SAE 5CYBER03 Advanced Securing & Monitoring of an Information System

The SAE 5CYBER03 project, titled Advanced Securing & Monitoring of an Information System, is a comprehensive initiative aimed at significantly enhancing the cybersecurity posture of BlueWave. The primary objective of this project is to establish a robust and secure infrastructure that is not only resilient against cyber threats but also equipped with advanced monitoring capabilities to ensure the continuous protection and optimal performance of the company’s information systems.

At the heart of this initiative is the creation of a Security Operations Center (SOC). The SOC serves as the central hub for cybersecurity operations, providing real-time monitoring, threat detection, and incident management. By continuously overseeing the network activities, the SOC ensures that any potential threats are identified and mitigated promptly, thereby safeguarding BlueWave’s critical infrastructure from malicious attacks and unauthorized access. This proactive approach to security allows the organization to maintain high levels of operational integrity and reliability.

The network architecture designed for this project is meticulously segmented into distinct zones, each serving a specific function within the overall infrastructure. These zones include the SOC, service zone, front-end zone, bastion zone, and technical zone. The segmentation is achieved through the implementation of Virtual Local Area Networks (VLANs), which not only optimize network performance by reducing congestion and improving traffic management but also enhance security by isolating different segments of the network. This isolation ensures that even if one segment is compromised, the breach does not easily propagate to other parts of the network, thereby containing potential damage and maintaining the integrity of the entire system.

A critical component of the project is the establishment of a three-tiered Active Directory (AD) structure. This hierarchical organization facilitates centralized and efficient management of users and resources across the network. By categorizing resources and user privileges into different tiers, the AD structure enforces strict access controls and minimizes the risk of unauthorized access. This tiered approach ensures that users have only the necessary permissions required for their roles, thereby reducing the potential for internal threats and accidental breaches. The centralized management capabilities of AD also streamline administrative tasks, making it easier to enforce security policies and conduct audits.

To bolster the system’s security, Wazuh agents have been integrated into the infrastructure. These agents play a pivotal role in continuous and proactive security monitoring by providing real-time intrusion detection and alerting capabilities. By analyzing logs and monitoring system activities, Wazuh agents can identify suspicious behaviors and potential vulnerabilities, enabling the SOC to respond swiftly to emerging threats. This integration ensures that BlueWave remains vigilant against a wide range of cyber threats, from malware and phishing attacks to more sophisticated intrusion attempts.

The installation of an OPNsense firewall is another key aspect of the project, responsible for meticulously controlling inbound, outbound, and inter-zone traffic flows. The firewall acts as a critical barrier against unauthorized access, filtering traffic based on predefined security rules and policies. By managing and inspecting all network traffic, the OPNsense firewall ensures that only legitimate and authorized communications are permitted, effectively preventing potential breaches and data leaks. This rigorous traffic control not only protects sensitive information but also maintains the overall security and stability of the network.

Secure access to various servers within the infrastructure is achieved through the deployment of Apache Guacamole as a bastion host. Apache Guacamole provides a secure gateway for Remote Desktop Protocol (RDP) and Secure Shell (SSH) connections via a centralized web interface. This setup simplifies the management of remote access while maintaining stringent security standards. By centralizing access points and enforcing secure connection protocols, Apache Guacamole minimizes the risk of unauthorized access and ensures that all remote sessions are monitored and controlled effectively.

In addition to these measures, the project includes the configuration of a Demilitarized Zone (DMZ) for the WordPress server. The DMZ serves as an isolated zone where publicly accessible services are hosted, separate from the internal network. This separation provides an additional layer of security by limiting direct access to the core infrastructure, thereby protecting internal resources from external threats. Moreover, the Active Directory has been fortified through hardening practices, which involve tightening security configurations and eliminating unnecessary services to reduce potential attack vectors. These enhancements significantly bolster the security of the web infrastructure, ensuring that services exposed to external users are well-protected against various cyber threats.

Compliance with international security standards, particularly ISO 27001, is a fundamental aspect of the project. The implementation includes rigorous monitoring and regular audits to ensure that all security measures meet the stringent requirements of ISO 27001. This compliance guarantees that BlueWave’s infrastructure adheres to best practices in information security management, fostering trust and reliability among stakeholders. Regular audits and continuous monitoring not only help in identifying and addressing vulnerabilities but also facilitate ongoing improvements in security protocols and practices.

Overall, the SAE 5CYBER03 project delivers a clear and structured architecture designed to ensure the security and efficiency of BlueWave’s network infrastructure. By integrating advanced security tools, implementing strategic network segmentation, and adhering to international standards, the project provides a resilient and scalable foundation that can adapt to evolving cyber threats. Intended for technical teams and stakeholders, this comprehensive approach ensures that BlueWave remains at the forefront of cybersecurity, capable of protecting its critical assets and maintaining uninterrupted business operations.