Securing the Future Insights from an Information Security Masters Journey

In my master's degree program, I gained extensive knowledge about information security. There are many subjects and topics in information security, such as Cybersecurity,  network security, application and data security, vulnerability assessment, governance, risk management, compliance, etc. More importantly, it is vital to understand the foundation of security that requires the CIA Triad.

The CIA Triad consists of Confidentiality, Integrity, and Availability. It serves as a reminder that data must be correct and must be unaltered (integrity), kept private (secured from unauthorized access), and accessible to authorized users (availability).

Security is Everything

Security is crucial in the digital age we live in today. In our modern society, protecting information is essential to upholding integrity and confidence. Cyber-attacks are becoming more complex and are aiming at weaknesses in every industry. For instance, the absence of following the proper security procedures when accessing the production server environment carries a serious risk of exposing confidential information and disrupting business operations. Well-configured security protocols are necessary to protect data, guarantee confidentiality, and facilitate secure, effective operations. Our approaches to security must change along with technology, making it an essential part of both our personal and professional lives. This piece of knowledge motivated me to focus on developing innovative security solutions for my capstone project.

My Biggest Challenge: Securing the Core

During the creation of my capstone project for my master's degree, it tested my abilities and was challenging. One of the challenges in preparing my proposed capstone project is securing the PuTTY sessions when users access the production environment.

In my capstone project, the current system lacked appropriate user management in several ways. Among these shortcomings were:

• Unrestricted Root Access: Certain users had unrestricted root access to the production environment. Even if they needed this level of access for valid reasons, granting such powerful privileges without adequate protection is extremely risky. Users with root access can make significant system modifications, inadvertently executing scripts or commands in the server terminal.
• Unrecorded Sessions: Once users accessed the production environment, their sessions were not recorded due to the lack of session recording. This issue makes it challenging to investigate user activity in the server terminal and hold users accountable.

The identified issues mentioned above create a significant security vulnerability. The solution I need for this problem is to address user management, secure sessions, and implement an Audit Trail System—all of which will enhance the user-friendliness of my proposed system.

My Solution: A Secure and Integrated Approach

In my capstone project, I identified several specific approaches to address the security vulnerabilities in the existing system. One option involved creating automated scripts for each access session. However, managing scripts for over 50 servers would be impractical. Another alternative approach requires using a third-party program for session monitoring.

As illustrated in the diagram above, my solution involved a central Monitoring and Controlling System (MCS) that users would access before connecting to the production environment. This approach functions similarly to a jump server, as explained on JumpServer. The JumpServer is an open-source Privileged Access Management (PAM) that provides the needs of IT operation within secure access such as SSH, RDP, and Database endpoints through a web browser. With this, I started to create a system similar to the jump server setup. Notably, building the MCS in-house meant no additional software costs. The essential advantage of developing our own MCS lies in its inherent flexibility. Without relying on third-party programs, we could freely improve and personalize features. The MCS provides a fully customized system that requires constant maintenance.

The Secure WebTerminal: Enhancing Security and Usability

To further enhance both security and user experience, I implemented a WebTerminal directly within my system. This solution enables users to connect to the server host via a web browser. Once the user completes their session, all activities are logged automatically in the Audit Trail System I created. This approach provides robust security by centralizing access and monitoring, facilitating the user experience with a browser-based terminal. In addition, it enables work efficiency for security and operations.

The following GIF below shows the Webterminal on how the user interacts on the host server.

The user is accessing the WebTerminal through the MCS Web Application I made.

Once connected, users can verify available storage and memory by running commands like df -h for disk space and free -h for RAM.

Next, in this WebTerminal, it is possible to modify any file configuration, just like the PuTTY terminal. The user is using VIM command to edit the content of the start_webapp.sh script.

Whenever a user interacts with the system, that session is automatically recorded in the MCS's Audit Trail System. To review the recorded session, an authorized admin user must be logged into the MCS and navigate to the Audit Trail System. Additionally, the system can save the session's history log and allow the playback of the recorded session.

Reflecting on the Journey

As I reflect on my master's degree program and the development of my capstone project, I've been able to apply theoretical knowledge to practical problems and develop innovative solutions that address real-world security vulnerabilities.

By implementing a centralized MCS and integrating a secure WebTerminal, I was able to create a solution that not only enhanced security but also improved usability. The implementation of the Audit Trail System has enhanced our security measures by ensuring that all user activities are logged and can be reviewed by authorized personnel. This automation process was a crucial part of the project, as it provided detailed records of user actions, increasing accountability and simplifying the investigation of any potential issues.

I'd also like to express my gratitude to the open-source community. These are the tools I used in my project: 

• leffss/devops
• Jimmy/Webterminal
• Asciinema
• Django Framework

You can check out a partial publication of my capstone project work here: Design and implementation for monitoring and control system in data center operations. It only includes the Abstract/Summary because the rest of the work is confidential. I'm sharing this to give you a glimpse of my experience.

Animo La Salle!