Running head: Network Security Plan - McPherson
Table of Contents
Project outline ....................................................................................................................... 2
Overview of Network and Existing Security (Week 1) ............................................................. 2
Overview of Agency .......................................................................................................................2
Description of Network ..................................................................................................................2
Network Topology .........................................................................................................................3
Network Protocols .........................................................................................................................4
Connectivity Methods ....................................................................................................................5
Current Security Devices ................................................................................................................5
Risk Assessment (Week 2) ...................................................................................................... 6
Inventory/Summary of Devices ......................................................................................................6
Asset Prioritization.........................................................................................................................7
Risk within the Environment ..........................................................................................................7
Risk Assessment Tools and Methodology ........................................................................................9
Security Architecture Plan (Week 3) ..................................................................................... 10
Appropriate Technologies and Their Location in the Network ....................................................... 10
Additional Software Assets .......................................................................................................... 11
Additional Security Controls ......................................................................................................... 12
Risk Mitigation............................................................................................................................. 12
Security Policies (TBD) ......................................................................................................... 14
Incident Response (TBD) ...................................................................................................... 15
Implementation Plan (TBD).................................................................................................. 16
References........................................................................................................................... 17
Network Security Plan - McPherson
2
Project outline
Any federal agency’s network is an inviting target for hackers.1 The National Science
Foundation (NSF) is no exception, not only for its data bases of cutting-edge research and
researchers, but for access other agencies and consortiums through its partnerships.
Overview of Network and Existing Security (Week 1)
Overview of Agency
The NSF’s primary purpose is to support science research and education, including all
engineering fields. The agency handles sensitive information on cutting edge scientific research
and has personal information on many of this country’s researchers. The NSF is subject to the
Federal Information Security Modernization Act (FISMA), which requires it to develop,
document, and implement an agency-wide information security and privacy program.2 This plan
is set forth in the Information Security Handbook – Manual 7 (Manual 7) which was late updated
in April 2018. The plan covers NSF resources and includes NSF personnel and contractors as
well as in-house and external computer systems.
Description of Network
A description of the NSF’s network starts with other agencies. As of 2007, the Office of
Management and Budget (OMB) instituted a common solution to federal agency network
services, the Trusted Internet Connection (TIC).3 The Department of Homeland Security (DHS)
oversees this initiative, also called DHS Trusted Internet Connections Initiative, through its
Managed Trusted Internet Protocol Services (MTIPS) program. The Office of Information and
Network Security Plan - McPherson
3
Resource Management (OIRM) directorate of the NSF maintains its network infrastructure,
including hardware, software and support services.2
OIRM has effectively siloed the NSF’s network into four separate networks: (1) internal;
(2) visitor; (3) Bring Your Own Device (BYOD); and (4) Eduroam.4 The internal network is for
NSF staff and is both wired and wireless. The next three networks are effectively subnetworks
of the wireless network. The visitor and BYOD networks are both wireless. The Eduroam
network is wireless. It is known as Fastlane and is a network access service for research and
education that allows the NSF to provide users wireless access to their respective
university/institutions using their credentials from that particular university/institution.5
This segmented structure allows the NSF to apply and enforce different data and access
requirements to each siloed network. In turn, it allows the ORIM to more effectively monitor the
network and determine compliance with its security requirements.
Network Topology
A broad representation of the Network topology is shown below:
Network Security Plan - McPherson
4
Internet
Edge
router
Backup
Edge
router
Data
Center
Campus
LANS
Server
Farms
Management
Center
NSF Network Topology
As noted above, the NSF network has two edge routers to provide redundancy for the system in
case of failure. The Data Center is segregated from the rest of the network to secure it while
Campus LANS and the Server farms are connected to the Management Center.
Network Protocols
Network protocols of the NSF’s network depend upon the OSI layer (see Week 3 Security Architecture section of this paper). Primary network protocols are TCP/IP. The NSF
supports both IPv4 and IPv6. It has Class B IP addresses, where the 1st two bits are 10, are in the
range of 128.0.0.0 to 191.255.255.255. This class is for medium networks and has 16 bits for
network and 16 bits for hosts.
Many of the protocols employed by the NSF come from those common to the EINSTEIN
system and to Century Link. The DHS provides the EINSTEIN system to federal agencies to
help detect and block cyber-attacks.7 EINSTEIN provides an email filter and DNS sink holing to
help identify any infected hosts/users on the NSF network.4 CenturyLink is both the NSF’s
Network Security Plan - McPherson
5
telecommunications provider and cloud services provider. With the mandate to transition to the
cloud, the NSF is more and more reliant upon CenturyLink for the protocols it will use and
enforce.
Connectivity Methods
There are a variety of connectivity methods employed by the NSF: broadband (both
wired and wireless), mobile Internet, remote access, campus LANs, and VPN.
Current Security Devices
A broad overview of network equipment shows that the NSF has 2 border routers
(including a backup for redundancy), 3 layers of routers, and approximately 33 switches (2 per
floor for the first 14 floors and then one for the remaining 5 floors). It is a switched network and
many of its security appliances and core switches are also routers. The border or edge routers
connect to and run in the internet backbone. They are connected to layers of core routers which
support NSF’s routing protocols.
Cisco and Arista are the primary network equipment vendors, with two to three additional
minor suppliers. Cisco provides firewalls through Adaptive Security Appliances (ASA), both
stand alone and virtual. The ASA includes not only a firewall, but also antivirus protection and
intrusion prevention. The NSF also has an Intrusion Prevention System (IPS) that sits at the edge
router(s), outside of its network. It provides both inline and in-blocking mode.4
Network Security Plan - McPherson
6
Risk Assessment (Week 2)
Inventory/Summary of Devices
The first step in assessing risk for the NSF network is to take inventory of the agency’s
assets, both hardware and data, especially sensitive information. The NSF has over 2,400
desktop and laptop computers, 166 network printers and ____ servers. The NSF data assets
include cutting edge scientific research and can be divided into those classified as (1) mission
systems, and (2) mission support. NSF defines mission systems as those necessary for its
operations and mission; mission systems can also be categorized as systems of record. They
include (i) Ejacket, (ii) Fastlane, and (iii) Awards – Award Search.8 Ejacket is a web-based
interface that consolidates grant applications received by the NSF. It can manage both programs
and proposals. Fastlane is one of two internet platforms used by the NSF as its grant
management system. It allows communication between NSF and the outside research
community. It will eventually be assimilated into Research.gov. The NSF accounts for
approximately twenty percent of all science research funding made by the federal government.
Award search software allows for both internal and external access to information about research
grants awarded by the NSF.9
Network Security Plan - McPherson
7
Mission support includes directory services and My NSF. My NSF is an internal ebusiness system that allows NSF staff access to online merit review systems for research
proposals submitted to the NSF by its research community.
Asset Prioritization
The NSF prioritizes its assets by availability and integrity, since confidentiality is
assumed in all of its actions and communications.8 Both availability and confidentiality are of
equal importance to the agency. More detailed information about the agency’s asset
prioritization is confidential and therefore unavailable for this paper.8
Risk within the Environment
Manual 7 outlines a three-tier approach per NIST 800-39 to assess and manage risk in the
NSF: Tier 1 risk, Tier 2 risk, and Tier 3 risk (see diagram below).
Tier 1 focuses on organizational risk (i.e., enterprise risk) by looking at risk from a
strategic point of view caused by the NSF’s position as a government agency carrying out
national policies. Tier 2 focuses on the business risk of the NSF. It looks at risk from the
agency’s assets, operations, and personnel, both internal and external, that help implement the
Network Security Plan - McPherson
8
NSF’s mission of supporting science research and education. Tier 3 focuses on information
system risk. It looks risk from IT operations, including network assets and personnel.2
Tier 1 risks include lack attention to the details of memorandums of understanding with
other agencies and institution. Tier 2 risks include physical access exploitation which is managed
by the use of Personal Identity Verification (PIV) cards for both physical access to the building
and access to the network. Tier 3 risks include email exploitation which is mitigated by the use
of whitelist software, PIV cards, and employee training.
The chart below sets forth the 2017 information security risks of federal agencies.
The highest security risk for the NSF is social engineering due to the scale and sensitivity
of its data.8 The NSF funds cutting edge scientific research. In fact, the NFS supports
approximately 83% of the federal funded computer science academic research.11 Additionally,
the NSF is a prime target for social engineering due to the many cross-agency agreements it has
with other federal agencies and institution.
Network Security Plan - McPherson
9
FEMA sets for the Hazard Identification and Risk Assessment for federal agencies which
includes natural disasters.12
Risk Assessment Tools and Methodology
FISMA mandates that the agency’s information security and privacy policies are in
compliance with NIST and OMB guidelines. The National Institute of Standards and
Technology (NIST) SP 800-37, Guide for Applying the Risk Management Framework (RMF) to
Federal Systems: A Security Life Cycle Approach, and SP 800-39, Managing Information
Security Risk: Organization, Mission, and Information System View, set for the framework and
methodology the NSF uses to conduct risk assessment.2 NIST 800-37 is a risk management
guide for federal agencies. NIST 800-39 provides a more integrated approach to risk
management for all organizations.
There are multiple tools the NSF uses to conduct risk assessment. These include:
•
Cyber Security Asset Management (CSAM)
•
Cylance
•
CyberArk
CSAM complies with FISMA and helps identify authorized users and access, assess
program controls, and provides continuous monitoring of the network.2 Cylance is an AI
platform that includes the ability to detect attacks on the network.13 The NSF uses this to help
prioritize and protect its assets. CyberArk is used to monitor privileged access to NSF systems
as well as protect that access.14
Network Security Plan - McPherson
10
Security Architecture Plan (Week 3)
Appropriate Technologies and Their Location in the Network
The NSF uses a defense-in-depth to protect against risks, with multiples layers of security
as well as overlapping protections for each of its network layers.
At the application layer, the actual application data needs to be protected. The NSF
employs both Cylance and McAfee Solid Care (MSC).8 Cylance is an anti-virus that uses
artificial intelligence (AI) and machine learning as part of its endpoint security with mobile
devices and data terminal equipment.15. It uses a signatureless perspective in its security
algorithm evaluates over 1.4 million data points to identify risks. Cylance was chosen for its
adaptive, robust protection. MSC is whitelisting software that contains an index of NSFapproved applications.16 This software was chosen because it is consistent with both SP 800-37
and SP 800-39 which recommend that use of application whitelisting.
The presentation and session layers of the NSF’s network are protected by CyberAk.8
As noted earlier, CyberArk is used to monitor privileged access to NSF systems as well as
Network Security Plan - McPherson
11
protect that access.14 CyberArk was chosen to help manage the network access needed by
research institutions whose work is funded by the NSF. In addition, the NSF uses a host-based
intrusion detection system (HIDS) to monitor its network at the session level for both malicious
trespass from external entities and internal misuse.
The transport and network layers of the NSF both employ packet capture (PCAP) and
packet sniffing software to capture and analyze network traffic.8 Both help insure network
reliability and make it easier to (1) enforce NSF security policies and (2) insure the integrity of
data going to and from the NSF’s network.
At the data-link layer the NSF uses Cisco Identity Services Engine (ISE) for network
access control.8 Cisco ISE helps simplify identity management and network access.17 It was
chosen because it increases visibility of who and what is on the NSF’s network.
At the physical layer the NSF focuses on local adapter addresses using Group Policy
Objects (GPO) to help control user accounts and user activity as well as digital and web
certificates.8 In addition, the NSF uses session controls, password protected screen savers and
auto logoffs to help protect its network. These were chosen to help silo access of NSF
employees and outside research institutions.
Additional Software Assets
The NSF uses several other software applications to monitor its network and secure its
critical assets8:
•
FortiNet provides Fortigate firewalls, application and network security, as well as
endpoint protection.18
Network Security Plan - McPherson
•
12
FireEye is the first cybersecurity firm certified by the DHS and provides a suite of
security tools.19
•
RiverBed provides both application and network monitoring for the NSF.20
•
Security Center provides vulnerability scanning for both the NSF’s hardware and
software.21
Additional Security Controls
As noted in earlier, OIRM is bound by the requirements of other federal agencies. NIST
800-53, Security and Privacy Controls for Federal Information Systems and Organizations,
outlines the security controls needed for the NSF to comply with OMB guidelines. There are a
multitude of security controls used by the NSF to mitigate risk. These include (1) access
controls, and (2) roles and authorization controls. How the NSF defines business roles of
individuals at both organizational and IT level help reduce risk. Section 7 of Manual 7 sets forth
numerous program management controls that define roles and the authorization level of each
role.2 The on-going process of recertification of both users and their roles in the organization as
well as annual security training also mitigate risk. Section 5 of Manual 7 sets numerous
operational controls, including Awareness Training (AT) as well as Role-Based Security
Training for NSF employees and contractors.2
Risk Mitigation
Detailed information about the agency’s asset prioritization is confidential and therefore
unavailable for this paper. (see Week 2 – Risk Assessment). As such, the approach to risk
mitigation will be more general in nature. Systems of record, such as Ejacket, Fastlane, and
Awards – Award Search, contain the NSF’s most sensitive information and data (including
Network Security Plan - McPherson
13
Personally Identifiable Information (PII) on NSF employees, contractors and outside
researchers). The NSF’s layered approach to overall security is part of its holistic risk
management policy.
The three-tiered approach allows the NSF to identify risks to its mission, assess them, and
then act to reduce their threat.2 Placing the security technologies discussed above at each layer of
its network give the NSF a proactive approach to risk mitigation. Monitoring tools such as an
IDS (e.g. CyberArk) and IPS (e.g. Cylance) help identify risks and allow for future risk
assessment.
Network Security Plan - McPherson
Security Policies (TBD)
14
Network Security Plan - McPherson
Incident Response (TBD)
15
Network Security Plan - McPherson
Implementation Plan (TBD)
16
Network Security Plan - McPherson
17
References
1
Charlet, K. (2018, April). Understanding Federal Cybersecurity. Retrieved April 9, 2019, from
https://www.belfercenter.org/publication/understanding-federal-cybersecurity
National Science Foundation’s Office of Information and Resource Management.(2018, April).
Information Security Handbook - Manual 7. Retrieved April 8, 2019, from
https://inside.nsf.gov/tools/toolsdocuments/Inside NSF Documents/Manual 7, Information
Security Handbook.pdf
2
3
Mitchell, B. (2019). OMB issues updated Trusted Internet Connections policy - FedScoop.
[online] FedScoop. Available at: https://www.fedscoop.com/omb-issues-updated-trustedinternet-connections-policy/ [Accessed 10 Apr. 2019].
4
Overview of NSF Network [Personal interview of NSF IT Analyst Steve Cypher]. (2019, April
10).
5
What is eduroam and how does it work? (2019). Retrieved April 10, 2019, from
https://www.incommon.org/eduroam/whatis.html
6
What is IPv4 address class? - Definition from WhatIs.com. (2017). Retrieved April 10, 2019,
from https://whatis.techtarget.com/definition/IPv4-address-class
CISA Cyber and Infrastructure. “EINSTEIN.” Department of Homeland Security, 6 Mar. 2019,
www.dhs.gov/cisa/einstein.
7
Overview of National Science Foundation’s Risk Assessment Tools and Security Architecture
[Personal interview of NSF IT analysts Steve Cypher and Darren Cytryn]. (2019, April 14).
8
9
National Science Foundation. (2019). Retrieved from https://inside.nsf.gov/Pages/default.aspx
Network Security Plan - McPherson
18
10
National Science Foundation IT. (2019). IT Security Responsibilities. Retrieved from
https://inside.nsf.gov/internalservices/informationtechnology/itsecurityPrivacyInsiderThreatProg
ram/Pages/IT-Security-Responsibilities.aspx
11
nsf.gov. (2019). nsf.gov - Survey of Federal Funds for Research and Development - NCSES US National Science Foundation (NSF). [online] Available at:
https://www.nsf.gov/statistics/srvyfedfunds/ [Accessed 17 Apr. 2019].
12
Federal Emergency Management Agency. (2018, 4). Hazard Identification and Risk
Assessment. Retrieved from https://www.fema.gov/hazard-identification-and-risk-assessment
13
Blackberry/Cylance. (2019). Cylance. Retrieved from https://www.cylance.com/enus/index.html
14
CyberArk Software Limited. (2019). CyberArk Privileged Cloud: Privileged Access Security
for the Cloud. Retrieved from https://www.cyberark.com/products/cyberark-privilege-cloud/
15
Cylance Inc. (2018). Cylance® vs. Traditional Security Approaches Understanding Drives
Informed Decisions. Retrieved April 22, 2019, from
https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resourcelibrary/white-papers/CylanceVsTraditionalSecurityApproaches.pdf
16
McAfee Inc. (2010). McAfee Solidcore 5.1.0 Product Guide. Retrieved April 22, 2019, from
https://kb.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/
23000/PD23362/en_US/MFE_SO_EX_WIN_PG_5_1.pdf
17
Cisco Inc. (2018). Cisco Identity Services Engine. Retrieved April 22, 2019, from
https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-servicesengine/at_a_glance_c45-654884.pdf
18
Fortinet Inc. (2019). FortiGate: Next-Generation Firewall Overview. Retrieved April 22,
2019, from https://www.fortinet.com/products/next-generation-firewall/overview.html
19
FireEye, Inc. (2019). Cyber Security Experts & Solution Providers. Retrieved April 22, 2019,
from https://www.fireeye.com/
20
Riverbed, Inc. (2019). Maximize your Digital Performance and Gain a Competitive Edge.
Retrieved April 22, 2019, from https://www.riverbed.com/index.html
21
Genetec, Inc. (2019). Genetec Security Center: Comprehensive Unified Security. Retrieved
April 22, 2019, from https://www.genetec.com/solutions/all-products/security-center
Unit 1
Throughout this course, you will be working on several aspects of network security that will result in a complete
Network Security Plan Document for an organization of your choosing. Providing security to the organization and
protecting valuable corporate assets requires careful planning. The alternative could be disastrous for any
organization. A properly designed network security plan provides a methodology for evaluating and protecting the
organization’s assets. Each week, you will complete a part of your Network Security Plan, with the final draft due at
the end of the course.
You will select an organization and apply your research to the analysis and development of a Network Security Plan
document that would be appropriate for the organization and the needs it has for security. Additional information
and the deliverables for each Individual Project will be provided in the assignment descriptions each week. This is
the course's Key Assignment that you will make contributions to each week.
Project Selection:
The first step will be to select an organization as the target for your Network Security Plan document. This
organization will be used as the basis for each of the assignments throughout the course and should conform to the
following guidelines:
•
•
•
•
•
Nontrivial: The selected organization should be large enough to allow reasonable exercise of the
development of a network security plan.
Domain Knowledge: You should be familiar enough with the organization to allow focus on the project
tasks without significant time required for domain education.
Accessibility: You should have access to the people and other information related to the organization
because this will be an important part of the process.
Note: The selected organization may already have a security plan in place and may still be used as the basis
for the projects in this course.
Note: The selected organization must have a need for network security as part of its operations. Therefore,
you may feel free to identify a hypothetical organization that meets the requirements. Any necessary
assumptions may be made to fulfill the requirements of the organization selection.
Select an existing organization, or identify a hypothetical organization that fits these requirements, and submit your
proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought
within the first few days of the course. Your instructor will tell you how to submit this proposal and what
notification will be given for project approval.
Assignment Details:
You will not be implementing network security for the assignments in this course; however, you will be developing
a comprehensive Network Security Plan document. Your first task in this process will be to select an organization or
identify a hypothetical organization to use as the basis of your project. You will also create the shell document for
the final project deliverable that you will be working on during each unit. As you proceed through each project
phase, you will add content to each section of the final document to gradually complete the final project deliverable.
Appropriate research should be conducted to support the development of your document, and assumptions may be
made when necessary.
The project deliverables are the following:
•
•
Submission of the proposed organization to the instructor for approval
Network Security Plan document shell
o Use Word
o Title Page
▪ Course number and name
▪ Project name
▪ Student name
o
o
▪ Date
Table of Contents (TOC)
▪ Auto generated TOC
▪ Separate page
▪ Maximum of 3 levels deep
▪ Before submitting your project, update the fields of the TOC so it is up-to-date.
Section Headings (Create each heading on a new page with TBD as the content, except for
sections listed under New Content).
▪ Project Outline
▪ Overview of Network and Existing Security
▪ Risk Assessment
▪ Security Architecture Plan
▪ Security Policies
▪ Incident Response
▪ Implementation Plan
▪ New Content: Overview of Network and Existing Security (Week 1)
▪ Select an organization as the target for the analysis and plan that will be created.
▪ Provide an overview of the existing network architecture, including the following:
▪ Description of the network
▪ The topology
▪ Protocols allowed
▪ Connectivity methods
▪ Network equipment
▪ Number of routers, switches, and any other network equipment, such as VPN
concentrators, proxies, etc.
▪ A summary of the current security devices in use on the network
▪ List the type of device, the vendor, and provide a brief description of
how the device is used.
Unit 2
When it comes to IT security, you must do more than follow the examples of other companies, regardless of how
successful they are. No two organizations will encounter exactly the same problems. The best approach to providing
the best level of security is to conduct a risk assessment of your organization, identify what your assets are, what
your threats are, and what the probability of the threats occurring may be. This analysis will allow you to create the
network defense plan that is uniquely tailored to your organization and situation.
For this assignment, you will write the Risk Assessment section of 5–6 pages, and add it to the Network Security
Plan document. Appropriate research should be conducted to support the development of your document, and
assumptions may be made when necessary.
Assignment Details:
•
•
•
Update previous sections of your document based on feedback.
Update the Table of Contents.
Update the date on the cover page.
Risk Assessment Section
•
•
•
•
Conduct an inventory of devices within the chosen organization's network using appropriate tools.
Provide a summary of the number of desktops, laptops, network printers, and servers.
o Identify key assets.
o Assets also include records and sensitive information that requires special protection.
Prioritize each asset or group of assets, and assign a value to each.
Create a subsection that will identify and describe the risks within the environment.
•
o Do not forget natural disasters.
o Include the likelihood that the risk could occur.
Provide a list of the tools and methodology that you used to conduct the risk assessment.
Unit 3
Once the risks in an organization have been identified, you must devise a plan that will provide the best possible
protection without significantly impacting daily operations.
For this assignment you will write the Security Architecture section of 4–5 pages of the Network Security Plan
document, which will provide an action plan to mitigate the risks identified during the Risk Assessment and their
analysis. Appropriate research should be conducted to support the development of your document, and assumptions
may be made when necessary.
Assignment Details:
•
•
•
Update the previously completed sections based upon feedback.
Update the Table of Contents.
Update the date on the cover page.
Security Architecture Section
•
•
•
•
•
Identify and select appropriate technologies to protect against the risks that were identified, and provide an
explanation as to why the technology was chosen.
Describe where you plan to place these technologies within the network and why.
o The plan should cover all layers of the OSI model.
Identify additional software that will be required to monitor the network and protect key assets.
Identify any security controls that need to be implemented to assist in mitigating risks.
Mitigate all of the risks that were identified during the assessment phase.
Purchase answer to see full
attachment