Free

Computer Networking Security - Assignment Example

Comments (0)
Add to wishlist
Cite this document
Summary
The vulnerabilities created by the IP table rules above are that; an intruder can access the company resources through connection from the Internet to the router host machine ( links the Intranet to the subnet server) that is connected to the Internet or through the VPN. The…
Download full paperFile format: .doc, available for editing
GRAB THE BEST PAPER96.1% of users find it useful
Computer Networking Security
Read TextPreview

Extract of sample "Computer Networking Security"

Computer Networking Security Part I. Firewall Rules Network Firewall rules #!/bin/sh # flushing all the existing filter table rules
/sbin/iptables -t filter -F INPUT
/sbin/ipchains -F
# no traffic to server subnet 140.192.39.0/24 on TCP and UDP
/sbin/iptables -A INPUT -p tcp -m multiport --dports 9000,4001:6999 -d 140.192.39.0/24 -j DROP
iptables -A INPUT -p tcp -m multiport –dports 1025:4000,7000:9000 -s 140.192.39.0/24 -j ACCEPT
#no traffic for port 9000, 40001:6999 but allow below 4000 and between 7000:9000 from 140.192.39.0/24
/sbiniptables -A INPUT -p udp -m multiport --destinatio-ports 9000,4001:6999 -d 140.192.39.0/24 -j DROP
/sbiniptables -A INPUT -p udp -m multiport --dports 1025:4000,7000:9000 -s 140.192.39.0/24 -j ACCEPT
#allowing inbound Internet traffic to VPN on port 1723 (set VPN host IP address 140.192.39.5 )
iptables -A INPUT -p tcp –dport 1723 -d 140.192.39.5 -j ACCEPT
iptables -A INPUT -p udp –dport 1723 -d 140.192.39.5 -j ACCEPT
#blocking VPN traffic from E, M, S on subnet server
iptables -A INPUT -p tcp -s 168.192.2.0/24 –dport 1723 -d 140.192.39.0/24 -j DROP
/sbin/iptables -A INPUT -p tcp -s 168.192.3.0/24 --dport -d 1723 -d 140.192.39.0/24 -j DROP
/sbin/iptables -A INPUT -p tcp -s 168.192.4.0/22 –dport -d 140.192.39.0/24 -j DROP
#no traffic from M and S to application server on port range 3000 to 4000
M - iptables -A INPUT -p tcp -s 168.192.3.0/24 -m multiport --dport 3000:4000 -d 140.192.39.0/24 -j DROP
S - iptables -A INPUT -p tcp -s 168.192.4.0/22 -m multiport --destination-port 3000:4000 -d 140.192.39.0/24 -j DROP
#all traffic to port range 3000:4000 on application server must come from E
iptables -A INPUT -p tcp -s 168.192.2.0/24 -m multiport --dport 3000:4000 -d 140.192.39.0/24 -j ACCEPT
#accept traffic to application server running SQL server (set SQL application server host IP address as 140.192.39.10 ) on tcp port 1433
/sbin/iptables -A INPUT -p tcp –dport 1433 -d 140.192.39.10 -j ACCEPT
#deny general service traffic to application servers
iptables -A INPUT -p tcp -m multiport –dport 1:1024 -d 140.192.39.0/24 -j DENY
#permit traffic to application server on ports above 1024 except between 3000 to 4000
iptables -A INPUT -p tcp -m multiport –dport 1025:2999 -d 140.192.39.0/24 -j ACCEPT
iptables -A INPUT -p udp -m multiport –dport 1025:2999 -d 140.192.39.0/24 -j ACCEPT
iptables -A INPUT -p tcp -m multiport –dport 4001:65535 -d 140.192.39.0/24 -j ACCEPT
iptables -A INPUT -p udp -m multiport –dport 4001:65535 -d 140.192.39.0/24 -j ACCEPT
Application server Firewalls Rules
#SQL server rules (set SQL application server host IP address as 140.192.39.10 )
iptables -A INPUT -p tcp –dport 1433 -d 140.192.39.10 -j ACCEPT
iptables -A INPUT -p tcp –sport 1433 -s 140.192.39.10 -j ACCEPT
#Application server 1 in server subnet (set IP address 140.192.39.11 )
/sbiniptables -A INPUT -p tcp –m multiport --dport 1:1024 -d 140.192.39.11 -j DENY
sbin/iiptables -A INPUT -p tcp –m multiport --dport 1025:2999,4001:65535 -d 140.192.39.11 -j ACCEPT
#Application server 2 in server subnet (set IP address 140.192.39.12 )
iptables -A INPUT -p tcp –m multiport --dport 1:1024 -d 140.192.39.12 -j DENY
iptables -A INPUT -p tcp -s 168.192.2.0/24 –m multiport --dport 3000:4000 -d 140.192.39.12 -j ACCEPT
sbin/iiptables -A INPUT -p tcp –m multiport --dport 1025:2999,4001:65535 -d 140.192.39.12 -j ACCEPT
iptables -A INPUT -p tcp -s 140.192.39.12 –m multiport --dport 1:4000,7000-9000 -d 168.192.4.0/22 -j ACCEPT
#Application server 3 in server subnet (set IP address 140.192.39.13 )
iptables -A INPUT -p tcp -s 140.192.39.13 –m multiport --dport 1:4000,7000-9000 -d 168.192.3.0/24 -j ACCEPT
iptables -A INPUT -p tcp -s 168.192.3.0/24 –m multiport --dport 3000:4000 -d 140.192.39.13 -j DENY
iptables -A INPUT -p tcp -s 168.192.4.0/22 –m multiport --dport 3000:4000 -d 140.192.39.13 -j DENY
#log all VPN traffic on each server
/sbin/iptables -A OUTPUT -m limit --limit 12/hour -j LOG --log-level 4 --log-prefix VPN traffic log
Part II. Firewall Problems
The vulnerabilities created by the IP table rules above are that; an intruder can access the company resources through connection from the Internet to the router host machine ( links the Intranet to the subnet server) that is connected to the Internet or through the VPN. The VPN created does not limit devices connected to it access other application servers over the Internet.
An executive cannot log into the application servers in the company from a home network because he will need Internet for the connection to be complete. It means that he has to use the VPN created in order to access the company resources. VPN only uses TCP port 1723 while the executive Intranet cannot access the application servers through this port. The connection will, therefore, be blocked as it will be malicious.
The assistant administrator cannot log into the application server through ssh since it requires him to use port 22 which is a port below 1024. All ports below the range of 1024 have been restricted for general purpose use.
Part III. Firewall Specifications Redesign
The vulnerabilities created can be solved by giving specific port addresses access to the application servers instead of allowing a certain range. Some Internet traffic to the VPN should be limited instead of allowing all inbound traffic to be accepted.
The executive can be given access to the application servers he uses from his home network by implementing a rule that allows subnet E traffic to be sent through VPN port 1723.
Assistant network administrator can be given access rights to the application server through providing specific access rules for him by specifying his mac address as an exception and opening some general purpose ports for him.
Additional IP table rules can include rules that restrict the number of parallel connections from one IP client. The network administrator should also implement an IP table rule that only opens a particular range of IP addresses in regards to IP addresses of the several subnets created. The administrator can also provide a strong way of authenticating users to the company network or the VPN and strong encryption methods of for the VPN.
Reference List
Eric Seargren, (2011). Secure Your Network for Free. Elsevier. New York. Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Computer Networking Security Assignment Example | Topics and Well Written Essays - 500 words”, n.d.)
Computer Networking Security Assignment Example | Topics and Well Written Essays - 500 words. Retrieved from https://studentshare.org/information-technology/1689171-computer-networking-security
(Computer Networking Security Assignment Example | Topics and Well Written Essays - 500 Words)
Computer Networking Security Assignment Example | Topics and Well Written Essays - 500 Words. https://studentshare.org/information-technology/1689171-computer-networking-security.
“Computer Networking Security Assignment Example | Topics and Well Written Essays - 500 Words”, n.d. https://studentshare.org/information-technology/1689171-computer-networking-security.
  • Cited: 0 times
Comments (0)
Click to create a comment or rate a document

CHECK THESE SAMPLES OF Computer Networking Security

Computer Security

...the basic design and deployment of computer systems, which form a major chunk of the issue. These misguided incentives begin with what economists call a moral hazard effect which resulted in a landslide of fraud. Other incentives include consumer’s lack of prioritizing on security measures which resulted in their minimum spending on software security. This is referred to by economists as ‘The tragedy of the commons’ with consumer’s unwilling to spend on measures that did not directly benefit them. Third is the failure in privacy and prolonged regulatory issues due to poor allocation of online risks. Last is the ability of these incentives to affect defense and offense strategies. With...
3 Pages(750 words)Essay

Computer Security

...associated with security breaches according to cardholders, merchants, financial institutions, cost of breaches and compliance. In addition to that, it has discussed compliance issues and identified significant data breaches that have occurred in the US Retail Payment Industry. More importantly, it has recognized and discussed critical public policy related issues with an emphasis on data notification laws and the role of Federal Trade commission in tightening up security risks. The paper has also proposed a framework to upgrade the current system with the potential Chip and PIN based dynamic network procedure which will mitigate the risks associated with security...
3 Pages(750 words)Essay

Computer security

...?Assessment Computer Security Program Matriculation number Word Count: 1526 words Contents 3 Introduction 4 IdentifyingThreats and Vulnerabilities 4 Examination of the Security Principles Broken 4 Recommendations 5 References 7 Abstract Computer security refers to the minimization of vulnerabilities to assets and resources. There is no such thing has 100% security, although one can get close to it. The case study provides an example of how security lapses can occur and expose the system’s vulnerabilities. This paper looks into the threats and vulnerabilities that the event exposed and examines the...
6 Pages(1500 words)Essay

Computer Security

...personal information revelation behavior of millions of people to friends as well as complete strangers. Millions of people around the world use social networks like Friendster, MySpace, Facebook to communicate, find friends, dates and jobs – and in doing so they wittingly reveal highly personal information about themselves to everyone. With the burst in advertising of these social networks most of them now days encourage users to reveal highly personal information. This includes their dates of birth, cell phone numbers, addresses and highly confidential health information. The weak structural design of social networks in terms of security and access controls is cleverly...
2 Pages(500 words)Essay

Computer Networking

...are more likely to comply with Policy and to make more of an effort to secure or at least limit behaviours that will put the network at risk. The Policy will introduce inclusive decision making staff meetings to come up with IT security solutions. In a collaborative forum staffs can suggest ways to limit non-compliance. To cultivate a company culture of looking after the well being of staff, a dedicated single PC will be located in the staff room that is not connected to the network. Staff can use this during breaks to download music or videos etc from particular approved sites, to be determined during the first collaborative meeting. It is anticipated that...
9 Pages(2250 words)Essay

Computer networking and management

...for Computing Machinery, Available from: http://www.acm.org/crossroads/xrds2-4/intrus.html#ref1#ref1, [Accessed Feb 5, 2010] 37 Wiens, R., (2001), Realisic Expectations for Intrusion Detection Systems, http://www.securityfocus.com/infocus/1206, [accessed on Feb 7, 2010] 37 1. Task 1 Dierks (1999) described that transport layer security protocol is meant to provide a private connection between a server and a client. It ensures data integrity between two communicating entities. Netgear (2005) explained that the two client/server applications communicate over a network designed in a way that there is no eavesdropping or tampering of any sort. The protocol constitutes two layers; one is the...
26 Pages(6500 words)Essay

Computer networking

.... The disadvantages associated with network of a Local Area Network type may be narrate as follows: Administrative Tasks Handling a network is not as simple as handling a single computer system. Certain administrative tasks are required that would control authoritative issues over the network. This task takes considerable time a specialized network administrator is required to be hired for it. Dependence on Server All the administrative tasks within a computer network are associated with a separate highly configured computing system referred to as a server. It is via this server that the...
4 Pages(1000 words)Research Paper

Computer security

...A Report on Computer security for Oracle Inc Report of the Topic The topic reports that computer security is an essential aspect that Oracle Corporation emphasizes to the users to enable them avoid cases of hacking. Oracle Corporation is the world’s principal software company for the database enhancement. The article is significant since it exposes aspects about hacking as a grave offense that can affect the reliability and status of an individual or an organization. In March 2011, Oracle experienced this crisis when its Website was hacked by Cernaianu Manole Razvan (Lennon, 2012). This made the users of the Website encounter difficulty in accessing data from their...
1 Pages(250 words)Essay

Computer Networking

...Technologies in Wireless Networking Ahmad Alnafea Department of Computer Science and Technology of Bedfordshire Wireless network is a type of computer network that has become vital for modern existence. Some of benefits of wireless network can be convenience, flexibility, productivity, easy setup, maintainable, expandable, robust security protection and cost. The wireless networks are continuously growing but there still have some of the key challenges in wireless networks that are security, radio signal interference, system interoperability and many other bases. Now many...
1 Pages(250 words)Essay

Computer Networking

...Computer networking Network security is fundamental in the development and sustenance of an effective computer networks.The process of developing such a network must therefore incorporate various security features that will help secure and maintain the integrity of both the data and the various communication channels. The essay below therefor investigates various security features that help secure a computer network. Such include the use of effective antiviruses, the development of effective firewalls, the use of passwords and dedicated...
5 Pages(1250 words)Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.

Let us find you another Assignment on topic Computer Networking Security for FREE!

  • TERMS & CONDITIONS
  • PRIVACY POLICY
  • COOKIES POLICY
Contact Us