- Internal Code :
- Subject Code : INFT5029
- University : University of South Australia
- Subject Name : IT Computer Science
Enterprise Security Design and Implementation
Design
1. Context
Privilege Identity Management (PIM) is a domain in the IT infrastructure which are responsible in managing, monitoring and having accounting in the governance accounts related with the Enterprise. (Kobashi, et al., 2013) Usually the governance of the Privileged Identity is not done in the straighten way in the Enterprise. To ensure this safety and governing the accounts, PIM is used within the enterprise. (D, 2005)
The privilege management in this enterprise allows the Bastion host to remove the privileges of System Administrator. A benefit rise work process will be required whereby the Operations Manager will affirm time-boxed solicitations for root get to. (ZIN, 2006)
2. Conceptual Design
a. Requirements
The requirements of the PIM are listed below:
- The commands used to execute on the SSH session to be secured.
- Sys Admins can't associate legitimately from their workstations to a protected server.
- Sys Admins must demand authorisation from the Operations Manager before an SSH meeting can be set up to a protected server.
- A solicitation to get to a safe server must be temporarily (for example 10 minutes.)
- The Operations Manager must favour a period boxed solicitation for access to a protected server.
- Sys Admins associate with the protected server by means of Bastion.
- The Bastion approves the host authentication of the protected server.
- Validation among Bastion and secure host is by means of authentications. (W., 2006)
b. Assumptions
It is assumed that only 3 system administrators are connected to the Bastion Host. These are connected using a switch which enables to connect the different host to a single server using the parallelization of network.
We assume that there is equal network coverage to all the three system administrators from the Bastion Host. Initially, it is assumed that all the system administrators are privileged with the system access rights.
c. Constraints
Only a single cloud is connected to both the system end at the Operator management plan. There are only 2 Linux 7 centos server connected at that side. SSH Policy is used as the constraint to be used in-scope.
3. Logical Design
a. Bastion Host
Internet Cloud – The data of the enterprise is saved onto the Internet cloud.
Linux 7 centos Servers – It is highly secured data sever at the Operations Manager end.
Router – It enables to connect the Bastion Host (HarshiCorp – Vault) to the servers.
HarshiCorp Vault – It eliminates the Sysadmin’s Standing privileges.
Switch – It allows the multiple devices or to connect to a host.
Sysadmin – System Administrator host to access the data with the privileges.
b. Approval Workflow
Linux servers can access the Internet cloud to approve the data workflow. Bastion Host blocks the standing privileges of the system administrator to avers the data directly from the server.
c. Auditing
- Too much System Administrator do not have scope to connect into this network.
- It plans specifically for the data privileges at the system administrator end.
- No administrator with non-standing privileges can use the service. (Kadry, 2008)
Use Cases
1. Use Case
The sysadmin user cannot connect to secure01.
2. Use Case
The sysadmin logs into Bastion and requests approval to login to secure01.
The opsman approves sysadmin’s request.
The sysadmin can login to secure01 from Bastion.
3. Use Case
The sysadmin logs into Bastion and requests approval to login to secure01 for 10 minutes.
The opsman approves sysadmin’s request.
The sysadmin can login (SSH) to secure01 from Bastion (within 10 minutes.)
The sysadmin attempts to login (SSH) to secure01 after 10 minutes and access is denied.
References for Enterprise Security Design and Implementation
D, S., 2005. How the Windows Rights Management Service can Enhance the Security of your Documents. [Online] Available at: www.windowsecurity.com [Accessed 2020 06 14].
Kadry, S. &. K. S. &. H. W., 2008. Design and Implementation of System and Network Security for an Enterprise with World Wide Branches. Journal of Applied Sciences Research, Volume 4, pp. 1361-1370.
Kobashi, T. et al., 2013. Validating Security Design Pattern Applications Using Model Testing.. Regensburg, Germany, 8th International Conference on Availability, Reliability and Security (ARES2013).
W., S., 2006. Cryptography and Network Security. 4/E Prentice Hall, s.n.
ZIN, S. K., 2006. Performance parameters of wireless virtual private network. s.l., Master Thesis, Middle East University.
Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help