Alternatives to Proprietary Digital Forensics for SMEs

Alternatives to Proprietary Digital Forensics for SMEsRealistic alternative to expensiveProprietary Digital Forensicsand auspices products for SMEs.Alan David BlaisAbstractOrganisations have modernly positive an awargonness rough the necessity of having their systems secure and protected from external as tumefy as internal threats. This sudden aw atomic number 18ness is believed to be due to recent major events closely breaches and tribute issues faced by many establishments. The consequences of these breaches and tribute issues had so many negative impacts that it has created a real aw arness. Although the UK is among the leading countries in this find Europe, it still has a long way to go, according to training director for the Sans Securing The Human Program, Lance Spitzner. (Cyber surety Awareness SANS 2015)Many organisations have already invested very wide amount of money into making their systems securer while some other are still thinking whether investing money i n tribute has a drive out on investment (ROI) or non. On the other hand, for sm tout ensemble and medium enterprises (SME), it is an entirely different story, with the world financial crisis, it is already particularly difficult for SME to survive, and around of them are struggling to keep their companies running and many of them cannot afford the cost for improving the pledge of their system as it should be.Most of them, try to go for short fix like cheap firewall and anti-virus, free patches and updates despite knowing that having a single/some layer/s of security is not enough. Some of the SMEs overly uses free available tools and applications but most of these tools are specialised in only one shot of security, thus several(prenominal) different applications are unavoidable to provide better security. It is difficult to struggle several different tools and applications at the same time. This foresees aims at finding a solution to solve the above mentioned problem by designing a software package/platform for managing different tools and applications remotely using the designed software/platform.1. Background 2 Pages1.1 IntroductionAccording to a reinvigorated study on the primary(prenominal) causes of European privacy, breaches come from organisations own errors, insider abuse and other internal mis guidance issues. The director of the study, P. Howard believe that only 41% of the incidents reported are external attacks by hackers and that 57% of the incidents which were caused by administrative error, exposed online, insiders or caused by missing hardware configuration. (Most European Breaches Caused by organizational Error, Insider Attacks 2015)Based on the above study findings, we can therefore assume that having proper internal security mechanism within an organisation can importantly reduce the number of incidents. Despite knowing that, some organisations are still not improving their security as it should be. The main reason is the c ost associated to security some people at management level still think that investing on security has no direct impact on the main objective of business which is to contribute profit.It is true that many organisations awareness about security have recently changed due to the consequences of breaches on other organisations but Cyber Security awareness is still in its infancy in most organisations and not all organisations can afford the cost associated to security, Small and medium enterprises are broadly speaking not able to afford it.Moreover, much of the software available on the market focus on one particular aspect of security or else than having a single platform that caters for different aspect of security at an inexpensive price for SMEs. It seems that a growing trend is growing within SMEs, which is the use of open source software (An rating of open source software ad pickaxe by UK SMEs in the IT industry.) such(prenominal) as Volatility. but even that, it is not an ef ficient way to manage several applications all at the same time. A possible solution would be to use an application as a platform for using other open source software with the capability of managing all these remotely.This look is about designing that platform to provide incident response, digital forensics, host and meshwork security as well as malware analysis capability. The platform will provide all the above mentioned capability remotely and having a server- lymph node architecture.1.2 Relevant past and current workAlien Vault has a software which provides a platform to manage different aspect of security all on one platform called Unified Security Management (USM). The software is a commercial one and provides the management of tools which themselves are commercial software whereas this project aims at using available free software and in-house built features to provide a platform for managing different aspects of security at an affordable price.Below is the management featu res available in Alien Vault USM and other traditional SIEM.As we can see from both screen capture, many traditional SIEM require tertiary party product to provide some features. Below are the security features provided by alien vault.The USM provides a single platform for managing and monitoring different aspect of security.2. Project Description 1 Page2.1 Project OverviewThis project aims at designing a platform for managing open source and free applications/tools as well as providing in-house built features. The platform will be dealing with different aspect of security such as incident response, digital forensics, host and communicate security and malware analysis.The digital forensics capability will be the central part of the project from which incident response and malware analysis will be derived from. The host and network security will be on top of the base structure which comprises the three other aspects.The digital forensics and malware analysis can be split still at a high level view as we can see from the diagram to the left side. Live and static forensics for digital forensics on the other hand Static and dynamic analysis for malware analysis.2.2 Importance of this projectSecurity should be the concern of everybody, SMEs should be given alternative option to expensive security products to enable them to provide more secure services to lymph glands, which in-directly or directly can affects anybody. This project aims at providing a cost effective solution by providing a platform to manage open source tools and application. The main assumption will be, despite knowing that free applications and tools have limitations, it is a better option than having no security at all or limited one due to having a limited budget for security.2.3 Aims and ObjectivesIt is important in a project to properly design the aims and objectives since it allows the setting up of the directionthe direction in which the project must go through. Objectives allow us to m easure and assess the outcome of the project. disport refer to Appendix A for the aims and objectives.3. Programme and ruleology 3 Pages3.1 Spiral MethodologyThe reel methodology seems to be the best option to suit the project. The spiral methodology as compared to waterfall methodology has the advantage of demonstrating that development projects work best when they are both incremental and iterative, where the development is able to start splendid and benefit from enlightened trial and error along the way.The spiral methodology reflects the relationship of tasks with rapid prototyping, increased parallelism, and concurrency in designing and building activities. The spiral method should still be planned methodically, with tasks and deliverables identified for each step in the spiral.Throughout the entire project we are going to use the spiral methodology for the design and development of the software/platform. The next part of this section will be the planning of tasks and del iverables as well as expected Milestone.Why do you think the spiral best suits your project? Not the other methodology give concrete examples.3.2 Project Management3.2.1 Budget Planning3.2.1.1 MilestoneThe bow below is just an estimation of how much time each task will take and gives us enough information to plan the project in a more realistic way. Generally tasks will be performed in parallel rather than in a linear way which has its advantages and disadvantage such as time saving and whereby some tasks must be completed prior to some other tasks.3.2.1.2 Gantt Chart transport find below a Gantt chart representing the planned tasks over the budget allocated to us.3.3 Project ApproachThe first part of the project will focus on the literature review where we are going to analyse tools, applications and process/features which are relevant to the project.The next part, we will be talking about why the features/applications/tools might be important for SMEs and their security from a t echnical and non-technical perspective.The third step will be to developed the features and integrate the tools/applications within the designed platform.The final step will be the examination and documenting of the results obtained and makes sure that the aims and objectives are satisfied.4. Ethical and Legal Consideration 1 pageBefore starting a project, it is crucial to properly understand the internal policies of the organisation you are developing something for and any local laws that might apply to the project.Some features of the project might invade the privacy of the substance abusers which in our case will be employees. It is a good practise to have policies about the possibility of companys resources being monitored and might be investigated without prior notice or user permission but this might not be enough in a trial.One alternative would be to make sure the company where we are going to implement this project displays a well-defined warning banner. Without a banner, the right to investigate or monitor a system used by employees might conflict with users expectation of privacy.The EU and its member nations which include UK impose a strict fine for information that crosses national boundaries without the souls consent.4.1 Law in UKAccording to the UK Governments website (https//www.gov.uk/ information-protection-your-business/monitoring-staff-at-work), it is possible for employer to monitor employees at workplace if the below conditions are metBe clear about the reasons for monitoring staff and the benefits that this will bring.Identify any negative effects the monitoring may have on staff. This is called an impact assessment.Consider whether there are any, less intrusive, alternatives to monitoring.Work out whether the monitoring is justified, taking into account all of the above.Monitoring employees activities on a computer system is cover by the data protection act. Data protection law doesnt bar monitoring in the workplace. However, it does set down rules about the circumstances and the way in which monitoring should be carried out. Based on UK law, it is also for employers to monitor their employees without their consent for specific reasons. (Please refer to Appendix B for the reasons)4.2 EthicsThe question about whether it is ethical to monitor or investigate on employees can be debate on different point of view which can include the privacy of users, the need to protect thickenings data, to provide reliable and trustful services to client by minimising the risks of external as well as internal threats such as insiders.But at the end of the day, the majority always win over the minority, what would be more ethical? Monitoring hundreds of employees or having more than one million clients credit card details unprotected from insiders?5. squeeze 0.5 0.75 page5.1 National ImportanceServices provided by SMEs such as data storage, clients data management, POS information management, companies secret industrial proces s and many others will be more secure since the SMEs will improve on their security using a cost saving solution and providing several layers of security.Risks associated to insiders will be minimised.5.2 Commercial ImpactThe platform could be sold at an affordable price or via a donation mechanism. The money can then be used for developing new features, improves existing features and provide upgrades.5.3 Academic ImpactThis project can provide a platform for further research opportunity such asResearch can be done about why despite knowing that security is crucial still SMEs are not improving their security? Cost associated with security products?The assessment of the impacts on security in general if security products were cheaper and easily available for on SMEs.Does security improved if managed and monitored using a single platform rather than using several different security products (Efficiency and conflict arise when using several security products).ReferencesCyber security a wareness still in its infancy, says Sans Institute. 2015.Cyber security awareness still in its infancy, says Sans Institute. ONLINE getable athttp//www.computerweekly.com/news/2240234932/Cyber-security-awareness-still-in-its-infancy-says-SANS-Institute. Accessed 18 May 2015.Information Security Awareness Training Cybersecurity Awareness SANS. 2015.Information Security Awareness Training Cybersecurity Awareness SANS. ONLINE uncommitted athttp//www.securingthehuman.org/. Accessed 18 May 2015.Study Finds Most European Breaches Caused by Organizational Error, Insider Attacks The State of Security. 2015.Study Finds Most European Breaches Caused by Organizational Error, Insider Attacks The State of Security. ONLINE for sale athttp//www.tripwire.com/state-of-security/latest-security-news/study-finds-most-european-breaches-caused-by-organizational-error-insider-attacks/. Accessed 18 May 2015.Brunel University Research Archive An evaluation of open source software adoption by UK SME s in the IT industry. 2015.Brunel University Research Archive An evaluation of open source software adoption by UK SMEs in the IT industry. ONLINE Available athttp//bura.brunel.ac.uk/handle/2438/4509. Accessed 18 May 2015.Brian Buffett, UNESCO Institute for Statistics (2014)Factors influencing open source software adoption in public sector national and international statistical organisations, ONLINE Available at http//www.unece.org/fileadmin/DAM/stats/documents/ece/ces/ge.50/2014/Topic_1_UNESCO.pdf Accessed 18 May 2015.SMEs help Governments make huge IT savings. PretaGov. 2015.SMEs help Governments make huge IT savings. PretaGov. ONLINE Available athttps//www.pretagov.co.uk/news/sme2019s-help-governments-make-huge-it-savings. Accessed 18 May 2015.How SMEs can drive growth through new technologies. 2015.How SMEs can drive growth through new technologies. ONLINE Available athttp//yourbetterbusiness.co.uk/how-smes-can-drive-growth-through-new-technologies/. Accessed 18 May 2015.Unifi ed Security Management (USM) Platform. 2015.Unified Security Management (USM) Platform. ONLINE Available at https//www.alienvault.com/products. Accessed 19 May 2015.James R. Chapman 1997, Software Development Methodology, Project Management Training. ONLINE Availablehttp//www.hyperthot.com/pm_sdm.htm Accessed 19 May 2015NELSON, B., PHILLIPS, A. ET STEUART, C , 2010. Guide to Computer Forensics and Investigations. fourth Edition. Course TechnologyData protection and your business GOV.UK. 2015.Data protection and your business GOV.UK. ONLINE Available athttps//www.gov.uk/data-protection-your-business/monitoring-staff-at-work. Accessed 20 May 2015.Monitoring at work Citizens Advice . 2015.Monitoring at work Citizens Advice. ONLINE Available athttps//www.citizensadvice.org.uk/work/rights-at-work/monitoring-at-work/. Accessed 21 May 2015.Appendix AA1 Aims of the projectPlease find below the aims of the projectProvide a cost effective IT Security solution.Provide security in its di fferent aspects all under one platform.Provide remote management capability.A2 Objectives of the projectPlease find below the objectives of the projectSecure communication between server and clients.Ability to monitor and detect suspected behaviour/activities.Ability to remotely manage clients from server (Platform).Ability to capture relevant information from clients to server for investigation.Ability to provide Confidentiality and integrity on clients.More detailed and technical objectives are to be derived at a later stage of the project, which will in-turn be translated into features that will be provided by the platform.Appendix BB1 Reasons for monitoring employeesTo establish facts which are relevant to the business, to check that procedures are being followed, or to check standards, for example, listening in to phone-calls to assess the quality of your workTo prevent or detect crime.To check for unauthorized use of telecommunications systems, such as whether you are usin g the internet or email for personal use.To make sure electronic systems are operating effectively, for example, to prevent computer viruses entering the system.To check whether a communication you have received, such as an email or phone-call is relevant to the business. In this case, your employer can open up your emails or listen to voice-mails but is not allowed to record your calls.To check calls to confidential help lines. In this case, your employer can listen in, but is not allowed to record these calls in the interests of national security.