Design and development of vulnerability management portal for DMZ admins powered by DBPowder

High Energy Accelerator Research Organization (KEK), Japan

^* e-mail: tadashi.murakami@kek.jp

Published online: 17 September 2019

Abstract

It is difficult to promote cyber security measures in research institutes, especially in DMZ networks that allow connections from outside network. This difficulty mainly arises from two types of variety. One is the various requirements of servers operated by each research group. The other is the divergent skill level among server administrators. Unified manners rarely fit managing those servers. One of the solutions to overcome the above mentioned difficulties is vulnerability management. To overcome these challenges, There are two possible approaches. One of the options is to offer a simple and powerful vulnerability management service to the administrators of the DMZ hosts (DMZ admins). The other is to facilitate flexibility and efficiency in the development process of the service. To achieve these requirements, we designed and developed a vulnerability management portal site for DMZ admins, named DMZ User’s Portal. This paper describes the design of DMZ User’s Portal and the development process using a development framework, named DBPowder. Using the DMZ User’s Portal, each DMZ admin can perform a vulnerability scan on his/her own servers with ease. In other words, this delegates security vulnerability discovery and responsibility to individual DMZ admins that improve security awareness for them. Then, each DMZ admin can grasp and manage the security by himself/herself. The 13-year result from vulnerability scans show that the status of security in the KEK-DMZ has been kept in good conditions. Also, we are developing DBPowder object-relational mapping (ORM) framework to improve the flexibility and efficiency in the development process of DMZ User’s Portal.