Kudler Fine Foods Network: Final

University of Phoenix

Introduction

Kudler Fine Foods is taking the next step to upgrade the existing infrastructure with new

wireless technology which will provide a better communication link for not only the all of the

stores, but for all of the employees as well. With new systems and servers the ability to

maximize the company’s profits will increase overnight. The new inventory system will allow

the stores POS systems to alert the warehouses to ship more products when they are running low

automatically. This will eliminate the need of wasted man hours checking the stock.

The communication throughout all the stores is also being upgraded with VoWLAN,

which will give the employee the flexibility of taking calls while providing the services as

needed for each customer. The other technological advances that will be introduced will provide

real time network analysis and security monitoring. Once the new network is completed it will

bring Kudler Fine Foods to a new standard of service.

Network Overview

Kudler aging network infrastructure is getting to the point of extinction. The Bus

network which is installed does not allow the stores to communicate with each other because

they are on separate networks. This is a problem because there is no central location for any

network servers and no backups or security is set up. This is why an enterprise wireless wide

area network is being rolled out. Having a network that provides mobility is essential in today

business world and why it will become a corner stone for Kudler for years to come. The WLAN

will provide new ways of communication to take place, which will be by computer and by a new

voice over wireless local area network.

All sales counters will have brand new Dell Precision T5500 towers running windows 7

with wireless networking capability. These systems will all have Norton anti-virus installed

which will prevent viruses, worms, and other known exploits at the system level. The new

systems will allow for faster transactions and communication to the POS server. The new

systems will be in constant communication with the hand held inventory system. This will give

all employees the ability to check on current prices, stock, and shipments in real-time whenever

they need without waiting for management.

The VoWLAN will give all employees and management cell phones that work within the

Kudler WLAN network. This will eliminate the headaches missed calls, busy signals, and not

being able to contact a manger when needed. The new communication system will have the

ability to call all sites whenever needed. The VoWLAN connection will be provided by the

Cisco 1941 wireless router. The OfficeServ VoWLAN supplies a wireless signal to all the

phones in the area and will act like a cell phone network located within the company.

All this technology is great, but what if there is no service available or one of wireless

routers goes down? When the service provider is having outage issues the T1 line that is located

at DelMar will be used be as backup internet. This same line will be used if a Cisco wireless

router goes down, which will provide an uninterrupted service, so that that particular site will not

lose communication.

The backup power supplies will also be increased in size because of the equipment that is

on the network. The amount UPS systems at the Del Mar site will also be increased by two as

well. This will be needed because all of the servers will be relocated to this one central location.

This setup is imperative in making sure Kudle is always in constant communication with all the

servers in case of a power outage at this main site.

One major issue with the old network is that it has no central location for any of the

servers; this will be taken care of in the new network. There will be four servers, which will

consist of, Windows server 2008 for the POS systems, real time inventory database, Sourcefire

management console for security, and a backup file server for the entire enterprise network.

Without these systems in place the WLAN network will not be able backup any data or protect it.

The POS server will be in constant communication with all sales counters. The

information that is collected from this system will provide critical data on each customer and will

also be linked to the database server. The customer’s information will be stored on the data base

server for data mining purposes and will be used to provide information on what items are in

demand. This system will also provide a real time inventory for all stores within the network.

This inventory information will update all the real time inventory PDA systems for each store

letting the team know how they are doing on supplies and products. This will eliminate

employees checking the selves manually thus saving time and money.

Security

Since the POS and inventory database servers will be providing important data to each

store the security will be upgraded. The old infrastructure did not provide any security to any of

the networks. This was something that was not needed at the time, but now will become a vital

part to the new network. The fact that the new servers will hold so much critical information, it

is important to make sure that they are protected. This will be accomplished by implementing

Cisco 1941, 1941W, tripwire, internal and external IPS/IDS systems, and SourceFire

management console. These will provide the security needed to protect the network for any and

all threats.

The first line of defense that has will be put into place is the SourceFire 3D IPS, which

will be located outside the Cisco 1941 routers. The IPS will, “protect against network and

application-level attacks, securing organizations against intrusion attempts, malware, Trojans,

DoS and DDoS attacks, malicious code transmission, backdoor activity and blended threats”

(Cyberoam, 2012). This will eliminate any malicious traffic from coming into the network

before any damage can be done. The other system that will be used in conjunction of the IPS

systems will be multiple SourceFire IDS taps. These taps will be located throughout the entire

network, which will be the eyes to the security team.

The downfall to SourceFire is that it uses the Snort rule engine. This means if there are

any incorrectly written rules pushed out to the taps it could bring down the entire security net in

an instant. The SourceFire management console will prevent this from taking place because all

rules are written in a GUI interface and will not push out any rule that is incorrectly constructed.

This system will also allow all the taps to be centrally managed from one location. This means

that all trouble shooting can be handled at the Del Mar location preventing wasted time and

company money.

Since the IPS system will be on the outside of the network, the Cisco 1941 will provide

another layer of security to the Kulder network. The Cisco 1941 will provide an, “Integrated

threat control system using Cisco IOS Firewall, Cisco IOS Zone-Based Firewall, and Cisco IOS

Content Filtering technologies” (Cisco, 2012). This means that the traffic will go through

another inspection point eliminating any threats that were able to slip by the external IPS. Once

the traffic has passed through the Cisco 1941 it will be continuously watched by the IDS taps

located throughout the entire network. This will be vital when and if an incident ever does take

place within the network.

The last and final piece to security will be TripWire. This system will be monitoring any

file changes within all the servers at the Del Mar location. This is important to the DLP

program. This Data Loss Prevent system will monitor any file changes or file removals from the

network and will provide the username of who changed or move the file. These alerts will be

feed into the SourceFire management console for monitoring and analysis by the security team.

Threat Detection and Mitigation Systems

Knowing what is in the network and how it is protected is half the battle. The other half

of the battle is identifying what types of attacks the environment susceptible to. If the security

analysts are unable identify the malicious traffic on the network the new security systems that

will be in place are useless. The new WLAN network will be protected by multiple firewalls,

IPS, IDS, and a file integrity system.

The Firewall systems will be used to prevent scanning activity as well as blocking

malicious IPs from entering the network. This is critical because being able to block this type of

traffic can save a network and the people who watch it a lot of time on incident investigations.

When hackers are scanning a network they are looking for reply backs from any port(s) that will

respond. This can help them finger print a system and by knowing what is on a network they can

use this information for crafting attacks. Once this is identified by a security team they can block

the intruding IP at the firewall. This will prevent all traffic coming and going to the suspicious

IP in question.

The IPS and IDS systems will be another addition that will be used to protect the Kudler

fine foods networks as well. There is a difference between these two systems and it is important

to know what each one does. The IPS stand for Intrusion Prevention System. This system is

designed to prevent attacks from hitting the network. For the new Kulder network the IPS

system that will be implemented is SourceFire. SouceFire uses a rule based detection engine

known as Snort. This system uses rules to find malicious content within the network data packet

steams. If the data that is in the stream matches the rule then IPS will either generate an event or

it will generate an event and then drop the connection from the network. When the rule is

configured to generate an event it will let the analyst know that the packet could have the

possibility of being malicious. When the rule is set to generate and drop the connection the same

thing takes place, however the entire connection is denied from ever entering the network.

The IDS or Intrusion Detection System cannot prevent malicious traffic. An IDS will

send alert letting the security personnel know when malicious data is hitting the network. This is

another important factor which will be used with Kudler new network. Having an IPS and a

firewall are great, but having the eyes on the inside is even better. The IDS provides this by

looking at the traffic passing through the inside of the network. For instance, what if a hacker

were to fragment a malicious data packet and it passes through the IPS and firewall with no

issues. Then once inside it is reconstructed and the file executes stealing valuable data. The IDS

will fire off and the investigation can begin. Now remove the IDS for the same situation and

now there is almost no way to detect this malicious activity. The only way that most of these

incidents are discovered in scenarios like this is when the activity has started and by that time the

hacker already has what they were looking for.

Network Threats

The sourcefire system will play a huge role for network security team because it will

provide the eyes into the new network. The great thing about this system is the fact the any rule

can be written to detect any type of activity on the WLAN network. What this means is that if

there is a new malicious threat out in the wild all that needs to be done is create the rule based on

the information or malicious traffic. The only down fall to this is the fact that if you do not know

what you are looking for then how can you create a rule. This is why threat and vulnerability

research is so important to conduct. Having the ability to create rules based on the research that

has been conducted will only make the network that much more secure.

When it comes to understanding the exploits that have been research the one thing to

remember is that no network is safe and every network is susceptible to any attack.

Understanding how they work is the best way to gain the upper hand to keep any exploit from

hitting a network. This is why keeping up with the latest vulnerabilities and hacks is so vital

because the security field is an ever evolving environment. With that said, after reviewing the

new network layout, it was discovered there are many types of threats out there that could

potentially affect Kudlers WLAN network. The three that were chosen were key loggers,

Remote Access Tools (RATS), and War driving.

The first intrusion that the Kudler network could potentially fall victim to is having a key

logger installed on the network. “Keyloggers track which keys were struck on a keyboard.

Usually this is covert, and the computer user had no idea that their activity is being monitored”

(Spyware Guide, 2011). This type of intrusion can be sent by email as an attachment or

unintentionally downloaded on the internet by visiting a malicious website. Once the user opens

the email or web site a file can install without the user ever know what happened. Once the

program installs every key stroke is recorded and sent back to the hacker who sent the original

email or who owns the web page. This process can be setup in a multitude of ways, but the end

result is always the same. The information is stolen and if any username and passwords have

been entered during this time, they are now compromised.

The next intrusion that can take place within this network is the installation of a Remote

Access Tool or otherwise known as a RAT. A RAT is very common tool that is used on

networks to allow system administrators to remote access systems without physically being in

front of them. This is a great tool for them to use, but when you take this tool and put it in the

wrong hands it is then turned in to a hacking program. The RAT tool can be installing on

networks by malicious email, unauthorized download, and even from employees installing it for

personal use. Once the remote access tool is installed, this program can provide the access to the

network from anywhere as long as an internet connection exists. These programs can allow for

keylogging, data exfiltration, and access to other systems with in the network without being

detected.

The last intrusion that will be covered is called war driving. Since Kulder Fine Foods is a

WLAN the wireless network emits signals. These signals can be picked up by unwanted users

by simply driving past the company. Another way that this can be accomplished is by walking

by with a hand held device this is called war walking. This is not a hard thing to do because all

that is needed is a laptop with WiFi capabilities or a PDA with WiFi. Once the attacker finds a

signal the attacks begin. The ultimate goal of the attacker is to gain access and then begin

sniffing traffic for passwords and other valuable data. Out of all the exploits that were just

covered, this one is the easiest to conduct and is one of the major ones that Kudler Fine Foods

will be venerable to. This just shows how easy wireless networks can get hacked. The one thing

that is overlooked though is the fact that mobile devices are just as susceptible to this same

attack. The easiest way to remember this is if a device emits a signal that can be picked up then

it is vulnerable to being hacked.

Stopping these exploits on the new WLAN network will be vital to the daily business of

Kudler. The systems that will be doing the work are the firewalls, IPS, IDS, anti-virus, and file

integrity systems. These were covered earlier, but we can now see why they are truly needed for

this network. The good thing is that these are not the most dangerous threat to this network. The

bad news is that the users on the network will be the biggest threat to the new WLAN. As seen

above the one thing that was a common factor in all of the threats is that they all had to be

activated by a user or malicious user. This is why no matter how much money is spent on this

network for security it will mean nothing if the proper policies are not in place.

Network Security Policies

Security Policies provide a guide line of rules that must be followed for a network. “IT

security policies (including network security policies) are the foundation, the bottom line, of

information security within an organization” (IT Security Policies, 2003). These policies provide

vital information from the usage of the network to the requirements of passwords, installation of

software and equipment. Passwords requirements will be enforced so that the authentication to

the network is not weak. Weak passwords can provide access points that a hacker can expose

with a brute force attack, which can crack a weak password in seconds. This is why with the

Kudler network the password requirements will be as follows:

Must be between 8 and 24 characters long

Must include at least 2 letters, numbers and special characters

Must not include any form of the word 'password'  

Must not contain any form of the username, company name or company address

This will prevent any successful brute force attacks from breaking into the network.

The network security policy will also cover the installation of any program that may be

installed on the employee POS system. To protect against unauthorized installation the users

will be given basic rights which will not allow them to install programs. If an employee sees a

program that could better a process or provide information to increase productivity, they must fill

out a program installation request form. Once the program has been check by the security team

and is found to be safe for the network then approval will be granted. The program will be

downloaded on to a thumb drive that will have a onetime use admin password for the users

system. The drive will then be given to the employee so they can install the program. This will

prevent any unauthorized programs from being installed, which could potentially contain

malicious content that could infect the Kudler Fine Food WLAN network.

There will be a zero tolerance policy for any unauthorized personal network equipment.

This means that if a personal hub or wireless router is discovered the employee who installed it

will be fired on the spot. This will be a critical factor in preventing information and data from

being stolen from the company. If any additional equipment is needed a request form will need

to be filled out and approved by the management and network security teams.

These polices are only a preventive measure in making sure that the proper usage is

followed. This is an ever changing process and lessons will be learned from incidents that take

place within the network, but it is also important to make sure that proper documentation is

saved for future use. This information than can be used to revamp the policies within the Kudler

network and can improve the overall process. The bottom line is that policies are in place to

educated and inform the users what they can and cannot do within the network.

Conclusion

Once the new network is in place and the policies have been implemented the new

WLAN network will be ready to go. The new network will be something that Kudler Fine Foods

can look at for many years to come with pride and respect. Not only does the new network

provide the information that will grow the company, but the network will also provide a new

way of taking care of their customers every time they visit any of the stores. This new network

will also provide that peace and mind for the owners and employees because of the security,

backup systems and the room provided for future network growth. The Kudler network will

provide this same peace of mind for years to come.

References

Cyberoam. (2012). Intrusion prevention system. Retrieved February 1, 2012 from

http://www.cyberoam.com/ips.html

Cisco. (2012). Enabling borderless networks at the branch. Retrieved February 2, 2012 from

http://www.cisco.com/en/US/products/ps10546/index.html

Dell.(2010). Dell poweredge rack servers. Retrieved February 1, 2012 from

http://www.dell.com/us/business/p/poweredge-rack-servers

Spyware Guide. (2011). Keyloggers. Retrieved February 3, 2012 from

http://www.spywareguide.net/keylogger-software/

IT Security Policies. (2003). "where to find information security policies - how to deliver them!".

Retrieved February 3, 2012 from http://www.network-and-it

securitypolicies.com/policies.htm