Web-based Security Hardening

A web-based document platform for managing and distributing security documents and hardening information dynamically.

Problem Statement
 Hardening/Security information is available, but spread out and not centralized Pre-requisite information is often not included in a hardening guide, leaving the reader to wonder “Why am I doing this?” Trying to find prerequisite information can lead the seeker on a “Six degrees of Kevin Bacon” Wikipedia goose chase 

Design Goals
 To build a web-based application that allows the addition of new content and dynamically generated hardening guides with pre-requisite information included To provide a source of hardening information for any platform, provided the content has been added to the database Make content easy to understand for a non-technical user, in a format that is easy to follow 

Implementation
Details and code can be found at the project Github

Backend Database: Neo4j
Our requirements for the backend database We elected to use a graph database for the backend, instead of the traditional relational database, for the following reasons
 * Fast queries, since the primary use case is reading a guide
 * Scalability, to prevent future growing pains when the total guide body gets massive
 * They are faster than relational databases in data lookup functions, especially with larger tables and datasets
 * They are more scaleable than relational databases
 * The downside, slower data additions, is negligible as guide additions make up a insignificant portion of overall site activity

We evaluated numerous graph databases, including Neo4j, GraphDB, Apache Giraph, and HyperGraphDB.

We chose Neo4j for the following reasons
 * The free version has the most functionality compared to the other systems’ free versions.
 * It runs on-disk, so is reliable in case of power failure
 * There is good documentation
 * It is the most popular graph database, with a large developer community and many tutorials available
 * It's query language is similar to SQL, which is familiar to our developers and easy for future developers to learn

Team Alice




Casey Blair
Computer Science Student

Boise, Idaho

Casey Blair is a senior at the University of Idaho where he is studying Computer Science. He specializes in databases and artificial intelligence.

[mailto:blai1919@vandals.uidaho.edu blai1919@vandals.uidaho.edu]



Keith Drew
Computer Science Student

Olympia, Washington

Keith is a senior undergraduate student in Computer Science at the University of Idaho. He is also a NSF Scholarship for Service (SFS) CyberCorps Student. He is interested cyber security, specifically secure programming.

[mailto:keithd@vandals.uidaho.edu keithd@vandals.uidaho.edu]



Christopher Goes
Computer Science Student

Boise, Idaho

Senior undergrad at UI, focusing in Cybersecurity as part of the NSF Scholarship for Service (SFS) CyberCorps program. Interested in virtualization, education, and everything networking.

[mailto:goes8945@vandals.uidaho.edu goes8945@vandals.uidaho.edu]



Antonious Stalick
Computer Science Student

Washington

Things and stuff. This bio is totally a thing.

[mailto:stal6565@vandals.uidaho.edu stal6565@vandals.uidaho.edu]

Links and References

 * Project Github
 * Khan Academy