ARAMCO Internship Program - Prince Mohammad Bin Fahd University

Download Report

Transcript ARAMCO Internship Program - Prince Mohammad Bin Fahd University 

ARAMCO
Internship Program
Abdullah Al-Nafisi
200700679
Advisor: Dr. Abul Bashar
Prince Mohammed Bin Fahd
University
College Of Computer
Engineering & Science.
Outline












Introduction
Communication Protection Group
Company Background
Job History
Courses
Acknowledgment
Conceptual Framework
Technical Work
SWOT Analysis
Findings and Recommendations
Conclusion
References
Introduction
 information
protection and planning
department in ARAMCO Al-Medra Tower.
 The department include 5 different
groups.
 Communication
Protection group.
 The Internship
Period: 12 Week.
à The Information protection Center Division organization chart:
INFO PROTECTION CENTER DIV
COMMUNICATION
PROTECTION GP
PROTECTION MONITORING
& INCIDENT MGMT GP
UNIX & DATABASE
PROTECTION GP
PROTECTION SUPPORT &
LOG MGMT GP
WINDOWS PROTECTION
GROUP
Communication Protection
 Communications
protection group (CPG)
is responsible for securing Saudi Aramco
network devices.
 The
overall objective is to:
- Make sure all network devices are in line
with the corporate information protection
security standards and guidelines.
CPG Functions:
A. Access Management:
-Manages
access
to
corporate
communications devices such as Routers,
switches, and Firewall, Proxy, Telephone
switches, and transmission devices.

B. Security Vulnerability Assessment:
- Conducts and reports vulnerability assessment
on network devices and follows up on them.

CPG Functions:
 C.
Security Compliance Management:
- Reviews security changes of network and
security systems.
 D.
Security Patching Management:
- Reviews and reports in network security
patches.
CPG Functions:
 E.
Security Assurance:
- Assesses the Network Access to assure
secure
interconnectivity
of
servers,
computers, and network devices.
Company Background
 Saudi
ARAMCO is the national oil company
of Saudi Arabia.
 The origins of Saudi Aramco can be traced
back to 29 May 1933.
 It managed over 100 oil and gas fields in
Saudi Arabia.
 The company name was changed in 1944
from California-Arabian Standard Oil
Company to Arabian American Oil
Company (or Aramco)
Company Mission & Vision
 Saudi
-
ARAMCO mission is:
Maximize downstream investment
revenue and to take their maximum
sustained crude oil production capacity
to 12 million barrels per day.
 Saudi
ARAMCO vision is:
- Remain the world leader in the production
of petroleum-based energy.
Job History
Group
Duration
Network Access Management
Three Weeks
Network Vulnerability
Management
Network Compliance
Assessment
Network Access detection
Two Weeks
Unauthorized network access
detection
Security Patch management
Two Weeks
One Week
Two Weeks
Two Weeks
Courses
 SAP
Starter Package.
 (UIP) Understanding and Improving
Process.
 IP&TPD Safety Orientation.
 Telecommunication and Network
Security.
Acknowledgment

Mr. Fahad Sabeela, my site supervisor for the
third month, who helped me in the Safety
orientation and assigned to me some e-learning
courses:
Safety
Handbook-Basic
and
Telecommunication and network security.

Mr. Abdullah Garieshah, my site supervisor for
the second month, who helped me with the
development plan, and assigned to me a
research project to work on.
Acknowledgment

Mr. Abdurrahman Al-Meniea, my site
supervisor for the first month, who introduced
me to the department tasks, co workers and
the tasked handled by each one of them.

Mr. Yazeed Al-Thobayti, The responsible
person of the access control task.

Mr. Tariq Khushaim, The responsible person of
unauthorized networks access detection
tasks.
Acknowledgment

Mr. Bandar Al-Harbi, The responsible person of
patch management task.

Mr. Hussain Haddad, The responsible person
of network vulnerability management.

Mr. Mohammed Al-Otaibi, the employment
office supervisor. He helped us in the
orientation week and explained to us some
major safety tips.
Conceptual Framework
 Communication
Access Control Task:
The Below table 1 shows the current infrastructure for Authentication,
Authorization, and Accounting (AAA) Servers (Cisco ACS and Steel Belted):
Type
Server
Name
csacs-1
Cisco ACS
csacs-2
Cisco ACS
dha00730npgp01
Steel
Belted
BC335007
Steel
Belted
Server
Server IP Location
model
address
Appliance
TCC
Confidential
(Primary)
Appliance
TCC
Confidential
(Backup)
Microsoft
TCC
Confidential
2003
(Primary)
Microsoft
B840,
Confidential
2003
R1000
(Backup)
Server
type
Enterprise
Enterprise
Enterprise
server
Enterprise
server
Conceptual Framework

ACS (Cisco Secure Access Control Server) is used in Aramco
corporate network to provide AAA Service for the network
devices and authorizes the user in a specified privilege
depending on which group he is belongs to in the ACS.

Below are the Network devices models on ACS:
-
All Cisco Routers/Switches/FW
TACACS+ (Cisco IOS): Routers/Switches & Huawei Routers
RADIUS (juniper FW) Netscreen
RADIUS (Alcatel) 7670
RADIUS (Foundry) Switches
RADIUS (Marconi BXR) Routers
RADIUS (Marconi ) Switches
RADIUS (Cisco Aironet) Cisco Access Point (For User’s Access)
-
-
Conceptual Framework

Steel Belted Radius (SBR) is used in Aramco corporate
network to provide AAA Service for more network
devices and it authorizes the user in a specified
privilege depending on which group he is belongs to
on this server.

Below are the Network devices types/models on SBR:
- All Alcatel Switches Models except 7670
- Aruba Wireless Networks: Switches
- BelAir Access Points
- Cisco Aironet Access Point (For Admin’s Access)
Conceptual Framework:
 Granting
user’s access
And privileges:
Receive
Approved CRM
Request
Review the
Request
Identifying which Level of Authority will
be granted
Grant the User the Needed Access
CRM Update
and Closure
User receives
notification of
access’s
expiration one
month ahead
 Dealing
with expired
Users’ access:
Check if the user
applied a new
CRM
No
User receives
notification of
access’s
expiration
two weeks
ahead
Revoke
Access
No
Yes
Renew Access
Yes
Technical work
 Communication
Access Control Task:
1. Granting User’s Access to Cisco Secure - Access Control
Server (ACS) Server.

Access Privileges Mapped to Groups in the Active
Directory for the ACS server:
Groups/Platfor
ms
TACACS+
(Cisco
Routers)
RADIUS
(Cisco
IOS/PIX)
Ascen
d
Juniper
(Routers
)
Foundr
y
Alcatel
7670
NS
(FW)
Data Network
Management
Engineering
Level 15 (Admin)
Level 15
(Admin)
Admin
Admin
Level 0
(Admin)
Level 2
(Admin)
Read
Only
Level 2 (Read
Only)
Level 2 (Read
Only)
Level 15 (Admin)
Level 2 (Read
Only)
Level 2 (Read
Only)
Level 15
(Admin)
-
Read
Only
Read
Only
Admin
Read Only
-
-
Read Only
-
Admin
Level 4
Read Only
-
Level 2 (Read
Only)
Level 4
Read
Only
Read
Only
-
Read Only
-
-
-
Limited
Access
Limited
Access
Level 2
(Admin)
Limited
Access
Limited
Access
-
Level 2 (Read
Only)
-
Read
Only
-
Read Only
-
-
NPG Access
Level 2 (Read
Only)
-
-
-
-
NOC Access
Level 15 (Admin)
Admin
Admin
Level 4
BXR Routers
-
Level 15
(Admin)
-
-
Read Only
-
Level 2
(Admin)
-
Read/
Write
Read
Only
Read/
Write
-
Area Support
Security
Monitoring
CommOps
PMG
NPG Admin
Level 1 (Read
Only)
Level 2 (Read
Only)
Level 4
-
How to Add/Remove a User to the Corresponding
group in the Active Directory?
In Active Directory Users & Computers, go to: “Aramco.com / Corporate Accounts /
Network Devices Administrative Groups” as shown below.
Double click in the group which the user belong to. For example, adding/removing
users belong to Area IT. Double click on Area Support Group
Click on the members tab
To Add Users Privileges
Click on Add to add new user.
-
Insert the user’s network ID, then click on Check Names
Two names will appear. Pick the one that does NOT have the home internet
property in the description.
Click on OK
-
Now the user has been added to the Area Support Group and he will get the
privilege that Area Support Group have in the ACS.
Technical work
 Communication
Access Control Task:
2. Granting User’s Access Privileges to the Steel Belted
Radius (SBR) Server:

Access Privileges Authorization in the SBR server:
Organization/Platforms
Alcatel Switches
(Except 7670)
Admin
Read-Only
Aruba
Wireless
Devices
Admin
Read-Only
BelAir
Access
Points
Admin
Read-Only
NIMG
Engineering Staffs
Area IT
NSSG
Monitoring Staffs
CommOps Staffs
Admin
Read-Only
Read-Only
Admin
Read-Only
Read-Only
Read-Only
Read-Only
Read-Only
Read-Only
Read-Only
Read-Only
IPC/PMIMG
NPMG
NOC Analysts (Only)
Read-Only
Admin
Admin
Read-Only
Read-Only
Admin
Read-Only
Read-Only
Admin
How to Add Users Privileges?
-
Log on to the primary SBR server
Ensure that the user is added to his corresponding group in the Active
Directory
Log on to the SBR application “SBR Administrator (Funk Software)”
From the GUI, Click on Users then click on Domain. After that click Add as
shown below:
-
In the Name field, write \\ARAMCO\Network ID
Check Use Profile box for pre-defined privilege in the drop menu, as shown
below.
-
From the pre-defined privileges available in the drop down menu, select the
appropriate privileges:
-
Also, you can add more privilege through Return list tap, click Add then put
the specified privilege from the scroll menu and below is an example of
giving a “read” access to a user for Aruba devices:
SWOT Analysis
 Strengths?
 Weakness?
 Opportunity?
 Threats?
Strengths:
- Have many principal members
with extensive background and
education.
- One of the largest I.T Networks
in Saudi Arabia.
- Supported by the government
- Has huge potential in terms of
equipment available and
financial support.
Opportunities:
- Many projects undergoing and
available to be assign to you.
- Many useful workshops you can
attend during working hours.
- Very efficient manuals you can
refer to it during any certain task.
- Excellent potential for the
development of the employee.
Weaknesses:
- Each member focuses in his
own task.
- Some decisions regarding some
vulnerability taken by other
unrelated management
department.
- Shortage of manpower in
certain tasks.
Threats:
- Wireless security still the major
threats to ARAMCO network.
- A lot of hacking attacks against
big power supply companies
such as ARAMCO.
Findings and
Recommendations

The Findings:
1. Communication protection group is the most
important group.
2. Some major issues and require bringing different
employees from different departments.
3. There are many projects that information protection
department work on yearly.
4. they provided well-written manuals to guide any
new comers to the department.
Findings and
Recommendations

The Recommendations:
1. Some tasks that the CPG handles need to be
separated and divided to other departments own IT
group.
2. Some employees should be aware of other tasks
that he is not responsible for in the same department.
3. Most of the department employees were computer
science major, and some tasks required a deep
technical understanding in network security behaviors.
Conclusion

It was a great and gainful experience to work as an
intern in Saudi Aramco.

learned by practice the: discipline, time importance,
communication skills, and to be an organizing and
helpful team member.

Working in Saudi ARAMCO will make you find:
- A wide range of roles.
- Top notch team.
- Room to grow.
References
Khalid T. Al-Thinyan
Head of Information protection and planning department
03-876-7240
[email protected]
Fahad S. Al-Sabeela
Communication protection group leader
Site supervisor
03-872-4545
[email protected]
Abdullah Al-Garieshah
Security Posture management
Site supervisor for 1 month
03-872-2070
[email protected]
References
Abdulrahman Al-Meniea
Security Posture management
03-872-1086
[email protected]
Yazeed Al-Thobayti
Network Access management
03-876-2859
[email protected]
Tariq Khushaim
Unauthorized network access
detection
03-872-6817
[email protected]