The hypothetical Akwaaba organization, a Caribbean-inspired steakhouse chain, has solicited a security consultation for their server infrastructure located in New York City, Atlanta, and Los Angeles. The organization has two locations that are capable of seating 50 people each. The restaurant chain employs up to 18 employees per working day, per restaurant. In total, including management, an HR department, and a web development team, the organization employs 60 individuals across all restaurants. 

This project aims to provide a rigorous hardening of the Akwaaba tech stack and website to prevent intrusions and breaches of customer and business data.

The team will be responsible for analyzing a Virtual Machine housing the Red Hat Linux operating system that provides the basis for the client website which implements PHP for scripting, MariaDB for database needs and functions through an Apache web server to facilitate access for prospective customers.

The project team will also engage in ethical Red and Blue team penetration testing to analyze the effectiveness of their security contingencies along with their adversary’s security implementations. The team will be expected to leverage industry best-practices within the last three years and produce a research paper along with video presentations to present project deliverables.

Milestone 1 - Expectations entail a comprehensive and thorough examination of the client’s business website to include a detailed risk assessment, server infrastructure analysis, assessing and discovering critical digital assets to protect, probability analysis of major attacks on each asset, and a potential damage analysis of a breach or intrusion. 

These Milestone 1 deliverables, and the deliverables that follow, will be measured against industry best practices that rely on guidelines and policies defined by industry leading organizations such as the NIST and SANS.

Milestone 2 - This milestone expects the project team to research and apply understood industry best practices to produce general security and access policies for the Akwaaba organization and subsequent function and operation for the server infrastructure stack. The assessments and analyses discovered from Milestone 1 will be integrated in implementing the risk mitigation plan against the organization’s server infrastructure to prevent breaches or intrusions. The deliverable also expects the Akwaaba website and its underlying infrastructure to be secure against all known vulnerabilities.

The team will then be expected to prepare for the Red and Blue team phases and any additional monitoring will need to be installed and configured for the subsequent defense and offense phases.

Milestone 3 - Finally, this milestone expects the project team to finalize the Red and Blue team phase and collate a report on any breaches they suffered from the Red team, and to report on any vulnerabilities they incurred against their adversary while conducting its own Red team actions. Vulnerability analysis of the Akwaaba infrastructure will take place to identify if Blue team efforts failed and will be reported for later inclusion in the project team’s research paper.

Additional Deliverables - The project requires that the project team produce a video presentation from all group members that outlines and details all aspects of the project. This will include all milestones and phases of the project. All research findings, risk mitigation plans and assessments, policies, and Red and Blue team data and processes will be explained for the sponsor and subsequent judges for C-Day and in-person presentations.

The project team will also be expected to produce a project website that details what will be covered in the video presentation for an intuitive and readily accessible delineation of the project, project scope, and its goals.