[Pick the date]

DMD Advocates - Security

Audit

Solution Design

Grid Infocom | Proprietary and Confidential 1

 1.1 Executive Summary

DMD Advocates is located in Nizamuddin East, They are hosting their data on file server hosted in their
own environment, Else a Firm “Cyber space” is taking care of other infrastructure like Firewall, Mailing
Server, and Endpoint solutions. This report provides the system’s stakeholders with an assessment of the
adequacy of the management, operational, and technical controls used to protect the confidentiality,
integrity, and availability of the system and the data it stores, transmits or processes .

1.2 Current Scenario

a) Client is having all its important data in a file server, hosted in their own environment.
b) All data is commonly available to all users, users can have access to data of other users as
well,
c) Cyberoam endpoint solution is taking care of complete endpoint security, which is hosted
on remote side with cyber space.
d) Cyberoam client is installed on all desktops & laptops, which blocks access to USB devices
and installation of any other programs.
e) Email alerts are configured, for every attempt to connect of USB devices.
f) Client is having 42 total numbers of users, working with endpoint solution.
g) Some management users are having full access from endpoint security solution.
h) File server is having unrestricted access & allowed for pen drives,
i) “Watch Guard” firewall is being used for web filtering, port blocking & logging.
j) Only senior management people are having access to VPN access to file server from
outside, else are allowed to connect only within the office.
k) Currently users are allowed to send emails only in their own domain.
l) MacAfee mail security is being used to filter & block emails, hosted on remote side
m) Some management people are having full access to send & receive emails to anywhere
n) Logging of emails is done by MS exchange server, which only records sender & receiver
details.
o) Some users are enabled for archiving emails via mail security solution; their emails are
stored with attachments.
p) Mobile & PDA devices can access emails from anywhere, which is not under control right
now.
q) “Atempto Live Backup” utility is being used for live backup of systems & file server, in case
of data loss, data can be retrieved.

Grid Infocom | Proprietary and Confidential 2

1.3 Current Limitations

a) File server data is open for all users -:

Whenever a user tries to access file server, user just need to go through a basic
authentication scheme, after which He/she can have complete (full) access to all important
data, including data of other users.

b) Endpoint Solution can’t provide access control -:

Endpoint solution (cyberoam) can’t provide user based control/ limitations on file server and It
cannot detect any potential data breach on file server. It’s controlling & logging only very basic
tasks.

c) Current Endpoint solution is not fulfilling requirements -:

Endpoint solution is not fulfilling requirements of a DLP solution; currently it’s been only in use
for disabling USB devices & blocking Installation of programs.

Grid Infocom | Proprietary and Confidential 3

d) Pen drives are not accessible, but executable :-
Pen drives are blocked by endpoint solution, which is not assessable for all users, except
admin users, but pen drives executes while its plugged in, which can invite unwanted
malwares & network worms.

e) Network Firewall Policies Are Still Vulnerable :-

Network firewall is blocking Gmail, Rediff & proxy websites, but still policies are having
limitations which can let users to send data outside, through “Dropbox” and other Microsoft
online based file sharing utilities, which do not need even FTP ports to send data.

f) There is no centralized log management server :-

Grid Infocom | Proprietary and Confidential 4

 Every device is logging for their own traffic, exchange server is logging for emails, firewall is
logging for web access, & Endpoint solution is logging a bit, which is mainly having very basic
email alerts functionality.

g) Blocking emails on other domains :-

Emails are blocked only on main service providers, it doesn’t contain any intelligence, every
email have to manually test for sensitive information then its quarantine & release to be
delivered for any other domain.

Grid Infocom | Proprietary and Confidential 5

h) No Solutions to manage mobile & PDA devices :-
All users are having access to their official emails on their mobile devices from anywhere,
which can compromise data privacy, because any email can be downloaded & forwarded to
other domains, without any tracking.

i) No logging is enabled for any mobile devices :-

Currently no centralized mobile management system is there to control & log the mobile
devices; even basic logging is not enabled for any activity done form mobile devices.

j) Files can be sent outside using drafted emails :-

Users can save their files in “Drafts” and can access from outside from mobile devices, without
sending to somewhere. This will not be logged and tracked from current security solution. It
can be a high security risk.

k) Firewall policies are IP based (Not User based) :-

Current firewall is having only IP based functionality, which can’t provide better security to file
server, where “User Based” access is needed, via which every activity from every user can be
tracked & controlled.

l) Current Security solution is having basic Intelligence :-

Grid Infocom | Proprietary and Confidential 6

 Current security solution is having basic filtering features, including scanning of some sensitive
information, like credit card numbers, social security numbers etc. It can’t track on the basis of
highly important & less important data.

m) Endpoint solution cannot track screenshot captures :-

Current endpoint solution doesn’t have functionality to track screenshot captures, which can let
users to capture data and send in form of pictures.

n) Endpoint solution is having basic alert functionality :-

Current security solution is having basic alert functionality; it only sends an email to a super
user on every access of USB device. It doesn’t having any other advanced or better alerting
features.

1.4 Customer Requirements

a) Data security & access control to files is been needed.
b) Mobile device management is needed.
c) Email Spam Management system.

Grid Infocom | Proprietary and Confidential 7

2.1 Recommended Solution

 It will protect all important data on file

server, based on user policies.
 It will control email correspondence and
prevent possible data theft through
webmail and corporate email.
 It can detect instant messaging containing
confidential information.
 It can maintain Key logging & record all
typed characters
 It will monitor and record activities
performed on a specific computer like
screenshot capturing etc.
1. DLP Solution  It can set time schedules for when
applications can be used.
 It will take care of complete endpoint
security.
 It can control web-surfing and block
access to inappropriate websites
 It will track all data going inside / outside
of network
 It will maintain logging for complete data
flowing outside the network.
 It will scan emails, web, file shares,
connected & disconnected computers
 It will discover sensitive data on based on
its intelligence
 It contains better alert functionality with
immediate response back.

 It will provide a centralized management

solution for all mobile devices.
 It can work with most of different vendor
mobile devices.
2. MDM Solution
 It can control & track the activities
performed.
 It will provide a centralized logging
solution for all mobile devices.
 It will provide complete access control.
 It will provide proper alert functionality on
Grid Infocom | Proprietary and Confidential 8
every unauthorized access.