Goals
and Objectives
The goal of this project
was to provide a cost-effective solution for the securing and monitoring of a
typical small to medium sized network and to educate the public of the risks
they face by not taking steps to protect themselves. The goal has been
accomplished in that the solution provided is robust enough to provide
quantifiable protection to the targeted network size and inexpensive to build
although it does require a substantial amount of expertise to build, configure,
and administrate. Most of those in the targeted audience are not likely to be
able to build this on your own. The goal of educating these ones has still been
accomplished by providing some insight into the world of security and an
excellent path to a solution for those that take the risk seriously. The
potential is that you could perhaps find someone who you trust to help and or
pay someone if required. Also, some entrepreneurial type could create the
product and sell to the customer. In doing so they would have to create a
standardized load set that could be updated and monitored remotely and so once
again there would be some cost involved likely some sort of ongoing subscription
based service with monitoring and reporting included. Either way, awareness has
been raised for those who care. If some apply even the least of the suggested
action items they benefit substantially especially since it became apparent
that the simplest actions created the greatest protection benefit. For example,
one of the most important things a home network user can do is make sure they
have changed the password on their router to something not easily cracked.
I was successful in
meeting several objectives individually and collectively. These objectives
included determining requirements for hardware and software and the appropriate
configuration and administration of these on a typical small to medium size
network. How to supply these in a cost-effective manner that will make sense to
a typical small to medium size network.
I used penetration test
tools to verify that the device is indeed secure and acceptably serving its
intended purpose. The educational part of the project includes a website to
help educate the public and point them towards the solution. Social media may
eventually be used to extend the reach of this website pending the results
obtained, but most of that will be outside the confines of this project.
Objective 1 was to do a
basic penetration test of a typical small to medium size business network model
to identify risks and openings. I found that the home network was not as
vulnerable at the base level as I suspected it would be as long as a good
password was set on the router and the security and firmware updates were
applied. So the vulnerabilities would be outside the network on websites and so
forth.
Objective 2 was to
identify an affordable hardware platform that will work with the security
software being used to secure the network. I found this in the Raspberry Pi B+.
Objective 3 was to
identify the appropriate software for the chosen hardware. There are several
layers to this the chosen solution. The operating system Arch Linux. There will
also be one or more pieces of security and monitoring software that will have
to be installed. For this I chose and implemented dnsmasq and Snort.
Objective 4 required
determining the best way to configure the tools chosen to monitor and secure
the network, and to set up updates and reporting features. These had to be
configured to the constraints of the Pi hardware and set up to run on the test
network.
This leads us to Objective
5 which identified the best way to continue to administrate the device once it
was successfully configured. This mostly had to do with making sure the
solution was set up to be updated as needed and monitoring syslogs for
abnormalities.
Objective 6 required us
to once again use various penetration testing tools to try and hack into the
network to access any vulnerabilities and to establish the effectiveness of the
device being used to protect the network. The network proved to be more secure
than before.
Objective 7 addressed the
goal of educating the public on the risks at hand and the solution being
provided. I setup of a basic website for starters which will progress to
greater marketing efforts using social media in the long-term,
These objectives are
circular in nature and will have to be repeated to continue to refine and
improve on the solution being prepared to meet the high-end goals stated; a
process known as wash, rinse, and repeat. Obviously there had to be a ceiling
that conforms to the constraints of this project confined to the one month time
frame allotted.
The steps are listed
here:
1. Assessed network
vulnerabilities of network as is.
2. Built device to
address problem areas and other potential concerns
3. Defined the layers of
security used to harden the defenses of the network
4. Listed best practices
5. Implemented hardening
recommendations
6. Assessed the network vulnerabilities
to test the effectiveness of the security now in place
7. Reported the results
No comments:
Post a Comment