Peer Review

User Generated

U_Z_U_L

Computer Science

Description

Deliverable length: 500-700 words. Review at least 1 other student's Key Assignment Outline and provide meaningful feedback. Refrain from general feedback, such as simply stating "good job." Your feedback to other students is most helpful if you not only point out weak areas but also offer suggestions for improvement. The best feedback takes a three-stage approach to identify what was done well, weaknesses, and areas for improvement.

Attached you’ll find the assignment to review and also instructions from units 1-3 of what the paper should include.

Unformatted Attachment Preview

Running head: Network Security Plan - McPherson Table of Contents Project outline ....................................................................................................................... 2 Overview of Network and Existing Security (Week 1) ............................................................. 2 Overview of Agency .......................................................................................................................2 Description of Network ..................................................................................................................2 Network Topology .........................................................................................................................3 Network Protocols .........................................................................................................................4 Connectivity Methods ....................................................................................................................5 Current Security Devices ................................................................................................................5 Risk Assessment (Week 2) ...................................................................................................... 6 Inventory/Summary of Devices ......................................................................................................6 Asset Prioritization.........................................................................................................................7 Risk within the Environment ..........................................................................................................7 Risk Assessment Tools and Methodology ........................................................................................9 Security Architecture Plan (Week 3) ..................................................................................... 10 Appropriate Technologies and Their Location in the Network ....................................................... 10 Additional Software Assets .......................................................................................................... 11 Additional Security Controls ......................................................................................................... 12 Risk Mitigation............................................................................................................................. 12 Security Policies (TBD) ......................................................................................................... 14 Incident Response (TBD) ...................................................................................................... 15 Implementation Plan (TBD).................................................................................................. 16 References........................................................................................................................... 17 Network Security Plan - McPherson 2 Project outline Any federal agency’s network is an inviting target for hackers.1 The National Science Foundation (NSF) is no exception, not only for its data bases of cutting-edge research and researchers, but for access other agencies and consortiums through its partnerships. Overview of Network and Existing Security (Week 1) Overview of Agency The NSF’s primary purpose is to support science research and education, including all engineering fields. The agency handles sensitive information on cutting edge scientific research and has personal information on many of this country’s researchers. The NSF is subject to the Federal Information Security Modernization Act (FISMA), which requires it to develop, document, and implement an agency-wide information security and privacy program.2 This plan is set forth in the Information Security Handbook – Manual 7 (Manual 7) which was late updated in April 2018. The plan covers NSF resources and includes NSF personnel and contractors as well as in-house and external computer systems. Description of Network A description of the NSF’s network starts with other agencies. As of 2007, the Office of Management and Budget (OMB) instituted a common solution to federal agency network services, the Trusted Internet Connection (TIC).3 The Department of Homeland Security (DHS) oversees this initiative, also called DHS Trusted Internet Connections Initiative, through its Managed Trusted Internet Protocol Services (MTIPS) program. The Office of Information and Network Security Plan - McPherson 3 Resource Management (OIRM) directorate of the NSF maintains its network infrastructure, including hardware, software and support services.2 OIRM has effectively siloed the NSF’s network into four separate networks: (1) internal; (2) visitor; (3) Bring Your Own Device (BYOD); and (4) Eduroam.4 The internal network is for NSF staff and is both wired and wireless. The next three networks are effectively subnetworks of the wireless network. The visitor and BYOD networks are both wireless. The Eduroam network is wireless. It is known as Fastlane and is a network access service for research and education that allows the NSF to provide users wireless access to their respective university/institutions using their credentials from that particular university/institution.5 This segmented structure allows the NSF to apply and enforce different data and access requirements to each siloed network. In turn, it allows the ORIM to more effectively monitor the network and determine compliance with its security requirements. Network Topology A broad representation of the Network topology is shown below: Network Security Plan - McPherson 4 Internet Edge router Backup Edge router Data Center Campus LANS Server Farms Management Center NSF Network Topology As noted above, the NSF network has two edge routers to provide redundancy for the system in case of failure. The Data Center is segregated from the rest of the network to secure it while Campus LANS and the Server farms are connected to the Management Center. Network Protocols Network protocols of the NSF’s network depend upon the OSI layer (see Week 3 Security Architecture section of this paper). Primary network protocols are TCP/IP. The NSF supports both IPv4 and IPv6. It has Class B IP addresses, where the 1st two bits are 10, are in the range of 128.0.0.0 to 191.255.255.255. This class is for medium networks and has 16 bits for network and 16 bits for hosts. Many of the protocols employed by the NSF come from those common to the EINSTEIN system and to Century Link. The DHS provides the EINSTEIN system to federal agencies to help detect and block cyber-attacks.7 EINSTEIN provides an email filter and DNS sink holing to help identify any infected hosts/users on the NSF network.4 CenturyLink is both the NSF’s Network Security Plan - McPherson 5 telecommunications provider and cloud services provider. With the mandate to transition to the cloud, the NSF is more and more reliant upon CenturyLink for the protocols it will use and enforce. Connectivity Methods There are a variety of connectivity methods employed by the NSF: broadband (both wired and wireless), mobile Internet, remote access, campus LANs, and VPN. Current Security Devices A broad overview of network equipment shows that the NSF has 2 border routers (including a backup for redundancy), 3 layers of routers, and approximately 33 switches (2 per floor for the first 14 floors and then one for the remaining 5 floors). It is a switched network and many of its security appliances and core switches are also routers. The border or edge routers connect to and run in the internet backbone. They are connected to layers of core routers which support NSF’s routing protocols. Cisco and Arista are the primary network equipment vendors, with two to three additional minor suppliers. Cisco provides firewalls through Adaptive Security Appliances (ASA), both stand alone and virtual. The ASA includes not only a firewall, but also antivirus protection and intrusion prevention. The NSF also has an Intrusion Prevention System (IPS) that sits at the edge router(s), outside of its network. It provides both inline and in-blocking mode.4 Network Security Plan - McPherson 6 Risk Assessment (Week 2) Inventory/Summary of Devices The first step in assessing risk for the NSF network is to take inventory of the agency’s assets, both hardware and data, especially sensitive information. The NSF has over 2,400 desktop and laptop computers, 166 network printers and ____ servers. The NSF data assets include cutting edge scientific research and can be divided into those classified as (1) mission systems, and (2) mission support. NSF defines mission systems as those necessary for its operations and mission; mission systems can also be categorized as systems of record. They include (i) Ejacket, (ii) Fastlane, and (iii) Awards – Award Search.8 Ejacket is a web-based interface that consolidates grant applications received by the NSF. It can manage both programs and proposals. Fastlane is one of two internet platforms used by the NSF as its grant management system. It allows communication between NSF and the outside research community. It will eventually be assimilated into Research.gov. The NSF accounts for approximately twenty percent of all science research funding made by the federal government. Award search software allows for both internal and external access to information about research grants awarded by the NSF.9 Network Security Plan - McPherson 7 Mission support includes directory services and My NSF. My NSF is an internal ebusiness system that allows NSF staff access to online merit review systems for research proposals submitted to the NSF by its research community. Asset Prioritization The NSF prioritizes its assets by availability and integrity, since confidentiality is assumed in all of its actions and communications.8 Both availability and confidentiality are of equal importance to the agency. More detailed information about the agency’s asset prioritization is confidential and therefore unavailable for this paper.8 Risk within the Environment Manual 7 outlines a three-tier approach per NIST 800-39 to assess and manage risk in the NSF: Tier 1 risk, Tier 2 risk, and Tier 3 risk (see diagram below). Tier 1 focuses on organizational risk (i.e., enterprise risk) by looking at risk from a strategic point of view caused by the NSF’s position as a government agency carrying out national policies. Tier 2 focuses on the business risk of the NSF. It looks at risk from the agency’s assets, operations, and personnel, both internal and external, that help implement the Network Security Plan - McPherson 8 NSF’s mission of supporting science research and education. Tier 3 focuses on information system risk. It looks risk from IT operations, including network assets and personnel.2 Tier 1 risks include lack attention to the details of memorandums of understanding with other agencies and institution. Tier 2 risks include physical access exploitation which is managed by the use of Personal Identity Verification (PIV) cards for both physical access to the building and access to the network. Tier 3 risks include email exploitation which is mitigated by the use of whitelist software, PIV cards, and employee training. The chart below sets forth the 2017 information security risks of federal agencies. The highest security risk for the NSF is social engineering due to the scale and sensitivity of its data.8 The NSF funds cutting edge scientific research. In fact, the NFS supports approximately 83% of the federal funded computer science academic research.11 Additionally, the NSF is a prime target for social engineering due to the many cross-agency agreements it has with other federal agencies and institution. Network Security Plan - McPherson 9 FEMA sets for the Hazard Identification and Risk Assessment for federal agencies which includes natural disasters.12 Risk Assessment Tools and Methodology FISMA mandates that the agency’s information security and privacy policies are in compliance with NIST and OMB guidelines. The National Institute of Standards and Technology (NIST) SP 800-37, Guide for Applying the Risk Management Framework (RMF) to Federal Systems: A Security Life Cycle Approach, and SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View, set for the framework and methodology the NSF uses to conduct risk assessment.2 NIST 800-37 is a risk management guide for federal agencies. NIST 800-39 provides a more integrated approach to risk management for all organizations. There are multiple tools the NSF uses to conduct risk assessment. These include: • Cyber Security Asset Management (CSAM) • Cylance • CyberArk CSAM complies with FISMA and helps identify authorized users and access, assess program controls, and provides continuous monitoring of the network.2 Cylance is an AI platform that includes the ability to detect attacks on the network.13 The NSF uses this to help prioritize and protect its assets. CyberArk is used to monitor privileged access to NSF systems as well as protect that access.14 Network Security Plan - McPherson 10 Security Architecture Plan (Week 3) Appropriate Technologies and Their Location in the Network The NSF uses a defense-in-depth to protect against risks, with multiples layers of security as well as overlapping protections for each of its network layers. At the application layer, the actual application data needs to be protected. The NSF employs both Cylance and McAfee Solid Care (MSC).8 Cylance is an anti-virus that uses artificial intelligence (AI) and machine learning as part of its endpoint security with mobile devices and data terminal equipment.15. It uses a signatureless perspective in its security algorithm evaluates over 1.4 million data points to identify risks. Cylance was chosen for its adaptive, robust protection. MSC is whitelisting software that contains an index of NSFapproved applications.16 This software was chosen because it is consistent with both SP 800-37 and SP 800-39 which recommend that use of application whitelisting. The presentation and session layers of the NSF’s network are protected by CyberAk.8 As noted earlier, CyberArk is used to monitor privileged access to NSF systems as well as Network Security Plan - McPherson 11 protect that access.14 CyberArk was chosen to help manage the network access needed by research institutions whose work is funded by the NSF. In addition, the NSF uses a host-based intrusion detection system (HIDS) to monitor its network at the session level for both malicious trespass from external entities and internal misuse. The transport and network layers of the NSF both employ packet capture (PCAP) and packet sniffing software to capture and analyze network traffic.8 Both help insure network reliability and make it easier to (1) enforce NSF security policies and (2) insure the integrity of data going to and from the NSF’s network. At the data-link layer the NSF uses Cisco Identity Services Engine (ISE) for network access control.8 Cisco ISE helps simplify identity management and network access.17 It was chosen because it increases visibility of who and what is on the NSF’s network. At the physical layer the NSF focuses on local adapter addresses using Group Policy Objects (GPO) to help control user accounts and user activity as well as digital and web certificates.8 In addition, the NSF uses session controls, password protected screen savers and auto logoffs to help protect its network. These were chosen to help silo access of NSF employees and outside research institutions. Additional Software Assets The NSF uses several other software applications to monitor its network and secure its critical assets8: • FortiNet provides Fortigate firewalls, application and network security, as well as endpoint protection.18 Network Security Plan - McPherson • 12 FireEye is the first cybersecurity firm certified by the DHS and provides a suite of security tools.19 • RiverBed provides both application and network monitoring for the NSF.20 • Security Center provides vulnerability scanning for both the NSF’s hardware and software.21 Additional Security Controls As noted in earlier, OIRM is bound by the requirements of other federal agencies. NIST 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, outlines the security controls needed for the NSF to comply with OMB guidelines. There are a multitude of security controls used by the NSF to mitigate risk. These include (1) access controls, and (2) roles and authorization controls. How the NSF defines business roles of individuals at both organizational and IT level help reduce risk. Section 7 of Manual 7 sets forth numerous program management controls that define roles and the authorization level of each role.2 The on-going process of recertification of both users and their roles in the organization as well as annual security training also mitigate risk. Section 5 of Manual 7 sets numerous operational controls, including Awareness Training (AT) as well as Role-Based Security Training for NSF employees and contractors.2 Risk Mitigation Detailed information about the agency’s asset prioritization is confidential and therefore unavailable for this paper. (see Week 2 – Risk Assessment). As such, the approach to risk mitigation will be more general in nature. Systems of record, such as Ejacket, Fastlane, and Awards – Award Search, contain the NSF’s most sensitive information and data (including Network Security Plan - McPherson 13 Personally Identifiable Information (PII) on NSF employees, contractors and outside researchers). The NSF’s layered approach to overall security is part of its holistic risk management policy. The three-tiered approach allows the NSF to identify risks to its mission, assess them, and then act to reduce their threat.2 Placing the security technologies discussed above at each layer of its network give the NSF a proactive approach to risk mitigation. Monitoring tools such as an IDS (e.g. CyberArk) and IPS (e.g. Cylance) help identify risks and allow for future risk assessment. Network Security Plan - McPherson Security Policies (TBD) 14 Network Security Plan - McPherson Incident Response (TBD) 15 Network Security Plan - McPherson Implementation Plan (TBD) 16 Network Security Plan - McPherson 17 References 1 Charlet, K. (2018, April). Understanding Federal Cybersecurity. Retrieved April 9, 2019, from https://www.belfercenter.org/publication/understanding-federal-cybersecurity National Science Foundation’s Office of Information and Resource Management.(2018, April). Information Security Handbook - Manual 7. Retrieved April 8, 2019, from https://inside.nsf.gov/tools/toolsdocuments/Inside NSF Documents/Manual 7, Information Security Handbook.pdf 2 3 Mitchell, B. (2019). OMB issues updated Trusted Internet Connections policy - FedScoop. [online] FedScoop. Available at: https://www.fedscoop.com/omb-issues-updated-trustedinternet-connections-policy/ [Accessed 10 Apr. 2019]. 4 Overview of NSF Network [Personal interview of NSF IT Analyst Steve Cypher]. (2019, April 10). 5 What is eduroam and how does it work? (2019). Retrieved April 10, 2019, from https://www.incommon.org/eduroam/whatis.html 6 What is IPv4 address class? - Definition from WhatIs.com. (2017). Retrieved April 10, 2019, from https://whatis.techtarget.com/definition/IPv4-address-class CISA Cyber and Infrastructure. “EINSTEIN.” Department of Homeland Security, 6 Mar. 2019, www.dhs.gov/cisa/einstein. 7 Overview of National Science Foundation’s Risk Assessment Tools and Security Architecture [Personal interview of NSF IT analysts Steve Cypher and Darren Cytryn]. (2019, April 14). 8 9 National Science Foundation. (2019). Retrieved from https://inside.nsf.gov/Pages/default.aspx Network Security Plan - McPherson 18 10 National Science Foundation IT. (2019). IT Security Responsibilities. Retrieved from https://inside.nsf.gov/internalservices/informationtechnology/itsecurityPrivacyInsiderThreatProg ram/Pages/IT-Security-Responsibilities.aspx 11 nsf.gov. (2019). nsf.gov - Survey of Federal Funds for Research and Development - NCSES US National Science Foundation (NSF). [online] Available at: https://www.nsf.gov/statistics/srvyfedfunds/ [Accessed 17 Apr. 2019]. 12 Federal Emergency Management Agency. (2018, 4). Hazard Identification and Risk Assessment. Retrieved from https://www.fema.gov/hazard-identification-and-risk-assessment 13 Blackberry/Cylance. (2019). Cylance. Retrieved from https://www.cylance.com/enus/index.html 14 CyberArk Software Limited. (2019). CyberArk Privileged Cloud: Privileged Access Security for the Cloud. Retrieved from https://www.cyberark.com/products/cyberark-privilege-cloud/ 15 Cylance Inc. (2018). Cylance® vs. Traditional Security Approaches Understanding Drives Informed Decisions. Retrieved April 22, 2019, from https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resourcelibrary/white-papers/CylanceVsTraditionalSecurityApproaches.pdf 16 McAfee Inc. (2010). McAfee Solidcore 5.1.0 Product Guide. Retrieved April 22, 2019, from https://kb.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 23000/PD23362/en_US/MFE_SO_EX_WIN_PG_5_1.pdf 17 Cisco Inc. (2018). Cisco Identity Services Engine. Retrieved April 22, 2019, from https://www.cisco.com/c/dam/en/us/products/collateral/security/identity-servicesengine/at_a_glance_c45-654884.pdf 18 Fortinet Inc. (2019). FortiGate: Next-Generation Firewall Overview. Retrieved April 22, 2019, from https://www.fortinet.com/products/next-generation-firewall/overview.html 19 FireEye, Inc. (2019). Cyber Security Experts & Solution Providers. Retrieved April 22, 2019, from https://www.fireeye.com/ 20 Riverbed, Inc. (2019). Maximize your Digital Performance and Gain a Competitive Edge. Retrieved April 22, 2019, from https://www.riverbed.com/index.html 21 Genetec, Inc. (2019). Genetec Security Center: Comprehensive Unified Security. Retrieved April 22, 2019, from https://www.genetec.com/solutions/all-products/security-center Unit 1 Throughout this course, you will be working on several aspects of network security that will result in a complete Network Security Plan Document for an organization of your choosing. Providing security to the organization and protecting valuable corporate assets requires careful planning. The alternative could be disastrous for any organization. A properly designed network security plan provides a methodology for evaluating and protecting the organization’s assets. Each week, you will complete a part of your Network Security Plan, with the final draft due at the end of the course. You will select an organization and apply your research to the analysis and development of a Network Security Plan document that would be appropriate for the organization and the needs it has for security. Additional information and the deliverables for each Individual Project will be provided in the assignment descriptions each week. This is the course's Key Assignment that you will make contributions to each week. Project Selection: The first step will be to select an organization as the target for your Network Security Plan document. This organization will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines: • • • • • Nontrivial: The selected organization should be large enough to allow reasonable exercise of the development of a network security plan. Domain Knowledge: You should be familiar enough with the organization to allow focus on the project tasks without significant time required for domain education. Accessibility: You should have access to the people and other information related to the organization because this will be an important part of the process. Note: The selected organization may already have a security plan in place and may still be used as the basis for the projects in this course. Note: The selected organization must have a need for network security as part of its operations. Therefore, you may feel free to identify a hypothetical organization that meets the requirements. Any necessary assumptions may be made to fulfill the requirements of the organization selection. Select an existing organization, or identify a hypothetical organization that fits these requirements, and submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first few days of the course. Your instructor will tell you how to submit this proposal and what notification will be given for project approval. Assignment Details: You will not be implementing network security for the assignments in this course; however, you will be developing a comprehensive Network Security Plan document. Your first task in this process will be to select an organization or identify a hypothetical organization to use as the basis of your project. You will also create the shell document for the final project deliverable that you will be working on during each unit. As you proceed through each project phase, you will add content to each section of the final document to gradually complete the final project deliverable. Appropriate research should be conducted to support the development of your document, and assumptions may be made when necessary. The project deliverables are the following: • • Submission of the proposed organization to the instructor for approval Network Security Plan document shell o Use Word o Title Page ▪ Course number and name ▪ Project name ▪ Student name o o ▪ Date Table of Contents (TOC) ▪ Auto generated TOC ▪ Separate page ▪ Maximum of 3 levels deep ▪ Before submitting your project, update the fields of the TOC so it is up-to-date. Section Headings (Create each heading on a new page with TBD as the content, except for sections listed under New Content). ▪ Project Outline ▪ Overview of Network and Existing Security ▪ Risk Assessment ▪ Security Architecture Plan ▪ Security Policies ▪ Incident Response ▪ Implementation Plan ▪ New Content: Overview of Network and Existing Security (Week 1) ▪ Select an organization as the target for the analysis and plan that will be created. ▪ Provide an overview of the existing network architecture, including the following: ▪ Description of the network ▪ The topology ▪ Protocols allowed ▪ Connectivity methods ▪ Network equipment ▪ Number of routers, switches, and any other network equipment, such as VPN concentrators, proxies, etc. ▪ A summary of the current security devices in use on the network ▪ List the type of device, the vendor, and provide a brief description of how the device is used. Unit 2 When it comes to IT security, you must do more than follow the examples of other companies, regardless of how successful they are. No two organizations will encounter exactly the same problems. The best approach to providing the best level of security is to conduct a risk assessment of your organization, identify what your assets are, what your threats are, and what the probability of the threats occurring may be. This analysis will allow you to create the network defense plan that is uniquely tailored to your organization and situation. For this assignment, you will write the Risk Assessment section of 5–6 pages, and add it to the Network Security Plan document. Appropriate research should be conducted to support the development of your document, and assumptions may be made when necessary. Assignment Details: • • • Update previous sections of your document based on feedback. Update the Table of Contents. Update the date on the cover page. Risk Assessment Section • • • • Conduct an inventory of devices within the chosen organization's network using appropriate tools. Provide a summary of the number of desktops, laptops, network printers, and servers. o Identify key assets. o Assets also include records and sensitive information that requires special protection. Prioritize each asset or group of assets, and assign a value to each. Create a subsection that will identify and describe the risks within the environment. • o Do not forget natural disasters. o Include the likelihood that the risk could occur. Provide a list of the tools and methodology that you used to conduct the risk assessment. Unit 3 Once the risks in an organization have been identified, you must devise a plan that will provide the best possible protection without significantly impacting daily operations. For this assignment you will write the Security Architecture section of 4–5 pages of the Network Security Plan document, which will provide an action plan to mitigate the risks identified during the Risk Assessment and their analysis. Appropriate research should be conducted to support the development of your document, and assumptions may be made when necessary. Assignment Details: • • • Update the previously completed sections based upon feedback. Update the Table of Contents. Update the date on the cover page. Security Architecture Section • • • • • Identify and select appropriate technologies to protect against the risks that were identified, and provide an explanation as to why the technology was chosen. Describe where you plan to place these technologies within the network and why. o The plan should cover all layers of the OSI model. Identify additional software that will be required to monitor the network and protect key assets. Identify any security controls that need to be implemented to assist in mitigating risks. Mitigate all of the risks that were identified during the assessment phase.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

hey, find attached, have a look

Running head: PEER REVIEW

Peer Review
Institutional Affiliation
Name
Date

PEER REVIEW

2
Peer Review

An analysis of McPherson’s Network Security Plan shows that the student did a thorough
job in covering the content that was identified necessary for the project. For example in week
one’s assignment they identified an organization that met the requirements for the proposal and
that required a network security document. They also gave as much information about the
organization as they could without posing a security risk since it’s a government agency. On the
second week, the student did a thorough assessme...


Anonymous
Really helped me to better understand my coursework. Super recommended.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags