Data Center Security Assessment 1

parchedmoosupΗλεκτρονική - Συσκευές

29 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

169 εμφανίσεις

Data Center Security Assessment

1

Running head:

Data Center Security Assessment







Basic Security Assessment:

The Metropolitan Community College Fremont Data Center

Nick Bentley,

Dave Crouch, Ricky Frith, Charisa Player,

Tanner Schatz, S
arah Shipley
,
Mark Steelman
Data Center Security Assessment

2

Introduction

Metropolitan Community College (MCC) is a publicly funded community college
that serves the greater Omaha, Nebraska area.
The Metropolitan Comm
unity College
(MCC) Data Center, which is located at the

Fremont
Area
Campus, is

approximately 34
miles from Omah
a, NE. This data center provides network IT services to the students of
MCC as well as a learning environment for IT students focusing on green data center
technology
(Ellis, 2010)
. The MCC Data Center
sits

on the third

story o
f the MCC
Fremont Area C
enter, and the Data Center itself is composed of two rooms: a meeting
room that leads directly into the server room.


The main risks for the data center come from viruses, worms, and malware
downloaded through the network or stored
on the servers by the
students or employees
,
from internal or external intrusions from students exploring the network, and from
outside intrusions.

Physical Security


The MCC Fremont Area building is patrolled by campus police and has strict
access
hours.
The building is locked and alarmed after hours.
A
Honeywell
iClass RFID
Card Reader

s
ecures the main door into the Data Center.

Access to the meeting room
through the RFID cards is granted according to a policy that limits the hours each
cardholder can ent
er.
Additionally
, an LG IrisAccess SoHo iris scanner secures entry into
the server room. Two IP cameras also monitor the Data Center
: one in the meeting room
and another in the server room.

IP camera data is kept on a dedicated standalone server
inside the

server room.

Data Center Security Assessment

3


The equipment in the Data Center includes HP Proliant servers, IBM AS/400
servers, an HP Storage Works SAN switch, Cisco Catalyst switches, an HP Procurve
switch, and a Cisco Integrated Services router. To help ensure high availability, the
Data
Center is als
o equipped with several HP Uninterruptible Power Supplies (UPSs), and
a

Cisco ASA 5520 Firewall
.

Logical Security


The
Cisco
5520 f
irewall

provides strong protection
against

external intrusions
such
as well as malware, viruses, and worms.

Additionally, the firewall can act as a
border intrusion detection device, which can alert network administrators of potential
problems.

The Data Center is
also
doubly protected against malware, viruses, and worms:
network endpoints are running Symantec E
ndpoint Antivirus Protection.
Within the
network, the Data C
enter primarily runs
Windows 2008 as

its network operating system
(NOS).



The network attached to the Data Center is well
-
protected against
basic attacks
:



Network
access groups have
no

access to unnecessary resources



The network has s
trong
password requirements
. Passwords must

o

Not contain any part of the username

o

Cannot contain any special characters

o

Must be at least 7 characters

o

Must have at least a capital letter, lowercase letter,
and a number
(Metropolitan Community College, 2004)
.



FTP requires
authentication
before any info is provided

Data Center Security Assessment

4



TFTP doesn’t require authentication, but doesn’t provide any directory
info either, nor does it allow PUT or GET commands



S
SH/SFTP (port 22) is blocked at the firewall.



No banner info is provided

that would leak network information to
intruders



The Symant
ec
Antivirus software is up to date and
the signatures are
automatically updated and distributed.

Monitoring and Problem Reporting Protocols

The network also has methods for monitoring and tracking intrusions and
problems. For example, the network is runni
ng Microsoft
Management Console (MM
C)
as well as network monitoring software, authentication and activity logs are kept in a
secure location

on a dedicated server
, and problems and i
ntruder incidents are reported
through the Help Desk, which is
then
forwar
ded to the Director of IT
.

Recommended Improvements


The following section discusses vulnerabilities and makes some recommendations
for mitigating potential problems.

Physical Security

Vulnerabilities


The Data Center has tight physical security measures
in place to protect the server
room and the adjacent me
eting room. However, there are

some
vulnerabilities:



Students taking Data C
enter classes are usually given RFID cards, and
accompanied guest access to the meeting room is generally unregulated.



Studen
ts and instructors occasionally prop open the door between the meeting
room and the server room.

Data Center Security Assessment

5



The RFID cards can be lost or stolen and used by unauthorized persons.



RFID card data can be corrupted or overwritten.



Because RFID cards broadcast over
unregulated radio frequencies, they are
vulnerable to sniffing and cloning.

(Dolph, 2008)
,
(HID Global, 2010)
.



The Iris Scanner scans only the texture of the iris.



Third
-
party employees service some

of the Data Center hardware



The Facilities office maintains a key to the Data Center.



There is a wireless AP in the meeting room. None of the wireless access points
(WAPs) in the MCC network strictly require WEP or WPA encryption: the Guest
logon is unenc
rypted, which makes all wireless data transparent to sniffers. This
could
also
cause problems with FERPA regulations.

Physical Security Recommendations


While the outward physical measures to protect the Data Center servers is tight,
there are a couple of
recommendations for improving security:



There should be a
protocol for
the management of

guests of people possessing
RFID cards.



There should also be a general
policy against propping the server room door open.



The
Facilities

office needs to
have strict policies for
using
master key access to
the rooms.




Third
-
party servicers
must have a staff member present during servicing.



It is also strongly recommended that there be a written standard operating
procedure (SOP) manual everyone who is issue
d an RFID card

must read and
Data Center Security Assessment

6

acknowledge, and that must
also
be strictly enforced.

This SOP manual needs to
include natural disaster procedures as well.



If it’s not already done,
USB and other removable media ports should be disabled
on the hardware
in the

server room when not in use.

Logical Security

Vulnerabilities


A “hardened”
network
system is one that protects against intrusion and potentially
crippling
network
attacks while still providing adequate services to the users. While
the Data Center is a co
nsiderably hardened system, there are some general and
specific points of potential vulnerability:



Any of the hardware or software, if incorrectly configured or left on its default
settings, poses a security risk.



Out
-
of
-
date firmware or firmware that hasn
’t been adequately tested for
problems can leave parts of the network unprotected. For example, HP
recently found a problem with its Proliant Servers that
enabled malicious
entities to exploit a remot
e connectivity bug (Team, 2010).
Additionally, there
was

a problem with Microsoft’s handling of SNMP that allowed SNMP
Request Handling v
ulnerabilities
. This problem affected some o
f HP’s
ProCurve switches
,
(Security Focus, 2010)
.



The IBM AS/400 servers have several known
vulnerabi
lities

o

Some default services on
the server

allow anonymous access
into
POP3, SMTP, LDAP, FTP, etc.

o

The
POP3 server returns error messages
that

lets remote
intruders

discover user IDs.

Data Center Security Assessment

7



Window
s 2008 also has several, ongoing vulnerabilities
.



From off campus,

entering “mccneb.edu” without the www redirects to the
Outlook Web Access portal rather than the default web server page.



Some access and authentication logs are being sent to and kept in their default
directory location.

Logical Security Recommendations

Logical access to the Data Center and the MCC network is tightly controlled.
There are only a couple of recommendations:



The default web page on the main web server should be changed to point to t
he
default www.mccneb.edu page




Continue to ensure that netw
ork devices are configured with non
-
default values
and thoroughly tested firmware



Access and authentication logs should be moved to a non
-
default location



The NOS should be adequately patched, and network admins should be aware of
the problems and workarou
nds

Conclusion


The MCC Data Center is already a well
-
protected an
d

hardened system. There are
a
few

things that need to be done to help protect against
unintended problems, social
engineering attacks, and the small vulnerabilities in the system. These cha
nges, as well as
all documentation associated with the network and its SOPs should be kept on
-
site at the
Data Center and made available only to students and employees who have access to the
site.


Data Center Security Assessment

8

References

Dolph, B. (2008).
Getting Attuned to RFID Vulne
rabilities.

Retrieved August 9, 2010,
from Security Sales & Integration:
http://www.securitysales.com/t_inside.aspx?action=article&storyID=3047

Ellis, B. (2010, April 10).
Data center offers hands
-
on experience.

Retrieved August 9,
2010, from Fremont Tribune.com:
http://fremonttribune.com/news/local/article_28cd9242
-
4460
-
11df
-
ac27
-
001cc4c03286.html

HID Global. (2010).
Proximity Card Readers
-

HID GLobal
-

Physical Access Control.

Retrieved August 9, 2010, from HI
D
-

The Trusted Source for Secure Identity
Solutions: http://www.hidglobal.com/technology.php?tech_cat=1&subcat_id=10

Metropolitan Community College. (2004).
MCC | Frequently Asked Questions.

Retrieved
August 10, 2010, from Metropolitan Community College:

https://www.mccneb.edu/password/passctrfaqs.asp#PasswordRqmts

Security Focus. (2010).
Multiple Vendor SNMP Request Handling Vulnerabilities.

Retrieved August 9, 2010, from Security Focus:
http://www.securityfocus.com/bid/4089/solution