Analysis
and Methodology
Using established
penetration testing standards I have checked the existing home network for
vulnerabilities using a typical router with the typical types of hardware.
These home network devices are often the same ones used in a SOHO and at times
even a SMB network depending on the environment.
I am proposing the use of
a hardware device that will monitor the network activity that is taking place
over a typical SOHO/SMB network and the traffic that is coming and going. Steps
will be taken to verify that all vulnerabilities are addressed. These steps
must be documented and replicated.
I determined to use a
raspberry pi credit card size computer as the hardware platform because of its
relatively small physical size and price. I pursued a software solution based
on open source not only to keep expenses down but because, in my opinion, the
open source community drives the latest greatest solutions because it creates
an environment for many talented developers to contribute towards. Open source
by its nature keeps its finger on the pulse of cutting edge problems as they
arise.
The software architecture
that I chose for the pi was Arch Linux because of its small footprint. I layered
the solutions deemed necessary to secure the network. In the IT world, it is
likened to an onion, in that there are many layers necessary to effectively
secure a network. Each progressive layer builds on the prior one.
I installed dnsmasq which
is a DCHP DNS solution for a smaller network. I configured the program to work
on the local home network including the retention of syslogs for review of
security warnings as needed. I then installed Snort for the NIDS (network
intrusion detection system) and potentially for NIPS (network intrusion
prevention system) dependent upon the limitations of the platform its installed
on. Snort looks more deeply in to packets payloads in order to do an effective
job of detecting malicious traffic. I modified Snort to run within the
limitations of the Pi hardware. The configuration file was set to run within
the low memory parameters required for this platform. Stateful inspection and
stream reassembly was also configured along with other settings set to detect
abnormal and malicious behavior. I ran various penetration tests to verify that
the solutions implemented were securing the network as projected.
I used a typical IT
Project management methodology which specializes in the delivery of technical
assets and services that are required to pass through various lifecycles. The project
life cycle of an IT project moves through iterations of planning, executing,
and controlling until the project is ultimately closed and transferred into
operations. I chose a Predictive life cycle: this is the most common and
traditional project life cycle for IT projects. In this approach the project
manager and the project team first define the project scope, project schedule,
and expected project costs before the project execution begins. As part of the
project planning it’s typical for the phases of the project to be defined (each
phase does a specific type of project work). In order for the project to move
from its initiation to its closure each phase must be started and completed in
the specific order as planned. This type of approach is sometimes called a
waterfall approach as the project “waterfalls” down the phases of the project.
No comments:
Post a Comment