Our project designed, configured, and deployed infrastructure for a new cybersecurity organization at OSU.
The Oregon Research and Teaching Security Operations Center (ORTSOC) is a new cybersecurity organization at OSU that will serve as a residency-based experiential learning and professional development program for students. They will be offering an affordable suite of services to a consortium of under-resourced entities. As a new organization, the ORTSOC was missing vital infrastructure to work as a functioning organization. This project has created and deployed such an infrastructure. The ORTSOC functions as a Managed Security Services Provider (MSSP), providing services for external customers, rather than OSU itself. The partners for this project are Dave Nevin (ORTSOC Director) and Dr. Rakesh Bobba (Associate Professor in the School of EECS).
The ORTSOC is, as the acronym suggests, a security operations center (SOC). A security operations center is a common type of organization which provides various cyber security services for clients. One particular piece of this is network security monitoring, in which a SOC will constantly monitor their client’s network traffic for any suspicious activity, looking for any known indicators of compromise (IoC) or current indicators of attack. Analysts use these IoCs to assist in threat hunting, where analysts actively look for active attacks or previous and undetected attacks in the network. When a threat has been observed, a SOC will begin their incidence response (IR) for the client. This usually entails requesting systems to be removed from the network, doing forensics on a compromised system, and building an overall case to understand what was compromised.
Our capstone project involved building all of the systems for analysts to use at the ORTOSC, enabling the aforementioned analysis activities. We built Ansible playbooks, which are blueprints for automation tasks, that deploy different software packages to each component of the infrastructure. The infrastructure consisted of two main categories, the central systems and the remote sensors, which will be deployed at each ORTSOC customer network. We used open source software such as Elasticsearch, Kibana, Logstash, Beats, Zeek, BIND9, Wireguard, and OpenSSL, all running on top of Debian. The central infrastructure runs in a VMware environment, and the remote sensors are all bare metal appliances.
For more detailed information, please see our project website: https://capstone.ortsoc.oregonstate.edu
