Project:

Developed Loan Origination System Security Architecture

Client:

Fremont Investment & Loan

Benefit:

• Organization was developing implementation plan for new Loan Origination System for 800+ users around the US and was anticipating very fast growth to 1500+ users

• The application level security for this three-tier system was designed and implemented by the LOS vendor but no security plan had been made for the system's infrastructure / operating levels
• My objectives:
  • Create a compartmentalized environment - multiple systems have to be compromised before intruders can access  customer information
  • Enforce code migration and configuration processes and rules - prevent access to presentation, application, and database servers by developers and application administrators
  • Provide a secure administrative channel - so infrastructure engineers and DBAs to manage their servers without access to the data center
  • Provide a secure out-of-band management network -  system backups, code migration, and patch management system use
•  I developed a security architecture that combined both physical and logical security elements to provide the appropriate protection level yet enforcing the desired constraints
• The infrastructure architecture heavily embraced multi-homed devices for both fault-tolerance and enforced paths for management functions implementing portions of the common criteria
• My architecture was embraced by the enterprise as their standard security / network design for all systems and was the basis for reconfiguring all systems in their datacenter