Case Study: Aircraft Solutions
Phase I - Aircraft Solutions
Table of Contents
Contents
Executive Summary
The purpose of this paper is to evaluate the computer security for Aircraft Solutions. When discussing computer security, the three main areas aspects of any computer-related system are confidentiality, integrity, and availability. Confidentiality determines the security or privacy of the system. Integrity refers to only the authorized users making changes to parts of the computer system. Availability means if someone has a requirement to get onto the computer they are not impeded in that facet. The main challenge in constructing any secure system is determining …show more content…
what will be the best course of action to secure the system. Aircraft Solutions provides hands on experience in all areas of aviation in addition to electronics, aerospace, commercial, and defense industries. Additionally Aircraft Solutions provides information on geographic, background information as well as architectural designs. Given the information derived, the main goal of this assessment is to identify possible vulnerabilities and develop solutions to protect Aircraft Solutions operations.
Company Overview
“Aircraft Solutions (AS) is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry.
Located in Southern California, Aircraft Solutions has a dedicated, trained workforce and maintains a large capacity plant and extensive equipment to meet customer requirements. Much of the equipment is automated to increase production while reducing costs. The company 's workforce has a large skill base: design engineers, programmers, machinists, and assembly personnel to work its highly-automated production systems.”(DeVry) Their mission is to determine the customers’ needs and provide “products and related services, and to meet cost, quality, and schedule requirements.” (DeVry) Given the amount of influence that Aircraft Solutions has in the Defense and Aerospace Industry, I will determine the best course of action to assist in their advancement of their hardware and policies of the hardware. Aircraft Solutions Business Process Management system is an end user design. This means customers, vendors, suppliers all collaborate with Aircraft Solutions to get the desired end product. “The Business Process Management also aligns internal business operations with IT support to maintain production in support of customer …show more content…
requirements.”(DeVry)
Two Security Vulnerabilities
There will always be security weaknesses in every system.
The problem comes in finding and fixing these problems. Depending on how big or small the weakness is determines how detrimental the risk is. After reviewing the infrastructure of Aircraft Solutions, I was able to determine that there were a few things that would put their system in a vulnerable state and potentially put their system at risk. The two areas where they are most vulnerable are the hardware and the policy. The first vulnerable area is the hardware of the firewalls that are not being used appropriately to protect the network against breaches in the networks architecture and hierarchy. Without the firewall in place it exposes the network (LAN) to any malicious internal as well as external attacks. These attacks can lead to the compromising of any of the company’s data.
The second vulnerability is the policies that are in place to evaluate the firewalls, routers and the personnel to maintain them. There should always be checks and balances with any system. This means you have two sets of personnel maintaining the system. One set of personnel on site, such as a security officer and an assistant security officer to maintain these controls. And the second set being from an outside vendor that would continuously monitor Aircraft Solution’s Systems regularly. This would deter any internal or external malicious attacks to the
system.
Recommended Solutions
To ensure you have the correct firewall in place, you need to make sure that you have the “inclusive firewall” as opposed to the “exclusive firewall”. The exclusive firewall allows all to come through the internet, minus the exceptions set up. The inclusive firewall allows only “services matching the rules through and blocks everything else.”(Firewall) This means you can control what goes onto the internet and what comes onto your network and servers from the internet.
Ensuring the policies are followed, I would encourage to not only have monthly refresher courses to ensure the policies that are in place are still correct, I would insist on the configurations be kept not only on site but at the third party vendor site. This would alleviate any possible confusion as well as alleviate only one person having access and control over the network. I would strongly recommend also having holes in the system to be addressed immediately so that moving forward, you will be able to determine where problems may arise and fix said problems in a timely and efficient manner.
Aircraft Solutions being proactive by monitoring the guidelines and rules set, will allow them to be forewarned in checking and monitoring their systems from both internal and external malicious intentions. By not being proactive in this endeavor, you run the risk of viruses getting into the system, with extensive costs, including running the risk of garnering bad publicity for the entire company by not being secure.
References
DeVry SE571 Course Project: Security Assessment and Recommendations. (n.d.). DeVry SE571 Document Sharing. Retrieved September 10, 2014, from http://www.devryu.net/re/DotNextLaunch.asp?courseid=10241230&userid=12242068&sessionid=dbba5017bc&tabid=S71LLgFvMAA+EU6nXb/EF4Zgga7/4KYnHfoCChhH7Jgt2h2X3yfUAYYvDY2WT67j&sessionFirstAuthStore=true&macid=cf0EsZLR53iruD5ESekqMeo/QYfuJhx2iX0JeF9gD8+aL/qdLhKCy
Firewalls. (n.d.). Firewalls. Retrieved September 10, 2014, from http://technet.microsoft.com/en-us/library/cc700820.aspx
Table of Contents
Contents
Executive Summary
The purpose of this paper is to evaluate the computer security for Aircraft Solutions. When discussing computer security, the three main areas aspects of any computer-related system are confidentiality, integrity, and availability. Confidentiality determines the security or privacy of the system. Integrity refers to only the authorized users making changes to parts of the computer system. Availability means if someone has a requirement to get onto the computer they are not impeded in that facet. The main challenge in constructing any secure system is determining …show more content…
what will be the best course of action to secure the system. Aircraft Solutions provides hands on experience in all areas of aviation in addition to electronics, aerospace, commercial, and defense industries. Additionally Aircraft Solutions provides information on geographic, background information as well as architectural designs. Given the information derived, the main goal of this assessment is to identify possible vulnerabilities and develop solutions to protect Aircraft Solutions operations.
Company Overview
“Aircraft Solutions (AS) is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry.
Located in Southern California, Aircraft Solutions has a dedicated, trained workforce and maintains a large capacity plant and extensive equipment to meet customer requirements. Much of the equipment is automated to increase production while reducing costs. The company 's workforce has a large skill base: design engineers, programmers, machinists, and assembly personnel to work its highly-automated production systems.”(DeVry) Their mission is to determine the customers’ needs and provide “products and related services, and to meet cost, quality, and schedule requirements.” (DeVry) Given the amount of influence that Aircraft Solutions has in the Defense and Aerospace Industry, I will determine the best course of action to assist in their advancement of their hardware and policies of the hardware. Aircraft Solutions Business Process Management system is an end user design. This means customers, vendors, suppliers all collaborate with Aircraft Solutions to get the desired end product. “The Business Process Management also aligns internal business operations with IT support to maintain production in support of customer …show more content…
requirements.”(DeVry)
Two Security Vulnerabilities
There will always be security weaknesses in every system.
The problem comes in finding and fixing these problems. Depending on how big or small the weakness is determines how detrimental the risk is. After reviewing the infrastructure of Aircraft Solutions, I was able to determine that there were a few things that would put their system in a vulnerable state and potentially put their system at risk. The two areas where they are most vulnerable are the hardware and the policy. The first vulnerable area is the hardware of the firewalls that are not being used appropriately to protect the network against breaches in the networks architecture and hierarchy. Without the firewall in place it exposes the network (LAN) to any malicious internal as well as external attacks. These attacks can lead to the compromising of any of the company’s data.
The second vulnerability is the policies that are in place to evaluate the firewalls, routers and the personnel to maintain them. There should always be checks and balances with any system. This means you have two sets of personnel maintaining the system. One set of personnel on site, such as a security officer and an assistant security officer to maintain these controls. And the second set being from an outside vendor that would continuously monitor Aircraft Solution’s Systems regularly. This would deter any internal or external malicious attacks to the
system.
Recommended Solutions
To ensure you have the correct firewall in place, you need to make sure that you have the “inclusive firewall” as opposed to the “exclusive firewall”. The exclusive firewall allows all to come through the internet, minus the exceptions set up. The inclusive firewall allows only “services matching the rules through and blocks everything else.”(Firewall) This means you can control what goes onto the internet and what comes onto your network and servers from the internet.
Ensuring the policies are followed, I would encourage to not only have monthly refresher courses to ensure the policies that are in place are still correct, I would insist on the configurations be kept not only on site but at the third party vendor site. This would alleviate any possible confusion as well as alleviate only one person having access and control over the network. I would strongly recommend also having holes in the system to be addressed immediately so that moving forward, you will be able to determine where problems may arise and fix said problems in a timely and efficient manner.
Aircraft Solutions being proactive by monitoring the guidelines and rules set, will allow them to be forewarned in checking and monitoring their systems from both internal and external malicious intentions. By not being proactive in this endeavor, you run the risk of viruses getting into the system, with extensive costs, including running the risk of garnering bad publicity for the entire company by not being secure.
References
DeVry SE571 Course Project: Security Assessment and Recommendations. (n.d.). DeVry SE571 Document Sharing. Retrieved September 10, 2014, from http://www.devryu.net/re/DotNextLaunch.asp?courseid=10241230&userid=12242068&sessionid=dbba5017bc&tabid=S71LLgFvMAA+EU6nXb/EF4Zgga7/4KYnHfoCChhH7Jgt2h2X3yfUAYYvDY2WT67j&sessionFirstAuthStore=true&macid=cf0EsZLR53iruD5ESekqMeo/QYfuJhx2iX0JeF9gD8+aL/qdLhKCy
Firewalls. (n.d.). Firewalls. Retrieved September 10, 2014, from http://technet.microsoft.com/en-us/library/cc700820.aspx