Saturday, December 1, 2012

Federated Network security Administration Portal

Bhadreshsinh Gohil

ME in Computer Engineering

ME Thesis

We have lots of web services provide to customer and this web services have also some website.
These are hosted not only in the DMZ in data center but also, for various reasons, on the LAN and mapped with external public IPs using various networking technologies like NAT. This has resulted in implementation of security devices and controls like firewalls etc. at multiple locations

The web hosting setup and associated network security and networking setup being vast and there being multiple stakeholders in the decision making process, releasing new websites/ web portals to the public internet becomes very intricate, cumbersome and error prone often leading to delays, unsatisfied expectations and ownership of responsibilities issues.

To resolve these issues it is proposed to build a framework which will streamline the process and also delegate most of the activities to several of designated stakeholders from each group. The framework will enable the users/groups to do most of the work related to public release of the websites/webportals and other network based services on their own with the intervention from the systems administrators or network security experts coming in only towards the final steps, if at all required. 

The framework will also support different roles.

The proposed framework will be web enabled and available to all groups. It will be built using  standard web development technologies like PHP, Java, Javascripts and use databases like mysql/postgresql in the backend. Apart from these the core networking technologies like firewall, router, bandwidth management and security/vulnerability assessment of web applications will be exploited to their maximum capabilities. The framework will require extensive scripting in either bash or python on linux platform to handle several of the backend tasks like implementing policy changes on the security device, enabling virtual hosting on apache server etc.The framework will use OpenAM based Single Sign-On or LDAP for user Authentication and authorization purpose.