Home » Downloads » Omega Security’s

Omega Security’s

OMEGA Security

Management of Data and Knowledge section include Omega Security’s current use of data management systems problems and difficulties faced by Omega Security in regards to data management for Omega Security’s procedures for collecting, storing, managing, and updating data and types of knowledge management systems currently used by Omega Security.

Topics to cover is Omega Security’s use of the Internet  to include how Omega Security will be affected by the digital economy and what issues they need to consider in regards to doing business in the digital economy, current messaging and collaboration software and Web 2.0 technologies in use by Omega Security, and Omega Security ‘s use of e-commerce technologies.  This answer should be at least 2 pages.

 

PLEASE READ the INFORMATION below and write the answer to fit the question above.

Abstract

Today businesses and individuals who have been engulfed within information technology must understand that Intrusion detection is a self-describing term that is necessary. It suggests that detection is the key element that must be addressed regarding intrusions and the use of technology. Detecting an intrusion is the prerequisite to prevention, and if systems are to be used they must be protected for businesses and normal users, it is only through capable methods of detection that prevention can be accomplished. If prevention is the ultimate goal to security, then detection must be the starting point because knowing how a door is being opened is the only effective way we may learn to keep it locked. No user or business should operate blindly within an environment without having a security company that protects them from attacks.

The world is becoming an electronic field of challenges when it comes to security, and those who have the intentions to harm others have a new and assessable form of weaponry to infiltrate, attack, and lay waste to specific targets on a level never seen before. If you want to stop a thief before he breaks in and steals your belongings, it is mandatory that your home is secure enough where he cannot get in to do you harm. That being said, detection becomes the most vital part of providing security because it is the precursor to infiltration.

“Some automated tools for detection of unauthorized computer-system use (“intrusions”) are now available [Lunt, 1993], of which NIDES [Lunt et al, 1989] is a good example. These tools examine records of events in a computer system (“audit files”) or monitor events in real time. They do both “anomaly detection” (of statistically unusual behavior like 3 A.M. logins) and “misuse detection” (of suspicious event sequences like finding the password file and copying it). However, such automated tools require significant time and space resources and are not feasible on small computers. Also, no tool can be perfect since new threats constantly emerge and intruders learn to disguise old threats” (Rowe & Schiavo, 1998).

As the interconnect ability of computers increases, so does the likelihood of threats and intrusion. It is important to bear in mind that these new threats are raised each day and preparedness for detecting intrusion requires not only covering all bases, it also requires that all T’s are crossed and all I’s are dotted. It is the seemingly insignificant or the outside chance of access that leads to a poorly protected system. Intrusion detection means that all means, sensitive and less sensitive areas of access are considered, not merely the obvious or most difficult to break through. However, the intrusion detection system is based on discovering an intrusion, as it happens, or after the fact.

One such intrusion detection system, or IDS, is ‘Snort’. “Snort has developed into the security practitioner’s pocketknife. Snort is a tool that can be used for a variety of functions related to intrusion detection. Snort can be used as a sniffer, packet logger, or network intrusion detection system” (Koziol, 2003). Although effective IDS’s exist, they are useless if not working within a system, no matter how efficient they might be at detection. Therefore, utilizing a program such as Snort is a useful tool in intrusion detection, but only for the system, it is installed on. “It would not be appropriate to mention the use of Snort without also mentioning Sguil. Analysts monitoring a high-bandwidth link may put Snort on one platform, the Sguil database on a second platform, and the Sguil daemon on a third platform. Analysts conceivably have the opportunity to consolidate all client and server functions on a single platform” (Bejtlich, 2004).

One interesting point about intrusion detection is the Zero Day exploit. There is a lag so to speak between the time unauthorized access is gained, and the systems administrators discover that activity. Further still, is the lag between those times a solution is in place to correct any vulnerability that allowed the access. During that period, hackers utilize and exploit the vulnerability, as well as sharing the information with other hackers to allow them to exploit the window found to access a system. Simply stated, zero day indicates the exploitation of a systems security vulnerability on the day it is discovered. The goal of security professionals is to use all the tools provided to identify activity potentially indicative of zero day exploitation.

The intent of a security company should be to make machine data accessible across an organization and identify data patterns. It does this by providing metrics, diagnosing problems and providing intelligence for business operations. Splunk is a form of horizontal technology used for application management, security and compliance, as well as business and web analytics. Most enterprises struggle with being able to correlate information present within each of the devices present within a network. A successful security company would use a tool such as Splunk in order to data mine all the logs present within their customer’s network.

 

Boundary Level Infrastructure

All traffic entering or exiting the Omega Securities enclave will first be analyzed by the snort intrusion protection system (IPS). The rules used by the IPS will be vetted by a signature management team that works closely with the security analysts (Roesch, 1999). Operations managers will collaborate with each section to verify the integrity of traffic entering and exiting the network. IPS modification will be dynamic in that when traffic meets the criteria for being flagged it will be blocked until the activity has been investigated properly. Customer service representatives will be notified through a rule alert that identifies the block has taken place and the user requires notification. Again it would be inappropriate to mention the use of Snort without also mentioning Sguil. Analysts monitoring a high-bandwidth link may put Snort on one platform, the Sguil database on a second platform, and the Sguil daemon on a third platform. Analysts conceivably have the opportunity to consolidate all client and server functions on a single platform” (Bejtlich, 2004).

Network Forensic Solution

The use of a Fidelis Deep session inspection platform would also be used in conjunction with snort in order to provide an additional method for static and dynamic malware detection and analysis (Stephenson, 2011). The Fidelis SSL inspector will be leveraged in order to verify the encrypted traffic entering or exiting the network. The devices previously mentioned will be the first devices to take action of traffic from our customers. Customer service associates (CSA) will work closely will analysts when any traffic is deemed suspicious.

Enterprise Proxy Solution

The infrastructure that I propose to use will have a squid proxy that will be used to provide content filtering through the rules and policies present within the proxy. Use of categorizations already identified by Squid will be implemented to filter allowed and denied webserver communication. The IP addresses of each customer will follow a network address translation which is specified by the name of the company, its location, and device architecture. Customers and Analysts will benefit from the caching capabilities of the squid proxy which quickly negotiates web requests going outbound.

Enterprise DNS Solution

The use of OpenDNS servers would be used to allow for increased speed of customer browser DNS requests taking place. Omega Security would use the database provided by OpenDNS to provide a clean list of verified DNS servers to direct customer traffic. The OpenDNS server solution provided enhances the ability to track and manage DNS information going inbound and outbound from our customers. (Dyszel, 2011)

Enterprise Ticketing Solution

Omega Security provides a ticketing system which allows for enterprise support requests to be tracked using an open source solution. The Open-Source Ticket Request System (OTRS) allows for management of customer/employee inquiries to be tracked over a period of time (Vaswani, 2010). Middle Management will have the ability to look at all the tickets placed over a period of time and make decisions based on the level problems associated with services provided.

Enterprise Data-Mining Solution

The intent of any security company should be to make machine data accessible across an organization and identify data patterns. It does this by providing metrics, diagnosing problems and providing intelligence for business operations. Splunk is a form of horizontal technology used for application management, security and compliance, as well as business and web analytics. Most enterprises struggle with being able to correlate information present within each of the devices present within a network. A successful security company would use a tool such as Splunk in order to data mine all the logs present within their customer’s network. The configuration of Splunk allows for security administrators to feed logs from Snort, Fidelis, Squil, OTRS,

Host Based Security Solution

The main proposed host level security platform that will be implemented will be the McAfee Host Based Security Solution (HBSS). This tool will allow for all traffic to and from the host to be scanned at the packet level and then report to a centrally managed firewall policy on the HBSS console. This host solution allows for configuring and maintaining firewall policies on the network easier and less time-consuming. Logs from each host would be forwarded to a ePolicy Orchestrator (ePO) server which would allow for centralized management of security policies within each customer’s terminals (Shackleford, 2010).

Enterprise Security Manager

Omega Security would implement the use of the Open Source Security Information Manager (OSSIM). The use of OSSIM provides correlation of all the previously mentioned devices. It provides operations managers with the ability to prioritize security system information from each of the devices returning system logs. The use of a Security Information manager such as this allows for the capability to provide risk assessments by middle managers associated with making crucial decisions for enterprise security (Lorenzo, 2010).

Overall Focus

The solutions proposed are comprised of a mix of open source solutions and reputable companies to provide enterprise level security. Business managers will have the flexibility to market this package as a cost effective solution for businesses. Overhead costs associated for host forensic analysts will be reduced to the method used manage customer devices. The infrastructure costs associated with an enterprise SIM, proxy, dns, IPS will be significantly reduced through the use of open source tools.

 

………..Answer preview……..

Security is one of the major aspects that can influence the growth and development of Omega Security Agency. In nearly all organizations globally, Security Management is one of the considerable factors used to develop an organization effectively. The growth and development of information technology has influenced more than a few factors in the contemporary world…………

APA

648 Words