Network Risk Assessment - Research Paper Example

of the of the 20 November Introduction Internet is the fastest rising technology that has produced endless opportunities. At the same time, serving students to navigate through the dominant and greatest growing world of information is a challenge. The assimilation of computer networks is valuable for everyone. (Ramig 15). I.T soft needs a computer network, which will support all the requirements that are analyzed for fluent business operations, as well as abide with the future trends of emerging technologies. The network devices and computing equipment have to be reliable and extendable, in order to cope up with extra nodes if the staff increases. The network layout of I.T soft requires an expandable and efficient network that will fulfill the requirements of the company. Advanced security features are also required in order to protect the VoIP traffic and preserve network availability. 2 Project Scope and Objectives As I.T soft an automated business support network. The network is utilizing latest technology in terms of both hardware and software, however cost considerations cannot be ignored as the company is an SME. The software technology includes the new innovative network that supports the following: Centralized Database access for sales/customer databases Email Internet access Company Website and Intranet VOIP They intend to run a local DNS server probably on their main domain server. They wish to provide a location for all users to store any company data Accounts and payroll data should only be available to the relevant staff. The customer database should be accessible to all staff, however they often have visitors to site who require network access, but the company are concerned about the integrity of their databases. Implementing a wireless environment to provide access to visitors They also require a training room, with networking and access to the internet. protect the integrity of their email and VOIP systems They need to provide access to internal data to staff working off-site. Requirement for tools and Suggestions in order to optimize network performance Requirements for monitoring the provision of their core services such as the availability and performance of their servers and VoIP system Tools to warn of any significant network changes Monitor any attacks on their systems Providing redundancy and failover Apart from these new technologies, network security risk assessment is required for identifying new risks that may impact the enterprise. 3 The Current Network Diagram for I.T Soft Figure 1.1 (Network Diagram) As seen in Fig 1.1, there is no protection on the Internet connection that is terminating on the router. The connectivity from the router to the two data switches i.e. switch connecting to the data center and the second switch connecting the access points also have no protection. However, MacAfee EPO is installed on the server and on the workstations as well. The centralized anti- virus works on defined policies and scans workstations, USB drives and downloads from the Internet. In this scenario, if any threat enters the network from the Internet and penetrates in the server hosting Mcafee EPO server, it will certainly corrupt the operating system and consequently, infect the EPO server as well. Identified risks from the Internet are virus and malicious codes. For physically securing the information systems, there are no physical controls currently. As shown in Fig 1.2, there are no physical controls on the data center and everyone can enter without verification and authentication. Figure 1.2 (Physical Diagram) Moreover, there are no physical controls on the router that is connected to the Internet. It means there is a risk of theft for these network devices. 4 Centralized Database access for sales/customer databases The sales database and customer database are connected to the switch. Every request from the users is redirected to the router, where the router checks the Access Control List (ACL). In this scenario, the accounts staff has permissions to access these servers. However, all the other users on the network are restricted to access these servers. 4.1 Email I.T soft has configured an email server to provide email facility to the employees. It is connected to the switch. The router analyzes all the email requests, from the inbound network, to decide whether to send it to the LAN interface or the WAN interface. 4.2 Internet access Internet access is only provided by the Internet Security and Acceleration (ISA) server. The network administration staff can create access policies on the ISA server to allow or deny Internet access by providing MAC address and IP address of the specific user. In a domain environment, as I.T soft has a domain environment, usernames that are created on the domain server are sufficient. 4.3 Company Website and Intranet As demonstrated in Fig 1.1, I.T soft has its own intranet. The intranet is available to everyone who is associated with the network. 4.4 VOIP To support VoIP functionality, the VoIP architecture that is connected to the public switched telephone networks (PSTN). The router that is implemented within the network will provide digital VoIP support. Moreover, in order to add advanced security, a separate firewall is integrated. 4.5 DNS Server As per the requirements of I.T soft, a local DNS server is implemented. The presence of Active directory server will act as a domain and will also manage user account and provide added security in terms of data management. 4.6 File Server As the employees of I.T soft wants a workplace for storing data for other companies, file server is installed for that purpose. 4.7 Accounts and Payroll Data The access list of the router is configured to only allow account staff for accessing these servers. In order to add more functionality to these servers containing critical data, they are segmented separately from the network. 4.8 Customer Database As per the requirements, all the staff needs access to the customer database. This can be achieved by allowing all the users of the network from the ACL of the router. However, anonymous users are not allowed to access the database. 4.9 Wireless Environment for Visitors The wireless network for the employees and visitors can be connected anytime, as it is publicly available. As they wireless network is not secured enough internally, the SSID will allow only the specific customer who wish to use the network. 4.10 Training Room A network switch is made available in the training room. Users can connect by providing their credentials that can be verified by the domain. ISA server and Active directory both can be configured to specify the users for allowing or denying the Internet access. 4.11 Internal data to Staff working Off-site As the internet is connected via a DSL Internet connection, the modem can be configured with the port forwarding options in order to provide access to the file server. If off site users want access to the GUI, then remote desktop port forwarding can be considered. For accessing only files, FTP port forwarding can be considered. Router can also be configured for providing access to the offsite staff. 5 Risks and Mitigation Solar winds WAN and VoIP monitor provides these features ("SolarWinds offers free Cisco IP SLA monitoring tool "): “Monitor WAN performance using IP SLA technology that is already built into your existing Cisco routers” “Visualize site-to-site network performance on a clickable, drill-down map” “Discover and automatically set up Cisco IP SLA capable network devices with specific IP SLA operations” “Quickly review WAN performance to determine the impact on key applications” “View at-a-glance WAN performance with the Top 10 IP SLA dashboard” “Monitor Cisco VoIP performance statistics, including MOS, VoIP jitter, network latency, and packet loss” ("Network Management news, events, jobs and awards ) This tool can be installed on the network as it works on SNMP and provides alerts and information of each activity on the network that is associated with network devices, computing devices and UPS. 5.1 Intrusion Detection System In order to provide advanced intelligence to the network security, IDS is incorporated within the network. It will sense and monitor the activity and match it to the patterns that are installed in it by the network administration staff. If any unfamiliar activity is noted, IDS will provide notifications and alerts for any possible security breach. 5.2 Redundancy and failover Switches are interconnected with each other. If any switch fails to respond, the network will still be operational, except from the nodes that are connected to the switch. For future expansions, 16 port switches along with VLAN support are designed. Extra ports will allow integration of workstations, printers or any other useful computing device that will be beneficial for I.T Soft. Work Cited Ramig, Renee. "Online Tools for Research--Elementary and Middle School Style." MultiMedia & Internet@Schools 17.5 (2010): 15. Print. "SolarWinds offers free Cisco IP SLA monitoring tool "Web. 11/19/2012 . "Network Management news, events, jobs and awards | Investor Relations | Press Release "Web. 11/19/2012 . Read More