SANS Technology Institute

Implementing and Automating Critical Control 19: Secure Network Engineering for Next Generation Data Center Networks

SANS Joint Written Project Project Charter 1/7/2012 Aron Warren George halil

I!"le!enting an# Auto!ating Critical Control 1$% Secure Net&or' (ngineering )or Ne*t Generation +ata Center Net&or's

,ichael -oehl

Project Charter

Page 2 o) .

I!"le!enting an# Auto!ating Critical Control 1$% Secure Net&or' (ngineering )or Ne*t Generation +ata Center Net&or's

Project Charter
1.0 Background
Co!!unity Projects are re/uire# )or stu#ents o) the SANS Technology Institute 0STI1 ,aster o) Science #egree "rogra!2 This Co!!unity Project is a Joint Written Project 0JWP1 an# the assigne# to"ic is 3I!"le!enting an# Auto!ating Critical Control 1$% Secure Net&or' (ngineering42 An assign!ent scenario has 5een create# 5y Ste"hen Northcutt an# is "ro6i#e# 5elo&% GIAC Enterprises is a small to medium sized growing business (1,000 employees, two data centers, 200 people in central business and IT and is t!e largest supplier o" #ortune Coo$ie sayings in t!e world% T!e CI& calls you in "or a special tiger team pro'ect% GIAC !as recently decided to implement a (0G networ$ to implement t!e capacity to support mobile apps t!at deli)er "ortunes% A separate team is already wor$ing on ac*uiring t!e tec!nology to establis! monitoring so t!at is outside t!e scope o" t!is assignment% +our assignment is to design build t!e networ$ "or t!e ne,t generation networ$% T!e CI& wants t!is to be in alignment wit! t!e 20 Critical Controls, especially control 1-% GIAC does not want to add many people to t!e wor$"orce, so solutions t!at can be automated are top priority%

2.0 Objective
Present technical a""roaches to i!"le!ent an# auto!ate sa)eguar#s &hich are consistent &ith control 1$% 3Secure Net&or' (ngineering4 o) the SANS T&enty Critical Security Controls )or ())ecti6e Cy5er +e)ense2

3.0 Requirements
The )ollo&ing are re/uire!ents )or this "roject% Create an# "resent pro ect plan )or a""ro6al2 0Project "lan !ust #escri5e &ho is going to #o &hat "art o) the &or'7 ho& long tas's are e*"ecte# to ta'e an# sche#ule2 JWP tea! has . calen#ar #ays a)ter they recei6e the assign!ent to co!"lete "lan12 Con#uct researc! an# i#enti)y technical a""roaches that auto!ate as !any o) the sa)eguar#s as "ossi5le )or 80G (thernet net&or's an# 5e consistent &ith control 1$ o) the 20 critical controls2 95tain feed"ack from earl# adopters o) 80G (thernet net&or's to learn a5out "ractical "it)alls an# "ro!ising solutions2 Author presentation 0generally it is 10 Po&erPoint content sli#es &ith Notes12 Author w!ite paper containing researc! and recommendations "or areas assigned% T!e w!ite paper must detail t!e tec!nical approac!es and any additional tec!ni*ues de)eloped% T!e paper must be compre!ensi)e enoug! t!at organizations can use it as a re"erence to strongly lower t!eir ris$ by incorporating control 1-% JWP tea! has :0 #ays to co!"lete assign!ent a)ter "roject "lan has 5een a""ro6e#2

4.0 Approach and

i!estones

The tra#itional &ater)all !o#el &ill 5e use# to a#6ance through the "roject "hases "ro6i#e# 5elo&2s Project !ilestones an# target co!"letion #ates are "ro6i#e# 5elo&2

Project Charter

Page : o) .

I!"le!enting an# Auto!ating Critical Control 1$% Secure Net&or' (ngineering )or Ne*t Generation +ata Center Net&or's

$ilestone Initiation Present Project Plan )or A""ro6al &esearc! and Anal#sis In6estigate technologies I#enti)y an# inter6ie& (arly Custo!er A#o"ters;<A=s;,anu)acturers o) 80G In6estigate authoritati6e sources )or secure net&or'ing 0e2g27 SANS7 CIS7 <en#ors7 etc21 =esearch in)rastructure u"#ate/!aintenance/-A i!"act an# o"tions De'elop Design()uild %ec!nical Approac!es >inali?e technical a""roaches in sco"e )or &hite"a"er )uild *Aut!or Documents+ >irst #ra)t o) &hite "a"er co!"lete# ,A White "a"er )ee#5ac' )ro! S"onsor recei6e# -roduction Implementation >inal 6ersion o) &hite "a"er co!"lete# >inal 6ersion o) "resentation co!"lete# -ro ect Close JWP a#!inistrati6e tas's co!"lete# an# gra#ing 5egins

%arget Date 1/$/2012 1/20/2012 1/20/2012 1/20/2012 1/20/2012 1/21/2012 1/2:/2012 1/2@/2012 1/2$/2012 2/./2012 2/10/2012

.ecurring one !our c!ec$point meetings are sc!eduled (10/0012 E3T 4ednesday in addition to wee$end collaborations%

".0 #roject

anagement #rotoco!

The "roject in)or!ation syste! is (*cel2 Project arti)acts &ill 5e store# in +ro" Ao*2 Project "er)or!ance an# "ro#uct #e"loy!ent "rogress &ill 5e re"orte# &ee'ly 6ia e!ail to s"onsor an# sta'ehol#ers2 =ecurring &ee'ly chec'"oint !eetings &ill also 5e hel# &ith "roject tea!2 Project s"onsor an# sta'ehol#ers &ill !eet &hen there is an issue re/uiring !anage!ent attention2 Issues ha6ing a !aterial i!"act on "roject sco"e or "rogress &ill 5e escalate# to the "roject s"onsor 6er5ally an# 6ia e!ail2 No )or!al "roject ris' !anage!ent syste! &ill 5e use#2 Project change control re/uests &ill 5e authori?e# 5y the "roject s"onsor 6ia e!ail2 No )or!al "roject change !anage!ent syste! &ill 5e use#2 Planne# resources an# le6el o) e))ort to co!"lete tas's &ill 5e i#enti)ie# #uring initiation "hase2 Actual use o) resources an# associate# le6el o) e))ort &ill 5e trac'e# in)or!ally &ithin the "roject "lan2 No )or!al ti!e re"orting &ill 5e use#2

$.0 %e& Resources

A colla5orati6e e))ort 5et&een !ulti"le IT tea!s &ill 5e re/uire# to a#6ance this "roject2 the "roject are liste# 5elo&2 =ole S"onsor B STI Presi#ent Sta'ehol#er B +ean o) A#!issions C Stu#ent Ser6ices ey =esource B Stu#ent ey =esource B Stu#ent ey =esource B Stu#ent ey =esource B (arly A#o"ter o) 80G Net&or' ey =esource B <en#or o) 80G Net&or' Technology Project ,anager ey resources to a#6ance Na!e Ste"hen Northcutt +e55ie S6o5o#a Aron Warren George halil ,ichael -oehl TA+ Grace Ng Aron Warren

Project Charter

Page 8 o) .

I!"le!enting an# Auto!ating Critical Control 1$% Secure Net&or' (ngineering )or Ne*t Generation +ata Center Net&or's

'.0 Risks and Assumptions

380G net&or'4 re)ers to 80 Giga5it "er secon# s"ee# (thernet net&or's inten#e# )or !o#ern #ata centers2 =e!aining critical security controls can 5e re)erence# in &hite "a"er7 5ut no ela5oration is re/uire#2 Actual co!!ercial 6en#or "ro#ucts are to 5e "art o) research an# inclu#e# in technical #iscussion2 =>D )or syste! integrator consultant or consulting )ir! is not in sco"e2 Secure Net&or' (ngineering inclu#es integration o) security controls necessary to sustain in)rastructure2 Co!!on 5usiness "rocesses 0e2g27 -=7 >inance7 Procure!ent7 etc21 are not in sco"e2 The "ri!ary )ocus is to "ro6i#e technical gui#ance associate# &ith an in)rastructure that ser6ices !o5ile a""lications o6er the Internet2 Technical a""roaches are to inclu#e integration &ith/ 2anaged 5ecurity 5er)ices 1ro)iders, 626 connections, ands traditional in"rastructure ser)ices (e%g%, tape bac$7up, 385, patc!ing, con"iguration management, etc% The state!ent% 9GIAC does not want to add many people to t!e wor$"orce, so solutions t!at can be automated are top priority%:, is to be interpreted as including tec!nology, outsourcing o" recurring operations duties (e%g%, 2551 and centralized management o" in"rastructure (e%g%, patc!ing, con"iguration management, I35 signature updates, etc% % 3(*ternal "artnershi"s4 inclu#e custo!ers o) 80G technology or ser6ice "ro6i#ers that ha6e recently incor"orate# 80G technology2 (Eco!!erce is in sco"e as GIAC (nter"rises &ill nee# to acce"t "ay!ent )ro! a 6ariety o) custo!ers 0e2g27 )oo# !anu)acturers7 &holesalers7 etc212 (E)ortune coo'ie ser6ice is a6aila5le to retail custo!ers to ha6e a )ortune sent to their s!art"hone #aily2 InterEsite +ata Center co!!unication is out o) sco"e2 +isaster =eco6ery is out o) sco"e2 +elay in res"onse to stu#ent /uestions/concerns Fn"lanne# a5sence #ue to e!"loyer or )a!ily o5ligations

(.0 )ocument Revision *istor&

Document Name +=A>T E 80G Project Charter 62012#oc +=A>T E 80G Project Charter 62022#oc +=A>T E 80G Project Charter 620:2#oc +=A>T E 80G Project Charter 62082#oc =ena!e# to >INAG E 80G Project Charter 6 1202#oc .ersion >or!atting +ra)t 0202 +ra)t 020: +ra)t 0208 >inal 120 Date 1/@/2012 1/7/2012 1/7/2012 1/7/2012 1/7/2012 Aut!or ,ichael -oehl ,ichael -oehl ,ichael -oehl Aron Warren Aron Warren

Project Charter

Page . o) .