Week 5 - The Harry & Mae's Inc System Analysis
Hi again!
This week, I want to deviate to a slightly different topic, system analysis. I was analyzing the Harry & Mae's Inc system from the given document, which you can find it here: http://content.bellevue.edu/cst/cybr/shared-resources/harry-and-maes. The provided information is not very concise, and it is not possible to get the exact system state without a walk through the facility in person. Until then, I have several assumptions about the unknowns, which I want to express them here while they are still relevant. Harry & Mae's Inc has over 400 employees. Its primary business is diner franchise. The company also provides credit card merchant to its 100 plus franchise owners across Pennsylvania, New Jersey, New York, and Delaware. The company's physical security is very strong for its type of business. On the contrary, its network security is considered insufficient.
For physical protection, the entire campus is inside a perimeter fence and monitored by cameras and fulltime security staffs. Access to every building on the campus requires smart card. The core of the network having large Cisco switches and servers are inside a 1600 square foot, two-foot-thick wall room with double doors (external vault and internal door). Entering this server room requires biometric identification. The inside of the room is powered by a redundant power supply and backup generator. It also has water, fire, motion sensors, cameras, and climate control. It is not clear who has access to this room and whether it has a disaster recovery plan.
The network is divided into three layers. Layer one consists of large Cisco switch, Nexus 7000, SonicWall NSA4600, HP ProLiant DL380, Aruba 6000 wireless controller, Barracuda Spam and Virus Firewall 300, and SAN storage for the HP servers. The HP servers are used to host virtual machines that provide web, email, accounting, merchant, remote access, point of sales, inventory, and other services for the company. Layer one is fully redundant. There are two devices or services for each type and two connections from one type to another. It sounds as if there are two separate networks supplying the same connectivity and services. Each network has an NSA4600, Nexus 7000, Aruba 6000, Barracuda Server, and one of each of the services from the virtual machines. If that is the case, then the core is not fully redundant. To be fully redundant, the two networks must be connected to each other. Otherwise, one break in each network will bring down the entire network. Layer two is in each of the building on the campus transporting data between layer one and layer three. This layer is said to form a redundant fiber ring. Each building has two ME 3600X Cisco switches. The assumption is that each switch in each building connects to each other forming one ring, the other switches also form the second ring. Both switches in each building connect to the Nexus 7000 in the core. Layer three is the communication closets in each building. It has two Cisco 2960-S PoE switches and two patch panels. The patch panels were added to make it easy when changing or replacing connections. There is no redundancy here, but each closet uses less than half of its capability. The closet provides connectivity to the office computers and PoE phones. See the drawing below for a pictorial presentation of the network.
This week, I want to deviate to a slightly different topic, system analysis. I was analyzing the Harry & Mae's Inc system from the given document, which you can find it here: http://content.bellevue.edu/cst/cybr/shared-resources/harry-and-maes. The provided information is not very concise, and it is not possible to get the exact system state without a walk through the facility in person. Until then, I have several assumptions about the unknowns, which I want to express them here while they are still relevant. Harry & Mae's Inc has over 400 employees. Its primary business is diner franchise. The company also provides credit card merchant to its 100 plus franchise owners across Pennsylvania, New Jersey, New York, and Delaware. The company's physical security is very strong for its type of business. On the contrary, its network security is considered insufficient.
For physical protection, the entire campus is inside a perimeter fence and monitored by cameras and fulltime security staffs. Access to every building on the campus requires smart card. The core of the network having large Cisco switches and servers are inside a 1600 square foot, two-foot-thick wall room with double doors (external vault and internal door). Entering this server room requires biometric identification. The inside of the room is powered by a redundant power supply and backup generator. It also has water, fire, motion sensors, cameras, and climate control. It is not clear who has access to this room and whether it has a disaster recovery plan.
The network is divided into three layers. Layer one consists of large Cisco switch, Nexus 7000, SonicWall NSA4600, HP ProLiant DL380, Aruba 6000 wireless controller, Barracuda Spam and Virus Firewall 300, and SAN storage for the HP servers. The HP servers are used to host virtual machines that provide web, email, accounting, merchant, remote access, point of sales, inventory, and other services for the company. Layer one is fully redundant. There are two devices or services for each type and two connections from one type to another. It sounds as if there are two separate networks supplying the same connectivity and services. Each network has an NSA4600, Nexus 7000, Aruba 6000, Barracuda Server, and one of each of the services from the virtual machines. If that is the case, then the core is not fully redundant. To be fully redundant, the two networks must be connected to each other. Otherwise, one break in each network will bring down the entire network. Layer two is in each of the building on the campus transporting data between layer one and layer three. This layer is said to form a redundant fiber ring. Each building has two ME 3600X Cisco switches. The assumption is that each switch in each building connects to each other forming one ring, the other switches also form the second ring. Both switches in each building connect to the Nexus 7000 in the core. Layer three is the communication closets in each building. It has two Cisco 2960-S PoE switches and two patch panels. The patch panels were added to make it easy when changing or replacing connections. There is no redundancy here, but each closet uses less than half of its capability. The closet provides connectivity to the office computers and PoE phones. See the drawing below for a pictorial presentation of the network.
Harry & Mae's Inc Network
It is mentioned that the Aruba 6000 is connected to wireless grid consisting of over 100 AP-125 wireless access points (WAP). How these WAPs connect to Aruba 6000 was not mentioned. The specification shows that the AP-125 has PoE connection. It is possible that the WAPs are connected to the Cisco 2960-Ss in the closets. Wireless connections can reach the core network without authentication, which allows anyone to reach the services with ease.
Employees do not manage their account credentials properly. The CEO of the company also find it difficult to memorize his password. Security features in the devices are not utilized correctly. Features such as firewall, VPN, encryption, and content filtering are not used. Given the state of the network, I can conclude that the company does not have security policies in place. This could be due to the lack of security personnel.
Comments
Post a Comment