly incremental backups as well as daily backups of minor changes to pertinent data. For day to day files and data, a cloud system should be set up for professors and staff. All full and incremental backups should be tested every two months.
Proposed Solution
Full backups should be done during school holidays that way all the data is properly backed up without interruption. Full backups take much longer than incremental and daily backups, therefore, it is essential that they are not interrupted. For weekly and daily backups, UMUC needs to audit the network traffic and personnel in the build and create a backup schedule based on least activity.
Backup data storage should be stored on tapes, as they are can hold up to 185TB of storage and can be encrypted. Compared to optical and hard disk storage, tapes are more durable and can be easily moved to a secure. Only caveat is that UMUC will to invest into tape back hardware and maintenance of said hardware. [6]
References
[1] N. Sulivan, "How to build your own public key infrastructure," CloudFlare, 24 June 2015. [Online]. Available: https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/. [Accessed 27 October 2017].
[2] N. [MSFT], "Designing and Implementing a PKI: Part I Design and Planning," Microsoft, 1 September 2009. [Online]. Available: https://blogs.technet.microsoft.com/askds/2009/09/01/designing-and-implementing-a-pki-part-i-design-and-planning/. [Accessed 27 October 2017].
[3] G. E. Clarke, CompTIA Security+: Certification Study Guide, McGraw-Hill Education, 2014.
[4] Microsoft, "File Encryption," Microsoft, [Online]. Available: https://msdn.microsoft.com/en-us/library/aa364223(VS.85).aspx. [Accessed 29 October 2017].
[5] M. Rouse, "Rijndael," Search Security, May 2007. [Online]. Available: http://searchsecurity.techtarget.com/definition/Rijndael. [Accessed 29 October 2017].
[6] M. Rouse, "Tape backup," TechTarget, October 2016. [Online]. Available: http://searchdatabackup.techtarget.com/definition/tape-backup. [Accessed 28 October 2017].