LO1: Perform a risk assessment for a given network security scenario and design a defensive strategy to aIDress the risks that you have identified.

LO2: Devise a firewall security policy and implement it using appropriate hardware and/or software.

Assignment Brief Introduction

The Internet has changed the approaches and attack vectors used by criminals in a massive way. The requirements for a criminal to geographically close to their target is no longer a requirement. Attackers can probe and gain access to any unprotected network from the comfort of their local internet café; no physical presence, no violence – simply following a logical processes and careful analysis of the information retrieved from a probed network is sufficient for the criminal to obtain sensitive data such as credit card and deeply personal details. Therefore the design and development of a secure network that provides a defence in depth strategy is paramount in today’s business environment.

Assignment Brief and Overview of Research Scope

You are required to design and document a secure network for a medium sized doctor’s office that includes the development of a shell script that includes all of the configuration elements for a Linux based iptables based firewall.

For this written assignment you are expected to research and develop two areas of network security. This assignment will provided you with a deep yet rounded understanding of the approaches required to protect networks from outside attack without restricting use for the authorised users of the network.

The assignment will consist of at least a minimum of three thousand words (excluding appendices, bibliography and contents page) and will require independent research covering the following two aspects of risk assessment for the design of a secure network that takes a defensive strategy to aIDress the risks that you have identified and devise a firewall security policy and implement it using appropriate hardware and/or software.

1. Risk Assessment and Secure Network Design: Under take a risk assessment to determine services, protocols, connection directions, security classifications for data, access control, overall network security and Host and server security. Design the secure network contrasting technologies and techniques to define the best strategy to mitigate the attack vectors identified based upon the protocols and risk analysis. This will include a detailed network diagram outlining ingress and egress points and full topology diagram that provides a defence in depth strategy.

2. Devise the firewall policy: Provide detailed instructions for the configuration of the firewall and rational for the rules applied based upon the identified network services highlighted from the risk analysis as identified in part one. This must be submitted as a shell script with detailed information on each of the rules that have been identified and how this related to the information security strategy and the defence in depth strategy

For both areas you will need to consider and research contemporaneous security practices for network design and deployment. Furthermore you will need to provide comparisons and justify your approaches for the topological design, deployment of technologies and why you have chosen the strategies and technologies. It may well be worth researching to see if there are existing practices within the NHS for this sort of development.

Please use the papers provided in the Case Study lectures on Moodle 2 to help you understand the topic and how to write at the required academic level. This is a piece of applied research and should be documented as such.

Case Study area of research.

Bolton Health Service medium sized medical practice.

The assignment will consider the environment of a medium sized doctor’s office and surgical practice. There will be a number of assumptions that can be made in terms of the requirements of the services – such as internal servers and external connection requirements, protocols and services that are used will be standard ports for those services. For example, SSH prot 22, DNS port 53, SMTP port 25, http port 80 etc etc. There is also some specialist equipment for medical imaging – an example of one can be found here http://www.philips.co.uk/healthcare-product/HC781342/ingenia-30t-mr-system that contains some basic specifications. Assumptions can also be made about this equipment and how the data is stored and transmitted – assume a standard network protocol appropriate to the task is used.

Consider Information Security: This is a prerequisite exercise for the main element of the assignment brief. Understanding an organization’s data is the first step to securing their network. Data will have different confidentiality and reliability requirements depending on whether it is medical, personal or general. Use the titles of medical, personal and general as the classifications of the data and consider how each class is to be handled in the context of the access permissions for the various roles in the organization. For example a Doctor would need to see all medical and personal information where as a receptionist would only require to personal.

Planning The Network through risk analysis (1): Network security requires: 1) Identifying the services, protocols/ports, connections, software and hardware technologies used within the network, and 2) allocating services to virtual or physical computers, based on their Criticality/Sensitivity classification and role-based access control. This is all undertaken through the process of risk analysis.

In this case study of the doctors’ office you must complete research in order to undertake risk analysis to determine an appropriate design of a secure network for the required services including appropriate controls to securely protect the data. The first step would be to determine which network services are allowed to enter and leave the network, and in which directions connections normally originate and identify potential attack vectors that could be exploited based upon Application Level protocols and transport and aIDressing protocols. The second step considers which applications can be stored together on physical or virtual machines, based on access control (who can access what) and the Criticality classification. Based on the Criticality classification, you will then define the required controls for each service/host and technology used. The design and implementation of the network and technology needs will be based upon the risk analysis you have identified and based upon the services that are required for this busy doctor’s surgery and must to protect the organization’s data, hosts and LANs from unauthorised access from the Internet, inside and wireless networks.

Finally, you are required to develop a topological diagram that has a colour code the different systems according to their level of security. Please use the floor plan of the office to help with the topological diagram

Figure 1: Floor Plan for Bolton Health Service.

Devise the Firewall Policy – Network Security Research Element 2: If you are to protect the network, you must be able to define and develop the rules for the firewalls that are placed throughout the network. These rules must be written as a BASH script that can be used on the Linux based firewall. AIDitionally there MUST be a chapter in the main body of the research paper that discusses the rules you have implemented, why you have implemented them and why they are appropriate for the services and protocols you have identified from the risk assessment undertaken in research element 1. Understanding protocols is essential to recognizing attack traffic, attack vectors as well as how attacks can be manifested at different levels of the TCP/IP stack and programming a firewall is a key skill required for today’s security set. For example, you may need to consider which ports should remain open in and in which direction do connections normally occur? Sometimes this is not easily known, and some research will need to be taken.

This very technical exercise and each of the practical sessions that have taken place will help you with the development of the rules. It is expected that you will test your rules to ensure that they work.

Secondary Research Level HE6 – It is expected that the Reference List will contain between fifteen to twenty sources. As a MINIMUM the Reference List should include four refereed academic journals and four academic books.

Marking Guide – Assignment

Content 25%

• Structure of report is appropriate to the topic.

• Summary skills in evidence e.g. to select evidence and examples.

• Section included on findings, with sub-headings.

• Conclusion section included, aIDressing the question in the title.

• Excessive detail moved to one or more appendices.

• Clear knowledge of network security technologies, strategies and approaches .

Report Writing 25%

• Essential sections present: title, introduction/abstract, contents, findings, conclusions, references, and possibly one or more appendices (following David RuID’s guidelines in Cite Me I’m Yours available from:

http://www.bolton.ac.uk/library/LibraryPublications/StudySkills/Harvard07.pdf).

• Well written, generally following UK conventions for spelling, grammar and punctuation.

• Well-presented overall, including use of spacing, and consistency in use of fonts and sizes for headings and text.

• Use of graphical elements e.g. tables, pictures etc. where appropriate.

• Homogeneous, not simply a collection of individual submissions.

• Total number of words as a minimum 3000

Research Process and Referencing 25%

• Section included on research objectives, initial ideas, how and why changed, (if at all), final sequence of topics. i.e. was there a research strategy, and did it help you to draw conclusions?

• Section included on evaluation and comparisons of techniques and technologies. Consider where did you get your best information? Did you consciously use a variety of sources? What method did you adopt for recording sources?

• Any direct quotes clearly identified as such, and the source stated.

• Correct lay out of a Bibliography

• Correct documentation of sources. E.g. using the Harvard method to link to the list of references.

Individual Contribution to the problem domain 25%

Your individual ideas brought about through research, argument and synthesis of management methodologies. You should let your individual thoughts based upon sound academic argument shine through.

AIDitional Marking information:

First class: This piece of work shows evidence of wider research with reference to a number of differing academic viewpoints. The report has recognised relevantly and discussed in detail, all the required external environmental factors which affect the management operation of mega events. Several reasoned and logical arguments have been developed well and supported by a wide range of appropriately researched literature. Reference to two or more academic models is clear, relevant and informative. Presentation is of a high professional standard, and in the appropriate technical report style. The high number of appropriate sources has been referenced accurately and to a high standard.

Second class: A clear and informative piece of work with evidence of wider research and discussion. The report has correctly recognised and discussed, all the required external environmental factors which affect the management operation of mega events. Some reasoned arguments have been developed and supported by a good number of sources. Reference to two academic models is clear. Presentation is of a good standard, in the appropriate report style. A good number of appropriate sources have been referenced well, with most complying with the Harvard style.

Third class: A reasonable attempt has been made at researching the essay but greater in depth discussion and academic debate is required. The report has recognised the external environmental factors which affect the security of the network, however mostly the discussion is superficial and lacking in any depth. Reference to two academic models has been attempted. Presentation of the report is limited, and only the minimum of 5 sources has been provided, with at least one academic text and two academic journals included.