Crypto Security Architecture Exercise
You work for the Apex Trucking Company. This is a firm that moves materials for clients all over North America and Europe. The leadership of the company has no real knowledge of technology, but wants to use encryption to protect the information the company has. The information to be protected consists of future marketing plans for the company, financial data, employee records, customer records, and customer shipping date.
The company wants the capability to securely allow customers to track their orders in real time from their origin to their destination on-line over the Internet. The information that is to be supplied to customers is tracking number, location of shipment, size of shipment, value of shipment, and estimated time of arrival as well as the customer contact information for this shipment.
While this information can be made available from a central server, the marketing groups in Europe, Mexico and Canada need management access to the data to enter new shipments and change orders before they ship.
The company currently is using desktops running Windows XP and Windows based servers. There are only passwords used for security, and a firewall, but no encryption to protect the information.
The project is to provide the above capability securely using encryption, as well as providing additional security to the company via encryption. You will need to address new technology, the reasons and costs behind your choices, and what policy and legal implications there are to your encryption solution
There is at least one marketing group in Mexico, Germany, and Canada, as well as three in the US. The company is based in New York. It is important that customers can rely on the shipping data being accurate, and from the company.
You’re assigned this crypto architecture project.
The current configuration has one server acting as a firewall and web server. This server is directly attached to the Internet.
There is a database server behind the firewall, as well as a separate server for HR and marketing. The marketing server needs to be securely accessed by the marketing teams. They also need to access the database server through an Internet connection to manage data and display reports.
All databases use MySQL and are currently not secured.
Your tasking is crypto architecture. The normal replacement of computers is done on a rotating schedule. It is outside the scope of your project to plan for the replacement of computers. Your architecture should work with the computers you have. You may consider the replacement of equipment if an upgrade or new equipment would be critical to the crypto architecture.
You have been specifically tasked to do the following things and develop a complete and sound crypto architecture. Remember, the president is very knowledgeable about cryptography and wants lots of details about how you are going to implement the encryption.
- Describe in detail what new cryptographic systems you are going to propose, how they work, and how they will enhance security. Be specific about these systems weaknesses and how you plan to compensate for the weaknesses.
- Describe and explain the impact the new cryptographic security architecture will have on the current security features and how this impact will be mitigated.
- What new issues will arise as a result of implementing the new cryptographic solutions and what are the arguments on either side of these issues?
- Show a clear and detailed understanding of the existing encryption being used such as passwords, and operating encryption features not being used and whether you plan to use these or not, and if not why not.
- How well will all these new cryptographic features work together? Identify any areas of concern, and how you propose to resolve conflicts and issues.
- What if any current security features can be eliminated cost effectively by the new crypto architecture?