1. ESP: A Final Analysis Bill Halpin Ying Hao Hui Huang H. T. Kowalski Tong Xu December 7, 2000

2. Goals Review Project Review Past Presentations Softspot Analysis Recommendations

3. Extranet for Security Professionals (ESP) Central Repository of Security Information Central Location for Information Sharing Secure Environment, Manageable Resource Security over Availability

4. ESP – Architecture Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve © 2000 by Carnegie Mellon University/SEI

5. Users ESP User VSO & CR Owners Organizational Manager Site Manager Site Administrator

6. Attackers vs. Legitimate Users Recreational/Casual Hackers Disgruntled Employee Organized Criminal Groups Nation/State Compromised User ESP User VSO & CR Owners Site Manager Organizational Manager Site Administrator

7. Compromised User Workstation Router (FW1) Firewall-2 DNS2IDS Web Server DNS1 Database IDS Guardian Pro V5 NES 3.63 Cold Fusion 4.5.1

8. Intrusion Scenario – Outside Attack Softspot Effects Architecture Strategies ResistanceRecognitionRecovery Router Current Regular ReconfigurationBacked Up By IDS Recommend Bolster w/Layer 7 SwitchLayer 7 Switch Web Server Current Cold Fusion Back Up & Off Site Storage Recommend Separate CF function from WS – new hardware Firewall 2 Current Reconfigured RegularlyBacked Up By IDS Recommend

9. Intrusion Scenario – Outside Attack Softspot Effects Architecture Strategies ResistanceRecognition Recovery Compromised User Machine Current User Responsibility User Awareness Recommend Improved training User Culpability

10. Timing & Costs – Outside Attack Recommendation Time Req.LaborCosts Layer 7 SwitchMid termMedHigh Distribute Web Server Services onto other Boxes Long TermHigh

11. Timing & Costs – Outside Attack Recommendation Time Req. LaborCosts Expanded User Training Short to Mid Term Low, Med- High Low, High User Machine configuration Short Term MedUser Complaints

12. Admin Console Router (FW1) Firewall-2 DNS2IDS Web Server DNS1 Database IDS Guardian Pro V5

13. Intrusion Scenario – Insider Attack Softspot Effects Architecture Strategies ResistanceRecognition Recovery Back Door Current Stringent Physical Security Recommend IDS

14. Timing & Costs – Inside Attack Recommendations Time Req.LaborCost Active IDS Mid TermMed

15. Softspots Router Firewall Web Server User Work Station System Administrator Consoles

16. Closing Analysis More than Adequate Measures Regulated, Secure Data Back Up Policy Off-Site Data Storage Highly Concerned & Proactive Security Staff More Details in the Client Report

17. Questions?