DECEMBER 03 2010

Security TEK SAIT Polytechnic 1301 – 16 Avenue NW Calgary, Alberta, Canada, T2M 0L4

Project CharterSecurity TEK

SECURITY TEK

David SutherlandJason MahChau Pham

Table of ContentsExecutive Summary.............................................................................................................2

Project Vison........................................................................................................................3

Project Purpose...................................................................................................................4

Problem / Opportunity..........................................................................................................4

Project Description...............................................................................................................4

Key Stakeholders.................................................................................................................4

Project Scope......................................................................................................................5

Scope..................................................................................................................................5

Out of Scope........................................................................................................................5

Project Objectives................................................................................................................6

Terminology.........................................................................................................................7

Project Team.......................................................................................................................8

Project Stakeholders............................................................................................................9

Risk Assessment...............................................................................................................10

Project Schedule................................................................................................................11

Project Facilities and Resources.........................................................................................13

Project Budget...................................................................................................................14

Equipment and Facilities....................................................................................................14

Operating Costs.................................................................................................................14

Promotion and Communication..........................................................................................15

Intellectual Property............................................................................................................16

Offer and Approvals...........................................................................................................17

Offer.................................................................................................................................. 17

Approvals...........................................................................................................................17

Project Charter Signoff.......................................................................................................17

References........................................................................................................................18

[NAME OF PROJECT CHARTER] PAGE 1

SectionExecutive Summary1

Security Tek’s main goal is to create a hardened server with a hardened room to match. We will be using security techniques and procedures learned in IT security and Server Service Administration to enable a functional server, with programs for network intrusion detection and protection. As well, we will be using techniques to harden the server room to prevent unauthorized access or detect unauthorized access.

Our purpose is to devise and implement a plan for a client to execute that will protect their server. We will be using techniques such as using a snort box to make sure network intrusion is documented and logged. As a network prevention system, we will be implementing a honeypot to attract the intruder to the fake network instead of our own. Physical access will control things such as a mantrap and user access codes to enable access. Shock sensors and cameras to monitor and secure the server.

We are aiming at small to medium sized companies as these moderately sized companies may not have an IT department with the technical expertise to implement a more secured server for their needs. We will implement it in a way that it will be affordable and will not break a client’s budget to implement our system. It will provide much needed security for an up-and-coming business or a business looking to expand their IT server, whether it is for sending internal or hosting a new website for sales, this is needed to protect their backbone so they can continue their business.

We will create a documentation guide and setup procedures to direct a client on how the system is to be setup. A step-by-step manual will be created and a troubleshoot section will be included in case the client encounters a situation similar to anything that happened will we were devising the manual.

Our target time frame to creating our manual and having a documented manual will be end of March 2010. We will be having a demonstration of our plan at the end of April 2010, and will be using the time from the end of actual documentation to fine-tune our systems to work as one. Partial demonstrations will be documented half way to our stakeholders for approval and critique to ensure that we have the right direction in what a client would want in a hardened server room.

PROJECT CHARTER – SECURITY TEK PAGE 2

SectionProject Vision2

In today’s growing technological society, it’s becoming increasingly more important that products are unique, easy to use and provide a great deal of functionality to the consumer willing to buy the product. Thus, it is important to have an innovating product that will catch the consumer’s eye at an ideal cost for both sides. The project vision is to create a security system that will securely keep the valued object(s) safe from intruders.

Our team will create a unique product that will be easy to use by the consumer, but very secure to ensure the safety of the object(s) the consumer wants to keep safe. First of all, our group will be designing a hardened server that incorporates snort as well as other security programs. We will be using this server for two main objectives 1) as the “prized” object that thieves may want and 2) it will contain all the programs and scripts to control our intrusion prevention and detection system.

To do this, our group will research the price of the materials and the overall design and build of the final product. We will locate a suitable room, measure to determine how much material it will need to secure it properly and then begin to design our system. From there we will design our security system that implements snort, and other security rules, sensors, cables and computer hardware to produce a reliable security system.

Final Deliverables:1. Project Demo2. Presentation3. Website4. Project Documentation

PROJECT CHARTER – SECURITY TEK PAGE 3

SectionProject Purpose 3

Security is always a big area of IT and will continue to grow as technology advances. To keep intruders out and allow server administration access the server room. This problem is always occurring to companies that do not implement a plan of safety or have a poorly made plan. If an intruder is able to get into the server room, they can have control over the servers just by walking through the server room door. This has created a great project idea for our group, create a security system that is cheap, easy to implement and secure. This system will stop or slow down an intruder to allow security personnel time to get to the server room. Another deliverable that will be included is a presentation of our prototype and administrator manual for easy implementation by the administrator and security. The project does not just include our team but many others out side the team.

Problem / Opportunity

Think of having small business and because you have a small budget, you have to cut down the costs in some areas to help provide for areas, servers in an unprotected room are a likely situation. Many businesses may look at security as an expensive component that has no value for the company.

Project Description

If a company is worried about the cost then our project will dissolve that problem by setting up a low cost security system but with the benefits of a high cost system. This project also will deal with the initial problem for some companies, a security system that will protect their servers which was not implemented previously.

Key Stakeholders

The key stakeholders are the people that are involved with the overall project. The project managers are our team, each of us will have a chance at being the project manager. When it is our time as the project manager, we become a major stakeholder because we want the rest of our team to achieve what is needed. Our client is also the sponsor at the moment giving us ideas while we will give results back. This project is being performed at SAIT so we have to represent SAIT the best we can when looking for results and building our project. Each stakeholder is affected by the outcome of this project so it is our responsibility to make our project work. If problems arise, we are accountable for letting the key stakeholders know of complications. These are just the key stakeholders there are main more that are listed further bellow.

Stakeholders CommentProject Manager David Sutherland, Jason Mah, Chau PhamClient Colin ChamberlinPerforming Organization SAITSponsor Colin Chamberlin

PROJECT CHARTER – SECURITY TEK PAGE 4

SectionProject Scope4

As with any project, how small or large it may be, security is always an issue. With our project our hope is to be able to create a hardened server and room to protect our assets. We will only have one server and server room to showcase for product, but we will include steps to expand security measures for a larger scale. So within the confines of this project we will not be demonstrating a large-scale security measures but rather only on one server.

At least halfway through we would like to be able to demonstrate our hardened server. We will show how an intruder will be detected and kept at bay by the honeypot to throw them off our actual server.

Our second partial demonstration would be our server room where it can monitor or trap unauthorized access. It will also be to monitor traffic in the server room to identify if a user was able to access the server by bypassing the security measures.

As this is only a simple demonstration of our project, we cannot do things like setting up multiple servers each with their own protection, nor can we produce a real attack on our system, like a virus trying to infect our system. We will only be showing user intrusion detection. Also, as space will be limited, some things like pressure mats will only be situated in critical places in front of the door and server to monitor access. Our camera set up will only be able to monitor limited areas due to space limitations.

Scope

Our scope will mainly consist of one room, with security to trap unauthorized users from accessing the server. Due to cost budgets we’re limited to using only a fraction of all security features we can get such as high definition camera to be used as a motion sensor and video capture device.

Out of Scope

Since our budget is limited, we cannot implement things such as pressure mats, or a biometric scanner that scans finger prints. It will be limited to a one room design instead of an actually server farm. Other things that can be implemented and will not be included are things such as shock sensors to ensure that the server are immobile and cannot be moved without alerting someone with access. Other technologies, for example, keycards or magnetic access cards will not be implemented due to budget constraints

PROJECT CHARTER – SECURITY TEK PAGE 5

SectionProject Objectives5

To achieve our desired goals; they must be first be defined. Hardening a server along with the physical security will be a large task. We will implement multiple physical security devices like cameras, pressure mats, motion detectors and more. As well as physical security, a server must be able to detect and trap malicious users or organizations from bringing down our protected servers. We will be using Snort and a honeypot to detect and confuse those that want harm our business.

We must first have a server to protect. We will have to acquire a server capable of doing basic tasks such as webhosting, email and internet. As with our limited time scope we will only have one server doing multiple tasks, but we will create a plan in case it will need to be implanted on a larger scale.

Once our server is acquired, we will begin to set up our honeypot. We will make it seem like there are multiple servers and end users talking to each other. We will simulate network traffic to make it more realistic and we will have snort to detect the ip of the attackers trying to get at our server. We will also be removing commands not used and have administrator rights only to protect from unauthorized modifications.

To start with physical security we are putting in a man-trap style access to our server room. A user must have authorization to enter through the second door of the man-trap to reduce unwanted access from those without authorization.

As for authorization, we will be implementing a finger print scanner as well as a keypad to ensure those with access codes cannot just give it to anyone and must verify it is them with the finger print scanner for the code to allow them access in to the server room.

We will also be implementing a pressure mat system, to monitor foot traffic in and out of the server room. We are putting this in because an intruder may not be using the front door, and may likely try to bypass the main security defenses we will be putting up like our man trap doors. It also monitors how many people have entered and we will try to set it up so that only users that pass the man-trap and are authorized can enter, if they try to bring in a second person it will lock out the server.

As pressure mats can only detect footsteps, or pressure, will also be including video cameras with IR, for dim light situations and monitor who has been inside the server room, day or night, to make sure only authorized users have been inside.

If we have set all these defenses up properly, the server will only be accessible through the man-trap by a user with a finger print ID set up and key code for door access, and will only allow one person through the man trap at a time, and if more than one person has entered through the man-trap on only one authorization, the server will be locked down and not accessible until an administrator can verify and unlock the servers.

PROJECT CHARTER – SECURITY TEK PAGE 6

SectionTerminology6

There are a few terms that will need some more explanation as to what they mean, such as honeypot, man-trap, IR, Snort and intrusion detection.

Honeypot- is a trap set to lure in intruders to access fake information so that the real info is safe. This is done by creating scripts that appear to show real info when an intruder is able to get into that system. We want people to try and access this since we will be able to log where their IP, when they tried to hack into our network and how many times.

IDS – Intrusion Detection system - Intrusion system setup to detect intruders, documenting or alert the administrator of the system. This can be used in the physical and network areas of security.

IPS- Intrusion Prevention system - Intrusion system setup to prevent intruders from entering or stopping them in there tracks. As a physical system something like a mantrap will work. In a network environment a honeypot will help

IR- Infrared This type of camera is able to detect heat signatures given off by warm blooded animals. This is especially important because we will be able to detect a person night or day in our restricted area.

Mantrap- a physical security device(s) used to protect intruders from getting into a restricted area. For our purpose, we will be using floor detectors to sense footsteps when someone is near our restricted area.

Snort-is a network intrusion detection system that detects and logs intruders trying to access our system.

PROJECT CHARTER – SECURITY TEK PAGE 7

SectionProject Team7

The most important part of a project is creating a team that suits the style and goal of the project. A team needs to co-operate, communicate and create. Co-operation between members will lead to a better ending result. Over the past year and a half we have done a few projects together, so there are no uncomfortable situations that make it hard for the team to work together. We understand each other’s strengths and weaknesses. As well, communication between team members is well formed because of experience from previous projects, but in every project there is still miss communication that off balances the team but is quickly fixed. Creating means coming up with a solution to a standstill in the project; our team will use this in means organization and problem solving. Within the team each of us has a role that best fits our strengths. The order that the roles are placed in is our priority role. The project manager role is split evenly through the project when different tasks are implemented.

Member RoleDavid Sutherland Project manager, Hardware, Server Admin Jason Mah Hardware, Project managerChau Pham Programmer, Project manager

PROJECT CHARTER – SECURITY TEK PAGE 8

SectionProject Stakeholders8

Our key project stakeholders will be primarily ourselves. Other stake holders will include Colin Chamberlin and our sponsor. Colin will influence our group by giving us advice and ensuring the project is on schedule. Our sponsor will be monitoring, requesting and advising us with information so that all plans go forward and continue as planned.

Other key stakeholders will include the user and suppliers. Users are a major stakeholder since they will be buying the product. The user influences us in a way that we will provide the best product for them and in return will receive a reputable reputation. Supplier’s reputation will also be on the line; should they fail at providing us a reliable product, they will lose reputable status. This can affect the suppliers company by causing them to go bankrupt. Other companies will not buy from them if their products are inadequate and unreliable.

Stakeholder Role or InfluenceProject team The team that will be putting in the workColin Chamberlin Will make sure that project is on timeSponsor Will sponsor us Users Will buy and evaluate the productSuppliers Reputation of product line

PROJECT CHARTER – SECURITY TEK PAGE 9

SectionRisk Assessment9

While the project is to help implement security to a small business, complications can occur that affect the outcome of this project. This list of risk is to help ready our group for what could be expected as a problem that may occur. The mitigation strategy is how our team will stop the risk from happening or lower the chance of it happening.

Project Risk Assessment Probability Impact Severitye.g. High, Medium, Low e.g. High, Medium, Low e.g. High, Medium, Low

Insufficient training Medium High MediumTeam members may not all be on the same page in training so some will have to less expirenceMitigation Strategy – Research area that is unfamiliar, Use textbooks and other resources to learn from

Inadequate communication High Medium LowA new team means working with new people and can cause communication if we are not on the same page Mitigation Strategy – Set up meetings and create schedules, email when a problem has occurred, get to know one another, strengths and weaknesses…Conflicting priorities Medium Medium HighThe project might be going one direction but a team member wants to have it go in a different directionMitigation Strategy – Keep everyone on track with the project try to fit priorities into project.

Money/Funds Medium High HighMoney can be a risk that puts the project on hold or stops it all togetherMitigation Strategy – Find sources or funding before starting project

Not able to acquire resources Low High HighSome resources may not be acquirable or out of stock Mitigation Strategy – Make sure to have back up resource site to acquire the same resources

Loss of enthusiasm Low Medium MediumTeam members may hit a rough spot if something goes wrong and may want to stopMitigation Strategy – push the team to move through the problem find a solution

Loss of team support Low High MediumMembers of team may start objecting to ideas of Project manager if they falterMitigation Strategy – Put into position a team member that is likely to do well as the Project manager

Team change Medium High LowSomething that can and cannot be controlled, team members move Mitigation Strategy- Understand the team and what there timing

Change of project scope low High mediumThis can be caused by a project hitting a road block or the client made decision to changeMitigation Strategy-

Time High medium mediumTime is always a factor in being a risk; most projects never meet the initial dead line.Mitigation Strategy- Planning is the best way to stay on track as well as a great team.

PROJECT CHARTER – SECURITY TEK PAGE 10

SectionProject Schedule10

For this project to succeed, our team will create a plan that will follow guide lines so that we follow the milestones and deadlines. The important aspects of our plan are as followed, estimate the cost of all our materials, acquire the resources, setup the server; program the sensor board to use devices, and continual group meetings. We have also planned for extra time for example, extra research if it is needed for the more difficult parts of the project. See below for the overall plan layout.

PROJECT CHARTER – SECURITY TEK PAGE 11

Embed your MS Project file below. (MS Word 2003: Insert > Object > Create from File > Browse; MS Word 2007: Insert > Object > Object > Create from File > Browse)

PROJECT CHARTER – SECURITY TEK PAGE 12

SectionProject Facilities and Resources11

Resource AvailabilityServer AvailableEthernet cables Need to acquireCameras Need to acquireController boards Need to acquireWire Need to acquireMotion sensors Need to acquireUnix OS (Linux or Ubuntu) AvailableStorage Room Need to acquire

[NAME OF PROJECT CHARTER] PAGE 13

SectionProject Budget12

The project will consist of expenses due to realistic payment to the team members and cost of material to build the physical security system. The prices of the project will vary as our team constantly finds better or cheaper options that provide a good security system. The budget was developed based on what materials were needed to design a physically secure room.

Phase 1: Acquire Materials 48 hours of laborPhase 2: Program Sensor 64 hours of laborPhase 3: Setup Server 56 hours of labor

Equipment and Facilities

The equipment we will need to build and design our physical and computer security system. Parts and prices will vary as our team continues to implement the best technology available to us.

Item Amount CostCameras with motion sensors 4 $30Sever 1 $providedSnort 1 $freeHoneypot 1 $freeEthernet cables 3 $providedController board 1 $-

Operating Costs

This will include an ideal charge of what our team, per person, would charge an hour to build, design and setup a secure server and room. The total cost of our labor will vary depending on how smoothly the install goes. Our team will pay each person hourly at a rate of $30 an hour.

Item Hours Rate CostAcquire Materials 48 30 900Program Sensor Board 64 30 1920Setup Server 56 30 1680

PROJECT CHARTER – SECURITY TEK PAGE 14

SectionPromotion and Communication13

To promote our project, our team will have a booth to showcase and demo our finished project specs. It will consist of a live demonstration of how the server is monitored and our security system works in combination to prevent an unauthorized user from accessing the server.

As for communication, we will be documenting all our meetings, internal and external and provide meeting agendas and plans for every meeting. All necessary steps leading to a meeting with all stakeholders and sponsors will be made accordingly, such as booking a room for conference and bringing refreshments for example.

Our group will keep a log journal of our objectives, methods, successes and failures for the week and will be updated by every member to ensure that the project and its objectives and obstacles are understood by all and all can provide an idea to a solution to a problem if an obstacle arises.

PROJECT CHARTER – SECURITY TEK PAGE 15

SectionIntellectual Property14

The intellectual property will be property of the group. Each group member will have the right to the intellectual property that they purpose and design. Other group members, who did not research and/or design that part of the project must ask the member who did do the research and/ or design for permission of use. Depending on our sponsor, they may have some right of the property as well.

PROJECT CHARTER – SECURITY TEK PAGE 16

SectionOffer and Approvals15

Reading this charter, we have made some offers that will be the outcome of our project. Signing this will confirms that you approve of our project and will allow our team to help you become a more secure company with our implementation.

Offer

Security TEK would like to offer our services to small business companies that do not have security implemented and give them better security than what they started with. To help protect the servers, there are a few things we are offering out of this project:

1. Cost effective physical security system for a small server room in your small business.

2. Manual for administrator on how to use the system.

3. Demonstration and presentation of the implemented security

4. Final report that includes what was done and meeting minutes throughout the project

Approvals

In order to help implement a security system that will optimize security in your server room and approve our low budget cost, your approval for this project is needed. Approval needed for:

1. Adding security server to your network2. Implementation of physical security devices in server room.3. Gant Chart4. Budget

Project Charter Signoff

Offering Signature Date

David Sutherland

Jason Mah

Chau Pham

Type name

Approval

Colin Chamberlain

Type name

PROJECT CHARTER – SECURITY TEK PAGE 17

SectionReferences16

[1] Ebay, Home CCTV Surveillance Color Dome Camera, [Online Document], 2010, http://cgi.ebay.ca/Home-CCTV-Surveillanc-Security-Color-Dome-Camera-/280398062866?pt=LH_DefaultDomain_0&hash=item414906e512

[2] SourceFire, Snort, [Online Document], 2010, http://www.snort.org/

[3]Wikipedia, HoneyPot, [Online Document], 2010, http://en.wikipedia.org/wiki/Honeypot_%28computing%29

[4] Wikipedia, ManTrap, [Online Document], 2010, http://en.wikipedia.org/wiki/Mantrap

[5] Webopedia, What is a Server? [Online Document], 2010, http://www.webopedia.com/TERM/S/server.html

PROJECT CHARTER – SECURITY TEK PAGE 18