Background. You have just been hired by a startup cyber security company. The co
ID: 3603213 • Letter: B
Question
Background. You have just been hired by a startup cyber security company. The company has agreements with vendors to provide network architecture designs, including intrusion detection tool placement and operation.
Task. You are designing and implementing a corporation’s architecture and intrusion detection capabilities from a blank slate. As a cyber security analyst you must design a network containing the architecture components listed below, and design where the security components will reside within that network. The security components necessary are also listed below. Your security components are not limited to the specific brand of tools taught in this course, but the tools you select must fulfill the same functions as the tools we learned about.
Architecture components:
1. Public facing web server where users can login
2. Web server database containing customer information
3. Email system for users to communicate with each other and customers
4. Internal user systems
5. Firewalls, switches and routers as necessary
Security Components:
1. Network segmentation (e.g. DMZ, internal, external)
2. Network-based Intrusion Detection or Prevention (e.g. Suricata in passive mode or active mode)
3. Host-based Intrusion detection (e.g. AIDE)
4. Network foot printing tool (e.g. nmap)
Corporate Requirements:
1. Protection of a pubic facing web site where clients can log in, access their accounts, buy and pay for product/services, have access to training and education material, access a knowledge base, security blogs, links, etc.
2. Protection of client data (client network data, assessment results, financial information)
3. Protection of internal systems which may contain employee PII, financial, banking information and email. 4. Ability to detect rogue systems or unauthorized devices
Deliverable(s).
1. Architecture of the network components defined above
2. Placement of the security components, defined above, within that architecture
3. A description of the traffic that each network based security component should be configured to allow or explicitly deny
3.a. For example, a NIDS placed between a public facing web server and the internet may potentially only allow internet traffic on ports 80 or 443, and prevent all other traffic
3.b. For example, a NIDS placed between a public facing web server and the internet may potentially only allow internet traffic on ports 80 or 443, and prevent all other traffic.
Please ensure that every topic has been drawn out and covers every component and requirement
Explanation / Answer
There are huge benefits to getting a reputable organization to manage your digital security. There are also a large risk management component and a due diligence process to follow to ensure that you are getting the best available service. The outsourcing of your digital security involves an in-depth discovery process. It is not one of those decisions that is solely based on price and cost. Getting the right outsourcing company with the best reputation is critical to your organization's viability. Making a bad decision or deciding on one provider based solely on cost can cripple your business. These are the areas that you should look at prior to looking at the cost component:
1. What are they going to do for your organization? A good Managed Security Service Provider (MSSP) will not only be looking at your firewall, anti-virus, and patching, but will have a holistic outlook on how they protect their clients. A good MSSP will ensure that they are in a position to implement security change to create a more holistic outlook on protecting your organization. That holistic outlook takes the following into account:
An MSSP will have the empathy and understanding to ensure your organization is protected.
2. Do they have the expertise? Most Managed Security Service Providers focus on one or two types of technology in specific areas. They may have a focus on Cisco or WatchGuard or a specific AV, or a specific make and model of PC. This level of specification ensures that the MSSP has the right level of education, training, and capability within it ranks. A good MSSP should have people who are experts in one or more areas of digital protection; if they do not, then talk to another MSSP.
3. Do they have the capability? Most MSSPs have the capacity to manage clients. They will have trained people at every level of the organization to ensure that they are servicing their clients to the best of their capability. When it comes to capability, the MSSP should have staff with professional qualifications to support your business.
4. What are they going to change to make your life easier? There are changes that will be recommended by an MSSP for two reasons:
So if you have recently invested $10K in a firewall, and they want you to replace it with another one worth the same, then you probably have the wrong MSSP.
5. What benefits are you going to get out of it if you PARTNER with them? The outsourcing of your digital security to an MSSP is a partnership. They are there to protect your data, your infrastructure, your clients, and your staff. You pay them to do that. Make sure that all parties involved understand their requirements by putting a service level agreement (SLA) in place. No SLA, then no contract.
6. How much will it cost? Finally, we have the cost. You should always know how much your monthly digital security cost is going to impact your organization. If the monthly cost is going to change, then once again you should be looking at alternatives. The cost of a MSSP SLA should include monitoring, management, and reporting; it will not include projects that are outside the scope of the SLA.
There you have it. If you employ a MSSP based solely on how much it will cost, then your organization will not have the right digital protection. There are a large number of organizations out there who think that they are MSSPs but lack the expertise, capability, and understanding that is required to protect your organization.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.