Web-based Security Hardening

A web-based document platform for managing and distributing security documents and hardening information dynamically.

Problem Statement
 Hardening/Security information is available, but spread out and not centralized Pre-requisite information is often not included in a hardening guide, leaving the reader to wonder “Why am I doing this?” Trying to find prerequisite information can lead the seeker on a “Six degrees of Kevin Bacon” Wikipedia goose chase 

Design Goals
 To build a web-based application that allows the addition of new content and dynamically generated hardening guides with pre-requisite information included To provide a source of hardening information for any platform, provided the content has been added to the database Make content easy to understand for a non-technical user, in a format that is easy to follow 

Project Deliverables
 Github repository of the completed project, containing the source code and project documentation </ul>

Github Repository
Source code and team documents are available on the project Github

Project is designed to be self-contained: anyone can easily create their own instance of the system by simply cloning the Github repository and running Vagrant Up.

Development Tools

 * Vagrant
 * VirtualBox
 * Puppet
 * Git

Operating System: CentOS
Our requirements for the server's operating system (OS):
 * Stable, high reliability and uptime so users can access guides at any time
 * Secure, malicious attacks could be catastrophic, and could result in downtime or compromised guide integrity
 * Free, we don't have a budget to pay for expensive software
 * Customizable, so it can suit our precise needs and allow for easy development

Based on these requirements, we selected the Linux-based distribution CentOS 7, for the following reasons:
 * Strong record of being stable and reliable, currently in use at many major enterprises and organizations
 * Good security, receives regular updates from RedHat, inherent Linux security
 * Open-source and free, same software as RHEL (RedHat Enterprise Linux) without RedHat's proprietary components
 * Inherent Linux customizability and flexibility

Languages

 * Ruby
 * CSS
 * HTML
 * Bash

Database: Neo4j
Our requirements for the backend database
 * Fast queries, since the primary use case is reading a guide
 * Scalability, to prevent future growing pains when the total guide body gets massive

We elected to use a graph database for the backend, instead of the traditional relational database, for the following reasons
 * They are faster than relational databases in data lookup functions, especially with larger tables and datasets
 * They are more scaleable than relational databases
 * The downside, slower data additions, is negligible as guide additions make up a insignificant portion of overall site activity

We evaluated numerous graph databases, including Neo4j, GraphDB, Apache Giraph, and HyperGraphDB.

We chose Neo4j for the following reasons
 * The free version has the most functionality compared to the other systems’ free versions
 * It runs on-disk, so is reliable in case of power failure
 * It is well-documented
 * It is the most popular graph database, with a large developer community and many tutorials available
 * It's query language syntax is similar to SQL, which is familiar to our developers, and easy for future developers working on the project to learn

Below is an example of a guide definition in Cypher Query Language (The language used by Neo4j) CREATE (resource:Resource {title:"More info", url:"http://microsoft.com"} ), (quiz:Quiz {title:"How to configure basic settings"} ), (media:Media {title:"Basic settings", type:"video"}), (guidebody:Guidebody {title:"Configuring basic settings", body:"Four score, and seven years ago, ..."} ), (body:Body {title:"Body"}), (atom:Atom {title:"Atom"}), (definition:Definition {title:"Windows Definition"}), (task:Task {title:"Reducing vulnerabilities in Windows"}), (content:Content {title:"Hardening Windows"}), (guide:Guide {title:"Windows"}), (guide)-[a:hasContains]->(content), (content)-[b:hasTask]->(task), (content)-[c:hasDef]->(definition), (guide)-[d:hasAtom]->(atom), (atom)-[e:hasBody]->(body), (body)-[f:hasGuideBody]->(guidebody), (atom)-[g:hasQuiz]->(quiz), (atom)-[h:hasMedia]->(media), (atom)-[i:hasResource]->(resource)

Team Alice




Casey Blair
Computer Science

Boise, Idaho

Casey Blair is a senior at the University of Idaho where he is studying Computer Science. He specializes in databases and artificial intelligence.

[mailto:blai1919@vandals.uidaho.edu blai1919@vandals.uidaho.edu]



Keith Drew
Computer Science

Olympia, Washington

Keith is a senior undergraduate student in Computer Science at the University of Idaho. He is also a NSF Scholarship for Service (SFS) CyberCorps Student. He is interested cyber security, specifically secure programming.

[mailto:keithd@vandals.uidaho.edu keithd@vandals.uidaho.edu]



Christopher Goes
Computer Science

Boise, Idaho

Senior undergrad at UI, focusing in Cybersecurity as part of the NSF Scholarship for Service (SFS) CyberCorps program. Interested in virtualization, education, and everything networking.

[mailto:goes8945@vandals.uidaho.edu goes8945@vandals.uidaho.edu]



Antonius Stalick
Computer Science

Washington

[mailto:stal6565@vandals.uidaho.edu stal6565@vandals.uidaho.edu]

Links and References

 * Project Github
 * Khan Academy