StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Enterprise Networking and Security - Report Example

Cite this document
Summary
This report "Design for Computer Network Security" discusses network vulnerabilities that are constantly at a rise, the current network security vulnerabilities are evaluated in three categories i.e. logical security, internal security, and external security…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.4% of users find it useful
Enterprise Networking and Security
Read Text Preview

Extract of sample "Enterprise Networking and Security"

? As network vulnerabilities are constantly at a rise, the current network security vulnerabilities are evaluated in three categories i.e. logical security, internal security and external security. The logical security domain will cover technical controls such as deployment of IDS, Virtual LAN, monitoring violation logs, auditing on domain environment, ISA server and VPN security as well. Secondly, internal and physical security will discuss human threats, physical access to server rooms and servers, sensors and sprinklers etc. Moreover, protecting accidently shutting down system will also be discussed. After evaluating vulnerabilities associated with these three domains, controls will be proposed and justified accordingly. 1 Introduction It has been concluded by some experts that the year 2012 is considered to be the worst year in terms of computer network security breaches (Schirick 2012). Likewise, the year that has not even passed the half year mark, some of the foremost companies were sufferers of network security breaches resulting in massive losses (Schirick 2012). However, the news buzz only highlights Sony and Citibank to be victims of network security breaches, as these companies are popular among the public. The other sides of the picture highlights organizations of all sizes are affected by the consequences of network security breaches. Likewise, it can be concluded that network security risks are continuously evolving, modifying and growing at a rapid pace. Organizations normally install a firewall and even intrusion detection systems that triggers alerts of any suspicious activity, as these two components only covers the technical domain and not the human and physical domain. The current network scenario is utilizing a Virtual Private Connection that is connecting one or more sites. However, the VPN connection is also entitled to allow internet traffic on the same dedicated line from the Internet Service Provider. Moreover, the current network only utilizes a single firewall that is located at the main campus of the university. It concludes that the rest of the two remote sites are only protected via a simple Network address translation function that is incorporated in a DSL modem. Moreover, there are no advanced security appliances such as Intrusion detection systems for analyzing and monitoring any suspicious activity that may possibly become a threat to the University’s computer network. Moreover, there is no patch management for updating security patches in the workstations connected to the network. There are no indications of hardening servers for instance, email server, application server, centralized server and database server must be hardened and needs physical protection as well. 2 Security Vulnerabilities The current network security vulnerabilities will be accessed in three categories i.e. logical security, internal security and external security. As far as logical security is concerned, we can see that the fig 1.1 demonstrates a firewall, Microsoft Internet Security and Acceleration (ISA) server and a domain controller with Microsoft Active Directory. The three categories for network vulnerabilities are categorized as below: 2.1 Logical Vulnerabilities The current logical controls for protecting information assets within the network are active Microsoft Active directory, ISA server and a Firewall. The Microsoft active directory is not primarily a security control, as it does not mitigate any risks associated with viruses, worms, Trojans, phishing, spam, denial of service attacks etc. however, it provides a secure administration of user profiles and File sharing features. File sharing threats are spreading on a rapid pace, as every now and then, new file sharing technologies are getting being developed and in demand. Controls will not only provide value from all network based services, but will also augment productivity for the organization in terms of revenue, customer loyalty and competitive advantage. Workgroup based environment is not centralized. For instance, users can only login, if they have account created on that specific computer. As far as security is concerned, there are no passwords, resulting in anyone to log on the network. Moreover, workgroup only recognize twenty to twenty five computers that are on the same subnet. For instance, we have application servers that are on the different subnet, users will not be able to access applications, as they are configured on a different subnet. On the other hand, Domain based environment provides centralized administration and access for users. All staff has to enter user credentials, in order to identify themselves on the network before doing any work. Moreover, computers with different subnet are supported and thousands of computers can be connected on the domain based environment. For instance, if a computer stops responding, employees or users can log on from some other computer and no work is halted. Therefore, Domain based network environments are more effective and are compatible to the current network scenario. Moreover, if security auditing features are enabled, user activity and system logs are saved and monitored. Likewise, the lightweight directory access protocol ensures encryption all the way from the domain controller to the workstations via Kerberos. However, network or system security specialist will not be able to monitor, analyze or examine threats from a domain environment. Active directory prevents unauthorized access because users have to provide login credentials for accessing personal file settings, data and customized permitted objects in the operating system. Secondly, the ISA server that can be considered as a firewall and a proxy server as well due to support of cache management functions. As per the current scenario, the suspicious packets are handled by the firewall, as it is separately installed. The ISA server is only implemented to enable access management to different services associated with Internet, file sharing etc. ISA server will only prevent unauthorized access to different network services, for example, Internet access. We have covered two logical controls in the current network scenario up till now. The third security control that we have identified is a hardware based firewall. The firewall operates on chain of rules that are defined by the security specialist, consultant or a vendor. The configuration is carried out for restricting or dropping unwanted packets and suspicious packets. However, legitimate packets are allowed for entering tin the network. The firewall only operates on rules and if any suspicious packet hides itself within other packet may enter in the network. Logical vulnerabilities in this current scenario include no additional security controls on firewall, critical servers, and network devices. If any suspicious packet bypasses the firewall, there are no mechanisms to track and monitor the probe of a hacker trying to breach into the core systems. Moreover, building B and building C have not a single security control. This concludes that only Network address translation (NAT) is the only logical security control, whose main purpose is to hide private IP addresses of the local area network and relay the traffic via a global IP address. Suppose, if a threat bypasses a firewall that is located at the main site, there is a high probability and risk that the data residing at the two buildings i.e. building B and building D will also be compromised. Moreover, if any employee or personnel plugs in the suspicious USB drive in one of the system, there is no mechanism or tools to monitor internal network threats, as it has been proved that internal threats are relatively more probable than external threats. Furthermore, there are no tools for demonstrating events and alerts associated with violation logs. In addition, there are no logical controls linked with the database, as SQL injection techniques have proven to exploit data from the database. Furthermore, for logical vulnerability there is an absence of Virtual local area networks. VLAN’s provide adequate security, “Virtual LAN (VLAN) refers to a logical network in which a group of devices on one or more LANs that are con?gured so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical, instead of physical, connections, they are very ?exible for user/host management, bandwidth allocation and resource optimization” (Virtual LAN. 2007). VLAN’s separates traffic for each department an also prevent denial of service attacks and unwanted traffic broadcast that may result in network congestion and degradation of network services. 2.2 Internal and Physical Security The internal security is associated with adequate protection from internal threats i.e. humans. It has been evaluated that organizations emphasize only on physical and logical security and often skips adequate protection of internal human controls from threats such as unauthorized access, theft, espionage etc. In the current scenario, there are no security controls addressing human security. Likewise, there are no mounted racks for locking up servers, network components and Ethernet wires. As Ethernet wires can be tapped, an appropriate way is to install patch panels for CAT 5 cables. Moreover, theft of any critical hardware or software component is easy, as there are no biometric systems available in the premises. Biometric identification systems are considered to be the best physical security control till date. Moreover, there are no surveillance cameras installed on critical locations, as they prevent physical theft of systems as well as identify disasters. For instance, if fire occurs due to any short circuit in one of the critical information assets, it can be controlled in an early stage. However, sensors, water sprinklers and fire extinguishers are considered to be ideal controls in this scenario. 3 Suggested Solutions 3.1 Intrusion detection system Security in terms of computer networks has marked its significance. Senior management address security issues to an optimal level and enforces strict security procedures in order to protect strategic and financial assets. Likewise, new and improved sensing technologies are now mandatory for Scilly University for maintaining the security of network. Consequently, an intrusion detection system is required for continuously monitor threats and vulnerabilities within the Scilly University network. IDS/IPS derived from the traditional security appliances and is defined as “Intrusion detection system (IDS) is a type of security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions and misuse” (Intrusion Detection System. 2007). Figure 1.2, demonstrates the physical location of the IDS (indicated in Red) in Scilly University. IDS are currently available in different types ranging from different methods and techniques. However, security requirements of organizations must align with the IDS type and methodology. Likewise, some of the types incorporates network based IDS known as the Network Intrusion detection system (NIDS), Host Intrusion detection system (HIDS), Next generation IDS and many more. However, two of the popular methods associated with IDS are signature based IDS and anomaly based IDS. As per the current scenario, IT administrators have analyzed that an intruder from the internal and external premises of the organization is trying to bypass a corporate access point. Before demonstrating steps for capturing and eliminating the attack, we will compare the two types of IDS/IPS i.e. Signature based IDS and Anomaly based IDS. After discussing these two basic types of IDS, we will be able to select an appropriate type of IDS for this specific scenario. The methodology of the Signature based IDS works on predefined signatures that are installed within the IDS. Likewise, whenever a similar pattern of unknown activity is detected within the network, it is reported as threat or suspicious activity. However, if there are patterns apart from the predefined signatures, they can be undetected and may harm the network. As a result, new threats are not detected and identified by Signature based IDS. Besides, anomaly based IDS monitor and detect any unknown or suspicious activity within the network, as it does not comply to pre-defined signatures. These two IDS types comply with different types of methods, process, and various profiles. The signature based IDS analyze and identify specific patterns of attacks that are recognized by raw data that is in terms of byte sequences called strings, port number, protocol types etc. Likewise, apart from the normal operational pattern, signature based IDS detects any activity that is unusual from previously defined patterns. Moreover, the patterns are monitored with strict control algorithms. The signatures are stored in a signature repository. The prime object of a ‘signature based IDS’ is to search signatures in order to detect a threat or vulnerability that is similar to antivirus software that also detects viruses. The functionality of IDS is to detect attacks that are initiated directly towards the network. Moreover, IDS tries to identify as many events as possible and therefore generate logs. The location if IDS is behind the firewall so that it may analyze packets that are passed via a firewall. The detection engine of IDS compares predetermined rules in order to deny or accept packets. The rules are categorized in two domains i.e. Chain headers and Chain options. The structure of a signature contains the following attributes: Identification number, Message and Rule. However, in the current scenario, a threat is detected that is trying to gain access to the confidential data of the organization. Probably, signature based IDS has detected this particular threat. Anomaly based intrusion detection system is based on data driven methodology that complies with data mining techniques. The functionality of an anomaly based IDS involves in the creation of profiles associated with normal behavior and activities within the network. If any unknown activities initializes that is not similar to the normal profiles, is considered as anomalies or attacks. Moreover, the normal routines of normal profiles are also monitored, if they also exceeds from their given boundaries, they are also considered as anomalies also called as false positives. An efficient anomaly based IDS may extract results containing high detection success rate along with low false positive rate. Moreover, these systems are categorized in to various sub categories including data mining, statistical methodologies, artificial neural networks, immune systems and genetic algorithms. Among all of these, statistical methods are more commonly used for detecting intrusions by finding out any anomaly that has initiated within the network (Aydin, Zaim et al. 2009). By combining these two types of IDS, network administrators eliminate or fill vulnerabilities within the network. Anomaly based intrusion detection system will be recommended for Scilly university computer network, as the signature based IDS only works on the given signatures and will not sense any unusual activity if it is not defined in the signature. Anomaly based IDS will detect every threat that is referred as anomaly within the network. 3.2 RADIUS Server As per network dictionary, “Remote Authentication Dial In User Service (RADIUS) is a protocol for carrying authentication, authorization and con?guration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server. RADIUS uses UDP as the transport protocol. RADIUS also carries accounting information between a Network Access Server and a shared Accounting Server. Likewise, the users located at building B and C will establish connectivity with the VPN and RADIUS server for authentication and authentication. Figure 1.1, demonstrates the functionality of a RADIUS server. Data related to security will be distributed on the network and may include several devices that may interact with the security data. RADIUS server will cater all the security data within the network and stores it on one location or workstation or on a storage device. In this way, risks and vulnerabilities associated with the security data will be mitigated. Moreover, the host that will store the security data will be considered as the RADIUS server. Moreover, RADIUS can also be integrated with Microsoft operating system environment, as Scilly University is already operating on Microsoft operating systems they will support RADIUS functionality. Furthermore, Information related to security is stored on text files at a central location i.e. the RADIUS server. If there is a requirement of adding new students or staff for Scilly University, network administrator will only update the text file for updating new user information to the database. In addition, RADIUS server also facilities auditors by providing a comprehensive audit trails that may support RADIUS accounting features. Moreover, log files can be analyzed for security aspects or can be utilized for billing purposes. As building B and C are vulnerable to any type of attacks via VPN + Internet connection, one firewall each will be behind the router on building B and C. Consequently, firewall will add a layer of security on these remote sites. 3.3 Physical Security A bio metric identification system is required prior to entrance in the Scilly University server room. Moreover, surveillance cameras must be installed for monitoring the server room. Furthermore, for addressing fire or electricity incidents, temperature sensors and water sprinklers must be installed near critical systems and applications. The bio metric system will restrict unauthorized personnel for entering in the server room and consequently, the risk of physical theft associated with computing devices or equipment will be minimized. In addition, a proper review of access logs for bio metric systems is also necessary, as it will identify how many times a particular employee is entering or exiting from the server room or any other department. Guards will provide adequate security for the building of Scilly University and will only allow relevant people enter in to the building. One more aspect that needs to be discussed is the power button of critical applications that are operational every second. For instance, personnel or support staff from the third party started working on the server and accidently his hand presses the power button will result in halting of educational operations. For this reason, protective covers must be deployed on power buttons of each server. If the server needs to be restarted, there is an approval process that will be accepted or rejected by the relevant system or application owner. After granting approval, server can be re booted. 4 Conclusion We have identified vulnerabilities in logical, physical and internal security of the network. The logical security solutions include the acquisition of RADIUS server that will utilize VPN and provide added security features. Moreover, to add an extra layer of security and defense, we have considered IDS/IPS. Likewise, we have also discussed types of IDS and recommended the best one. Moreover, for addressing physical and internal security, Bio metric systems are recommended along with surveillance cameras monitoring server rooms. Furthermore, a deployment of firewall each is recommended for computer networks available in building B and building C respectively. As the network of the university expands, Cisco adaptive appliance will be more effective as compare to this normal firewall. Moreover, next generation network compatible IDS that include social networking threat detection mechanisms might also be considered. Bibliography AYDIN, M.A., ZAIM, A.H. and CEYLAN, K.G., 2009. A hybrid intrusion detection system design for computer network security Computers & Electrical Engineering, 35(3), pp. 517 526. Intrusion Detection System. 2007. Network Dictionary, , pp. 258-258. Remote Authentication Dial In User Service Security. 2007. Network Dictionary, , pp. 409-409. SCHIRICK, E.A., 2012. Computer Network Security — Evolving Risks. Camping Magazine, 85(2), pp. 16. Virtual LAN. 2007. Network Dictionary, , pp. 515-515. Bibliography AYDIN, M.A., ZAIM, A.H. and CEYLAN, K.G., 2009. A hybrid intrusion detection system design for computer network security Computers & Electrical Engineering, 35(3), pp. 517 526. Intrusion Detection System. 2007. Network Dictionary, , pp. 258-258. Remote Authentication Dial In User Service Security. 2007. Network Dictionary, , pp. 409-409. SCHIRICK, E.A., 2012. Computer Network Security — Evolving Risks. Camping Magazine, 85(2), pp. 16. Virtual LAN. 2007. Network Dictionary, , pp. 515-515. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Enterprise Networking and Security Assignment Example | Topics and Well Written Essays - 3000 words”, n.d.)
Retrieved from https://studentshare.org/information-technology/1398267-enterprise-networking-and-security
(Enterprise Networking and Security Assignment Example | Topics and Well Written Essays - 3000 Words)
https://studentshare.org/information-technology/1398267-enterprise-networking-and-security.
“Enterprise Networking and Security Assignment Example | Topics and Well Written Essays - 3000 Words”, n.d. https://studentshare.org/information-technology/1398267-enterprise-networking-and-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Enterprise Networking and Security

Advanced Networking

he organisation is looking for evaluation and strategies to improve grey in the fields of Fault management, Configuration Management, Network management, security Management and Account Management.... This paper attempts to provide a strategic solution in all the areas of Fault management, Configuration Management, Network management, security Management and Account Management.... iagram 1: Schematic of the Active Fault Management SystemFollowing techniques are used to repair the faults identified in the network of the IT System -Remove / neutralize fault, using redundancyRetry without intervention (time redundancy)Reconstruct data/state (data redundancy)Work-around (configuration redundancy)Substitution (code redundancy)Tolerate fault: reduce service qualityReduce speed, reduce precisionUse default, omit faulty partsSupportive functionality:Checkpointing - Dynamic ReconfigurationOrganization of Fault Management at XYZ enterpriseXYZ enterprise would be using all the techniques mentioned in the previous section to efficiently handle the Faults at the enterprise's complex system....
9 Pages (2250 words) Coursework

Networking and Security: Firewalls

hellip; Because traffic is limited software firewall can perform well with a computer of good specifications; however in a medium size organization or an enterprise these dimensions are quite networking and security: Firewalls Security is the core issue of all present and future networks.... Firewalls play a vital role in achieving a high scale security.... Firewalls play a vital role in achieving a high scale security.... More often than not a software firewall can manage the major security issues of a home user....
1 Pages (250 words) Essay

Research a current wireless networking trend

Wireless technology tends to improve the short comings of wired networks such as security, coverage and installation costs.... The paper analyses Wi-Fi CERTIFIED as the latest in wireless networking technology suitable for small size enterprise presenting its advantages and weaknesses as well as its contribution to the wireless security.... (Gast, 2005)Furthermore, there is an improved throughput (real world performance for application level data transmission) with the adoption of Wi-Fi CERTIFIED, which reduces overhead and improve transmission efficiency, by enterprises in addition to range, security and reliability....
2 Pages (500 words) Research Paper

The Role of Social Networking Websites for Business Enterprise

Social networking websites are susceptible to security attacks such as hacking and viruses.... The paper "The Role of Social networking Websites for Business Enterprise" discusses that social networking websites are very powerful tools that can be useful as well as harmful to an individual and business enterprise.... hellip; The usage of social networking websites should be done cautiously and judiciously.... The first type of social networking was Electronic mail (Email) which was invented in the year 1975....
6 Pages (1500 words) Coursework

The Language and Use of Acceptable Usage Policy

The paper "The Language and Use of Acceptable Usage Policy " describes that despite having positive usage purposes, it has been observed that detection of abuse has remained a daunting task for investigators as the Internet has no international boundary separating one country from another.... hellip; Detection and prevention of hacking and other cybercrimes can be controlled through the effective use and implementation of AUPs....
7 Pages (1750 words) Essay

Social Networking and Enterprise

From the paper "Social networking and Enterprise" it is clear that with the help of enterprise networks, customers are able to bring forward their concerns about retailed products.... nbsp;… Although there are some negative attributes of social networks, proper selection of the most suitable social networks reduces the negative impacts associated with social networking in the world of business.... In the future, more and more business organizations are likely to turn into social networking in attempts to market their business enterprises....
8 Pages (2000 words) Research Paper

Secure Wireless Networking

1 as effective principles that ensure to conserve the reliability and compatibility of the products used within a particular WLAN infrastructure that ensures wireless security for each computing device connected with the developed WLAN.... the report also emphasizes developing a strong shield that can protect users from external threats such as hacking and build strong security protocols for the wireless network.... In order to increase the security efficiency of wireless connectivity, the report would also provide an effective Bluetooth standard for Personal Area Networks (PAN) and on the IEEE 802....
7 Pages (1750 words) Term Paper

Information Security in Global Communication Enterprises

The paper "Information security in Global Communication Enterprises" presents contextual research findings on the threats and risks that can affect the Smartphone of GCE's CEO.... High concerns over security, however, are linked to the recent research findings that show that GSM phones (Smartphones) are vulnerable to hacking and malware attacks, among other insecurity factors.... It is the mandate of the Information security Manager of the enterprise to research the issue and report to the CEO for the implementation of security measures....
12 Pages (3000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us