Security Architecture and Plan for the Federation University Australia

Question: Discuss the security architecture and plan for the Federation University Australia. Answer: Introduction Federation University, Australia is one of the prime universities of the country with an approximate count of over 23,000 international and domestic students along with the staff members. The University has its base in Ballarat with several other campuses in Australia. There are a number of departments in FedUni as marketing, business, human resources, training and education, finance, health, housing, quality assurance, IT security, IT help desk and research and development. Every single department deals with sensitive and confidential pieces of information and protection of the same is of prime importance. Security Controls CIA Triad It is necessary to protect the three components of this triad to have an effective security mechanism in place. CIA Triad Confidentiality Confidential information is something that requires a high degree of protection and any damage to the same may result in adverse impacts. For instance, the informationr elates to exam papers and student results is confidential in nature for the university and must be kept private with security. Integrity It refers to the authroized modification of the information at all the sources. Any unwanted or unauthorized modification to information may lead to a huge damage to the information. Such as, if the exam paper is changed at one campus by unauthorized means and not at other locations, it would lead to violation of information integrity. Availability It must be possible for the users to access the university information at all places and at all times. It also means to keep all the components in the infrastructure such as hardware, software and the network up and running at all times so that the services are not hampered in any which way [1]. Types of Controls Types of Security Controls Technical Controls Access Control Lists (ACLs) There are different user accounts that are associated with the univeristy such that for full-time students, part-time scholars, distant learners and staff. Accesses and privileges that are provided to each of the user type is different in nature and the same must be managed well such that there are no unauthroized accesses granted to any user. Strong access methods such as combination of user id and password along with an alert to the mobile phones must be set up as credentials to enter the system [2]. Encryption All the univeristy owned devices such as computers and mobile devices should be fully encrypted to avoid the possibility of any attack. Encryption Process Identification and Authentication There must be a limit set up on the number of attempts that are allowed to enter a system. Authentication servers must be efficient enough to detect and prevent the attacks. Audit Trails These must be set up to record all of the activities to provide aid in the inrusion detection system [3]. Physical Controls Security Guards These must be put up at all the entry and exit points of the univeristy at all the campuses located country wide. Identity checks and cards While entering or exiting the campus or a secure area such as a laboratory or library, every member should be allowed to enter and exit only at a swip in/out of a unique identity card issued by the university at the time of admission. Motion Alarms If any intruder tries to enter the campus or a protected area in the campus through unauthorized means, these alarms must get activated by detecting the motion. Closed-circuit Surveillance Cameras These camers must be put up at different locations in all the campuses to keep a track of all the activities that happen [4]. Administrative Controls Training and Awareness The users must be kept up to date with all the security policies and mechanism that have been implemented. Disaster recovery plans There might be incidences of attacks in spite of the tightest of the security and the management should put forward a mechnism in place to recover the losses in a quick turnaround time. Incident Response plan Same is with the response that must be provided in case of an incident. There must be a plan in place to deal with the same. Personnel Recruitments Strategies These strategies must be kept in place to have the proper recruitment procedure in place for all the campuses [5]. Reasons for using the controls Protection through Security Controls These security control are necessary for the organization in order to: Protect the confidentiality of the information and provide the high degree of protection to maintain the same and prevent the attacks that may hamper the confidentialty of the system. Maintainenace of integrity of the information as the technical, physical and administrative controls would make sure that there are no unwanted modifications done on the system or any component of the same. Keep the information available at all the times by protecting it from the various sources of attacks and intrusion. Keep the system free from malicious code and software such as worms, trojan horses, bombs and viruses. Prevent the network attacks such as man-in-the-middle attacks, denial of service and distributed denial of service. Keep a track of any malicious insiders present in the system and also to minimise the inadequate due diliegence with the help of administrative controls. Risk Mitigation There are a number of risks that may occur for the university which are as described below: Financial Risks It alludes to conceivable changes to the financial estimation of riches on account of varieties in real money adjusts (that is, liquidity) or in assets. Operational Risks These are maybe the most vital and far reaching wellspring of non-money related danger and as needs be is the main type of non-monetary danger against which banks are unequivocally required to hold capital. It grasps the dangers emerging from the disappointment of frameworks, controls or individuals [6]. Security Risks There can be risks associated with the security and provacy of the information such as attack of malicious progrmas, denial of service attack, data breach, data loss and man in the middle attack. Natural Hazards These are the risks that may arise out of natural calamities and hazards and may cause damage to the property and in severe cases to the human resources as well [7]. There are some of the risks such as failure of delivery by the supplier, curriculum risks such as those arise in the ciriculum activities and workplace violence which may result in serious damages. These can be tackled with the help of effective incident response and disaster recovery mechanisms installed in the campuses. Incident Response Planning There might be incidents of severe damages that may take place in the university. For instance, there might be an event wherein there is a violence between the students over a matter. In such a scenario, the incident must be reported to the staff and the higher authorities. Also, there could be failute of network in a particular campus. In such a case, the matter must be reported to the network team and administrator to resolve the same in quick time [8]. Disaster Recovery Planning The functioning of the university is largely dependent upon the virtual networks and information technology. There may be events of attacks such as those of viruses and worms which may wipe out the entire database. A timely backup should be taken as per the disaster recovery technique to restore the database to its orginial form in a rapid turnaround time [9]. Business Continuity Planning This is an area that concerns the continuity of the business and its operations and performs an impact analysis to get an insight to the same. Gap analysis is one of the prime function of this planning which points out the gaps between the recovery and requirements capabilites [10]. HIDS and NIDS Host Based Intrision Detection Systems popularly known as HIDS alludes to interruption discovery that happens on a solitary host framework. As of now, HIDS includes introducing an operator on the nearby host that screens and reports on the framework design and application action. Some basic capacities of HIDS frameworks incorporate log examination, occasion relationship, uprightness checking, approach implementation, rootkit recognition, and alerting1. They regularly likewise can gauge a host framework to identify varieties in framework setup. In particular seller executions these HIDS specialists additionally permit availability to other security frameworks [11]. Host Based Intrusion Detection System (HIDS) Network based Intrusion Detection System (NIDS) on the other hand, looks for a suspicious activity or movement on the system. It is possible to set up a NIDS on the entire server to detect any of the unwanted activity or to set this up for specific parts of the server which are more probable and open to such attacks. It is also possible to filter the framework records with this system and to have the information handy in a separate section to look at the same later on. Any changes are quickly judged with the help of an efficient NIDS set up and the records log is also seen to match up any activity to detect the possibility of intrusion. The approach that is followed by this specific type of intrusion detection is pro-active in nature rather preventive or defensive. These are capable of detecting the real time detection as well. Network Based Intrusion Detection System (NIDS) There are a number of striking differences between the two intrusion detection systems as: Point of Difference HIDS NIDS Protection off the LAN Provides protection Does not provide protection Versatility More versatile Less versatile Price More affordable Price range is usually high Training Less training is required More training is required Bandwidth Requirements Does not use LAN bandwidth Uses LAN bandwidth Network Overhead Less High usually double Spanning port switching requirements Not required Required Cross platform compatibility Less compatible More compatible Local machine registry scans Allows Does not allow PAN scan Allows Does not allow Packet rejection Does not allow Allows Central management Less centrally managed More centrally managed Disable risk factor Lower Higher Single point of failure Multiple LAN detection nodes More comprehensive Less comprehensive Differences between HIDS and NIDS In the event that taking a gander at HIDS or NIDS guarantee that one must discover a seller that has great specialized reinforcement and that has the example documents gushing out when there are new vulnerabilities discharged into the wild much like an antivirus application. On the off chance that there is LAN transmission capacity limitations it is exceptionally doable to take a gander at a HIDS. On the off chance that cost is an issue some NIDS arrangements are significantly more costly when contrasted with a HIDS arrangement as there is a capital expense on the equipment and a few merchants charge extensively more for the product [12]. Signature Based Detection This is the detection system that is more along the lines of interruption identification than firewalls. Be that as it may, numerous individual firewalls and some corporate firewalls contain this usefulness. Basically, the framework can be designed to search for particular examples, known not pernicious, and hinder the movement. All together for this strategy to be successful, the signatures must be redesigned consistently. Generally as new infection dangers are discharged frequently, making the requirement for signature redesigns, new dangers against the hosts are found consistently. Upgrading signatures requires an instrument pretty much as signature overhauls for antivirus programming requires a component. The significant point of interest to this technique lies in the way that it can piece assaults notwithstanding when the principle set would permit the activity. In the case of giving administrations, for example, a Web webpage, then one must permit activity for that administrati on into the PC. As opposed to being helpless before each bundle bound to port 80, with an item that can identify particular assaults, it is realized that one is shielded from known noxious activities [13]. Anomaly Based Detection This one is situated in light of characterizing the system conduct. The system conduct is as per the predefined conduct, then it is acknowledged or else it triggers the occasion in the anomaly location. The acknowledged system conduct is arranged or learned by the particulars of the system heads. The critical stage in characterizing the system conduct is the IDS cycle capacity to slice through the different conventions at all levels. The Cycle must have the capacity to prepare the conventions and comprehend its objective. In spite of the fact that this convention examination is computationally costly, the advantages it produces like expanding the guideline set aides in less false positive cautions. The real disadvantage of anomaly recognition is characterizing its principle set. The productivity of the framework relies on upon how well it is executed and tried on all conventions. Principle characterizing procedure is additionally influenced by different conventions utilized by differ ent sellers. Aside from these, custom conventions additionally make standard characterizing a troublesome employment. For identification to happen accurately, the itemized information about the acknowledged system conduct should be produced by the managers. Be that as it may, once the standards are characterized and convention is fabricated then anomaly location frameworks functions admirably. In the event that the pernicious conduct of the client falls under the acknowledged conduct, then it goes unnoticed. A movement, for example, catalog traversal on a focused on powerless server, which follows system convention, effortlessly goes unnoticed as it doesn't trigger any out-of-convention, payload or data transfer capacity impediment banners. The significant favorable position of anomaly based location over signature-based cycles is that a novel assault for which a signature does not exist can be recognized in the event that it drops out of the typical movement designs. This is watche d when the frameworks distinguish new robotized worms. On the off chance that the new framework is contaminated with a worm, it as a rule begins filtering for other defenseless frameworks at a quickened rate filling the system with noxious movement, along these lines bringing about the occasion of a TCP association or transmission capacity variation from the norm principle [14]. References [1]C. Bradford and C. Bradford, "Why the CIA Triad Is the New Standard For Information Security - StorageCraft Technology Corporation", StorageCraft Technology Corporation, 2015. [2] Lancaster, 2016. [3] Moct.gov.sy, 2016. [4]"Security Controls", Access.redhat.com, 2016. [5]"Security Controls for Computer Systems: Report of Defense ScienceBoard Task Force on Computer Security - RAND Report R-609-1 | RAND", Rand.org, 2016. [6]"Understanding and managing risk", OpenLearn, 2016. [8] Sans.org, Sans.org, 2016. [Online]. [Accessed: 02- Jun- 2016]. [9]"How to write a disaster recovery plan and define disaster recovery strategies", ComputerWeekly, 2016. [Accessed: 02- Jun- 2016]. [10]"Business Continuity Plan | Ready.gov", Ready.gov, 2016. [Online]. [Accessed: 02- Jun- 2016]. [11]"SANS - Information Security Resources", Sans.org, 2016. [Online]. [Accessed: 02- Jun- 2016]. [12]R. Magalhaes, "Host-Based IDS vs Network-Based IDS (Part 1)", WindowSecurity.com, 2003. [Online]. [Accessed: 02- Jun- 2016]. [13]L. Yeo, "Signature-Based Detection | Choosing a Personal Firewall | InformIT", Informit.com, 2016. [Online]. [Accessed: 02- Jun- 2016].