Project
Deliverables
Other points of interest.
Vulnerability assessments that include careful diagnostic reviews of all
servers and network devices will definitely identify more issues faster than a
"black box" penetration test.
Distinction between
penetration testing and network security assessments:
A network security or
vulnerability assessment may be useful to a degree, but do not always reflect
the extent to which hackers will go to exploit a vulnerability. Penetration
tests attempt to emulate a 'real world' attack to a certain degree.
Determine HW requirements
for the proposed security solution:
I have the basic outline
of what I used in terms of hardware.
1. Raspberry Pi B+ as
compared to Pi 1 Model A+
A. Dual step-down (buck)
power supply for 3.3V and 1.8V
B. 5V supply has polarity
protection, 2A fuse and hot-swap protection (so you can plug/unplug USB without
resetting the board)
C. New USB/Ethernet
controller chip
D. 4 USB ports instead of
2 ports
E. 40 GPIO pins instead
of 26. The top/first 26 pins match the original layout, 9 additional GPIO and 2
EEPROM Plate identification pins
F. Composite (NTSC/PAL)
video now integrated into 4-pole 3.5mm 'headphone' jack
G. Micro SD card socket
instead of full size SD
H. Four mounting holes in
rectangular layout
I. Many connectors moved
around
J. Same basic size, 85mm
x 56mm
K. Same Processor,
Broadcom So C running at 700MHz (can be overclocked)
L. Chipset Broadcom
BCM2835 ARMv6
M. Processor Speed Single
Core @700 MHz
N. Same RAM, 512MB @400
MHz soldered on top of the Broadcom chip
O. GPU Video core IV
P. Same power connector,
micro USB
Q. Arch Linux
R. First 26-pins of GPIO
are the same
S. Same HDMI port
T. Audio part of the A/V
jack is the same
U. Same Camera and DSI
Display connector
2. Wireless USB Network
Adapter
3. Micro SD card with
configured software installed
Determine SW requirements
for the proposed security solution:
As shown in the
specifications we are tied to the Linux OS. This works in harmony with our
requirements for a low cost solution that is able to effectively address the
security issues we are addressing. Arch Linux running dnsmasq and Snort became
the acceptable security build for the Raspberry Pi unit.
Determine Configuration
of the proposed security solution:
I successfully determined
the configuration settings for any hardware software solutions that are deemed
appropriate to the security solution.
Determine Administration
of the proposed security solution:
I determined the basic
administration requirements for the hardware software solutions that were
deemed appropriate to the security solution, including future patching and
maintenance, as well as reporting requirements to document its effectiveness.
Build the prototype of the
proposed security solution:
I built the prototype as and
place it into the test environment.
The Raspberry Pi
The Raspberry Pi
customized closed case
Document any further
steps taken to harden the security of the implemented solution.
Vulnerability test new
network security and report the result:
Reported on the
solution’s effectiveness in mitigating risk.
Educate the public via
blogroll: http://netaficionado.blogspot.com/
:
Report on the
vulnerabilities and the proposed solution via website. Educate on existing
threats and consequences. Provide details regarding best practices for any
small to medium sized network. Follow new threats as they arise: New
vulnerabilities: http://www.securityfocus.com/
No comments:
Post a Comment