Sec571

Course Project Week 7

Principles of Information Security and Privacy, SEC571

Clarke Cummings

Keller Graduate School of Management

John (Jack) Michalek, Professor

Summary

The purpose of this course project is to support Aircraft Solutions in identifying the most significant Information Technology (IT) security vulnerabilities they may have overlooked while not only setting up their network, but also in its design and policy enforcement procedures. Aircraft Solutions products and services are at the forefront of the industry and the protection of their intellectual property and process are very important to their continued leadership within the industry. The vulnerabilities to be discussed are the firewall configuration, the virtual environment of their hardware, and defining security policies.

Company Overview

Aircraft Solutions, located in San Diego, California, and their Defense Division located in Orange County in the city of Santa Ana, California, develop and fabricate products and services for companies in the electronic, commercial, defense and aerospace industries. Aircraft Solutions’ company strategy is to offer low cost design and computer-aided modeling packages to companies and assist them through the lifecycle of their product in an effort to save money for the consumer with the end result of increased profits for their business. (Michalek, 2013)

Vulnerabilities

Hardware Vulnerabilities

Aircraft Solutions’ main corporate offices in San Diego, California, have been identified as being potentially insecure. A security assessment was run against their network design (see Figure 1 below), software and written policies which disclosed security weakness to the company's overall information systems. The system hardware infrastructure is comprised of five servers, one switch, two routers, and one firewall which are duplicated at the Orange County facility.

Figure 1. Current Network Design (Michalek, 2013)

The firewall at...