The Assumption from the Network Diagram - Case Study Example

?Running head: Quick Finance Network Introduction The assumption from the network diagram is that the diagram depicts the actual network topology implemented at the company. Other assumption shall be there no security measures which have been employed in the network thus the numerous attacks and defacing. From there we shall identify the vulnerabilities from the perspective that we have been contracted to make the network secure. Another assumption from the topology would be the company is using an out dated network security policy. From the topology the network has been setup poorly with very many access points into the system. The other assumption would be the network was setup by a rookie as the topology is poor and vulnerable to attacks. Finally the final assumption would be the management is not aware of the need of a secure network. The management needs to be informed and enlightened on information confidentiality, integrity and availability (Lammle, 2008). Firstly the network is vulnerable as the firewall doesn’t serve its purpose. Firewall is meant to barricade the traffic between a public and private network. In our case the public network is the internet and the private network is the Quick Finance Network. It uses access lists and other methods to ensure the security of the private network. From the diagram the firewalls should be deployed between the router and the internet, and the web server and the internet and between the internet and the VPN server. Access lists that are employed on the firewall are set of conditions kept by routers that determines allowed traffic to and from various services on the network. In the quick finance network access lists can be deployed in the network to control the movement of traffic between the different buildings and also in a building, in case of information applying to specific offices/departments. Access lists are helpful in exercising control over network traffic. Access lists offer network control. These lists enhance the flexibility to filter the packets that flow in or out router interfaces. The access lists help protect expanding network resources without impeding the flow of legitimate communication. They differentiate packet traffic into categories that permit or deny other features. Proxy is another security measure that can be deployed. Proxy restricts who accesses what and which sites to block. The layer design deployed also needs to be improved. The network needs to be created using the proposed three layer design. The proposed three layer design comprises of core layer- this is where the public and private networks meet through a firewall router/switch, distribution layer – this layer holds switches which lead to different buildings and offices and access layer – the layer where the user is connected to the network. Vulnerabilities on this network There lots of vulnerabilities on this network and lots of access points where intruders can gain entry of this network. For starters the firewall has been wrongly placed. The firewall should be put across the perimeter of the network in order to limit access to the network. From the topology the firewalls don’t serve their purpose as they have been put beside the servers. The firewall is used for basic packet filtering. The filtering decision is made separately for every packet, thus a packet that was allowed earlier won’t dictate the entry of a later packet. It’s based on source and destination IP address, protocol and source and destination port numbers. The network should use the proposed layer 3 network model. Where we have three layers: access layer, distribution layer and core layer. This will avoid a bad topology as the current one where all the machines are connected via an Ethernet cable. With a layer three topology it would implement use of switches and more routers to control movement of packets and enforce access control. It would also have all the servers well placed in order to ensure data security, availability, integrity and confidentiality (Tanenbaum, 2011) .Network - based attacks Self propagating programs Self-replicating programs attach themselves parasitically to existing programs to propagate. The program spreads by creating replicas of itself and attaching itself to other executable programs to which it has write access. The quick finance network is connected by an Ethernet thus making it easy for a self propagating program to propagate and move from one PC to the other eventually moving from one building to the other eventually spreading across the whole network. They are also referred to as malicious software. They include viruses, Trojan horse and worms. Viruses are malicious programs that propagate upon being triggered by a user action. They may come via email attachments or as executable files. They inflict damage by destroying files thus affecting computer performance and eventually the network. Trojan horse and back door: - malicious software that attempts to give an attacker unwarranted access to a network or machine. They look like a software that serves a legitimate purpose but are usually malicious software. Worms self-propagates to cause serious damage to computer networks. Worms are simply pieces of software that are able self-propagate through the Internet. However, some worms also do irreparable damage to computers. Self destructive software’s are installed in the PC due to the availability of these worms which carry malicious payloads’. Remote control of infected hosts is often a primary goal of worm writers who seek to crash high-profile websites and services through “Denial of Service” attacks. Spoofing When a computer on a network pretends to have the identity of another computer, mostly the one with special access privileges, there is an IP address spoofing where the source IP address is altered to conceal the identity of the attacker and have the victim thinks it’s coming from a trusted source. The quick finance network is not secure enough thus a hacker or attacker can gain access using and use a source IP address to masquerade as a user. To mitigate this access control lists where you determine who accesses what, firewalls to prevent unwanted entry into the network, proxy buffer between the private network and the public network and IPSec to enforce integrity, authentication and confidentiality (Stallings, 2011) Denial of service attacks These are attacks on availability. Mostly occurs by SYN flooding attacks overload a host or network with connection attempts. Usually hard to stop them thus good security measures should be deployed from the word go. Can be mitigated using stealth scanning of ports, firewalls to buffer unwanted entry in to the system and access control lists (Stallings, 2011) Recommended Mitigation Procedures From the network diagram there many loop holes with the network. Thus we would assume the company has a weak security policy in place or rather the network security policy is weak. The security policy may be out dated or hasn’t been updated in a while. Security policy documents are never permanent they should be updated from time to time as their new attacks daily. My recommendation would be for the company to come up with a detailed network security policy document that highlights the network and possible threats. The document should also be used to educate the users of the network and the staff at large (Biskup, 2009). The current network depicts a network that was done by an amateur. The network has very many loop holes no wonder it defaced from time to time. Thus I would recommend the company hires a professional network administrator to carry out the maintenance of the network and to deploy the network afresh. Alternatively the company can outsource the services of a network company to setup a secure network. The company should put in place other measures to secure the network from threats such as hardware threats – the server rooms should be locked at all times and only authorized personnel should have access, hardware threats involve physical damage to the equipment (Biskup, 2009). Electrical threats - include irregular fluctuations in voltage, insufficient supply voltage, unconditioned power (noise), and total power loss. Recommendations would be to install uninterruptible power supply (UPS) systems for critical systems like servers, backup generators, plan for and initiate regular UPS or generator testing and maintenance procedures based on the manufacturer-suggested preventative maintenance schedule and set up monitoring and alarm systems to alert in case of electrical failure (Biskup, 2009). Environmental threats are threats that come about from natural conditions. They include very low or high temperatures, moisture and magnetic Interference Environmental threats, such as extreme temperature or extreme. Recommendations would be to supply the room with dependable air conditioning control systems. Setup up monitoring and alarm systems that alert incase of environmental threats conditions (Biskup, 2009). Maintenance threats occur when there no backup systems for critical network systems, components not being labeled correctly, having an inventory of the equipments available, and having a book/system that captures all maintenance and service dates. Others include poor handling of the systems, lack of spare parts, poor labeling and generally not adhering to the security policies and guidelines (Biskup, 2009). Work Cited Lammle, T. (2008). CCNA: Cisco Certified Network Associate: Fast Pass. Indiana: Wiley Publishing. Tanenbaum, A. & Wetherall, D. (2011). Computer Networks. New Jersey: Pearson Education limited. Stallings, W. (2011). Cryptography and Network Security: Principles and Practice. Upper saddle river: Prentice Hall. Biskup, J. (2009). Security in Computing Systems: Challenges, Approaches and Solutions. Heidelberg: Springer. Peterson, L., Davie, B. (2012). Computer Networks: A systems Approach. Burlington: Elsevier. Read More