Crypto Security Architecture Exercise
Scenario
You work for the Apex Trucking Company. This is a firm that moves materials for clients all over North America and Europe. The company’s leadership has no real knowledge of technology but wants to use encryption to protect the information the company has. The data to be safeguarded consists of future marketing plans for the company, financial data, employee records, customer records, and customer shipment date.
The company wants the capability to securely allow customers to track their orders in real-time from their origin to their destination online. The information that is to be supplied to customers is tracking number, shipment location, size of purchase, the value of delivery, estimated time of arrival, and customer contact information for this shipment.
While this information can be made available from a central server, the marketing groups in Europe, Mexico, and Canada need management access to the data to enter new shipments and change orders before they ship.
The company currently is using desktops running Windows XP and Windows-based servers. There are only passwords used for security and a firewall, but no encryption to protect the information.
The project is to provide the above capability securely using encryption and provide additional security to the company via encryption. You will need to address new technology, the reasons and costs behind your choices, and what policy and legal implications there are to your encryption solution.
There is at least one marketing group in Mexico, Germany, and Canada, as well as three in the US. The company is based in New York. It is essential that customers can rely on the shipping data being accurate, and from the company.
You’re assigned this crypto architecture project.
Configuration
The current configuration has one server acting as a firewall and web server. This server is directly attached to the Internet.
There is a database server behind the firewall, as well as a separate server for HR and marketing. The marketing server needs to be securely accessed by the marketing teams. They also need to access the database server through an Internet connection to manage data and display reports.
All databases use MySQL and are currently not secured.
Constraints
Your tasking is crypto architecture. The regular replacement of computers is done on a rotating schedule. It is outside the scope of your project to plan for the replacement of machines. Your architecture should work with the computers you have. You may consider the alternative of equipment if an upgrade or new material would be critical to the crypto architecture.
Specific Tasking
You have been specifically tasked to do the following things and develop a complete and sound crypto architecture. Remember, the president is very knowledgeable about cryptography and wants lots of details about how you will implement it.
- Describe in detail what new cryptographic systems you are going to propose, how they work, and how they will enhance security. Be specific about these system’s weaknesses and how you plan to compensate for the shortcomings.
- Describe and explain how the new cryptographic security architecture will have on the current security features and how this impact will be mitigated.
- What new issues will arise as a result of implementing the new cryptographic solutions, and what are the arguments on either side of these issues?
- Show a clear and detailed understanding of the existing encryption being used, such as passwords and operating encryption features not being used and whether you plan to use these or not, and if not, why not.
- How well will all these new cryptographic features work together? Identify any areas of concern and how you propose to resolve conflicts and issues.
- What if any modern security features can be eliminated cost-effectively by the new crypto architecture?
Have fun!