Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Investing

08 Hardware Recommendations for establishing a National CIRT in <COUNTRY> Fall

advertisement 
Hardware Recommendations for establishing a
National CIRT in <COUNTRY>
Confidentiality
This document contains proprietary information that is confidential to ITU IMPACT. Disclosure of this document, in full, or in part.
Written permission must be obtained from ITU IMPACT prior to the disclosure of this document to any third party.
Copyright and Disclaimer
This document contains highly confidential and proprietary information of ITU IMPACT. No part of this document may be
reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the expressed written
permission of IMPACT..
Confidential
Computer Incident Response Team (CIRT)
Proposed Network and Hardware Specification For <COUNTRY> CIRT
Document No:
CIRT/<COUNTRY> /001
Page 2 of 10
TABLE OF CONTENTS
1
2
INTRODUCTION .................................................................................................................. 3
TECHNICAL ARCHITECTURE ........................................................................................... 3
2.1 Basic Design .............................................................................................................. 3
2.2 Expansion Design ..................................................................................................... 4
2.3 HA Design .................................................................................................................. 5
3
HARDWARE INVESTMENT ................................................................................................ 6
3.1 Basic Design .............................................................................................................. 6
3.2 Expansion Design ..................................................................................................... 6
3.2.1 Assumptions ........................................................................................................ 7
3.3 HA Design .................................................................................................................. 8
3.3.1 Assumptions ........................................................................................................ 9
4
DISASTER RECOVERY (DR) REQUIREMENTS ...............................................................10
Confidential
Document No:
CIRT/<COUNTRY> /001
Computer Incident Response Team (CIRT)
Proposed Network and Hardware Specification For <COUNTRY> CIRT
1
Page 3 of 10
INTRODUCTION
The following sections in this document detail out the Network and Server Hardware
recommendations. They are categorized in three designs as detailed below;
a. Basic Design – comprises of the bare minimum requirements for setting up and
operating a National CIRT
b. Expansion Design – comprises of a recommended requirement for setting up and
operating a National CIRT
c. HA (High Availability) Design – comprises of a fail over modal to maintain a high
availability and operation of the National CIRT
2
TECHNICAL ARCHITECTURE
The three proposed network designs are depicted in this section as below;
2.1 Basic Design
Confidential
Computer Incident Response Team (CIRT)
Proposed Network and Hardware Specification For <COUNTRY> CIRT
2.2 Expansion Design
Confidential
Document No:
CIRT/<COUNTRY> /001
Page 4 of 10
Computer Incident Response Team (CIRT)
Proposed Network and Hardware Specification For <COUNTRY> CIRT
2.3 High Availability Design
Confidential
Document No:
CIRT/<COUNTRY> /001
Page 5 of 10
Computer Incident Response Team (CIRT)
Proposed Network and Hardware Specification For <COUNTRY> CIRT
3
Document No:
CIRT/<COUNTRY> /001
Page 6 of 10
HARDWARE INVESTMENT
3.1 Basic Design
Hardware
Services
Number of Units
Router
Connection to ISP
1 unit
Firewall
DMZ & LAN Firewall
2 units
Switch
DMZ & LAN Layer 2 Switch
2 units
Server 1
CIRT Portal (Web) Server
1 unit
Server 2
Database Server
1 unit
Server 3
Incident Management
System Server
1 unit
Laptop
Incident Management
Activities
3 units *
Desktop
Normal Office Activities
3 units *
Printer
Networked Laser Printer
1 unit *
* The numbers may vary depending on team size.
3.2 Expansion Design
Hardware
Services
Number of Units
Router
Connection to ISP
1 unit
Honeypot Server
Honeypot Services
1 unit
Firewall
DMZ & LAN Firewall
2 units
Switch
DMZ & LAN Layer 2 Switch
2 units
Server 1
Server 2
Server 3
Server 4
Server 5
Confidential
CIRT Portal (Web) Server
- Ticketing System
Mail Server
- POP, SMTP
FTP Server
- File Transfer
Database Server
- MySQL
File Server
1 unit
1 unit
1 unit
1 unit
1 unit
Computer Incident Response Team (CIRT)
Proposed Network and Hardware Specification For <COUNTRY> CIRT
Server 6
Backup Server
1 unit
Server 7
Active Directory Server
1 unit
Server 8
Proxy Server
1 unit
Server 9 (Optional)
Development Server
1 unit
Server 10 (Optional)
Testing Server
1 unit
Storage
Network-attached Storage
(NAS)
Desktop
RAID Array
Configuration
- Incident Management
Activities
- Analysis and
Forensics
Normal Office Activities
Printer
Networked Laser Printer
Laptop
-
Document No:
CIRT/<COUNTRY> /001
Page 7 of 10
1 unit
3 units*
3 units*
2 units*
* The numbers may vary depending on team size.
3.2.1 Assumptions
Server 7 and Server 8 (Active Directory Server and Proxy Server) are included in this
diagram with the assumption that the said servers are not present in the existing office
network. If the servers are already present, then these 2 servers can be omitted from
the list above.
Server 9 and Server 10 (Development Server and Testing Server) are mainly for the
further development and testing of the CIRT application. These are optional
components that will give added value to the development of services offered by the
upcoming CIRT but are not key to the deployment of a CIRT. Nevertheless, these
optional components will contribute in later phases of a CIRT.
It is also assumed that the backup server will consist of an array of Tape Storage that
will follow an agreed procedure and allow for full backup and restore. The procedure
will also contain processes for storing tape backup in different locations to allow for
Disaster Recovery. A Disaster Recovery Proposed Network Diagram is shown in Section
4 below.
Confidential
Computer Incident Response Team (CIRT)
Proposed Network and Hardware Specification For <COUNTRY> CIRT
Document No:
CIRT/<COUNTRY> /001
Page 8 of 10
3.3 HA Design
Hardware
Services
Number of Units
Router
Connection to ISP
2 units
Honeypot Server
Honeypot Services
2 unit
Load Balancer
Distribute Network Workload
2 units
Firewall
DMZ & LAN Firewall
4 units
Switch
DMZ & LAN Layer 2 Switch
4 units
Server 1
Server 2
Server 3
Server 4
CIRT Portal (Web) Server
- Ticketing System
Mail Server
- POP, SMTP
FTP Server
- File Transfer
Database Server
2 unit
2 unit
1 unit
2 unit
Server 5
- MySQL
- Mirrored
File Server
Server 6
Backup Server
1 unit
Server 7
Active Directory Server
1 unit
Server 8
Proxy Server
1 unit
Server 9 (Optional)
Development Server
1 unit
Server 10 (Optional)
Testing Server
1 unit
Storage
Network-attached Storage
(NAS)
Desktop
RAID Array
Configuration
- Incident Management
Activities
- Analysis and
Forensics
Normal Office Activities
Printer
Networked Laser Printer
Laptop
-
* The numbers may vary depending on team size.
Confidential
1 unit
1 unit
3 units *
3 units*
2 units*
Computer Incident Response Team (CIRT)
Proposed Network and Hardware Specification For <COUNTRY> CIRT
Document No:
CIRT/<COUNTRY> /001
Page 9 of 10
3.3.1 Assumptions
Server 7 and Server 8 (Active Directory Server and Proxy Server) are included
in this diagram with the assumption that the said servers are not present in the
existing office network. If the servers are already present, then these 2 servers
can be omitted from the list above.
Server 9 and Server 10 (Development Server and Testing Server) are mainly for
the further development and testing of the CIRT application. These are optional
components that will give value to the upcoming CIRT but are not key to the
development of a CIRT. Nevertheless, these optional components will contribute
in later phases of a CIRT.
It is also assumed that the backup server will consist of an array of Tape
Storage that will follow an agreed procedure and allow for full backup and
restore. The procedure will also contain processes for storing tape backup in
different locations to allow for Disaster Recovery. A Disaster Recovery Proposed
Network Diagram is shown in Section 4 below.
Confidential
Computer Incident Response Team (CIRT)
Proposed Network and Hardware Specification For <COUNTRY> CIRT
4
Document No:
CIRT/<COUNTRY> /001
Page 10 of 10
DISASTER RECOVERY (DR) REQUIREMENTS
In case of a failure, a disaster recovery (DR) network design has been incorporated as per the
diagram below. The primary site would be the main site for running the CIRT operations
while the backup site will only become active once an emergency state is declared. The DR
will be a warm sites type where it will have hardware and connectivity already established,
though on a smaller scale than the original production site. The warm site will have backups
(tape backup) on hand, but they may not be completely updated to the DR infrastructure
and may be behind by several days or a week. Manual processes for transferring the tape
backups to the site will have t be incorporated to ensure that the site can be up and running
in a matter of few hours. Warm Site solutions provide near-time recovery of infrastructure,
data and applications through a redundant configuration. This solution is suitable for
operations that can tolerate several hours of downtime while systems are updated.
Confidential
Related documents
Student Assistance Services
Student Assistance Services
ToR BtCIRT - Department of Information Technology
ToR BtCIRT - Department of Information Technology
Code White - Center for Patient Safety
Code White - Center for Patient Safety
FIRST MEMBERSHIP INFORMATION ? WHY SHOULD YOU JOIN FIRST
FIRST MEMBERSHIP INFORMATION ? WHY SHOULD YOU JOIN FIRST
the 80/20 rule for security
the 80/20 rule for security
CISSP网络通信安全
CISSP网络通信安全
Minutes
Minutes
Download
advertisement