Kudler Fine Foods Network: Final

University of Phoenix











Introduction
Kudler Fine Foods is taking the next step to upgrade the existing infrastructure with new
wireless technology which will provide a better communication link for not only the all of the
stores, but for all of the employees as well. With new systems and servers the ability to
maximize the companys profits will increase overnight. The new inventory system will allow
the stores POS systems to alert the warehouses to ship more products when they are running low
automatically. This will eliminate the need of wasted man hours checking the stock.
The communication throughout all the stores is also being upgraded with VoWLAN,
which will give the employee the flexibility of taking calls while providing the services as
needed for each customer. The other technological advances that will be introduced will provide
real time network analysis and security monitoring. Once the new network is completed it will
bring Kudler Fine Foods to a new standard of service.
Network Overview
Kudler aging network infrastructure is getting to the point of extinction. The Bus
network which is installed does not allow the stores to communicate with each other because
they are on separate networks. This is a problem because there is no central location for any
network servers and no backups or security is set up. This is why an enterprise wireless wide
area network is being rolled out. Having a network that provides mobility is essential in today
business world and why it will become a corner stone for Kudler for years to come. The WLAN
will provide new ways of communication to take place, which will be by computer and by a new
voice over wireless local area network.
All sales counters will have brand new Dell Precision T5500 towers running windows 7
with wireless networking capability. These systems will all have Norton anti-virus installed
which will prevent viruses, worms, and other known exploits at the system level. The new
systems will allow for faster transactions and communication to the POS server. The new
systems will be in constant communication with the hand held inventory system. This will give
all employees the ability to check on current prices, stock, and shipments in real-time whenever
they need without waiting for management.
The VoWLAN will give all employees and management cell phones that work within the
Kudler WLAN network. This will eliminate the headaches missed calls, busy signals, and not
being able to contact a manger when needed. The new communication system will have the
ability to call all sites whenever needed. The VoWLAN connection will be provided by the
Cisco 1941 wireless router. The OfficeServ VoWLAN supplies a wireless signal to all the
phones in the area and will act like a cell phone network located within the company.
All this technology is great, but what if there is no service available or one of wireless
routers goes down? When the service provider is having outage issues the T1 line that is located
at DelMar will be used be as backup internet. This same line will be used if a Cisco wireless
router goes down, which will provide an uninterrupted service, so that that particular site will not
lose communication.
The backup power supplies will also be increased in size because of the equipment that is
on the network. The amount UPS systems at the Del Mar site will also be increased by two as
well. This will be needed because all of the servers will be relocated to this one central location.
This setup is imperative in making sure Kudle is always in constant communication with all the
servers in case of a power outage at this main site.
One major issue with the old network is that it has no central location for any of the
servers; this will be taken care of in the new network. There will be four servers, which will
consist of, Windows server 2008 for the POS systems, real time inventory database, Sourcefire
management console for security, and a backup file server for the entire enterprise network.
Without these systems in place the WLAN network will not be able backup any data or protect it.
The POS server will be in constant communication with all sales counters. The
information that is collected from this system will provide critical data on each customer and will
also be linked to the database server. The customers information will be stored on the data base
server for data mining purposes and will be used to provide information on what items are in
demand. This system will also provide a real time inventory for all stores within the network.
This inventory information will update all the real time inventory PDA systems for each store
letting the team know how they are doing on supplies and products. This will eliminate
employees checking the selves manually thus saving time and money.
Security
Since the POS and inventory database servers will be providing important data to each
store the security will be upgraded. The old infrastructure did not provide any security to any of
the networks. This was something that was not needed at the time, but now will become a vital
part to the new network. The fact that the new servers will hold so much critical information, it
is important to make sure that they are protected. This will be accomplished by implementing
Cisco 1941, 1941W, tripwire, internal and external IPS/IDS systems, and SourceFire
management console. These will provide the security needed to protect the network for any and
all threats.
The first line of defense that has will be put into place is the SourceFire 3D IPS, which
will be located outside the Cisco 1941 routers. The IPS will, protect against network and
application-level attacks, securing organizations against intrusion attempts, malware, Trojans,
DoS and DDoS attacks, malicious code transmission, backdoor activity and blended threats
(Cyberoam, 2012). This will eliminate any malicious traffic from coming into the network
before any damage can be done. The other system that will be used in conjunction of the IPS
systems will be multiple SourceFire IDS taps. These taps will be located throughout the entire
network, which will be the eyes to the security team.
The downfall to SourceFire is that it uses the Snort rule engine. This means if there are
any incorrectly written rules pushed out to the taps it could bring down the entire security net in
an instant. The SourceFire management console will prevent this from taking place because all
rules are written in a GUI interface and will not push out any rule that is incorrectly constructed.
This system will also allow all the taps to be centrally managed from one location. This means
that all trouble shooting can be handled at the Del Mar location preventing wasted time and
company money.
Since the IPS system will be on the outside of the network, the Cisco 1941 will provide
another layer of security to the Kulder network. The Cisco 1941 will provide an, Integrated
threat control system using Cisco IOS Firewall, Cisco IOS Zone-Based Firewall, and Cisco IOS
Content Filtering technologies (Cisco, 2012). This means that the traffic will go through
another inspection point eliminating any threats that were able to slip by the external IPS. Once
the traffic has passed through the Cisco 1941 it will be continuously watched by the IDS taps
located throughout the entire network. This will be vital when and if an incident ever does take
place within the network.
The last and final piece to security will be TripWire. This system will be monitoring any
file changes within all the servers at the Del Mar location. This is important to the DLP
program. This Data Loss Prevent system will monitor any file changes or file removals from the
network and will provide the username of who changed or move the file. These alerts will be
feed into the SourceFire management console for monitoring and analysis by the security team.
Threat Detection and Mitigation Systems
Knowing what is in the network and how it is protected is half the battle. The other half
of the battle is identifying what types of attacks the environment susceptible to. If the security
analysts are unable identify the malicious traffic on the network the new security systems that
will be in place are useless. The new WLAN network will be protected by multiple firewalls,
IPS, IDS, and a file integrity system.
The Firewall systems will be used to prevent scanning activity as well as blocking
malicious IPs from entering the network. This is critical because being able to block this type of
traffic can save a network and the people who watch it a lot of time on incident investigations.
When hackers are scanning a network they are looking for reply backs from any port(s) that will
respond. This can help them finger print a system and by knowing what is on a network they can
use this information for crafting attacks. Once this is identified by a security team they can block
the intruding IP at the firewall. This will prevent all traffic coming and going to the suspicious
IP in question.
The IPS and IDS systems will be another addition that will be used to protect the Kudler
fine foods networks as well. There is a difference between these two systems and it is important
to know what each one does. The IPS stand for Intrusion Prevention System. This system is
designed to prevent attacks from hitting the network. For the new Kulder network the IPS
system that will be implemented is SourceFire. SouceFire uses a rule based detection engine
known as Snort. This system uses rules to find malicious content within the network data packet
steams. If the data that is in the stream matches the rule then IPS will either generate an event or
it will generate an event and then drop the connection from the network. When the rule is
configured to generate an event it will let the analyst know that the packet could have the
possibility of being malicious. When the rule is set to generate and drop the connection the same
thing takes place, however the entire connection is denied from ever entering the network.
The IDS or Intrusion Detection System cannot prevent malicious traffic. An IDS will
send alert letting the security personnel know when malicious data is hitting the network. This is
another important factor which will be used with Kudler new network. Having an IPS and a
firewall are great, but having the eyes on the inside is even better. The IDS provides this by
looking at the traffic passing through the inside of the network. For instance, what if a hacker
were to fragment a malicious data packet and it passes through the IPS and firewall with no
issues. Then once inside it is reconstructed and the file executes stealing valuable data. The IDS
will fire off and the investigation can begin. Now remove the IDS for the same situation and
now there is almost no way to detect this malicious activity. The only way that most of these
incidents are discovered in scenarios like this is when the activity has started and by that time the
hacker already has what they were looking for.
Network Threats
The sourcefire system will play a huge role for network security team because it will
provide the eyes into the new network. The great thing about this system is the fact the any rule
can be written to detect any type of activity on the WLAN network. What this means is that if
there is a new malicious threat out in the wild all that needs to be done is create the rule based on
the information or malicious traffic. The only down fall to this is the fact that if you do not know
what you are looking for then how can you create a rule. This is why threat and vulnerability
research is so important to conduct. Having the ability to create rules based on the research that
has been conducted will only make the network that much more secure.
When it comes to understanding the exploits that have been research the one thing to
remember is that no network is safe and every network is susceptible to any attack.
Understanding how they work is the best way to gain the upper hand to keep any exploit from
hitting a network. This is why keeping up with the latest vulnerabilities and hacks is so vital
because the security field is an ever evolving environment. With that said, after reviewing the
new network layout, it was discovered there are many types of threats out there that could
potentially affect Kudlers WLAN network. The three that were chosen were key loggers,
Remote Access Tools (RATS), and War driving.
The first intrusion that the Kudler network could potentially fall victim to is having a key
logger installed on the network. Keyloggers track which keys were struck on a keyboard.
Usually this is covert, and the computer user had no idea that their activity is being monitored
(Spyware Guide, 2011). This type of intrusion can be sent by email as an attachment or
unintentionally downloaded on the internet by visiting a malicious website. Once the user opens
the email or web site a file can install without the user ever know what happened. Once the
program installs every key stroke is recorded and sent back to the hacker who sent the original
email or who owns the web page. This process can be setup in a multitude of ways, but the end
result is always the same. The information is stolen and if any username and passwords have
been entered during this time, they are now compromised.
The next intrusion that can take place within this network is the installation of a Remote
Access Tool or otherwise known as a RAT. A RAT is very common tool that is used on
networks to allow system administrators to remote access systems without physically being in
front of them. This is a great tool for them to use, but when you take this tool and put it in the
wrong hands it is then turned in to a hacking program. The RAT tool can be installing on
networks by malicious email, unauthorized download, and even from employees installing it for
personal use. Once the remote access tool is installed, this program can provide the access to the
network from anywhere as long as an internet connection exists. These programs can allow for
keylogging, data exfiltration, and access to other systems with in the network without being
detected.
The last intrusion that will be covered is called war driving. Since Kulder Fine Foods is a
WLAN the wireless network emits signals. These signals can be picked up by unwanted users
by simply driving past the company. Another way that this can be accomplished is by walking
by with a hand held device this is called war walking. This is not a hard thing to do because all
that is needed is a laptop with WiFi capabilities or a PDA with WiFi. Once the attacker finds a
signal the attacks begin. The ultimate goal of the attacker is to gain access and then begin
sniffing traffic for passwords and other valuable data. Out of all the exploits that were just
covered, this one is the easiest to conduct and is one of the major ones that Kudler Fine Foods
will be venerable to. This just shows how easy wireless networks can get hacked. The one thing
that is overlooked though is the fact that mobile devices are just as susceptible to this same
attack. The easiest way to remember this is if a device emits a signal that can be picked up then
it is vulnerable to being hacked.
Stopping these exploits on the new WLAN network will be vital to the daily business of
Kudler. The systems that will be doing the work are the firewalls, IPS, IDS, anti-virus, and file
integrity systems. These were covered earlier, but we can now see why they are truly needed for
this network. The good thing is that these are not the most dangerous threat to this network. The
bad news is that the users on the network will be the biggest threat to the new WLAN. As seen
above the one thing that was a common factor in all of the threats is that they all had to be
activated by a user or malicious user. This is why no matter how much money is spent on this
network for security it will mean nothing if the proper policies are not in place.
Network Security Policies
Security Policies provide a guide line of rules that must be followed for a network. IT
security policies (including network security policies) are the foundation, the bottom line, of
information security within an organization (IT Security Policies, 2003). These policies provide
vital information from the usage of the network to the requirements of passwords, installation of
software and equipment. Passwords requirements will be enforced so that the authentication to
the network is not weak. Weak passwords can provide access points that a hacker can expose
with a brute force attack, which can crack a weak password in seconds. This is why with the
Kudler network the password requirements will be as follows:
Must be between 8 and 24 characters long
Must include at least 2 letters, numbers and special characters
Must not include any form of the word 'password'
Must not contain any form of the username, company name or company address
This will prevent any successful brute force attacks from breaking into the network.
The network security policy will also cover the installation of any program that may be
installed on the employee POS system. To protect against unauthorized installation the users
will be given basic rights which will not allow them to install programs. If an employee sees a
program that could better a process or provide information to increase productivity, they must fill
out a program installation request form. Once the program has been check by the security team
and is found to be safe for the network then approval will be granted. The program will be
downloaded on to a thumb drive that will have a onetime use admin password for the users
system. The drive will then be given to the employee so they can install the program. This will
prevent any unauthorized programs from being installed, which could potentially contain
malicious content that could infect the Kudler Fine Food WLAN network.
There will be a zero tolerance policy for any unauthorized personal network equipment.
This means that if a personal hub or wireless router is discovered the employee who installed it
will be fired on the spot. This will be a critical factor in preventing information and data from
being stolen from the company. If any additional equipment is needed a request form will need
to be filled out and approved by the management and network security teams.
These polices are only a preventive measure in making sure that the proper usage is
followed. This is an ever changing process and lessons will be learned from incidents that take
place within the network, but it is also important to make sure that proper documentation is
saved for future use. This information than can be used to revamp the policies within the Kudler
network and can improve the overall process. The bottom line is that policies are in place to
educated and inform the users what they can and cannot do within the network.
Conclusion
Once the new network is in place and the policies have been implemented the new
WLAN network will be ready to go. The new network will be something that Kudler Fine Foods
can look at for many years to come with pride and respect. Not only does the new network
provide the information that will grow the company, but the network will also provide a new
way of taking care of their customers every time they visit any of the stores. This new network
will also provide that peace and mind for the owners and employees because of the security,
backup systems and the room provided for future network growth. The Kudler network will
provide this same peace of mind for years to come.





















References

Cyberoam. (2012). Intrusion prevention system. Retrieved February 1, 2012 from
http://www.cyberoam.com/ips.html

Cisco. (2012). Enabling borderless networks at the branch. Retrieved February 2, 2012 from
http://www.cisco.com/en/US/products/ps10546/index.html

Dell.(2010). Dell poweredge rack servers. Retrieved February 1, 2012 from
http://www.dell.com/us/business/p/poweredge-rack-servers

Spyware Guide. (2011). Keyloggers. Retrieved February 3, 2012 from
http://www.spywareguide.net/keylogger-software/

IT Security Policies. (2003). "where to find information security policies - how to deliver them!".
Retrieved February 3, 2012 from http://www.network-and-it
securitypolicies.com/policies.htm