alex_deac_writing_sample
TRANSCRIPT
![Page 1: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/1.jpg)
Analytical Report
Atlantys Networks, Inc.
Office of Chief Information Officer
ALEX DEAC
9/10/2014
![Page 2: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/2.jpg)
ALEX DEAC 2
Table of Contents
Table of content ..............................................................................................................................3
Table of figures ...............................................................................................................................3
Abstract ...........................................................................................................................................4
ANI: Enhancing corporate security posture ...............................................................................5
Risk management, governance and regulatory compliance ...................................................5
Zero-trust network security concept .........................................................................................6
Analysis of current security solutions ..........................................................................................8
Traditional Firewalls ..................................................................................................................8
Next-generation firewalls ...........................................................................................................9
Mitigating current threats ........................................................................................................10
Vendor solutions analysis ............................................................................................................12
NGFW vendors..........................................................................................................................12
Performance versus costs .........................................................................................................13
Conclusions ...................................................................................................................................15
References .....................................................................................................................................16
Table of Figures
Figure1. Traditional firewall setup for network security ..........................................................7
Figure 2. NGFW works at all 7 TCP/IP layers ..........................................................................9
Figure 3. A basic DDoS Attack ..................................................................................................10
Figure 4. Next Generation Firewall Security Value map ........................................................14
Table 1. NSS Labs NGFW Comparative Analysis ...................................................................15
![Page 3: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/3.jpg)
ALEX DEAC 3
Abstract
This report discusses in detail specific measures in addressing security weaknesses at Atlantys
Networks, Inc. The technical measure proposed in order to enhance ANI’s security measures
naturally results from the findings of the security assessment made by Trusted Security
Solutions.
The next-generation firewalls (NGFW) introduced along this report is designed not only to fix
the technical aspect. More than that NGFW can help Atlantys Networks, Inc. (ANI) to gain
market confidence and expand its customer base. In addition this upgrade will help ANI to
comply with multiple local, state, and federal regulations. Furthermore the company will also
meet strict industry standards requirements while strengthening its overall security posture.
Additionally the paper compares the costs of implementing the solution and also the costs of not
taking proper action. Overall costs are taking in consideration during all phases of NGFW
implementation starting with designing, implementing, and maintaining technology and also with
training people.
![Page 4: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/4.jpg)
ALEX DEAC 4
Enhancing Corporate Security Posture
Security Technology Recommendation
Atlantys Networks, Inc. (ANI) as a recognized leader in virtual storage solutions which includes
cloud computing and web hosting is trying to strengthen the security posture in order to reinforce
its position on the market. However the findings of Trusted Security Solutions (TSS) report
unveiled certain weaknesses in the corporate information systems network. After running a
comprehensive security assessment including penetration testing and cloud application
vulnerability, TSS identified as the most critical issue the existent perimeter firewalls. The
existent hardware-based firewalls were delivered, installed and updated by ANI’s IT department
and support provided by CISCO.
While this security solution was a state-of-the-art back in 2000 nowadays the hardware is
completely obsolete. According with Trusted findings the firewalls could not withstand more
than 70% of modern threats during penetration testing. Among the tools used during the
simulation were various families of computer viruses, worms and Trojan. In addition the test
included simulating launching a distributed denial of service (DDoS) which completely
overwhelmed the security appliance. In turn the network became unavailable to its customers for
approximately 2 hours. The overall conclusion of the test was that ANI could be at any point
exposed to a massive cyber-attack that could result in loss of data confidentiality, integrity, and
availability (Gibson, 2012).
Risk management, governance and regulatory compliance
Since among ANI customers were several mid-sized federal agencies the company must comply
with different federal legislation in regard of data security. The most prominent law is the
Federal Information Security Management Act (FISMA) of 2002 which refers to federal
agencies and their contractor information and information security. In addition ANI must comply
with The Federal Risk and Authorization Management Program (FedRAMP) which provides
uniform standards for federal cloud-computing solutions.
![Page 5: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/5.jpg)
ALEX DEAC 5
Moreover ANI must meet industry standards like Payment Card Industry Data Security
Standards (PCI-DSS) 3.0 and where applicable international standards such as ISO/IEC 27001
Information Security Management (Disterer, 2013).
Besides external regulatory compliance ANI must also ensure sound governance in applying its
own information security (InfoSec) program. Senior executive management should always
ensure that security policies and standard operational procedures are implemented and enforced
across the entire organization.
In addition ANI must continuously prove to its existent and potential customers that executive
management has a strong risk management framework (RMF) in place (SP 800-39, 2011). The
RMF proves that Atlantys Networks considers all adverse factors when conducting business. In
conclusion implementing technical security measures (e.g. firewalls, end-point security, intrusion
prevention systems) could definitely improve ANI’s security posture.
Zero-trust network security
The traditional approach of securing corporate networks relies on installing perimeter firewalls
which would filter most or all incoming traffic based on the Internet Protocol (IP) address and
the logical port corresponding to each type of data. For instance files and documents would use
File Transfer Protocol (FTP) on ports 21 and 22 while web browsing technically known as HTTP
would use port 80 (Dulaney & Harwood, 2012). Network administrators would open or block
these ports depending on the company’s needs and in compliance with security policies
(Stallings, 2011).
![Page 6: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/6.jpg)
ALEX DEAC 6
Figure1. Traditional firewall setup for network security (Chomsiri et al., 2014)
Although back in 2000 the configuration from Figure 1 would have provided strong security
today is not the case anymore. As authors Gupta, Laxmi and Sharma showed in their excellent
report entitled A Survey on Cloud Security Issues and Techniques (2014) cloud providers
confront numerous threats including DDoS (loss of data availability), and SQL injection (loss of
data integrity and confidentiality).
Besides external threat organizations faces internal threats as well. In the last few years there was
a rise in internal threats which can be intentional or unintentional. The first Computer
Emergency Response Team (CERT) in United States sponsored by Carnegie Mellon University,
US Secret Service and Deloitte started publishing their reports on insider threats few years ago.
The most recent survey shows that approximately 29% of all security breaches happen due to
insiders while more than 50% of companies experienced insider threats (CERT, 2013). Therefore
every organization has considerable chances to confront a loss of confidentiality of data due to
insiders.
It is important to note that all these threats cannot be stopped by traditional firewalls. More
recently security experts from reputable Forrester Research Institute presented a new concept
called zero-trust network architecture. The researchers led by John Kindervag explain that this
![Page 7: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/7.jpg)
ALEX DEAC 7
concept is in total opposition to traditional network security (Ashford, 2013). Classic models
including the one employed by ANI were based on the assumption that all data originated from
the outside (e.g. Internet, business partners) could be potentially malicious while all internal
traffic and data stored or accessed from the inside is secure therefore trustworthy. In contrast
zero-trust model considers all internal and external data and network traffic potentially malicious
(Ashford, 2013). By employing this concept companies could safeguard data confidentiality,
integrity, and availability while mitigating today’s most feared cyber threats.
Analysis of current security solutions
As noted by IT department previous memos and recently amended by TSS report, ANI network
security mainly relies on three hardware-based firewalls. In addition the enterprise recently
installed end-point security solutions to all workstations including desktops, laptops,
smartphones and tablets. Furthermore Atlantys Networks deployed an advanced encryption
solution for internal traffic by using Secure Socket Layer (SSL) standard.
Traditional Firewalls
As mentioned before traditional firewalls work on allowing and blocking network access to
external traffic in accordance with security policies and business needs. It is worth noting this
type of security device is incapable of inspecting data packets contained in the traffic. Firewalls
blindly allow traffic based on IP protocols associated with various applications such as document
files, web browsing, remote access, etc.
While simple to operate and maintain the biggest shortcoming of traditional layer 3 firewalls
(e.g. transport protocol TCP/IP) is that they cannot identify modern threats (EC-Council, 2010).
For instance the company allows web traffic access by opening port 80 on the firewall. The issue
is when employees are accessing a popular application like Facebook and access malicious links
on it the existent firewalls are side-blinded (CISCO, 2013). Therefore malware such as viruses or
Trojans can successfully penetrate the network defense. Another drawback is that ANI widely
uses encrypted traffic that flows through port 443 which in turn render existent firewalls
incapable of inspecting potentially malicious data.
![Page 8: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/8.jpg)
ALEX DEAC 8
Next-generation firewalls
Since the introduction of first firewall in the late 80s those security devices came a long way.
The most recent iteration called next-generation firewalls or NGFW integrates several stand-
alone modules which fulfil complementary tasks. Besides traditional role of port-based traffic
filtering NGFWs have the capability of modern Intrusion Prevention Systems which detect
anomalous traffic and actively blocks it. This feature is based on deviation from pre-established
baseline as show in the report Are Tomorrow’s Firewalls Finally Here Today? by George
Lawton (2012).
Figure2. NGFW covers all 7 TCP/IP layers (The Fortinet Advantage, 2014)
Another feature of NGFW is packet deep-inspection which allows inspecting encrypted traffic,
emails, and even text messages between mobile devices. It is important to note that many
modern cyber-threats use SSL encryption in order to disguise malicious payload within
legitimate traffic which makes this feature even more important (Holquist, 2011). In addition
some NGFW includes a reputation management tool which based on the reputation of a website
choses to drop or allow access (Lawton, 2012).
Additional features of NGFW include scanning files and email attachments in Windows Word,
Excel, PowerPoint, as well as PDF and .jpeg format (e.g. pictures). In addition NGFW inspects
all incoming-outgoing traffic such external, internal, and restricted. Moreover majority of
NGFWs offers extensive policy implementation in order to ensure corporate governance and
compliance.
![Page 9: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/9.jpg)
ALEX DEAC 9
Mitigating current threats
As a recent report shows last year in US alone were recorded over 1.5 million cyber-attacks with
a 7 fold increase in DDoS (Watson, 2014). Therefore is important to note that NGFW have the
capability to mitigate DDoS on a various scale.
Figure3. A basic DDoS Attack (IXIA, 2014)
In addition Advance Persistent Threats (APT) which represents targeted weaponized malware
could go undetected for months or even years (Ponemon, 2013). This sophisticated threat is
mainly used in cyber-espionage and cybercrime against federal agencies, defense contractors,
and data centers due to their highly valuable information (Jasek & Smiraus, 2011). It is also
important to note that APT uses as attack vectors zero-day exploits which are based on hidden
faulty codes in popular applications such as Java, Adobe, Windows, Flash, Android, and many
more (Ponemon, 2013).
Another remarkable advantage of implementing NGFW is its capability of detecting insider
threats due to deep packet inspection. In other words if an employee is trying to access a
malicious email attachment from its workstation the device will detect, block, and report the
event to security administrators. This feature also allows enforcing enterprise security policies
such Acceptable Use of Information Systems, Bring Your Own Device, and many more.
![Page 10: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/10.jpg)
ALEX DEAC 10
As a special note many security experts are using the term Unified Threat Management (UTM)
interchangeably with NGFW. While both security appliances have similar components and even
look the same there are also three main differences between the two (Gartner, 2014).
1. UTMs are designed to process data on a smaller scale especially for small to mid-sized
enterprises (SMB). In contrast NGFW can handle massive amounts of data and traffic in
once being designed for large organizations, data centers, and cloud-based solutions.
2. Many UTM includes anti-virus solutions which are important for SMBs. In contrast
enterprises that employ thousands of devices on their networks want separate workstation
software as a dedicated anti-virus solution.
3. Although there are many vendors that offer both categories very few excel in providing
performant devices and technical support for NGFW as well as UTM.
Vendor solutions analysis
Today there are many major names competing on the NGFW market. Some of the most
prominent are listed below.
Barracuda Network
Palo Alto
Dell
Huawei
Juniper Networks
Fortinet
Sophos
Stonesoft
Check Point
WatchGuard
McAfee
Cisco
Most of these vendors offer both UTMs and NGFWs with a different degree of support,
performance, and market availability. This paper will further discus main attributes of vendors
and products linked to the next-generation firewall market.
NGFW vendors
While most of the vendors makes sufficiently performant devices there are three that really stand
out. The brands selected are Dell, Cisco, and Fortinet. All three vendors were chosen for their
continuous presence in the NSS Labs annual testing which is the main independent authority in
the matter. In addition all three brands were recommended in the Magic Quadrant of Next-
Generation Firewalls by Gartner in the last several years. It is important to note that NSS Labs
![Page 11: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/11.jpg)
13
ALEX DEAC 13
tests performance of devices while Gartner is surveying customer satisfaction during post-sale
phase.
The first vendor is Dell which offers several solutions in the SonicWALL series. Known more
for its desktop, laptops and servers Dell emerged in the last few years as a serious competitor on
the security appliances market. SonicWALL provides relatively affordable integrated solutions
for medium to large enterprises with a solid technical support due to its global presence. To
differentiate its line of NGFW from UTM, Dell added the SuperMassive brand to the large
enterprise solutions (Dell, 2014). Gartner Research recommends this product line (2014).
The second vendor is Cisco which is the largest global provider for networking devices such as
routers, switches, and hubs. Security solutions come as a natural extension to Cisco’s field of
operation. Cisco integrates various security modules in its devices based on client needs. Its line
of NGFW is branded FirePOWER from Sourcefire since it acquired its maker last year (CISCO,
2013). The reputable report Magic Quadrant for Enterprise Network Firewalls from Gartner
Research recommends this NGFW (2014).
Fortinet is a relatively newcomer in the industry since it was established in 2000. Contrary to the
other two vendors introduced, Fortinet specialized from the beginning in providing emerging
security technologies. In a short amount of time Fortinet built a strong reputation among NGFW
vendors by integrating sophisticated technologies in its products. In addition Fortinet’s flagship
line named FortiGate gained a global technical support from third-party vendors. NSS Labs
which is the main authority in testing all types of security devices recommends FortiGate as a top
choice. In addition Fortinet offers at no extra cost the Advance Malware Protection module
which adds another layer of protection against APT (The Fortinet Advantage, 2014).
Performance versus costs
The products selected were Dell SonicWALL SuperMassive 10800, Cisco Sourcefire 8250, and
Fortinet FortiGate 3600C. All three vendors’ products scored close to 100% in terms of
performance in successfully blocking all types of threats according to NSS Labs (2014).
According with the same source Fortinet NGFW scored the highest in terms of throughput of
![Page 12: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/12.jpg)
14
ALEX DEAC 14
data processed. NSS Labs declared FortiGate 3600 capable of handling up to 17,050 Mbps
(96.3% blocked threats in comparison with Sourcefire 8250 which capped at 10,000Mbps
(98.9% blocked threats) respectively SuperMassive 10800 at 16,395 Mbps (NSS Labs, 2013) and
97.9% blocked threats.
While costs vary from vendor to vendor it is important to compare a similar configuration since
each NGFW considered offers multiple additional modules. The configuration chosen includes
besides the firewall (perimeter and network) capability the following modules: VPN tunneling
(IPsec and SSL), Network Access Control (NAC), Intrusion Prevention System (signature and
anomaly based), application control, reputation manager, URL filtering, IPv6 support, and IT
policy compliance modules (The Fortinet Advantage, 2014).
Figure4. Next Generation Firewall Security Value map (NSS Labs, 2013)
The best way to assign a specific cost is to follow NSS Labs methodology. NSS Labs defines
Total Cost of Ownership (TCO) as all costs associated with purchasing, implementing,
maintaining, and updating these devices. In addition supplementary costs need to be considered
such personnel training and systems certifications.
NGFW Product Security Effectiveness Value (TCO per
Protected-Mbps)
Rating
![Page 13: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/13.jpg)
15
ALEX DEAC 15
Dell SonicWALL
SuperMassive E10800
97.90% (Good) $15.46 (Fair) Recommended
Cisco Sourcefire 8250 99.20% (Excellent) $20.03 (Good) Recommended
Fortinet FortiGate-3600C 96.30% (Good) $8.30 (Excellent) Recommended
Table1. NSS Labs NGFW Comparative Analysis
Furthermore is important to note why there are needed three firewalls. The reason for this
architecture is to have two of them handling in parallel the main corporate traffic. This design
will help load balancing the traffic while providing backup in case of failure of one device. The
third NGFW is designated to handle all the wireless traffic along with mobile applications.
At the end it is crucial to note that the total costs of implementing this solution may seem on the
high-end but in fact it becomes insignificant compared with the associated cost of a security
breach. According with Ponemon Institute these losses average $9.4 million resulting from
devaluating brand reputation, cleanup and recovery, business disruption, and legal consequences
(2013).
Conclusions
Adopting an emerging technology is no longer a matter of keeping up with the industry trends.
Enterprises of all sizes, commercial and governmental, are forced to invest in proper security
technology in order to protect confidentiality, integrity and availability of data. In addition
organizations that are handling and storing sensitive data on behalf of their customers must
comply with many regulation and standards. This compliance does not stop to simple reporting;
it goes in-depth by requiring preventive measures against security breaches.
Finally costs of adopting new defense technology are minor comparing with overall costs
following a security breach. Ultimately purchasing a more expensive solution will buy peace-of-
mind to companies’ employees, investors, and clients. As a final recommendation Fortinet
FortiGate 3600 would the best choice for Atlantys Networks, Inc. This device not only had the
highest performance in all NSS Labs tests but also was the only one to offer at no extra cost the
Advanced Malware Protection module (The Fortinet Advantage, 2014) and tested by ICSA Labs.
![Page 14: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/14.jpg)
16
ALEX DEAC 16
References
Ashford, W. (2013, June 10). Zero trust model key to security success, says Forrester. Retrieved
from Computer Weekly: http://www.computerweekly.com/news/2240185636/Zero-trust-
model-key-to-security-success-says-Forrester
CERT. (2013, August). 2013 US State of Cybercrime Survey: How Bad is the Insider Threat?
Retrieved from Software Engineering Institute - Carnegie Mellon University:
http://resources.sei.cmu.edu/asset_files/Presentation/2013_017_101_58739.pdf
Chomsiri, T., He, X., Nanda, P. & Tan, Z. (2014, January). Improving cloud network security
using the Tree-Rule firewall. Future Generation Computer Systems, 30, 116-126.
doi:10.1016/j.future.2013.06.024
CISCO. (2013). Getting the Most Out of Your Next-Generation Firewall. San Jose, CA: Cisco
and Affiliates.
Dell. (2014). Next-Generation Firewalls: Critical to your organization’s network security.
Round Rock, TX: Dell White Papers.
D'Hoinne, J., Hils & A. Young, G. (2014, April 15). Magic Quadrant for Enterprise Firewalls.
Retrieved from Gartner Research: www.gartner.com
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for Information Security Management.
Journal of Information Security, 92-100. Retrieved from http://www.scirp.org/journal/jis/
Dulaney, E. & Harwood, M. (2012). CompTIA Network+ N10-005 (4th ed.). Indianapolis:
Pearson.
EC-Council. (2010). Ethical Hacking and Countermeasures: Secure Network Infrastructures
(Vol. 5). Clifton Park, NY: Cengage Learning.
Gibson, D. (2012). All-In-One Systems Security Certified Practitioner. New York: McGraw-Hill.
Gupta, G., Laxmi, P. & SHarma, S. (2014, March 22). A Survey on Cloud Security Issues and
Techniques. International Journal on Computational Sciences & Applications, 4(1), 1-8.
Retrieved from Cornell University Library: http://arxiv.org/abs/1403.5627?
Holquist, R. (2011, August). Growing Network-Encryption Use Puts Systems at Risk. Retrieved
from IEEE Computer Society:
http://www.computer.org/portal/web/computingnow/news/growing-network-encryption-
use-puts-systems-at-risk
![Page 15: Alex_Deac_Writing_Sample](https://reader034.vdocument.in/reader034/viewer/2022042818/55becee7bb61eb1a728b468d/html5/thumbnails/15.jpg)
17
ALEX DEAC 17
IXIA. (2014). Is Your Data Center Ready for Today’s DDoS Threats? Retrieved from Fortinet:
http://www.fortinet.com/sites/default/files/whitepapers/WP-DDoS-Testing.pdf
Jasek, R. & Smiraus, M. (2011). Risks of Advanced Persistent Threats and Defense Against
Them. In B. Katalinic (Ed.), Annals of DAAAM & Proceedings (pp. 1589-1590). Vienna:
DAAAM International.
Lawton, G. (2012, October 16). Are Tomorrow’s Firewalls Finally Here Today? Retrieved from
IEEE Computer Society:
http://www.computer.org.ezproxy.umuc.edu/portal/web/computingnow/news/are-
tomorrows-firewalls-finally-here-today
NSS Labs. (2014). Next Generation Firewalls Comparative Analysis. Retrieved from
http://www.nsslabs.com
Ponemon Institute. (2013). The State of Advanced Persistent Threats . Traverse City: Trusteer.
SP 800-39: Managing Information Security Risk. (2011, March). Retrieved from National
Institute of Standards and Technology (NIST):
http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
Stallings, W. (2011). Network Security Essentials: Applications and Standards (4th ed.). Uppert
Saddle River, NJ: Prentice Hall.
The Fortinet Advantage. (2014). Retrieved from Fortinet:
http://www.fortinet.com/aboutus/aboutus.html
Watson, M. (2014, August 21). Fighting cyber crime in the US – Infographic. Retrieved from IT
Governance: http://www.itgovernanceusa.com/blog/fighting-cyber-crime-in-the-us-
infographic/?utm_source=Email&utm_medium=TechTarget&utm_campaign=Email3&ut
m_content=2014-09-01