Network Security Plan - Case Study Example

? Network Security Plan 22 November Lecturers The network infrastructure in every is used to send particularly vital information. The infrastructure is vulnerable to threats like eavesdropping, tapping of network cable and impersonation. These threats can lead to organizations losing their credibility on maintaining security of their clients’ data. Security plans are to help companies identify threats in their network infrastructure. The plan states some of the precautionary measures proposed to provide corrective measures to the network when an infiltration like eaves dropping occurs. The physical security will involve securing network cables and servers from intruders. The intruders might originate from within the organization or from outside. Response teams in case of any intrusion will include people like the network security companies or the information technology department within an organization. The response plan to network failure may include having some redundant network cables laid down within the building. The wireless network will provide response plan by having multiple access points covering the same area. The security plan will try to identify what network infrastructure is easily accessible by intruders to the network. Different forms of validation will be proposed to prevent unauthorized person from accessing the network. The network will be evaluated by inviting white hat hackers to try and hack into the network. The hackers will provide a list detailing weaknesses in the network together with some improvement proposals. The incidence response will provide situations where third party organization provides the infrastructure to run the organization in times of crisis. Some of the infrastructure providers are the telephone company providing their line for network connection while the fiber optic cable is down. Incident Response 4 Support 5 Vulnerability assessment 6 Code injection leak test 6 Substation leak test 7 Network scanning 7 Manual testing on passwords 8 Carrying out vulnerability tests in links 8 Physical Security 9 Spyware 9 Incidence response policy /Team 10 Incident Response The network users will face a denial to service incidence. The incidence will involve denying authorized users of the network crucial services like accessing mails over the network. The incidence can be caused by things like hackers flooding the network with data that are not needed by the users of the network. Such flooding will slow down the network, and workers cannot even read an email using the organization network. The occurrence of denial of service is a common thing within companies which might lead to dissatisfaction of customers and workers. Mitigation of such incidence would involve setting up firewalls within the network to identify any unwanted packets in the network. Response plan would involve purchasing packet scanning software. The software will identify packets that are flooding the organization network and their origin machine. The packets once identified termination of the network connection to the machines flooding the network should be carried out immediately. The backup network can be used at this situation leaving out the flooded network. Switching to the network will ensure the network runs at the preferred speed and delivery of service continues as planned. Another incident would be breakage of the backbone network which might be a fiber optic cable. The breakage of the cable might have been caused by vandals or natural calamities like floods, earth quakes and earth drift. Such situations would mean zero connection to the Internet because the network infrastructures are down. Having a redundant network connection from an Internet service provider can provide a response plan. The redundant network connection should be using totally different infrastructure to reduce the probability of the two networks not working. One of the infrastructures can be a network provider using satellite to provide connection. The satellite connection can be costly to the organization, but chances of failure are lower. Arrangements are to be made to have a fixed cost and payment on basis on usage per gigabits. Such payment will reduce the cost while ensuring the Internet provider has some money to maintain their infrastructure. Breach of security in mail servers by people hacking into the emails with stolen authorization credentials is another possible incident. This incidence will lead to loss of privacy of data contained within the mail server and the personal inbox. One of the response plans would be changing the email password to prevent further access by the unauthorized people (Matt, 67). The email password should be enhanced by including double validation ability. The double validation will require the sending of a validation key to the phone number of user. This validation will ensure any person with the password but has no access to the phone cannot hack in to the emails. Response should involve identifying the internet protocol address from where the mail was accessed. The Internet protocol address might help in tracing from where the mail access was done. Support Incase of failure of the internet, the need to call third parties to try and establish the cause of the internet failure arises. The first support team to be called will be the Internet service provider (ISP). The service provider is supposed to provide information about whether the Internet connection is working from their end. The internet service provider is supposed to provide guidance on ways to troubleshoot the network if they feel the problem is not from their end. When the network providers clarify that the network connection is okay, troubleshooting of the internet protocol address and cables will be done. This troubleshooting will try to establish if they are any broken cables or unplugged cables from the switch. Cables found broken from the switch will be plugged in, and people tries to access the internet (Matt, 76-8). If there is persistence of the problem after all the troubleshooting, the service provider will be called to visit the premises. The provider will carry out a survey using packet tracers to establish what is happening to their signals. The contract signed during the initial network connection will have specified to what limit free support is supposed to be provided by the internet service provider. The network provider support team is supposed to provide a report on what the problem was for future use. The support team is supposed to detail if they were able to sort the problem and what their suggestion are to prevent the occurrence of such incidence in future. Support can be provided by third parties who have network knowledge. The third party is not supposed to mess with the network configuration. This is to minimize the rise of loop holes in security. Vulnerability assessment The vulnerability of the network needs testing to establish the loopholes different hackers can try to use to access the organization’s network. Different devices like laptops, servers, and firewalls need an assessment. One of the tests would be to identify if the firewall is allowing a leakage of package into the private network (Nikolay, 145). The following vulnerability assessments were carried on the network:- Code injection leak test The leak test is carried to establish whether the organization firewalls are allowing unauthorized packets into the local area network. The process involves installing leak software into the laptop and then trying to send packets that are supposed to be filtered by the firewalls. The leak test is performed by carrying code injection into the internet download managers within the machine. The use of internet download manager is picked because it is one of the trusted applications by the firewall to access the internet. The internet download manager DLL was replaced with the program files in the computer. The machine will be switched on, and establishment has to be made if it still accesses the internet with the changes in the code. Access the internet means the firewall has weaknesses, and it is not working properly. This will lead to upgrade of the firewall software used within the organization. Substation leak test The substation form of leak test had to be performed to try and establish how the network would behave. The substation involved renaming a file to Mozilla Firefox. The renaming was done to try and see if the new application would access the internet when launched. Launching of the application was not followed by an access to the internet. This portrayed that the firewall was working correctly and was able to detect such forms of leakages. If the firewall did not block the application, it would have meant that it was not reading the product certification correctly. The firewall is supposed to identify trusted applications, not by their name, but the certification bundled with them. Network scanning The network scanning was done to establish weaknesses in the topology of the network. The Iviz software was installed in a desktop machine to try and analyze the network. The software was able to detect problems in the routing table of the network where some wrong internet protocol address was used on machines. The uniformed way of allocating internet protocol (IP) address within the organization was to avoid IP conflict and provide a way of identifying unauthorized people accessing the servers. Wrong IP on machines meant those hosts accessed the internet and would not be monitored on what they were doing. The corrective measures taken were changing the wrong IP address on the machines. The next thing would be advising everyone allocating IP on machines to follow the prescribed organization formula (Nikolay, 39). Manual testing on passwords Several user accounts existed on applications used on the network together on access of the network. The wireless networks require one to provide a password before getting connected. It was seen that hackers can easily access the password from the workstations by using network properties. Such weaknesses meant that anyone with a laptop and within the line of sight of the wireless network and can have access to the network. One of the solutions to such a problem would be encrypting the password when it is being input in the machine. Each user is to be allocated a username and password that cannot be used to access the internet in more than one location. Attempts made by an account to access the internet into two locations at the same will lead to the termination of their account. Such rules would deter users from sharing their accounts and at the same time logging out of their account when they are finished. Carrying out vulnerability tests in links Passwords and critical data being transferred over a network need to be encrypted. Encryption ensures that if someone eaves drop on any of the links they cannot read the information in transit (Habraken, 204). The Iviz software installation was used to try and establish in what form data was travelling over the different hosts. The software was able to identify that emails and network passwords were encrypted when on transit over the network. The application identified some applications that did not encrypt their data while sending it over the network. The developers of those applications had not looked at the security issues during development to eliminate such eaves dropping. Developers of these applications were advised to develop patches for their application. The patches would be upgrade to the existing system and would provide an encryption capability. This established need of ensuring security in systems before and after developing them. Systems that have not taken security into consideration become useless once a hacker learns of their weaknesses. Physical Security Physical security entails protecting access to the computers, which include the desktop machines and laptops. One of the ways of keeping away unauthorized people from the computers is keeping it in a locked place. Locking of the machine in the room ensures that any person without the key where it stored cannot tamper with it. To ensure physical control is ensured, no multiple keys to the room where laptops and computers are kept should be kept. The network access point needs to be secured to prevent people vandalizing equipments. Security officers are to be employed to guard the area where the access point is placed. The access point should be placed high in the building either on the roof top or sides of the roof to make it unreachable. Access doors to the roof where the access point is place should be kept by a trusted individual. Any person who gets access to this bunch of keys should sign while picking them and while returning them. The signing is supposed to ensure accountability among the workers on who carried what activities at the places where access points are placed. Apart from employing people to guard the machines bimetallic validation is employed on doors. The validation will eliminate situations where people use impersonation to access other peoples account. The bimetallic is supposed to read the finger prints of all users accessing the computer rooms. Any person whose finger prints do not match of the authorize persons they will be denied entry to the secure rooms. Spyware Spywares are one of the software that read people’s passwords over the network. Anti spyware software need to be installed on host machines together with the servers. The spread of spyware is mostly done by people who are using authorized accounts within the organization. Policies on passwords need to be developed to minimize chances of hackers accessing authorized users usernames and passwords. One of the policies would be weekly changes of passwords by all workers within the organization. The other policy would be workers are held responsible for anything done using their user accounts within the network (Habraken, 196-98). The accounts given to people with no administrative rights should allow them to install software. Without any rights of installation people cannot download spyware applications online and installing them on sensitive machines. The organization antivirus needs to be kept updated all the time. Update antivirus are able to discover new types of malware and Spywares released over the network. All machines should be scanned regularly to discover any new spyware within the network. Combinations of all those activities will minimize chances of Spywares existing within the network. Incidence response policy /Team Failures in the network should not be handled by outsiders without the correct authorization. Calls should be made to the Information Technology department within the organization. These people are supposed to troubleshoot the network and provide solutions. The internet service provider is part of the response team by activating the redundant internet line in case of failures. The service providers are informed of their role early enough to ensure they are not caught unaware by the incidence. Decision on whether there was a network problem needed to be passed by the lead network administrator within the organization. Once the administrator gives the junior the go ahead to call the Internet service provider, they should proceed. The network administrator can delegate the duty to one of the juniors in a written form. The juniors will be held responsible for any decisions they make during the period the job is delegated to them. Works Cited Habraken, Joseph. Absolute beginner's guide to networking. Indianapolis, Ind: Que, 2004. Matt, Curtin. Introduction to Network Security. Kent Information Services,1997. Web. Nikolay, Grebennikov. Using leak tests to evaluate firewall effectiveness .nd, Web. Read More