Clients: Case Studies

VIGNETTE

In support of the Universal Service Administrative Company (USAC), one of our longstanding clients, TDI has provided a broad range of security compliance and technical services.

TDI developed an Incident Response Plan (IRP) for USAC that was fully compliant with U.S. Federal Communications Commission (FCC) guidelines. While building the USAC IRP, TDI relied heavily on existing FCC regulations; particularly those related to Incident Response Plans: FCC Computer Response Incident Guide (CIRG) and the FCC Computer Response Incident Team (CIRT).

TDI developed USAC's IT security policies and procedures while considering several essential elements: gap analysis findings, current and previous assessment/audit findings, departmental guidance, industry best practices, and legislative and executive mandates and guidance. Each element contributes key aspects to the overall policy development. The USAC Security Policy's content was developed to be consistent with NIST SP 800-26.

TDI conducted a Business Continuity Plan (BCP), Disaster Recovery Plan (DRP), and Continuity of Operations Plan (COOP) development effort. TDI determined how USAC conducted business as a crucial step in effectively providing a roadmap for business continuity. Using a combination of interviews, surveys, observations, and studying existing program documentation, we fully evaluated USAC's backup infrastructure, off-site storage requirements, business unit processes, and business model.

TDI was responsible for revising and implementing the entire network architecture at USAC by supporting the USAC IT Division with high-end consulting services. TDI performed a successive series of tasks that, in concert, provided a thorough understanding of USAC's security infrastructure. Initially, TDI performed policy, procedures, and process reviews. We coupled this with reviews of USAC architecture and system and network device implementations. TDI then performed an internal vulnerability assessment. Our internal assessment included multiple scans and probes, system configuration reviews, and interviews with USAC personnel. After the internal assessment, we performed an external assessment with the aim of gaining access to the internal USAC network. Additionally, this effort provided an external view of USAC's publicly accessible devices. Using the results from these efforts, we compiled a list of findings that ultimately required remediation. Relying on National Institute of Standards and Technology (NIST) guidance, we then assigned a numerical risk metric and prioritized the risks. Finally, TDI entered the findings into a Remediation Plan that provided USAC with a roadmap for becoming compliant with government requirements and for taking remedial action to address said findings; this was ultimately translated into a Plan of Actions & Milestones (POA&M).

CASE STUDY
USAC Centralized Log Solution

TDI implemented a centralized logging solution to ensure USAC's compliance with federal regulations related to security of audit trails for improved accountability and forensic practices. Our goal was to identify and implement an existing solution or develop the solution ourselves. TDI’s efforts included the design for logging/auditing, audit log management, determining auditable events, a log migration strategy, means for log storage, the type of normalized raw log format, and log data analysis. Once the solution for centralized logging was deployed, TDI ensured that production systems were properly transmitting log data to the central server.

TDI intensely researched commercial and freeware Security Information Management (SIM) and other related products used to consolidate and analyze the logs of IA solutions and other systems. TDI performed an asset inventory of all available USAC network assets, including servers, routers, firewalls, switches, etc. Our efforts ensured our solution requirements for the centralized collection, storage, and analysis of all USAC system logs was built such that future reconstruction and assessments are possible.

Management of vast amounts of log data was the essential problem that TDI overcame. Subsequently, we determined how log data should be handled such that it could be analyzed, migrated into log data from other systems, and stored correctly. TDI determined the appropriate combination of auditable components, including system events, system changes, keystrokes, system calls, and application level events. TDI also addressed the components for proper log data transmission: guaranteeing delivery, securing delivery, and assuring a balanced network load. We helped determine, rewrite and apply USAC’s requirements for log data storage to dictate how long data should be retained altogether, how long it should reside on a local device, and whether or not it should remain on site. TDI then developed a solution that normalized log data from various USAC systems. Finally, to establish patterns of misuse and completely reconstruct user behavior at USAC, TDI's collection and centralized storage of raw system logs allowed data mining and forensic and statistical analysis to be performed.

CASE STUDY
USAC Secure Network Engineering

TDI was hired by USAC to provide secure network engineering services for the entire USAC enterprise. The services TDI provided affected and improved all of USAC's major infrastructure and software development efforts. For example, TDI deployed the production instances of the Oracle database that supported all of USAC's financial and cost tracking applications. In addition, TDI performed a Network Vulnerability and Risk Assessment that revealed major design flaws in USAC's network architecture and as a result of the assessment TDI was commissioned to implement all of the design improvements identified in the assessment. Furthermore, TDI conducted an assessment of the security monitoring infrastructure and recommended that USAC procures a Security Information (SIM) Management solution in order for USAC to gather real-time intelligence about the status of all of its computing assets including desktop systems.

TDI was commissioned to evaluate all major SIM vendors on the market, perform a cost-benefit analysis and finally implement the selected solution. These efforts conducted by TDI at USAC resulted in the following high-level benefits for the customer:

  • Improved performance of all major applications due to the optimized Oracle deployment conducted by TDI
  • Improved network architecture in terms of both security and performance due to the network architecture design improvements conducted by TDI
  • Implementation of Real-time intelligence gathering techniques