Security Planning for Global Data Organization

Question: Discuss about the Security Planning for Global Data Organization. Answer: Introduction The report includes the security planning of the network structure designed for Global Data in Australia. The project is already partially implemented as per the checklists and relevant IP allocation process (Aldribi, Traore and Letourneau 2015). The network architecture requires a proper security planning to ensure scalable communication and data storage in Global Data. The project is incorporated with essential Gantt chart along with several activities to setup the entire project, according to the allocated timeline. The security requirements are included along with best practices of maintaining the secure data transmission (Damenu and Balakrishna 2015). The network components are identified with the network architecture following the specific IP addressing. Network Components Figure 1: Network Architecture (Source: Created by author) The network architecture is designed as per the office floor planning and basic blueprint of each store requirements. The included components are presented under the table: Components Specifications Purpose Hypervisors GDhvSRV001 Hypervisor for Primary DC and DFS1 GDhvSRV002 hypervisor for Secondary DC, VOIP, DFS2 GDhvSRV003 Hypervisor for Web GDhvSRV004 Hypervisor for Mail Server and Media Server Virtual Machines GDdc1SRV001 Primary DC GDfl1SRV002 Primary DFS GDexSRV003 Mail Server GDmdSRV004 Media Server GDdc2SRV005 Secondary DC GDvpSRV006 VOIP GDwbSRV007 Web Server GDfl2SRV008 Secondary DFS Devices GDfwRTR001 LAN, WAN, for Web server GDvSW001 Physical NIC on 192.168.1.1 Hypervisor GDvSW002 Physical NIC setting GDvSW003 Mode access GDvSW004 Mode access GDpSW001 Physical Switch with POE with 1 vLAN Workstations GDraWS001 Remote Access via Vsphere, VPN, Putty, Table 2: Network Components (Source: Created by author) Security Risks The risks that are depicted under this section are basically attached with every network component in any architecture. The inherent problem is identified as lack of operational logs in auditing trails that enables the services with shallow operation mechanisms (Kim and Jeon 2016). The mechanisms may include the hyper-calls; the enforcement of any hypervisor is very crucial and difficult work. Most of the enterprises avoid the hypervisor incorporation because of infeasible yet risk-intensive applications. In any virtual network, the penetration testing and scanning rather than only setting the physical implementation is quite difficult (Lim et al. 2015). Again, these essential and proactive functions are essential for setting a hypervisor setting. The primary focus is put forward with setting the performance and hypervisors are hardened in security aspects. The performance expectations are from physical machines without holding up the similar machine tools hosting multi-tenant services in case of scalability (Lincke 2015). The hypervisor security is relevant for remembering the security risks and vulnerabilities. The security risks are mostly in open server network with potential exploit of code flow on other platforms. Again, the mail and data servers required to be set up without sharing any default permissions (Neystadt, Fitzgerald and Verny 2015). The potential and unwanted security issues mainly the client face as stolen, lost, or corrupted files under the DC architecture. Security Planning The security planning is required to be implemented in order to serve the architecture with natural yet processed data within the region of network. The hypervisor security planning required to follow systematic steps as following: Hyper-call risks and privilege escalation issues: The exploit of security under the hyper-call setting includes the methods as buffer overflow. The exploit system calls are made from the virtual machines to the hypervisor resulting in buffer overflow (Somani, Gaur and Sanghi 2015). The virtual machines should consider the hardened security systems with preventing this vulnerability. The VMs should access the hyper-call property with preventing the necessary privilege escalation that is mitigating the attackers to gain access of it. There are certain add-ons to incorporate the hyper-call security. The network threat management is suitable process here. Segmentation of duties: The duties must be divided under the compliance requirements in Information Technology setups. The privilege escalation can be minimized with planning legitimate access to the administration domain (Bleikertz et al. 2015). The division of duties may raise some issues as conflicting the instruction / policies. The virtual machines would face such situations in terms of mis-configuration of hypervisor. Performance calibration and planning requirements: The planning requirements are important for security settings for unusual allocation of resources under the process layers of the virtualization setup (Neystadt, Fitzgerald and Verny 2015). The single-core security setup can be used for ensuring the smooth functions in security layers. Dealing with clusters: The clusters of physical addressing in virtual setup require bigger complexities with multiple risks. The multiple physical machines run with virtual environment in hypervisor (Lim et al. 2015). The security solutions may be validated with compatible clustering solutions for effective hypervisor security controls. The least security areas, most importantly the configuration of file server with proper connectivity is required (Kim and Jeon 2016). The considerable security planning steps for virtual and physical machines are to be included underneath: 1. Ensuring the physical security of the servers 2. Making schedules for the baseline security on the server operating systems and the services (Aldribi, Traore and Letourneau 2015) 3. Planning essential anti-virus or malware installation for protecting the servers 4. Setting access plan for shared and unshared files and folders including the share permissions 5. Incorporation of Encryption File System (EFS) 6. Planning for Distributed File System (DFS) and Replication Service (RS) security techniques (Damenu and Balakrishna 2015) 7. Planning for suitable audit services These are the primary security planning requirements in this context. However, most security vulnerabilities lie in password setting. Therefore, the password should be secured and long-keyword based as well. Conclusion The hypervisor security is relevant for remembering the security risks and vulnerabilities. The virtual machines should consider the hardened security systems with preventing this vulnerability. The privilege escalation can be minimized with planning legitimate access to the administration domain. The single-core security setup can be used for ensuring the smooth functions in security layers. The security solutions may be validated with compatible clustering solutions for effective hypervisor security controls. Incorporation of Encryption File System (EFS), planning for Distributed File System (DFS) and Replication Service (RS) security techniques are generally identified as most important in this report. Planning for suitable audit services are accounted in Global Data for monitoring the entire security process. References Aldribi, A., Traore, I. and Letourneau, G., 2015, August. Cloud Slicing a new architecture for cloud security monitoring. In Communications, Computers and Signal Processing (PACRIM), 2015 IEEE Pacific Rim Conference on (pp. 18-22). IEEE. Bleikertz, S., Vogel, C., Grob, T. and Modersheim, S., 2015, December. Proactive security analysis of changes in virtualized infrastructures. In Proceedings of the 31st Annual Computer Security Applications Conference (pp. 51-60). ACM. Damenu, T.K. and Balakrishna, C., 2015, September. Cloud Security Risk Management: A Critical Review. In Next Generation Mobile Applications, Services and Technologies, 2015 9th International Conference on (pp. 370-375). IEEE. Kim, J.N. and Jeon, Y.S., 2016. Implementation of Domain Separation-based Security Platform for Smart Device. International Journal of Applied Engineering Research, 11(10), pp.7017-7019. Lim, K.S., Park, S.W., Kim, J.N. and Lee, D.G., 2015. Functional considerations in military-grade security platform using a mobile hypervisor. In Computer Science and its Applications (pp. 1413-1418). Springer Berlin Heidelberg. Lincke, S., 2015. Planning for Network Security. In Security Planning (pp. 135-158). Springer International Publishing. Neystadt, J., Fitzgerald, R.E. and Verny, L., 2015. Security virtual machine for advanced auditing. U.S. Patent 8,955,108. Somani, G., Gaur, M.S. and Sanghi, D., 2015. DDoS Protection and Security Assurance in Cloud. In Guide to Security Assurance for Cloud Computing (pp. 171-191). Springer International Publishing.