You have been hired as a security engineer at a small company, and your first task is to analyze and evaluate their architecture for their website. Your new boss Taylor hands you an architecture diagram and gives you a quick overview of the setup: • Our service lets customers upload files of 3D models to our web server, which then arranges for the 3D model to be printed in the manufacturing lab. Users must have an account to use our service. • We have two web servers behind a load balancer. The web server traffic then passes through a traditional firewall to the application servers. • Two application servers run on virtual machines with Ubuntu as their operating system, and the firewall handles load balancing between the application servers. The application servers send files to the Design Server that uses Windows 10 as its operating system. The Design Server sends the printing jobs to the 3D printer. Given the following architecture diagram, write a report that: 1. Gives a summary of the architecture as presented. 2. Identifies potential security risks of the architecture. 3. Proposes modifications or mitigations to the architecture to reduce the security risks you listed in #2, including any downsides to the changes. 4. Explains how you would perform a vulnerability assessment for the company's systems. Please address the entire architecture, specifying which aspects of security you would assess, which tools you would use for the assessment, and how each of those tools would be useful for this assessment.

Summary: In the given architecture the user uploads the 3D painting to the web servers. Two web servers reside in the demilitarized zone (DMZ) where the network communication is restricted with limited access of resources to provide the maximum security. Here the load balancer helps to delegate the traffic load equally between two servers. The network traffic passes through a traditional firewall to the application servers which run in virtual machines with ubuntu OS. These application servers then send the network packets to the design site and the requests are stored in the DB. The design site forwards the request to the 3D printer to process it. The database, design site, application servers reside in the trusted internal network. The centralized log management server is responsible for collecting and storing the logs. Potential security risks of the architecture: • Vulnerabilities in load balancer A vulnerability of the load balancer is highly critical as it can be used as an entry point to the network by an attacker. Below are the possible vulnerabilities of the load balancer that can happen in this architecture. - Vulnerability in configuration: Default configuration or configuration with very minimal security always subjects to cyber-attack. So, the organization should choose the LB setting wisely. - Yo-Yo attack: This is a DDoS attack where an attacker uses reactive autoscaling mechanism to overwhelm the server with bogus traffic and blocks the service of legitimate users. The reactive auto scale mechanism is an important feature of load balancer. When the attacker sends massive bogus traffics the LB auto scales upward and after that the attacker stops to send the traffic for a while. Now, LB does not scale down as it waits for certain time. Meanwhile, the attacker sends massive bogus traffics to the LB again and this process happens continuously and blocks the service of legitimate users completely (Yagolnitzer, 2020). • Common vulnerabilities of firewall: The most common firewall vulnerabilities are enlisted below: - Weak password - Default configuration of settings - Outdated firewall - Insider threat - Improper inbound outbound traffic rules - Failure to active controls • Vulnerability of database: In the given application architecture, we can see that the database is used to store the user request. The database can be error-prone to the SQL inject attack. • Vulnerability of user account: The username and password should be hashed and encrypted with proper encryption algorithm. Users need to use complex password to prevent the stealing of data. Modification or mitigation to the architecture to reduce the security risks: From the above discussion we can see that there are many security vulnerabilities through which the attacker can perform serious attacks. To mitigate the security risk or the attack we need to follow below procedures: • Establishment of VPN technology. Whenever we need to connect to a remote host it is highly recommended to use VPN technology which provides a secure connection through a secure tunnel between host and server. It uses different encryption algorithms to reduces the Man in the middle attack, eavesdropping attacks. • Intrusion Detection System or IDS can be installed between hosts and firewall. It helps to detect suspicious network activities by analysing the network pattern and generates alerts to the IT team to take necessary action against it. • Need to set the inbound and outbound traffic rules properly so that any suspicious activity can be blocked. Through this we can mitigate the risk of Yo-Yo attack. • Need to use complex salted password so that it should be hard to crack. • Firewall and load balancer configuration need to be set properly. • Firewall software needs to be updated regularly. All the patches should be installed with in the timeframe. • Data inside the database should be encrypted properly so that the data can not be read by any unauthorized person. • Another important thing is we need to implement the logging service for 3D printer as well. So that the history of data can be captured. Although this approach requires more space due to the storage of additional logs, but it enhances the security of the overall application. • The data which are captured in the centralized log management server should be encrypted properly through different encryption algorithms. So that, an unauthorized person can not be able to read the data. • We need to implement anti-virus, anti-malware software in the application. Strong network segmentation configuration strategy can help the organization to reduce insider threat. • To prevent the Yo-Yo attack, we need to implement a cloud-based DDoS mitigation service, DDoS-protected DNS, CDN service and DDoS protected web application firewall. When the firewall detects huge quantity of reparative traffic request from a host then the host is identified and all the traffics from that host is blocked to prevent the DDoS attack. Vulnerability assessment: During the vulnerability assessment we need to use below tools (Das, 2021). Wireshark: This is an open-source packet analysis tool which is widely used in various fields including network troubleshooting, troubleshooting network latency issues, VoIP analysis, network security and protocol analysis etc. This tool also offers “packet colorization” through which user can select any of three colours among green, blue and dark to distinguish the packets. This tool is supported by both Windows and Linux operating system. Another beautiful feature is filter option through which user can filter out filter out the collected packets. This tool also provides the leverage user to collect the data packets and analysis them in offline mode. In this application we can use this tool to analysis the inbound and outbound traffic which is useful to determine whether the firewall is working properly or not with the specified rules. Nmap: This is one of the widely used network analysis, scanning and security auditing tool which is used by Network administrators to check which ports are open check if those ports can be exploited further for attacks. It can quickly analyse massive network traffics in a single host and it is used to determine the uptime of the entire network. Nikto: This tool is used to scan the websites for probable issues, vulnerabilities. We can use this tool in our application to find the critical loopholes such as improper cookie handling, file upload misconfiguration, cross-scripting errors. It supports http, https protocols. Brupt script: This is one of widely used pen testing tool which is used to scan the web application. The advanced scanning feature of this too is used to perform automated vulnerability scans and perform automated attacks on web applications. We can use this tool to perform an automated attack on the application to cross check the security of the application. SQLMap: Database security-scanning tools are used to check for updated patches and versions, weak passwords, configuration errors, access control list (ACL) issues. SQLMap is one of the Database security-scanning tools which support a wide range of databases such as SQL, Oracle, MongoDB, PostgreSQL, NoSQL etc. We can use this tool to perform SQL injection attack and verify if proper security measure is implemented or not to prevent this attack and use to perform password-guessing attacks. Graylog: This is an open-source log management and analytics tool. We can use this tool in the vulnerability assessment to analysis logs during the entire execution. Logging mechanism plays a critical role in the security analysis. In case of an attack, we can identify the attack signature and take necessary action against the attack. Graylog will help us to achieve this goal.

Solved: You have been hired as a security engineer at a small company, and you

Home
questions and answers
you have been hired as a security engineer at a small company and your

Question

You have been hired as a security engineer at a small company, and your first task is to analyze and evaluate their architecture for their website. Your new boss Taylor hands you an architecture diagram and gives you a quick overview of the setup: • Our service lets customers upload files of 3D models to our web serve