Designing a Secure Communication Network for a Company

Identifying Legal Information Flows

Your company has three major divisions, headquarters (HQ), factory (F) and a retail outlet (R), at three different sites. They all have connection to the public Internet, and to save money, the company has decided to rely on public infrastructure to connect the sites. Your task is to design a secure communication network between those sites.

The retail outlet also has an on-line department that sells products via a Web-based e-shop, which can have very heavy traffic at peak times. The e-shop has to be able to cope with the peak traffic without fail, even when it is too much for a single host. All sites have to be protected from attacks by competitors who want to disrupt the company’s e-business. Hiding the internal hosts’ IP
addresses has been suggested by your manager as a first step.

The e-shop has to make sure that the ordered item is in stock or will be manufactured by the given date. In order to do that, it uses software components that can read the factory stock levels maintained (written) at the factory site. If the ordered item is not available, the e-shop has to submit a request to the HQ, and the HQ then will schedule the production of the item and send the
production schedule to the factory. To improve security, data exchange between sites is permitted only for the above listed operations.

1. Identify all legal information flows in the company network. Identify the subjects and objects for access control, and indicate the access rights needed.

2. Design an appropriate access control model for the components (subjects and objects) involved in the information flows, and explain its implementation under Linux/Unix. Is the Bell-LaPadula model applicable here? If yes, apply and explain it, if not, explain why not.

3. Design an appropriate network layout with appropriate security components for the company. In the design clearly indicate what devices are installed and in what configuration.

4. Analyze your design from the attacker’s perspective, and draw an attack tree with attack probabilities that are based on common sense, e.g. very likely, likely, unlikely, impossible etc.

1. You can use any security solution that has been covered in the course. You need to explain in a couple of sentences why the selected solution suits the application, i.e. how it addresses the requirements. If you think there are several possible solutions, select the one that suites the scenario best, and explain why that is the best by comparing it to the others.

2. Your attack tree can be in textual or in graphical form, it is your choice.

Your company’s Web server has to provide timely information about sporting events, and when an event is in progress, a large number of queries hit the web server. You have learned that some hackers may try to deface your server and replace the web-page content. You suspect that some of your employees are also trying to access the web server in an illegal manner.

1. In what configuration would you set up the web server? Draw a sketch and explain your solution very briefly.

2. A number of employees who are authorized to update those web pages are located at another site of your company. What is the best method for them to access the Web server? Draw a sketch and explain your solution very briefly.

3. Suppose someone says that the system described in the question should implement Role based Access Control (RBAC). Is that correct? Explain your answer.