Asee peer logo

Implementing a Demilitarized Zone Using Holistic Open Source Solution

Download Paper |

Conference

2019 ASEE Annual Conference & Exposition

Location

Tampa, Florida

Publication Date

June 15, 2019

Start Date

June 15, 2019

End Date

June 19, 2019

Conference Session

Computing Research I

Tagged Division

Computing and Information Technology

Tagged Topic

Diversity

Page Count

11

DOI

10.18260/1-2--32940

Permanent URL

https://peer.asee.org/32940

Download Count

1587

Paper Authors

biography

Chafic Bousaba Guilford College

visit author page

* Joined Guilford College in January 2008
* Serves as Assistant Professor in the Computing Technology and information Systems.
* Cybersecurity major coordinator

visit author page

Download Paper |

Abstract

Cybersecurity continues to be a growing priority for organizations of all sizes, sectors, and industries. The threat landscape continues to rapidly evolve producing disastrous cyber attacks that are crippling their targets and debilitating the economy. These attacks continue to increase in frequency, scale, sophistication, and severity of impact. New attack tools and vectors are persistently emerging and new exploit techniques are constantly gaining widespread adoption. Small businesses continue to experience lack of adequate solutions and resources to defend against and repel these attacks. We present a holistic open source software and hardware solution, that implements securing the network architecture by using the “defense-in-depth” approach that ensures the elimination of single or dual point of potential vulnerability within a network. The Protectli FW108120 firewall, referred to as “The Vault” is used as first line of defense. It is a low power, fanless, durable, customizable small form factor PC. It utilizes a Celeron J1900 processor, 8 GB of DDR3 memory, a 120 GB mSATA SSD, and 4 Gigabit Ethernet ports. The community version of pfSense firewall will be utilized to run on the firewall. pfSense is a free and open source firewall and router, based on FreeBSD, that also features unified threat management (UTM), load balancing, and multi zone setup. pfSense implements, maintains, and polices our multi-zone topology, which is formed of a DeMilitarized Zone (DMZ), a trusted zone, and an untrusted zone. The DMZ achieves defense in depth by adding an extra layer of security beyond that of a single perimeter, separating an external network from directly referencing an internal network, and isolating a particular machine within a network. Thought the DMZ concept is not new, implementing it using stacked single-board computers, offers an affordable and flexible, yet secure, network architecture specifically for startups, small businesses, an expansion office, or even home office. The selected single board computers are a combination of third generation Raspberry Pis and Rock64s. These boards provide a remarkable computational power, low energy consumption, light weight, a compact size secure solution, and resourceful community support. These boards will form the DMZ network servers and host services such as a Network Intrusion Detection System (NIDS) using Snort, a selection of honeypots for Secure Shell (SSH), web applications, packet sniffing, private web browsing capabilities via TOR (The Onion Router), LAMP (Linux, Apache, MySQL, PHP or Python or Perl) server, Virtual Private Network (VPN) server, and protected browsing via proxy service. The main goal of this educational project is to leverage the total holistic integration of open source hardware and software to provide an affordable and portable solution that could be promptly deployed in case of an emergency, as a part of an incident response plan (IRP), or in case it is needed for testing purposes. Implementing this project provides valuable hands-on security experience and best practices in network architecture and configuration. Additional security features, both in hardware and software, were added to the single-board computers to add additional hardened security layers.

Bousaba, C. (2019, June), Implementing a Demilitarized Zone Using Holistic Open Source Solution Paper presented at 2019 ASEE Annual Conference & Exposition , Tampa, Florida. 10.18260/1-2--32940

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2019 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015