Home > Documents > [Internship Report] folder... · Web view[Internship Report] [Internship Report] 3 [Internship...

[Internship Report] folder... · Web view[Internship Report] [Internship Report] 3 [Internship...

Date post: 22-Apr-2018
Category:
Author: lycong
View: 318 times
Download: 24 times
Share this document with a friend
Embed Size (px)
of 87 /87
[Internship Report] Prince Mohammed Bin Fahd University College of Computer Engineering and Science ARAMCO Information Protection and Planning Internship Advisor: Dr. Abul Bashar Intern: Abdullah Abdul-Aziz Al-Nafisi
Transcript

[Internship Report]

[Internship Report]Prince Mohammed Bin Fahd University College of Computer Engineering and Science

Execute Summary:

This report will highlight the three months internship experience in ARAMCO Company during the summer 2012 (from the 16 of June till the 5 of September). The report will mention and discuss some key subjects about the internship period. First, the acknowledgment part, because the internship tasks would not have been possible without the support of many people. After that, the introduction and the company background part, and will mention some historical information about the company. Then, will use the SWOT analysis tool. SWOT stands for strengths, weakness, opportunities and threats that may be faced during the internship period in ARAMCO. After that, will discuss the organizational marketing and competitive strategy. Then, The job history part which will highlight the major assignments and the timeframe for each one of them and also provide a narrative description. After that, will provide a basis for the technical in the conceptual framework part. The Technical part will reflect the actual projects undertaken or problems handled and methodological used, limitations, finding, and suggested solutions. Finally, the evaluation of the internship experience part, and will provide a summary of the findings and recommendations.

Acknowledgment:

The internship experience would not have been possible without the guidance and the help of several individuals who in one way or another contributed and extended their valuable assistance in the preparation and completion of my ARAMCO development plan.

Mr. Fahad Sabeela, my site supervisor for the third month, who helped me in the Safety orientation and assigned to me some e-learning courses: Safety Handbook-Basic and Telecommunication and network security. He also approved my IDP (Individual Development Plan).

Mr. Abdullah Garieshah, my site supervisor for the second month, who helped me with the development plan, and assigned to me a research project to work on.

Mr. Abdurrahman Al-Meniea, my site supervisor for the first month, who introduced me to the department tasks, co workers and the tasked handled by each one of them, and scheduled for me some certain tasks.

Mr. Yazeed Al-Thobayti, the co-worker who is the responsible person of the access control task. He assigned to me some read manuals to help me understand how the network devices organized in ARAMCO, and based on what gives privileges to the users.

Mr. Tariq Khushaim, the co-worker who helped me in the unauthorized networks access detection tasks..

Mr. Bandar Al-Harbi, the co-worker who helped me in understanding patch management task.

Mr. Hussain Haddad, the co-worker who helped me in understanding network vulnerability management, and assist me in some network access tasks.

Mr. Mohammed Al-Otaibi, the employment office supervisor. He helped us in the orientation week and explained to us some major safety tips.

Table of content:

1. Introduction:

The internship that I experienced in ARAMCO was in the information protection and planning department in Al-Midara Tower. The division is divided into 5 groups: Communication protection group, Windows protection group, UNIX & database protection group, protection monitoring & incident management group and protection support & log management group. I worked with communication protection group. The group handles different tasks such as: network access management, network vulnerability management, compliance, unauthorized network access detection and security posture management. In addition to the tasked that I experience and monitor there were some useful workshops that I attended such as: understanding the overall process. Also, I delivered a research project and presentation about VoIP (Voice over Internet Protocol) security tools, the tools description, tools features, tools comparison and recommendation. The e-learning courses were very helpful and available in the ARAMCO websites that covers almost everything in the area of IT such as: wireless security, telecommunication and network security. This report will provide detailed information about the company background, SWOT analysis of the company, organization marketing and competitive strategy, the job history in the three months, conceptual framework, technical part, evaluation of the internship experience and summary of finings and recommendations.

1.1 Communications Protection Group (CPG)

1.1.1 Introduction:

Communications protection group (CPG) is responsible for securing Saudi Aramco network devices (routers, switches, proxies, firewalls, wireless, modem, etc.) through conducting a comprehensive vulnerability and compliance assessment, security risk analysis, security patch management, access control management, and unauthorized modem and wireless access points detection. CPG produces periodic reports of vulnerable, non-compliant, or unauthorized systems to proponents for remediation. The overall objective is to make sure all network devices are in line with the corporate information protection security standards and guidelines and security best practices.

1.1.2 Functions:

The primary functions and tasks associated with CPG include:

A. Security Assurance:

Assesses the Network Access to assure secure interconnectivity of servers, computers, and network devices.

B. Security Vulnerability Assessment:

Conducts and reports vulnerability assessment on network devices and follows up on them.

C. Security Compliance Management:

- Reviews security changes of network and security systems (such as Firewalls, VPN, Proxy, Wireless, VoIP, etc.).

- Monitors, reports, and follows up on the security configuration compliance of network devices against the baselines.

- Detects, reports, and follows up on unauthorized network devices connected to the corporate network.

D. Security Patching Management:

Reviews and reports in network security patches of network devices (FW, IPS, routers, switches, VoIP etc.) and follow up on them.

E. Access Management:

Manages access to corporate communications devices such as Routers, switches, and Firewall, Proxy, Telephone switches, and transmission devices.

2. Company Background:

Saudi ARAMCO is the national oil company of Saudi Arabia. Saudi Aramco was estimated to be worth $781 billion in 2005. Making it the world's most valuable company. Headquartered in Dhahran, Saudi Arabia, Saudi Aramco operates the world's largest single hydrocarbon network, the Master Gas System. Its yearly production is 7.9 billion barrel. It managed over 100 oil and gas fields in Saudi Arabia, including 279 trillion of natural gas reserves. Saudi Aramco owns the Ghawar Field, the world's largest oil field, and the Shaybah Field, one of the world's largest oil fields.

The origins of Saudi Aramco can be traced back to 29 May 1933 when the Saudi government granted a concession to Standard Oil of California. The concession allowed them to explore for oil in Saudi Arabia. After four years of fruitless exploration, the first success came with the seventh drill site in Dammam, a few miles north of Dhahran in 1938, a well referred to as Dammam No. 7. This well immediately produced over 1,500 barrels per day, giving the company confidence to continue. The company name was changed in 1944 from California-Arabian Standard Oil Company to Arabian American Oil Company (or Aramco). Company operations include exploration, producing, refining, chemicals, distribution and marketing.

Saudi ARAMCO vision and commitment is to remain the world leader in the production of petroleum-based energy is complemented by their commitment to help solve a host of pressing issues. They believe that they can make a difference wherever they do business by investing in innovation and entrepreneurship, creating educational opportunities, powering economic progress, increasing environmental awareness, and working in partnership for energy sustainability.

Saudi ARAMCO mission is to maximize downstream investment revenue and to take their maximum sustained crude oil production capacity to 12 million barrels per day, which will help them meet the projected call on their crude oil in the decades to come while also maintaining sufficient spare capacity to help ensure market stability a key objective of the Kingdoms oil strategy. Saudi Aramcos activities thus cover the whole globe and span the entire petroleum value chain, from reservoir to petrol pump and petrochemical plant and everything in between.

The ARAMCO Information protection & Technical planning organization chart:

INFO PROTECTION & TECH PLNG DEPT

ACCESS MANAGEMENT DIV

DEMAND MANAGEMENT DIV

INFO PROTECTION CENTER DIV

INFO TECHNOLOGY PLANNING DIV

INFORMATION PROTECTION MGMT DIV

PLLANNING & PROGRAMS GP

The Information protection Center Division organization chart:

INFO PROTECTION CENTER DIV

UNIX & DATABASE PROTECTION GP

PROTECTION SUPPORT & LOG MGMT GP

PROTECTION MONITORING & INCIDENT MGMT GP

COMMUNICATION PROTECTION GP

WINDOWS PROTECTION GROUP

3. SWOT Analysis:

Weaknesses:

- Each member focuses in his own task.

- Some decisions regarding some vulnerability taken by other unrelated management department.

- Shortage of manpower in certain tasks.

Threats:

- Wireless security still the major threats to ARAMCO network.

- A lot of hacking attacks against big power supply companies such as ARAMCO.

Opportunities:

- Many projects undergoing and available to be assign to you.

- Many useful workshops you can attend during working hours.

- Very efficient manuals you can refer to it during any certain task.

- Excellent potential for the development of the employee.

Strengths:

- Have many principal members with extensive background and education.

- One of the largest I.T Networks in Saudi Arabia.

- Supported by the government

- Has huge potential in terms of equipment available and financial support.

4. Organizational marketing strategy:

This useful article published in many global websites about ARAMCO marketing strategy:

Aramco Trading is a new SA unit set up earlier this year to begin by end-2011 to trade in refined products, maximize downstream integration and generate value by leveraging its growing global system. Named Saudi AramcoProduct Trading Co. and based in the kingdom, this will enhance the system of balancing refined petroleum products and back SA's expanding local and overseas downstream investment portfolio.

Addressing customers and industry participants at annual IP Week gathering in London, SA Senior VP for the Downstream Khaled G. al-Bu'ainain in February said: "Through the establishment of this new subsidiary, Aramco Trading, we hope to better capture integration opportunities in our global system, and additionally create more value for our expanding downstream business in Saudi Arabiaand overseas". He said with energy demand forecast to rise in the long term, SA continued to demonstrate its commitment to meeting future demand by under-taking a significant downstream capital programme via investments through its subsidiaries, affiliates and JV in Saudi Arabia and abroad.

5. Organizational competitive strategy:

Saudi Aramco (SA) is considered to be one of the most valuable companies in the world with an estimated valuation of between $2.2 trillion to $7 trillion in 2010. It owns most of the crude oil reserves in Saudi Arabia and some other Middle Eastern site and runs the largest hydrocarbon distribution network in the world.

Saudi Aramco has a strict competitive strategy based on profit maximization as well as keeping ahead of the competition and that is what is necessary for the survival. It has been able to build efficient capabilities over its supply chain to survive the competition.

Competition in the domestic market is minimal for Saudi Aramco as it is the state owned player and hence will always get the preference during major deals in the field of expansion and refining. But for finished goods like hydrocarbon products, it has significant competition from other domestic players such as SABIC. Also, in the overseas markets it must compete with global giants such as Shell, BP and Exxon etc. but its holds large oil reserves in the home country offering it a competitive edge.

6. Job history:

Assignment

Timeframe

Description

Network Access Management

Three Weeks

Manages access to corporate communications devices such as Routers, switches, and Firewall, Proxy, Telephone switches, and transmission devices.

Network Vulnerability Management

Two Weeks

Conducts and reports vulnerability assessment on network devices and follows up on them.

Network Compliance Assessment

One Weeks

Reviews security changes of network and security systems

Network Access detection

Two Weeks

Assesses the Network Access to assure secure interconnectivity of servers, computers, and network devices.

Unauthorized network access detection

Two Weeks

Monitor the unauthorized access to the company network

Security Patch management

Two Weeks

Reviews and reports in network security patches of network devices (FW, IPS, routers, switches, VoIP etc.) and follow up on them.

7. Conceptual framework:

7.1 Communication Access Control Task:

The Below table 1 shows the current infrastructure for Authentication, Authorization, and Accounting (AAA) Servers (Cisco ACS and Steel Belted):

Server Name

Type

Server IP address

Location

Server model

Server type

csacs-1

Cisco ACS

Confidential

TCC

Appliance

(Primary)

Enterprise

csacs-2

Cisco ACS

Confidential

TCC

Appliance

(Backup)

Enterprise

dha00730-npgp01

Steel Belted

Confidential

TCC

Microsoft 2003

(Primary)

Enterprise server

BC335007

Steel Belted

Confidential

B840, R1000

Microsoft 2003

(Backup)

Enterprise server

ACS (Cisco Secure Access Control Server) is used in Aramco corporate network to provide AAA Service for the network devices and authorizes the user in a specified privilege depending on which group he is belongs to in the ACS.

Below are the Network devices models on ACS:

All Cisco Routers/Switches/FW

TACACS+ (Cisco IOS): Routers/Switches & Huawei Routers

RADIUS (juniper FW) Netscreen

RADIUS (Alcatel) 7670

RADIUS (Foundry) Switches

RADIUS (Marconi BXR) Routers

RADIUS (Marconi ) Switches

RADIUS (Cisco Aironet) Cisco Access Point (For Users Access)

Steel Belted Radius (SBR) is used in Aramco corporate network to provide AAA Service for more network devices and it authorizes the user in a specified privilege depending on which group he is belongs to on this server.

Below are the Network devices types/models on SBR:

All Alcatel Switches Models except 7670

Aruba Wireless Networks: Switches

BelAir Access Points

Cisco Aironet Access Point (For Admins Access)

Adding New Clients:

The below flowchart clarifies this process:

Receive a Notification from Network Admins. to Add Clients

Decide to which RADIUS\TACACS+ Servers Need to be added on

Add the New Client(s) in Appropriate Way

Notify them of Action Completion

Removing Decommissioned Clients:

Receive a Notification from Network Admins. for Decommissioned Clients

Decide in which RADIUS\TACACS+ Servers Need to be decommissioned from

Remove these Client(s) in Appropriate Way

Notify them of Action Completion

The below flowchart clarifies this process:

Granting Users Access & Privileges

The below flowchart clarifies this process:

Receive Approved CRM Request

Review the Request

Identifying which Level of Authority will be granted

Grant the User the Needed Access

CRM Update and Closure

Dealing with Expired Users Access

The below flowchart clarifies the current process:

User receives notification of accesss expiration one month ahead

Check if the user applied a new CRM

User receives notification of accesss expiration two weeks ahead

Revoke Access

Renew Access

Yes

No

Yes

No

7.2 Vulnerability Assessment:

Vulnerability Assessment Process Overview:

Communication protection group handles network devices vulnerability assessment and compliance. Network operation management and Expec Computer center network support are the divisions responsible for network devices operation and they are the primary customers of communication protection group.

1. Scope and Scan Frequency

Vulnerability assessment is performed against three different zones within Saudi Aramco network. Each zone has a different criticality level, hence frequencies are applied accordingly.

Zone

Frequency

Extranet & Internet

Every 2 months

Intranet

Quarterly

ECC

Quarterly

The Vulnerability Assessment process consists of five phases:

1. Information Gathering. 2. Scanning in Stages.

3. Identifying Vulnerabilities. 4. Reporting and Follow Up.

5. Verifying.

8. Technical part:

8.1 Communication Access Control Task:

I worked on several tasks that is related to communication access control task. First I learned the predefined privillages based on the department on each server (Steel belted radius or Access control server).

Granting Users Access to Cisco Secure - Access Control Server (ACS) Server

Based on the group the user belongs to, the user should be added to the corresponding group in the Active Directory. The corresponding group in the Active Directory will define the privileges the user will get on the ACS server. Table 2 below illustrates these privileges assigned for each group.

Groups/Platforms

TACACS+ (Cisco Routers)

RADIUS (Cisco IOS/PIX)

Ascend

Juniper (Routers)

Foundry

Alcatel 7670

NS (FW)

Data Network Management

Level 15 (Admin)

Level 15 (Admin)

Admin

Admin

Level 0 (Admin)

Level 2 (Admin)

Read Only

Engineering

Level 2 (Read Only)

Level 2 (Read Only)

Read Only

Read Only

-

Limited Access

-

Area Support

Level 2 (Read Only)

Level 2 (Read Only)

Read Only

Read Only

-

Limited Access

-

Security

Level 15 (Admin)

Level 15 (Admin)

Admin

Admin

Level 4

Level 2 (Admin)

-

Monitoring

Level 1 (Read Only)

-

Read Only

Read Only

-

Limited Access

-

CommOps

Level 2 (Read Only)

Level 2 (Read Only)

Read Only

Read Only

-

Limited Access

-

PMG

Level 4

Level 4

-

-

-

-

-

NPG Admin

Level 2 (Read Only)

Level 2 (Read Only)

Read Only

Read Only

-

-

Read/Write

NPG Access

-

-

-

-

-

-

Read Only

NOC Access

Level 15 (Admin)

Level 15 (Admin)

Admin

Admin

Level 4

Level 2 (Admin)

Read/Write

BXR Routers

-

-

-

Read Only

-

-

-

Table 2: Access Privileges Mapped to Groups in the Active Directory for the ACS server.

How to Add/Remove a User to the Corresponding group in the Active Directory:

In Active Directory Users & Computers, go to: Aramco.com / Corporate Accounts / Network Devices Administrative Groups as shown below.

Double click in the group which the user belong to. For example, adding/removing users belong to Area IT. Double click on Area Support Group

Click on the members tab

To Add Users Privileges

Click on Add to add new user.

Insert the users network ID, then click on Check Names

Two names will appear. Pick the one that does NOT have the home internet property in the description.

Click on OK

Now the user has been added to the Area Support Group and he will get the privilege that Area Support Group have in the ACS.

To Remove User Privileges

Just after I reach the Members Tab (see below):

Select the user to remove and then, click Remove.

Then click yes, to confirm removing user.

Granting Users Access Privileges to the Steel Belted Radius (SBR) Server:

Table 3 below is given just to give a general idea about assigning access authorization. The table is given for simplification purposes only, and should NOT be used as a guideline for assigning user privileges on SBR servers.

Organization/Platforms

Alcatel Switches (Except 7670)

Aruba WirelessDevices

BelAirAccess Points

NIMG

Admin

Admin

Admin

Engineering Staffs

Read-Only

Read-Only

Read-Only

Area IT

Admin

Read-Only

Read-Only

NSSG

Read-Only

Read-Only

Read-Only

Monitoring Staffs

Read-Only

Read-Only

Read-Only

CommOps Staffs

Admin

Read-Only

Read-Only

IPC/PMIMG

Read-Only

Read-Only

Read-Only

NPMG

Admin

Read-Only

Read-Only

NOC Analysts (Only)

Admin

Admin

Admin

Table 3 Access Privileges Authorization in the SBR server

To Add Users Privileges

Log on to the primary SBR server

Ensure that the user is added to his corresponding group in the Active Directory

Log on to the SBR application SBR Administrator (Funk Software)

From the GUI, Click on Users then click on Domain. After that click Add as shown below:

In the Name field, write \\ARAMCO\Network ID

Check Use Profile box for pre-defined privilege in the drop menu, as shown below.

From the pre-defined privileges available in the drop down menu, select the appropriate privileges:

Also, you can add more privilege through Return list tap, click Add then put the specified privilege from the scroll menu and below is an example of giving a read access to a user for Aruba devices:

To Remove User Privileges:

Go to the Domain list, and then select the user to be removed.

Click on delete.

For privileges limitation, click domain list as shown up, scroll for user, double click on his account and remove services upon CRM request.

8.2 Vulnerability Assessment:

1. Information Gathering:

In this phase IPCD/CPG will gather network devices IP addresses from NOMD and ECC organized into types, criticality, OS version, and model. The scope should cover a good sample of network devices, which could give an excellent representation of the network security posture in Saudi Aramco. This process could be automated if NOMD and ECC have a system that includes an updated list of all network devices IP addresses

The term network devices covers all IP based network equipment, such as VPN, firewalls, proxies, switches, routers, IPS, wireless controllers, FAT access points, etc

[HOW TO] Gather Required Network Devices Information?

You should contact NSSG supervisor, NIMG supervisor, NPMG supervisor and ECC supervisor to assign a representative to work with you.

2. Scanning in phases:

Before performing any scan, a non-service affecting change request has to be created and the following groups have to be notified beforehand:

Network Operation Center

*IPTPD/IPCD/Protection Monitoring & Incident Mgmt Group

ECC

[HOW TO] Create a Change Request

In order to perform scanning on any system, a change request has to be created. The change request must include and comply with the following:

All required document must be uploaded

Scanning should always be performed outside working hours

A task has to be created and assigned to NIMG rep or ECC rep.

Most importantly, the change has to be approved by TCC_NETWORKS, approval group in remedy.

Type in your user name and password then hit log-in:

Then hover over Change Management and click on New Change:

Then fill the request as follows:

Summary: Scanning network devices for vulnerabilities as part of IPCD quarterly functions

Notes: Scanning will be performed by some certain scanning Foundstone appliances:

Click on Risk Questions:

Answer as below:

Then click next and answer as below:

Then click save.

After that click on implementation plan then attach the IP addresses that need to be scanned:

Then add back out plan and test plan as below:

Back out:

Test plan:

Then fill the categorization as below:

Then select the data and time as below:

Finally, click save then next stage.

Note that a scan has been created for all scanning activities. The fact that the Type selected is Cisco doesnt mean that this change will only be used for Cisco.

Foundstone User Access Control:

To be able to carry out scanning activities, you need to be granted access to Foundstone. You may approach one of the Foundstone Admins within Communication Protection Group.

[HOW TO] Create a Scan Using Foundstone

In order to perform a scan, first of all you have to ensure that you have a static IP address that the Foundstone administrator will have to add to the Foundstone firewall in order for you to access reach the tool. If you dont have a Foundstone user name and password, ask the Foundstone admin to create one for you with limited access to your business needs.

The user has to hover over the Scans menu, and then pick New Scan.

B. After selecting New Scan, the user is presented with the following screen. This screen prompts the user. Pick Use Foundstones default settings option.

C. The following screen is then presented.

An IP address range or specific address can be set.

D. The next screen allows the user to pick the targeted vulnerabilities for the scan being created.

The user has to ensure that only non-intrusive scans are being performed.

E. Specific ports can be added to the scans default range provide by McAfee.

F. Under Advanced Options, more tasks can be performed like: Banner Grabbing and Service Fingerprinting.

G. The credentials for targeted devices have to be set in order to perform accurate vulnerability assessment. The following screenshot shows that panel.

H. Username, password, access method can be supplied after clicking New as shown in screenshot below. Shell Default and General are to be selected to log-in to any network device. Active Directory User name/password must be used to authenticate to all network devices with the condition that you already have been granted access to network devices. If not, you can apply for network devices access through CRM.

Below represent an example to log-in to a newly configured firewall with local user name password.

I. A report options can be specified for when the scan is done.

Various report options can be changed here.

J. A scan schedule can be set.

The Immediate option makes the scan run right after the new scan is saved in this case.

3. Identifying vulnerabilities:

Once the scan is complete, IPCD/CPG will filter out the results and verify the vulnerabilities found. The findings will be categorized into groups based on criticality.

Vulnerabilities are reported by severity. Therefore high impact vulnerabilities will be reported first and then medium and so on in future reports.

Viewing scan status is done by going to Foundstone dashboard and hover over Scan, then picking Scan Status.

After that, a screen similar to one below is shown:

The user has to click View Reports.

Finally, a list of all previous scan can be found from dropdown menu. Make sure to pick Scan Reports radio button to see the completed scan reports.

4. Reporting and follow up:

Reports will be generated and sent to NOMD and ECC management. A letter with high level summary report is sent to NOMD and ECC management and a technical report is shared with NOMD and ECC network administrators through Sharek. Some vulnerabilities might require immediate rectifying, while others could take more time to fix. The technical report should include the methodology that IPCD/CPG has followed, scope, objective, a list of vulnerabilities founds and fixing instructions. For report samples, please visit ShareK.

Reports are stored in ShareK and permissions to access these reports are given to only assign NOMD and ECC network administrator. Access to the technical reports in Sharek is reviewed quarterly to ensure only authorized personnel view the reports. Sharek is undergoing regular backup and restoration process by COD (computer operation deivision). COD can be approached through the department CSL.

5. Verifying:

In this phase, IPCD/CPG will rescan those vulnerable network devices to make sure that vulnerabilities were eliminated from the system as suggested in the report. The verifying phase will start immediately after the due date mentioned in the findings report. Any vulnerabilities exceeding the defined due date of repair, will be escalated in accordance to the approved OLA (refer to Sharek).

9. Evaluation of the internship experience:

The internship experience was what the company (ARAMCO) described and provided to me in the (IDP) Individual Development Plan. The IDP state that I will work in certain tasks such as: Safety orientation, network access management, network vulnerability management, network compliance assessment, network access detection and security posture management.

My Supervisor and Co-workers were helpful and friendly. The site supervisor provided to me the development plan, also assigned to me a project to work on, and scheduled to me some workshops to attend. Co-workers in communication protection group helped me with the tasks that each one of them responsible on.

The level of responsibility given was what I expected. My opportunity to participate in staff meeting and events was good. I get the experience about how the staff meeting conducted, and what should I prepare before the meeting.

I was provided with the equipment and training needed to perform my responsibilities. They provided to me HP Laptop and USB Docking Station. The task that I was responsible on such as: network access they give the privileges needed to handle these tasks.

My education at PMU prepared me for the internship. The courses in Network area helped me the most, such as: Network security, network theory and network management.

I will recommend Saudi Aramco to work in as an internship student especially Al-Midra Tower, because of the high technology they have and the various services and facilities they provides to their employees

10. Summary of findings and recommendations:

Findings:

Communication protection group is the most important group in the Information protection and planning department duo to the different tasks that they handle and the importance of them to ARAMCO.

Some major issues and attacks that occur to the company network require bringing different employees from different departments outside communication protection group.

There are many projects that information protection department work on yearly, and they accomplish a lot of success in many big projects that cost the company a lot of money but the benefit is high.

Employees in the department sometimes take an initiate with their own time to do some additional task with the permission of supervisor to scan and troubleshoot some devices.

In terms of organizing the task, they provided well-written manuals to guide any new comers to the department.

Recommendations:

Some tasks that the department handles need to be separated and divided to other departments own IT group. For example the vulnerability assessment perform a scan to two major areas in ARAMCO. Expec computer center should handle their own vulnerability assessment task.

Some employees should be aware of other tasks that they are not responsible for in the same department, in case if any employee leave the company or go to vacation, so that the function will not pause.

Creating a more competitive environment by presenting the most productive employees with additional benefits.

Most of the department employees were computer science major, and some tasks required a deep technical understanding in network security behaviors, so they most of the times bring someone from engineering side to assist them.

11. Conclusion:

It was a great and gainful experience to work as an intern in Saudi Aramco. I learned by practice the: discipline, time importance, communication skills, and to be an organizing and helpful team member. Also, in case I faced an issue how should I deal with it correctly and whom should I contact first. I have accomplished the assigned project about VoIP security tools that I researched and present to the department member with the some recommendations.

Working in Saudi Aramco Company will make you find:

A wide range of roles

They offer a wide variety of jobs in different fields, such as engineering, geology, information technology, medicine, nursing and many more.

A top-notch team

They value teamwork as well as contributions from individuals. Youll be working alongside a diverse group of professionals with different skills and experience, but all working toward the same goal.

Room to grow

A company is only as good as its people. Thats why they invest in you with world-class training and development at 24 centers across Saudi Arabia and over 3,000 online courses. Well encourage you to pursue knowledge and grow your expertise.

Saudi Aramco has the reputation of being a reliable supplier of energy to the world. That takes a lot of people more than 54,000 from 66 countries.

12. References:

Khalid T. Al-Thinyan

Head of Information protection and planning department

03-876-7240

[email protected]

Fahad S. Al-Sabeela

Communication protection group leader

Site supervisor

03-872-4545

[email protected]

Abdullah Al-Garieshah

Security Posture management

Site supervisor for 1 month

03-872-2070

[email protected]

Abdulrahman Al-Meniea

Security Posture management

03-872-1086

[email protected]

Yazeed Al-Thobayti

Network Access management

03-876-2859

[email protected]

Tariq Khushaim

Unauthorized network access detection

03-872-6817

[email protected]

Hussain Haddad

Network vulnerability management

03-872-6774

[email protected]

13. Appendices:

Weekly LOG [1]

Student Name: Abdullah Abdul-Aziz Mohammed AlNafisiID: 200700679

Internship Site: ARAMCO Information Protection and Technology Planning Department

Supervisors Name: Abdul-Rahman A. Al-Meniea

Week Beginning: 16/06/2012

Internship Advisor at College: Dr. Abul Bashar

Day and Date:Description of activity

Day 1

The First day at ARAMCO was orientation about the company. All the Coop students that will work at ARAMCO in the summer period gathered in the conference room. We signed the

Contracts: Work contract, Internet using policy, Driving policy and Salary contract.

Day 2

The Second day was completing to the orientation day. This final day of orientation wasfocused on Safety comes first topic. I attend two lectures about the safety in ARAMCO and how I should act in proper way in many situations. Finally, I received my COOP Program Details including my department and contact person.

Day 3

I met my site Supervisor at Information protection department. He gave me a clear explanation about the work process in the department, and he introduced me to department employees. We discussed my development plan, which will include: Network Access Management, unauthorized Devices Detection, Network Vulnerability Assessment and Network Compliance Assessment.

Day 4

I have been given an office and Internet access with an ARAMCO ID and Password. Then I

went to Bandar Al-Harbi office to understand SAP system that ARAMCO is using as management application tool. I learned how can I see the requied tasks that comes every day at this application, and how to distinguish between them. Also, I practice the SAP the whole day and got a good knowledge about it.

Day 5

My first task in my development work plan: Network Access Management started. I work with a specialist in the department for this task Yazid Al-Thubaity. He explained how the process done in Steel Belted Radius. Each member of any department can request to access to the company devices. I should first know the permissions allowed for this department whether (Read/Write or Write only). Then how it is done completely till I close the request successfully and what set of things that make me accept /reject a given request. Finally, he gave me a document Communication Access Control which contain all the details in 77 pages that I should completely read by the end of this week to be fully understand the task and ready to practice.

1. What new knowledge or skill did you learn on the internship this week? Describe

The Safety presentation that we attend in the first two days was helpful because it discussed the safety in many areas such as: driving, workplace, home and office. Also, after work in my department I have learned the different types of devices that ARAMCO operate, secure and managed. I start on my first task: Network access Management and will continue in the next week.

2. What have you learned in college that you applied on the internship?

The information that I learned in Network Security and Network Theory courses was really helpful and related to my department work. Especially the topics that talks about: signatures, Bandwidth management and the introduction to: switches, routers and firewall.

3. List any difficulties, mistakes, pleasant or unpleasant experiences that occurred this week. What did you do to correct your mistake (s)?

The only difficulty that I face during my first week was the daily working hours. It start at 7 AM and Finish around 4:30 PM in my department and how to manage it with my assigned reading document that I should completely read during the day. I start to sleep early and get benefit of the time that Im free on my working office to read partially the assigned document.

4. On what skill or question could you use help in performing your internship responsibilities better?

I think the intern should have good communication skills to help him in the work place to start ask and question some of things that may be not clear at the first. Also, to be completely open to different tasks whether easy or difficult challenging ones.

5. What interesting or challenging experience did you have with your fellow workers or site supervisor? Describe

I set with fellow worker Turkey Al-Mari that his responsibility is Network Compliance which is the last task that I will learn during my internship period. He starts to present about Hacking behavior whether True or False one that system can detect and how can he decide about that. It is very interesting topic that Im looking forward to experience.

Weekly LOG [2]

Student Name: Abdullah Abdul-Aziz Mohammed AlNafisiID: 200700679

Internship Site: ARAMCO Information Protection and Technology Planning Department

Supervisors Name: Abdul-Rahman A. Al-Meniea

Week Beginning: 23/06/2012

Internship Advisor at College: Dr. Abul Bashar

Day and Date:Description of activity

Day 1

Continue the first task of Network Access Management. I learned how network devices spread across Cisco Secure Access Control Server and Steel Belted Radius. TACACS+ and RADIUS Routers and switches belong to ACS. While Alcatel, Aruba, BelAir and Cisco Aironet belongs to SBR. How they organized, operate and managed by which admin.

Day 2

I have learned the process overview of adding/ removing clients. The first phase when The network access admin receive a notification from network admin to add clients. Then, he decides to which RADIUS/TACACS+ servers need to be add on. Third step, Add/remove the new clients in appropriate way. Finally, Notify them of action completion.

Day 3

I have learned the granting user Access & Privileges part. This process does it: First, I receive Approved CRM request then I review it. Then, Identify which level of Authority will be granted. Then, grant the user the needed access. Finally, CRM update closure. I receive the CRM request through Email from CRM System.

Day 4

I have learned the dealing with expired users access part. First, The user receives notification of accesss expiration one. Then, Check if the user applied a new CRM. If Yes then I renew the access. If no, user receives notification of accesss expiration two Weeks ahead to whether apply new request or revoke access.

Day 5

The final part of Network Access management is how to deal with Clients Authentication

Issue. Its done by this process: Network admins contact communication protection group for clients authentication issue. Then, must investigate on the case, and then decide and answer this important question: Is this issue is related to ACS or SBR systems? Or is it a major issue and affecting many users. If Yes, then the NPMG (Netowrk protection Management group) must involve. If No, resolve the issue or provide the appropriate recommendation to them. Then, close the case. At the end of Wednesday working day I get an introduction to the next task which is Vulnerability Management process and procedures with Khushaim, Tariq M. the in charge person in the department.

1. What new knowledge or skill did you learn on the internship this week? Describe

I have learned how to deal with both Access control server (ACS) and steel belted RADIAS (SBR) and The different network devices that belong to them. Also, how to Add/Remove clients, and how to Add/Remove/modify user privileges to network devices. Finally, how to deal with clients authentication issue. I used critical thinking and problem solving skills practically in this week with a lot of network guidelines documents reading.

2. What have you learned in college that you applied on the internship?

Network management course helped me a lot in these topics: network authentication includes wireless authentication, physical convergence and logical networking. The physical convergence of media/protocol and logical network issues. Also, Topics include architectural considerations, security, and policy issues, and IPv6 and addressing dimensions.

3. List any difficulties, mistakes, pleasant or unpleasant experiences that occurred this week. What did you do to correct your mistake (s)?

When it gets to give privileges to the users: the company gives each employee 2 network ID. One ID that can access all services in ARAMCO inside building only, and the other user can access limited services from home. So, you have to give privileges to the network ID that dont have Home access property. I have learned it through practice and I must consider this important thing always.

4. On what skill or question could you use help in performing your internship responsibilities better?

I think to have and improve those skills: Flexibility/Adaptability/Managing Multiple Priorities will help in performing my internship responsibilities better. Also, has to organize my self with the time to manage different important things: reading, complete assigned tasks correctly and ask about the things thats not clear.

5. What interesting or challenging experience did you have with your fellow workers or site supervisor? Describe

The challenging experience was to know the privileges of requested users from his department without referring to the privileges table to see what are the privileges allowed to that department that specified by network management policy to speed up the process. Surely it will come by practice more on the system but sure the important thing is to give the appropriate privileges regardless of time.

Weekly LOG [3]

Student Name: Abdullah Abdul-Aziz Mohammed AlNafisiID: 200700679

Internship Site: ARAMCO Information Protection and Technology Planning Department

Supervisors Name: Abdullah Al-Gresha

Week Beginning: 30/06/2012

Internship Advisor at College: Dr. Abul Bashar

Day and Date:Description of activity

Day 1

This week started the second task Vulnerability Assessment and Patch Management With the responsible person Tariq Khushaim. Vulnerability assessment is performed against three different zones within Saudi Aramco network. Extranet & Internet which is done every 2 months. Internet and ECC which is done Quarterly.

Day 2

I leaned that the Vulnerability Assessment process consists of five phases: Information Gathering, Scanning in stages, Identifying Vulnerabilities, Reporting and Follow up and Verifying. I start with Information gathering, which is done by gathering network devices IP addresses and it is organized into types, critically, OS version, and model. The scope Should cover a good sample of network devices which could give an excellent representation of the network security posture in Saudi Aramco.

Day 3

The Scanning should be done in phases. I leaned that before performing any scan, a non-service affecting change request has to be created and the management groups have to be notified beforehand. The groups that need to be notified are: Network operation center, protection monitoring & Incident management group. Scanning done by: BMC Remedy Action Request system.

Day 4

Once the scan is complete, Information Protection Center Division will filter out the result And verify the vulnerabilities found. The findings will be categorized into groups based on critically. Viewing scan status is done by going to McAfee Foundstone Enterprise.

Day 5

I learned the forth phase which is Reporting and Follow up. Reports will be generated After the scan, and it will be sent to Network operation management and ECC Expec Computer center. Some vulnerability might require immediate rectifying. While others Could take more times to fix. The technical report should include the methodology, scope,Objective, a list of vulnerabilities founds and fixing instructions. Will continue the last phase Verifying next week.

1. What new knowledge or skill did you learn on the internship this week? Describe

I have learned about The Vulnerability management operational what are the process and what are the procedures. How its done in ARAMCO and what to consider including each phase of the process.

2. What have you learned in college that you applied on the internship?

Statistical method course was very helpful course to me. It helped me with information gathering process because most of it done in Excel. How to organize the numbers and represent the data correctly to management groups.

3. List any difficulties, mistakes, pleasant or unpleasant experiences that occurred this week. What did you do to correct your mistake (s)?

There is certain network area that should be excluding before you start to scan. My mentor guide me through out the process to make sure that I didnt scan something not required.

4. On what skill or question could you use help in performing your internship responsibilities better?

I think by practice this task many times; I could define which area of ARAMCO network that is from our department responsibility always has issues and vulnerabilities in their network and start to critically think how to reduce that issue that happen very often.

5. What interesting or challenging experience did you have with your fellow workers or site supervisor? Describe

Some employee in ARAMCO that cause the vulnerabilities within their network in some department will deny that they cause the issue to the network, and after long process investigation the result will be weather that they have done the issue or some worker after the work hours they cause the issues to the network.

Weekly LOG [4]

Week Beginning: 7/7/2012

Internship Advisor at College: Dr. Abul Bashar

Day and Date:Description of activity

Day 1 and 2

I attended a workshop about (UIP) Understanding and improving processes for two days as scheduled before from my supervisor on July 7 and 8. This course is basedon the DMAIC Define, measure, analyze, improve and control) improvement methodology of Lean Six Sigma.The focus is on toolsand techniques that can be used to drive process improvement quickly (


Recommended