Building a Security System to Protect the IT Assets of a Medical Centre - Assignment Example

Beachfront is a fast and rapid growing multi specialty medical center .To improve its efficiency the management decided to open an IT department .Due to the complexity of the LAN and the risk of misappropriation of sensitive and confidential information there is need for a security system to protect an authorized personal, intruders ,hackers from accessing and damaging sensitive data. The following stipulate how the security system will be build and implemented. This shall be done in five phase. Phase one will deal with installation of Linux ubuntu 6.10.the reason why Linux ubuntu 6.10 was choose above all other operating system because of the following factors It is, very stable, multi-user, multitasking environment on your inexpensive PC hardware, at no (or almost no) monetary cost for the software. Linux is a rich and powerful platform-operating system. Out-of-box Linux has as much capability as MS Windows NT with $5000 in software add-ons, is more stable, and requires less powerful hardware for comparable tasks. Advanced graphical user interface. Linux uses a standard, network-transparent X-windowing system with a "window manager" (typically KDE or GNOME). Dozens of excellent, free, general-interest desktop applications. This include a range of web browsers, email programs, word processors, spreadsheets, bitmap and vector graphics programs, file managers, audio players, CD writers, some games, etc. Scores of top-of-the line commercial programs including all the big databases (e.g., Oracle, Sybase,). Many (most?) of these are offered free for developers and for personal use. Excellent networking capability built into your operating system. All necessary networking software comes with standard Linux, free, just setup is required. And it is not second-rate shareware it is exactly the same software that runs most of the Internet Phase Two is the installation of Anti virus Phase Three will deal with fire wall installation and configuration Phase four internet accesses via fire wall Phase five modalities to ensure the network is working as intended PHASE ONE Installation of Ubuntu 6.10 Step 1 Of my VirtualPC Step by Step you are instructed to create a new machine, please do so. I’ve named it “Beach Front”. Step 2 You will be are prompted for your OS. You will need to pick other. Step 3 You will be asked about Ram. Ubuntu will run OK under 256 Megs, however if you have the available space I’d highly suggest upping it to 512, especially if you intend to get into doing some graphics or mono coding. I’ve selected 512 Meg for this security sytem Step 4 You will want to create a new hard disk, and Step 5 Confirm what you’ve selected. OK, now you are up to Step 6 Installing the OS, this is where this system picks up. Your first screen comes up, but before you start pressing buttons there’s one tweak you have to make. So you can see everything correctly during the install, press the F4 (VGA) button. Select a video mode that ends with 16, Now you can proceed, press enter to start the “Install in text mode” option. The first screen to come up asks about your language. I took the default of English, but if you are elsewhere please select your language, and then press Enter to continue. Next you are asked for your location. Select your location, or the one closest to you, and press Enter. Next you are asked to let the installer determine your keyboard. Take the default, Yes, which will take you to the next screen. You will then be asked to press a series of keys On some screens there may be keys you don’t have, if so just wait for the time out. After going through each screen, you will see what keyboard pattern Ubuntu detected for you. If it’s correct just click Enter to continue, if not you can go back and reselect. Next Ubuntu will scan for your CD rom, and then begin loading components. Just kick back and wait, it will go through all sorts of detection steps as it finds hardware, networking, and more. If all went well, you will now be asked for a host name. I took the default of Ubuntu, but you are free to change it. Enter your host name, or just hit Enter to continue. Step 7 Next Ubuntu will begin detecting your disks and hardware. Be patient. You will then be asked about partitioning disks. This should be a new partition, so take the default by pressing Enter to continue. Step 8 The next screen is the first place you don’t want to take the default. It’s asking you to confirm the partition format plan. Use your left arrow to move the red bar over to the Yes side, and then you can press enter. Wait while Ubuntu formats your drives. Step 9 Next you are asked for your time zone. Select it, and then press Enter. Step 10 Next you are asked if the system clock is set to UTC. I just took the default of Yes, this is easy enough to fix if it’s wrong. Step 11 Next you are asked for your name. Note this is not your login user name, but your real name. Ubuntu will use this in your documents and e-mails. I entered Beach front, and pressed enter to continue. Step 12 On the next screen you are prompted for the user name you want. This is what you will enter when you login. Enter something that suits you, and then press enter to continue If you’ve done this sort of thing before, you’d probably guess Ubuntu wants your password next, and you’d be right. Enter a password and press enter to continue. Step 13 Now you are asked to re-enter the password, to confirm. Do so and press enter to go on. Now sit back and wait. Ubuntu will start installing itself. After running for a while, you are next asked about video modes. Use the space bar to toggle the modes you want, and use the arrows to move up and down. When you’ve selected the modes you want, press enter to continue. OK, sit back and wait some more, while Ubuntu installs various software packages. This step takes a loooooooooong time. Step 13 Ubuntu has completed its install. But don’t hit enter quite yet! First, on the Virtual PC menu pick CD, Release Physical Drive Z: (where z is the drive you are installing Ubuntu from). This will let Ubuntu to boot from your newly installed virtual hard drive instead of the CD. After you’ve released the drive, you can hit Enter to continue. Step 14 When the system reboots, you will see your login screen, but it’s going to look very trashy. Don’t worry, we’ll fix in a moment. Step 15 Key in your user name, and press Enter. You probably won’t be able to read what you are typing so be careful. If all went well, you’ll now see another garbled screen where you enter your password. Carefully, do so and press enter. More garbled screens will appear. When it appears as if Ubuntu has loaded This key combo exists the graphic interface and puts Ubuntu in text mode. Step 16 Key in your user ID, then (when prompted) password to login. Step 17 We need to modify your xorg.conf file to change the color depth. First, let’s back it up. Type in this command:sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.backupNote to copy it exactly, Linux is case sensitive, so if you were to type in say x11 instead of X11 your command will fail. Also, because you are attempting to run the command as the root user (the sudo part of the command) you will be prompted for your password. Step 18 Now that we’ve backed it up, we need to edit it. Type in this command: sudo nano /etc/X11/xorg.conf Press CTRL+W (Where is) and when prompted key in DefaultDepth and press enter. You should now be landed on DefaultDepth. Cursor over to the 24… And hit delete twice, then type in 16. (WriteOut) to save the file, and press enter to take the default xorg.conf file name. Then hit CTRL+X to exit. Step 19 You’re now back at the command prompt. Just type in this command: sudo reboot and press enter. Give it several minutes to shut down and restart. If everything worked, you should now see a beautiful, non garbled Ubuntu screen. Key in your user name and password and you will be logged in to your working copy of Ubuntu 6.10 on Virtual PC 2007! This marks the end of phase one and the beginning of phase two PHASE TWO Installation of Anti viruses an all the machine that is the four severs and all the cliental machines to minimize the risk of viruses and spam attacks. PHASE THREE This is the beginning of what is called firewall configuration. A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system. It is a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria A fire wall is a software that is used to safe guard internal LAN against intruders, hackers and viruses. It governs security policies of the enter organization network. CONFIGARATION OF A FIRE WALL Now login as the new user you just created and do: sudo passwd Now enter your password again. Next enter the new password for user "root" and confirm. Now logout and login again as root with the new root password. Do: Using vim (or your favorite editor) edit /etc/apt/sources. List Comment out the cd repository. Next add "universe" (without the quotes) to all lines that aren't commented out. Save the file. Now do: apt-get update apt-get install openssh-server Edit /etc/network/interfaces and add the following at the bottom: auto eth1 iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 network 192.168.1.0 Note that the rest of this system assumes that you actually make the settings for eth1 as shown. My full/etc/network/interfaces shall look like this: # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 network 192.168.1.0 As you can see my eth0 gets its settings using DHCP. Save the file. Next do: /etc/init.d/networking restart You can do the rest of this installation from your workstation, either linux or the other one (must have putty), so you can actually copy and paste. Just login to 192.168.1.1 as root and get on with it. Make sure that the network settings of your workstation match the settings of your server's eth1 Now do: apt-get install libmd5-perl libnet-ssleay-perl libauthen-pam-perl libio-pty-perl shorewall dnsmasq wget http://surfnet.dl.sourceforge.net/sourceforge/webadmin/webmin_1.330_all.deb "surfnet" is the dutch server. Change that to "heanet"(for Ireland), "belnet"(for Belgium), "mesh" (for Germany) and so on. dpkg -i webmin_1.330_all.deb cp /usr/share/doc/shorewall/examples/two-interfaces/* /etc/shorewall/ cd /etc/shorewall gunzip interfaces.gz masq.gz rules.gz policy.gz All users on Beachfront Medical Center shall have access to internet and will be achieve by using the firewall configured. How will this be done? Open your browser and login to webmin at https://192.168.1.1:10000 as root with your root password and, using webmin's shorewall module, change the policy's and rules of your firewall My /etc/shorewall/policy shall look like this: ############################################################################### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST # # Note about policies and logging: # This file contains an explicit policy for every combination of # zones defined in this sample. This is solely for the purpose of # providing more specific messages in the logs. This is not # necessary for correct operation of the firewall, but greatly # assists in diagnosing problems. # # # Policies for traffic originating from the local LAN (loc) # # If you want to force clients to access the Internet via a proxy server # on your firewall, change the loc to net policy to REJECT info. loc net ACCEPT loc $FW ACCEPT loc all REJECT info # # Policies for traffic originating from the firewall ($FW) # # If you want open access to the Internet from your firewall, change the # $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL. # This may be useful if you run a proxy server on the firewall. $FW net ACCEPT $FW loc ACCEPT $FW all REJECT info # # Policies for traffic originating from the Internet zone (net) # net $FW DROP info net loc DROP info net all DROP info # THE FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE Next do: /etc/init.d/shorewall start and press the enter key All the users should able now to surf the net. PHASE FOUR Know that the fire wall is up and running and the entire department have access to the internet the next task is to ensure that the medical data store in the BMC-Brain will not be tampered by both internal and external intruders. This will be done by formulation policies on the firewall illustrated below on page 10. All the departments will be able to read and write data on the server, however provision for deleting and execution shall only be vested on the IT manager only. Access from outside will be dined completely making Beachfront Medical data safe and secure. All this are illustrated below on the fire wall Change the fire wall policy for internal user they should be able to read write, execution should only be a provision for IT manager only. The Access for external users should be denied as illustrated below ############################################################################### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST # # Note about policies and logging: # This file contains an explicit policy for every combination of # zones defined in this sample. This is solely for the purpose of # providing more specific messages in the logs. This is not # necessary for correct operation of the firewall, but greatly # assists in diagnosing problems. # # # Policies for traffic originating from the local LAN (loc) # # If you want to force clients to access the Internet via a proxy server # on your firewall, change the loc to net policy to REJECT info. loc net ACCEPT loc $FW ACCEPT loc all REJECT info # # Policies for traffic originating from the firewall ($FW) # # If you want open access to the Internet from your firewall, change the # $FW to net policy to ACCEPT and remove the 'info' LOG LEVEL. # This may be useful if you run a proxy server on the firewall. $FW net ACCEPT $FW loc ACCEPT $FW all REJECT info # # Policies for user write polices User rites--------------- w —- r -- e Pharmacy---------------- w –- r -- - Dentist------------------ w –- r -- - Optometrist-------------- w –- r -- - Pathology labs ---------- w –- r -- - Nuclear imaging---------- w –- r -- - Radiology --------------- w –- r -- - IT ---------------------- w –- r –- e Users can read Write Read But cannot Execute meaning user cannot delete information on server Access for internal use ----- ENABLE Access for external use ----- DISABLE People cannot access the network from outside the network # net $FW DROP info net loc DROP info net all DROP info # THE FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE Next do: /etc/init.d/shorewall start After execution of /etc/init.d/shorewall start command and press the enter button the data store on BMC- Brain will be tamper prove from both internal and external intruders making it securer. PHASE FIVE To make sure that the network is workings as indented the IT manager/System Administrator has to a. Ensure that the Antivirus is constantly update on a regular basis and fire policies reviewed from time to time b. Test the network system frequently by introducing antivirus test into the system if the there are weakness in the system or loophole a system administrator or IT manager should be able to know. c. Another way to ensure the system is working as intended is by use of System Shutdown Simulator. This is a unique leaktest designed to test the effectiveness of your firewall, antivirus and host-intrusion prevention system (HIPS) when malware simulates a fake system shutdown. System Shutdown Simulator is the first of a new generation of leaktests designed to test the effectiveness of HIPS software in protecting your computer from malware. d. By use of an FTester .What is an FTester? This is a Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the 'connection spoofing' option. A script called freport is also available for automatically parse the log files. The IDS (Intrusion Detection System) testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. Instead of using the configuration syntax currently the script can also process snort rule definition file. Features: - firewall testing - IDS testing - simulation of real tcp connections for stateful inspection firewalls and IDS - connection spoofing - IP fragmentation / TCP segmentation - IDS evasion techniques References: Donahue, Network Warrior Hucaby, Cisco ASA, PIX, and FWSM Firewall Handbook (Networking Technology: Security) Sobell & Petersen ,(Practical Guide to Ubuntu Linux Ubuntu 8 Server Administration and Reference Read More