Table of Contents Introduction 2 System Description 2 System Strengths and Weaknesses 4 System Protection Options 5 Antivirus Protection 5 Firewall 6 Comprehensive system configuration management 6 Application Whitelisting 6 Disk and filesystem-level Encryption 7 Tiered level authentication and Biometric level access 7 Risk Mitigation Strategies 7 Conclusion 10 Bibliography 11

Introduction The purpose of this white paper is to demonstrate the strength and potential weaknesses of the firms’ computer systems, and also to address the upper managements concerns over a possible threat of an internal or external attack to our systems. In this paper we will also be discussing the steps that have been taken to secure our systems against both forms of attacks; we will also be exploring risk mitigation strategies that serve as a means to help prevent such attacks from ever occurring. As with ever system, there is always the possibility of a sophisticated attack being invented that is capable of breaching our systems, so we will be addressing the strategies and steps that will be taken in the event that our systems are ever breached by an internal or external attack.

System Description

The system in question that is being used by the organization is the Dell Precision R5500 Rack Workstation. We currently have a total of 20 such workstations and our systems are equipped with the latest technological components and software to offer protection, flexibility and peak performance at all times. The table below highlights the different configurations for the system, ours being of the highest available specification.
Figure 1: Dell Precision R55001

Figure 2: Dell Precision R5500 Rack Workstation Technical Specifications1
System Strengths and Weaknesses As a top leading manufacturer of workstations worldwide, Dell has outfitted the R5500 with the best industry specifications to keep up with the ever demanding performance requirements of the Information technology industry. The R5500 offers real workstation class performance while being small enough to accommodate for space constrained environments. * For organizations where security is top priority, you need more than a lock and key. The Dell Precision R5500 can help safely house your intellectual property by keeping it contained in the data center1. * For end users who work in space-constrained areas or temperature- or noise-sensitive environments, the FX100 Remote Access Device is small, cool and quiet1. * By providing remote 1:1 access to your Dell PrecisionR5500 from virtually anywhere, the FX100 Remote Access Device can also help to boost productivity among offsite contractors, rotating workforces and geographically diverseemployees1. * PC-over-IP hardware-based compression transfers only the rendered graphics pixel data over the network, ensuring a fast and responsive user experience1.
As with all things technologically advanced there are bound to be components that can be exploited by hackers and other people trying to gain access to information stored within the system. Such weaknesses include but aren’t limited to: * The ability to access the system from an offsite location. * The many array of ports which make the options of retrieving information and data easier * The Operating system, as it is not made by the company or maintained may have some bugs that allow access to files and information * Various Third party software that are important to the day to day functionality of the company may also possess bugs and security flaws in them that could potentially allow an outsider to hack into the mainframe of the system.

System Protection Options

Here at the firm, we have adopted a layered protection approach towards the security of our systems. This layered defense system includes both host-based controls, such as firewalls and access control systems, in addition to network-based controls2. The importance of such an approach is that in the event that an outsider is able to bypass one of the layers of security, such an individual would still be required to bypass all additional layers in order to achieve their aim which would prove a more difficult thing to accomplish. The layers used by the firm are as followed: Antivirus Protection This is seen as the most fundamental and first line of dense of all security approaches. It is responsible for cleaning up the malware problem that usually plagues most third party applications3. Such malwares include Trojans, spyware, rootkits and viruses, these malwares continue to grow in sophistication at an alarming rate which usually makes them hard to contain once a system has been breached. The use of malware is usually prominent in attacks to the third party application vulnerabilities in a system and is also prominent with insider attacks where the perpetrator is trying to cripple the mainframe system. Firewall The next line of defense is the systems firewall. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set4. This is often expressed in the philosophy, “block anything that is not explicitly allowed2.” This simple function serves as a very capable means of preventing many simple attacks from occurring such as scanning ports and IP addresses for malicious information of addresses trying to pass through the network. The only detriment of a firewall is that it isn’t capable of protecting a system from an internal attack2. Comprehensive system configuration management The main means of hackers getting access to a systems mainframe is through the exploitation of systems third party software vulnerabilities. The function of a system management such as the Dell KACE K1000 is to reduce the need for a manual way of updating the third party applications installed on the firm systems as updates are being pushed out for the software to patch such vulnerabilities and bugs. Application Whitelisting This is just a means of protecting the system from allowing any form of unauthorized third party applications from being installed into the system. Any application that isn’t on the whitelist would be blocked from being allowed onto the system. This whitelist can only be modified by the head of the IT department and is only limited to third party applications used by the organization. Disk and filesystem-level Encryption Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume5. This prevents unauthorized persons from accessing the proprietary information and files on the system and also prevents the copying of data of the system to external drives or separate locations. Tiered level authentication and Biometric level access The function of this is to basically separate access to different levels of company sensitive information to separate individuals based on their level of authorization at the firm. This would help ensure that the wrong people don’t have access to information stored in sensitive locations of the organization.
Risk Mitigation Strategies In this section we would address the many ways attacks can be avoided to the computer systems in the company. We would also develop a Risk mitigation assessment plan in the event that our systems are ever successfully breached. As the saying goes “Prevention is better than cure” the best form of protecting a system against attack is to develop a means of making sure that the risk of being attacked is greatly minimized by internal or external forces. The following steps would help minimize the risk: * Train managers to interact and socialize with employees so as to understand their problems at the company and help tackle them * Create a system whereby every employee is required to change their system password every 3-6 months so as to avoid it getting into the wrong hands * Restrict remote access from offsite location to only authorized and cleared users. * Implement ISMS and follow the standards as described in ISO/IEC 27001 and ISO/IEC 27002 and related standards published jointly by ISO and IEC6. * Perform a daily system log check of all computers to scan for irregular user activity. * Perform a yearly assessment check of all security systems put into place and ensure all systems are up to date with the latest technological advancements.
As we have rightly said before, even with all the above steps followed, it is still possible for the systems to be breached by a highly sophisticated attack. In the event such a thing happens a plan is put in place to ensure the risk is managed efficiently.

* Risk Factors | * Low | * Medium | * High | * Mitigation Ideas | * 1)Scope of the attack | * Defined and Not Large or Complex | * Somewhat Defined/or Large/ Complex | * Not Defined && Large/Complex | * Decomposition of attack elements * Detailed specifications of attack | * 2) Overall state of the Network and its services | * Stable | * Moderately Unstable, restorable with backup services | * Highly Unstable, Shut down, Volatile, unable to utilize backup resources | * Additional testing * Deployment of backup resources * Inform users of a breach and implore them to take specific action, such as password changes | * 3) Impact on other Company services | * None or Very Little | * Some Change | * Extensive Changes | * Phased cutover * On-site assistance for cutover period * Fix core functionality first (decomposition) * Expose key stakeholders to prototype early | * 4)Time required to fix breach | * < 12 hours | * 12-24 hours | * >24 hours | * Split work required into smaller phases * Phased implementation of solution | * 5) Cost to Firm | * < $100,000 | * $100,000-$500,000 | > $500,000 | * Inform upper management and shareholders of breach and its cost to the company |
Figure3: Risk Assessment and Mitigation Plan7

Conclusion
As with all systems, the systems at Panther industries are breach-able but the procedures put in place to avoid such attacks, or to minimize the impact of a successful attack are second to none and would do greatly to help protect the companies intellectual property against hackers or people who are interested in obtaining such information for illegal or unsanctioned use.

Bibliography
1. Dell Co-operation. (n.d.). Dell Precison R5500. Retrieved Nov 2, 2012, from Dell.com: Dell.com/precison
2. SearchSecurity. (n.d.). Search Security. Retrieved Nov. 23, 2012, from Search Security Website.
3. Dell KACE & Lumension. (n.d.). 3 Strategies to protect Endpoints from Risky Application. Retrieved Nov. 24, 2012, from DELL KACE Website.
4. Wikipedia. (n.d.). Wikipedia: Firewalls. Retrieved Nov. 25, 2012, from http://en.wikipedia.org/wiki/Firewall_(computing)
5. Wikipedia. (n.d.). Wikipedia: Disk encryption. Retrieved Nov. 25, 2012, from http://en.wikipedia.org/wiki/Disk_encryption
6. Wikipedia. (n.d.). Wikipedia: Information security management system. Retrieved Nov 26., 2012, from http://en.wikipedia.org/wiki/Information_security_management_system