Crypto Security Architecture Exercise
Crypto Security Architecture Exercise
Scenario
You work for the Apex Trucking Company. This is a firm that moves materials for
clients all over North America and Europe. The leadership of the company has no real
knowledge of technology, but wants to use encryption to protect the information the
company has. The information to be protected consists of future marketing plans for the
company, financial data, employee records, customer records, and customer shipping
date.
The company wants the capability to securely allow customers to track their orders in real
time from their origin to their destination on-line over the Internet. The information that
is to be supplied to customers is tracking number, location of shipment, size of shipment,
value of shipment, and estimated time of arrival as well as the customer contact
information for this shipment.
While this information can be made available from a central server, the marketing groups
in Europe, Mexico and Canada need management access to the data to enter new
shipments and change orders before they ship.
The company currently is using desktops running Windows XP and Windows based
servers. There are only passwords used for security, and a firewall, but no encryption to
protect the information.
The project is to provide the above capability securely using encryption, as well as
providing additional security to the company via encryption. You will need to address
new technology, the reasons and costs behind your choices, and what policy and legal
implications there are to your encryption solution
There is at least one marketing group in Mexico, Germany, and Canada, as well as three
in the US. The company is based in New York. It is important that customers can rely
on the shipping data being accurate, and from the company.
You’re assigned this crypto architecture project.
Configuration
The current configuration has one server acting as a firewall and web server. This server
is directly attached to the Internet.
There is a database server behind the firewall, as well as a separate server for HR and
marketing. The marketing server needs to be securely accessed by the marketing teams.
They also need to access the database server through an Internet connection to manage
data and display reports.
All databases use MySQL and are currently not secured.
Constraints
Your tasking is crypto architecture. The normal replacement of computers is done on a
rotating schedule. It is outside the scope of your project to plan for the replacement of
computers. Your architecture should work with the computers you have. You may
consider the replacement of equipment if an upgrade or new equipment would be critical
to the crypto architecture.
Specific Tasking
You have been specifically tasked to do the following things and develop a complete and
sound crypto architecture. Remember, the president is very knowledgeable about
cryptography and wants lots of details about how you are going to implement the
encryption.
1. Describe in detail what new cryptographic systems you are going to propose, how
they work, and how they will enhance security. Be specific about these systems
weaknesses and how you plan to compensate for the weaknesses.
2. Describe and explain the impact the new cryptographic security architecture will
have on the current security features and how this impact will be mitigated.
3. What new issues will arise as a result of implementing the new cryptographic
solutions and what are the arguments on either side of these issues?
4. Show a clear and detailed understanding of the existing encryption being used
such as passwords, and operating encryption features not being used and whether
you plan to use these or not, and if not why not.
5. How well will all these new cryptographic features work together? Identify any
areas of concern, and how you propose to resolve conflicts and issues.
6. What if any current security features can be eliminated cost effectively by the new
crypto architecture?
Have fun!