Skip to content

Latest commit

 

History

History
143 lines (93 loc) · 2.71 KB

File metadata and controls

143 lines (93 loc) · 2.71 KB

02 - Environment Architecture

System Overview

The simulated environment represents a web-based Factory Monitoring System that allows authenticated users to monitor operational status across multiple industrial locations.

The system exposes REST-based API endpoints for retrieving:

  • Factory status
  • Machine-level operational data
  • Dashboard resources

High-Level Architecture

The environment consists of the following logical components:

  1. Client Layer
  2. Web Application Server
  3. API Layer
  4. Authentication Module
  5. Logging & Monitoring System

Component Breakdown

1. Client Layer

  • Web browser interface
  • Login page
  • Dashboard interface
  • CSS/JavaScript static resources

Users authenticate through a web login form before accessing protected resources.


2. Web Application Server

Handles:

  • User authentication
  • Session management
  • Authorization validation
  • Routing to API endpoints

Authenticated users receive an authorizedUserId token used for access validation.


3. API Layer

Primary API endpoints observed:

  • /api/factory/status
  • /api/factory/machine/status

Query parameters include:

  • factory
  • machine

The API supports wildcard queries (*), which allow broad data retrieval.


4. Authentication Flow

  1. User attempts to access /
  2. System returns 401 (Unauthorized)
  3. User accesses /login
  4. User submits credentials (POST /login)
  5. System issues authorized session
  6. User gains access to dashboard and API endpoints

5. Logging System

The logging mechanism captures:

  • Timestamp
  • Source IP address
  • HTTP method
  • Request path
  • HTTP response status
  • Authorized user ID (when authenticated)

These logs serve as the primary data source for security monitoring and investigation.


Data Flow Summary

  1. User → Login Page
  2. Credentials validated
  3. Session established
  4. API queries initiated
  5. Logs generated
  6. SOC monitors activity

Identified Security Observations

  • Wildcard queries are permitted
  • No visible rate limiting
  • No query scope restrictions
  • Cross-factory access allowed after authentication

These architectural design choices introduce potential abuse vectors.


Security Weak Points Identified

  • Overly permissive API query structure
  • Broad access after authentication
  • Lack of anomaly detection controls
  • No visible query throttling

Architecture Risk Summary

While authentication is enforced, the system allows excessive visibility into factory and machine data without strict scope validation.

This creates an environment vulnerable to:

  • Insider reconnaissance
  • Data harvesting
  • Infrastructure mapping
  • Privilege misuse

Prepared By: Security Operations Team (SOC Simulation)