Network Security setup - Research Paper Example

Running Header: Network Security setup Part Security layers outline for Richman investment IT infrastructure domain User Domain User domain usually entails all the employees of Richman investments, these also includes consultants, contractors and even other third party users. At this domain, it is essential to ensure that each of the users who access and use the IT infrastructure of the organization should review and sign acceptable use policy in order to be granted permission to use the resources of the organization. This domain should also pay attention to proper authentication as well as exhaustive accounting1. Workstation Domain As shown in figure 1, this domain is the end user services like PC’s and VoIP telephones. The necessary security measure here is installation of updated anti-spyware and antivirus. Other useful installation at this point includes a software patch management that ensures minimal vulnerability and hence maintaining data integrity. Protection communication, system hardening and proper positioning of the workstations are also critical security measure at this stage2. Local Area Network (LAN) Domain As also elaborated in figure 1, the LAN is the logical and physical network technology used to support the connections in a work station usually within the premises of the building. In order to ensure that the LAN is secure, protocols setting, addressing, designing of a topology as well as communication encryption are fundamental in providing the desired security for this domain3. LAN-to Wide Area Network (WAN) Domain As evident in figure 1, this domain in the Richman investment infrastructure represents the inter-connectivity or internetworking points between the LAN and the WAN network infrastructures. In order to ensure security at this domain, the switches, firewalls, routers, proxies as well as the communication encryption are imperative aspects of enhancing security for this particular domain. Remote Access Domain This domain usually refers to the authentication and authorization of remote access guideline for users (mostly company’s employees) to remotely access the organization’s resources. The security infrastructure ought to involve remote access solution which mostly involves SSL-128 bit remote browser which is encrypted. VPN which is encrypted also can serve the same purpose. In this domain, knowing the location of the host also plays an important role in establishing the best security measures to be used on that particular host. WAN Domain WAN domain is a necessary domain especially when connecting with remote users. In Richman investments, it means connecting with several branches in places such as Atlanta, Georgia, Cincinnati, Ohio, and even Los Angeles, California from the headquarters in Phoenix, Arizona. In order to ensure security at this domain, it is recommended to ensure proper addressing schemes, proper protocol selection and enhanced encryption of communication equipments4. System/Applications Domain In Richman investments, the database software, operating system, client-server applications, and data stored in the organizations center and their hardware is collectively under this domain. Security measures necessary at this stage is proper authentication, quality network design, authorization, node security, and accounting are an imperative security considerations at this domain. Other security measures that can be implemented within the company’s IT infrastructure includes eliminating single point of failure, improving security access to sensitive data and ensuring that there is data backup in servers outside the main data centre. Figure 1 Part 2 SSCP Domain Research Paper on securing intranet and extranet Vulnerabilities of the network Securing organization’s data from external threats has been one of the major goals of network security since the inception of the TCP/IP protocol that generated the internet. TCP/IP is an open protocol designed to meet the needs of packet transfer in the network5. About fifteen years ago, intranet and extranet have developed in order to branch off the normal internet connection and allow companies perform remote connections by using intranet as well as connections with partners through extranet. Extranet and intranet have brought additional challenges which are also evident in Richman investments. The following key security issues ought to be addressed by the firm in order to ensure its data integrity and privacy. Authentication – ensuring entities communicating by means of sending messages and receiving messages are who they claim to be. Privacy- allowing the right recipients to read the contents of the encrypted message. Content Integrity- Ensuring that the messages have not been tempered by a third party since they were sent6. Non-Repudiation- setting up an infrastructure for determining the source of the message in order to avoid denial by the sender. Ease of use- Ensuring that the system set in place for the purposes of security can be consistent and completely implemented for all applications without causing unnecessary restrictions for the organization and its employees7. Network structure For a system administrator to be in a good position to recommended better security strategies for a network, the administrator ought to fully comprehend the network infrastructure. The following aspects of the network structure control will thus be considered in order to fully deploy security measures. i. Network complexity and size ii. The locations of sensitive data and other resources such as file servers, application serves and hosts on the network. iii. The connection type with other networks, both extranet and intranet. iv. The magnitude and nature of network traffic8. Some of the areas that may be considered for restricting include, logging in platform, resetting of the TCP connections, how to drop offending packets and also reconfiguring the ACLs on organizations routes in order to keep attackers at bay. Transmission methods and techniques and formats In order to meet the above mentioned five goals of ensuring the security of the intranet and extranet, a Public Key Infrastructure (PKI) is a technology recommended for Richman investments because it enables organizations to use open networks such as TCP/IP extranet and intranet securely. PKI allows for sophisticated means of data encryption which ensure that the message is only accessed by the intended recipient. A digital signature attached to the message ensures that the message came from a given entity and it not altered by even a bit during the transmission process. Digital certificates are used to identify the sent data. A Digital certificate is thus fundamental to the PKI because it ensures improved certainty of identifying the organizations individuals electronically. The Certificate Authority (CA) like Digital IDs and VeriSign verifies the identity of people electronically. Secret key system is another essential security mechanism which requires that the communicating parties have the same copy of the code of ‘key’. This is for the purposes of decryption of the message. Secret key system however has a number of limitations including, secret key can be intercepted in transmission by unauthorized person and hence compromised. In the event that one party uses the key maliciously, that party can easily repudiate the process. More so, the malicious party can easily impersonate the sender and decrypt sensitive information. It is thus because of these issues that it is recommended for Richman investment to have different keys for each party involved in the communication process. The advantage of Digital certificates in this case is the fact that it allows an advanced option called public key cryptography system which does not support key sharing but rather allows usage of the same key for encryption and decryption of the data9. A digital certificate employs a matched pair of jets to distinctively harmonize each other. In this sense only one key can be used for the purposes of encryption and decryption. Figure 2 below shows the entire data sending process. Figure 2 The following are some of the key security protocols used in the implementation of PKI based on Digital Certificates10. S/MIME- Ensures security and Multi-use Internet Main Extension protocol for the purposes of sending an encrypted and signed e-mail. SSL- This stands for Secure Sockets Layer protocol which essentially allows encryption and authentication communication between servers and browsers or between varied servers. This is an essential protocol. IPSEC- This stands for IP Security protocol, it is a newly established protocol which is capable of allowing encryption and authentication communication between firewalls, routers, and even between firewalls and routers. It has also been developed to protect the extranet11. A further explanation of these protocols is as shown in the diagram below. Table 1 Intrusion detection system It is recommended of Richman investment to consider the usage of intrusion detection technology in its extranet and intranet connections together with the firewall in order to enhance the security of the network. In essence, IDS works effectively in an intranet and extranet connections because of its additional security measures since it provides more security as compared to the firewall in terms of protecting both external and internal attack. Cisco IOS IDS is one of such IDS which offer protection by preventing packets and other flows which violate the security policy of the network. It does its work through the following means: Alarm- Sending an alarm to the Net Ranger Director. Drop- Dropping the packet Reset- Resetting TCP connection Security measure for operating both private and public communication networks In order to secure both private and public communication networks, the creation of extranet between identified partners was one of the fundamental security concerns that Richman achieved. This is because it helps in bypassing the public internet altogether. In order to ensure that there is a clear restriction between the private and public connection, an internet Exchange point should be developed because it helps in increasing security controls12. VPNs and extranets secure the external networks but do little to secure internal resources of the corporation. Because of this, Richman should use more than one firewall. In this case, one firewall (outer firewall) will be responsible for offering protection against external threats while the inner firewall will be offering protection to the inner resources. The middle ground between the two firewalls is called the demilitarized zone (DMZ). Richman investment can then use the DMZ to put customer and business partner-facing applications and other resources like database in order to separate the back-end applications and other databases by utilizing the second firewall. Notably the DMZ will be essential since it will compensate for the limitations of the external network. As evident, firewalls are critical to the protection of the organization’s internal network since they act as perimeter watchdog by examining each user in order to allow them access the network. In order to ensure that the firewall setup is operational in Richman investment, the following guideline control will be used13. i. The types of policies to be enforced when using the firewall. ii. The person responsible for implementing and specifying these policies. iii. Ensuring that adequate controls are provides in order to avoid unauthorized users from changing the settings of the firewalls rules. iv. Continuously auditing firewalls to ensure that they are compliant with the set policies. It is imperative for the organization to note that firewalls require constant control and monitoring since it is not a standalone device. It requires management and monitoring on a regular basis in order to ensure that the security of the organization is enhanced. Bibliography Amini, Rob , Peiris Chris and Khnaser, Elias. How to Cheat at Designing Security for a Windows Server 2003 Network. London: Syngress, 2006.PP 190-196. Bixler, Dave , Chambers, Larry and Phillips Joseph. MCSE Windows 2000 network infrastructure: exam 70-216, training guide. London: Que Publishing, 2002.PP.444-449. Gibson, Darril. Managing Risk in Information Systems. New York: Jones & Bartlett Publishers, 2010.PP. 181-190. Harwood, Mike, Goncalves Marcus and Pemble Matthew. Security Strategies in Web Applications and Social Networking. Michigan: Jones & Bartlett Publishers, 2010. PP. 128-131. Johnson, Robert and Merkow, Mark. Security Policies and Implementation Issues. London: Jones & Bartlett Publishers, 2010. PP. 67-74. Stewart , Michael. Network Security, Firewalls, and VPNs. New York: Jones & Bartlett, Publishers, 2010.PP.151-157. Umar, Amjad. Information Security and Auditing in the Digital Age: A Practical and Managerial Perspecive. New York: nge solutions, inc, 2003. PP. 8-30. Weiss, Martin and Solomon,Michael. Auditing It Infrastructures for Compliance. New York: Jones & Bartlett Publishers. PP. 154-161. Read More