Hardening Computer Networks - Essay Example

HARDENING COMPUTER NETWORKS Hardening Computer Networks Affiliation Introduction At the present, the majority of organizations carry out their business activities using computers and when the number of computers increases they need to form a computer network. A computer network allows a number of employees to access and process data simultaneously. In view of the fact that a computer network is an essential part of almost every organization that processes data on a regular basis hence it becomes essential for them to secure their computer network from a wide variety of security threats. Basically, a computer network can be threatened by a large number of sources such as security attacks, viruses, hacking and so on. However, an organization can deal with these security threats by adopting an appropriate security procedure. In fact, there are numerous guidelines and security measures that can be adopted by organizations in order to secure their computer networks (Nash, 1999; Shelly, Cashman, & Vermaat, 2005; Singhal, 2013). In this scenario, the National Institute of Standards and Technology (NIST) is a well-known organization that establishes and provides effective guidelines for promoting information technology (IT) security. In addition, NIST has established a wide variety of standards for securing all kinds of IT resources such as networks, computers, and equipment and so on (Scarfone & Souppaya, 2009). This paper discusses a standard operating procedure on how to properly secure an enterprise computer network using NIST standards. This paper discusses a variety of mechanisms that organizations can adopt in order to secure their networks. Given below are some of the important guidelines (adopted from NIST standards), which can be adopted by an organization to secure their computer network: Always change the default SSID (service set identifier) It is believed that the majority of people don’t change their default SSIDs. Normally, manufacturers offer access points with a standard network name like that, default, tsunami, etc. In addition, this SSID is distributed users to let them known about the availability of the access point. This default SSID must be changed upon installation to something that does not directly relate to an organization. It is suggested that an organization should not rename its SSIDs to company name, brand name, company phone number or something else for which company is famous for. So that a hacker cannot guess it easily (Airtight Networks, 2014). Password Management Passwords are the most common type of security measures used to protect data, system and networks from un-authorized access. In fact, passwords are used all the way through the organization to access different services and data. In addition, company’s employees need passwords to use their computer or access a network. Additionally, all kinds of communication are secured by means of passwords. In this scenario, an employee has to use a specific password in order to access the network, check their emails or complete a specific task such as transferring data from one place to another. However, there are many threats to password based security. In fact, it is very difficult for the employees to memorize a large number of passwords. Consequently, it is essential for an organization that it makes long term policies to replace and supplement password-based verification systems for the resources that demand high security. In this scenario, NIST has presented a variety of suggestions that can be adopted by organizations to secure their networks (Scarfone & Souppaya, 2009): Creating Password Management Policy for the entire organization Organizations should take into consideration applicable mandates, rules, regulation and other guidelines relating to password management. In addition, the organization should develop a flexible management policy that could put up different password management techniques provided by major operating systems and application vendors. Organizations should review and update their password management policies periodically depending on the changes in password management mechanisms in major operating systems and application vendors. Protect Passwords from Attackers Attackers can capture passwords in different ways. For example, an attacker might attempt to access an operating system or application that stores passwords. So, such passwords must not be stored as it is, they must be encrypted before saving into the files. Passwords that are transmitted over the network must also be protected with the help of encryption techniques. Users should be aware of all these threats that may occur while transmitting/entering their passwords. Users should be aware of the security threats such as phishing attacks, keystroke loggers, network sniffers and shoulder surfing. Also the users should be aware of how they should respond when they see some suspicious activity. In addition, the organization must always verify the users while requesting forgotten password or password recovery options so that only authenticated users can access their passwords (Scarfone & Souppaya, 2009). Making your password hard to guess and crack Always choose a password that is long enough and a mixture of alphabets, numbers and punctuation marks so that it becomes difficult for the attacker to guess passwords. In addition, changing a network password periodically also reduces the frequency of cracking passwords. Additionally, the organization should provide a mechanism to block the account after consecutive failures while entering wrong passwords. In addition, organization should design long term policies for their password management and update the password management policies in a timely manner so that latest password management techniques can be incorporated into your system (Scarfone & Souppaya, 2009). NIST Recommendations about Password Management NIST has published a complete document consisting of more than 38 pages to discuss and recommend some of the important suggestions to establish and maintain passwords. However, the overall report shows that the management of passwords is a challenging task, which requires extensive effort and a considerable amount of time (OConnor, 2009). At the present, the majority of organizations use the networks of the communications, which require their employees to enter passwords at several locations. In this scenario, these passwords can be detected by a sniffer in the middle of the communication. NIST presents effective strategies to deal with these sniffing attacks. At a very basic level, organizations can deal with sniffing attacks by encrypting all the network traffic. In addition, they can also segregate their networks to secure passwords distributed over the network (OConnor, 2009). NIST also provides recommendations to deal with guessing and cracking attacks. NIST recommends its users to set passwords of suitable length as well as apply a variety of complexity rules and limiting the users to make less than 5 guesses. In addition, the salting technique can be used to deal with cracking attacks. Basically, salting technique extends the amount of storage to invert a password hash by pre-computation (OConnor, 2009). NIST suggests that users should establish complex password by mixing alphabets with numbers and special characters such as &, %, $, or #. Overall, the password management is a complex task. An organization that consists of a large number of employees should hire a chief password officer to keep record of passwords and provide guidance (OConnor, 2009). Using Encryption Techniques for user authentication An organization can improve its network security by making use the encryption techniques for authenticating users. It is believed that the majority of access points does not provide security in their default settings due to which a large number of computer networks are hijacked or used by un-authorized users. In this scenario, enterprises should use standard encryption and authentication techniques in order to make their enterprise network more secure. Two most commonly used methods are IEE 802.11 or VPN (Airtight Networks, 2014). Configuring Management Access In order to improve the security of their computer network, an enterprise must ensure that their computer network is managed by only authenticated personnel. In this scenario, reconfiguration of the access point via a management port provides an opportunity for the hackers to steal your network information. An organization should use SNMP V3, SSH and SSL as interfaces for making secure connections with the network. Over-the-air management should not be possible at all and VLAN can be used as a main resource while re-configuring the network settings (Airtight Networks., 2014). Physical Monitoring of Your External Premises: Access points transmit signals beyond the premises of a computer network. Therefore, it might be possible that someone sitting around a network may connect to the company’s network and steal some of their classified information. Therefore, the security of the external premises should also be monitored and persons involving in some suspicious activity should be watched consistently. It has come into notice that some of the hackers have been caught while stealing credit card information sitting around the shopping stores using wireless LAN network (Airtight Networks., 2014). Ensure Security of Your Corporate Assets Today’s enterprises consist of multiple perimeters. The enterprises may consist of multiple locations including homes, hostels, airports and many other workplaces. Therefore, increasing the perimeter of the enterprises also increases challenge for security managers. In this scenario, an organization can implement a wide variety of mechanisms such as VPN, firewalls and antivirus software which can help them protect network from different security threats (Airtight Networks., 2014). Educating Employees about Network Security An organization using Wireless network must educate their employees in order to make their network more secure. Employees can play a vital role in the security of a computer network. The organization must educate and guide them in order to make enterprise network more and more secure (Airtight Networks, 2014). Windows Policies NIST publishes its standards as in the form of FIPS (Federal information processing standards) publications. In this scenario, FIPS 140-2 standard defines some of the basic security requirements for a computer system running Microsoft Operating systems (such as Windows). In the past, Microsoft Windows supported 3DES cryptographic standard, however in order to comply with FIPS 140-2 standard they changed their default cryptographic standard to Advanced Encryption Standard (AES). Though, at the present, Microsoft completely maintains FIPS 140-2 standard for all the cryptographic elements. However, this change in encryption standard causes a variety of compatibility issues which can be resolved by setting group policies. Basically, these group policies are established to force Microsoft XP and Windows Server 2003 to make use of DESX instead of Advanced Encryption Standard until the migration is completed. In this scenario, Microsoft Windows use system cryptography group policy to control the encryption. This policy recommends the use of the FIPS complaint encryption algorithm. This policy can be accessed through a series of steps such as computer configuration->Windows Settings->Security Settings->Security options. When the local security policy or a group policy of Microsoft Windows supports this security setting, system users must update other applications. In fact, all the other applications should also make use of FIPS 140 complaint cryptographic algorithms (Boswell, 2003, p. 974; Microsoft Corporation, 2014). References Airtight Networks. (2014). Best Practices for Securing Your Enterprise Wireless Network. Mountain View, CA: Airtight Networks. Boswell, W. (2003). Inside Windows Server 2003. Boston: Pearson Education. Microsoft Corporation. (2014). Support for Windows XP has ended. Retrieved from http://support.microsoft.com/kb/811833 Nash, J. (1999). Networking Essentials MCSE Study System. New York: Wiley . OConnor, L. (2009, June 14). Enterprise Password Management Guidelines from NIST. Retrieved from http://lukenotricks.blogspot.com/2009/06/enterprise-password-management.html Scarfone, K., & Souppaya, M. (2009). Guide to Enterprise Password Management (Draft). Gaithersburg, MD: National Institute of Standards and Technology. Shelly, Cashman, & Vermaat. (2005). Discovering Computers 2005. Boston: Thomson Course Technology. Singhal, A. (2013, January 15). Techniques for Security Risk Analysis of Enterprise Networks. Retrieved from The National Institute of Standards and Technology (NIST): http://www.nist.gov/itl/csd/stvm/riskanalysis-enterprisenetworks.cfm Read More