The Features and Requirements of Network Security - Case Study Example

As nowadays, the basic aim of installing network is based on a few factors which are mandatory to be operational for smooth transition and user satisfaction. In this scenario the hubs are installed which copy the data from one port to the other regardless the destination address. This way, significant amount of broadcast arises, resulting in choking and network congestion. REQUIREMENTS As per the field of digital forensics the network design client / server architecture will be adequate for meeting the requirements. The data will be stored on the server providing better security and centralized data protection. The security patches and antivirus definition files can be administer on the server. This will reduce the administrative work on the network for the network administrator. The client / server architecture is designed on a star topology. Any maintenance activity of this network type will be conducted, while the clients will not be aware of it. Current network scenario does not contain proper security measures, contingency planning, back up procedures, data synchronization, data traffic analysis, network congestion prevention. The client server architecture starts degrading its performance when there is a large number of data fetching and executions as this will result in network congestion. Server downtime will severely affect the network and all the operation and activities on the network will be halted. Hubs should be replaced by the Fast Ethernet 10/100 Mbps switches. By replacing hubs, we can considerably minimize the unwanted traffic on the network which may degrade the performance of the network. As the organization is certified ISO9000, the network have to support the features which are required by the ISO Certification. REQUIREMENTS AS PER ISO 9000 / ISO 27001 As the company is ISO certified. There are certain business processes which are facilitated by the network in order to provide the requirement quality management needs to be met. These are very good features which I have extracted from Wikipedia (2009): “Examine the organization’s processes to cross check whether they are effective or not. Storing sufficient records Monitoring the standards of the outputs of the processes performed Individual processes are reviewed on daily basis to check their integrity and effectiveness Making sure to facilitate continual improvements of the business processes” Network Technology: As the organization size is not under consideration, for example if large number of employees are working on the network and transferring data at the same time also accessing network drives, this will degrade the network performance as in the client server architecture, all the data is processed by the server itself. As this is an SME, 10/100 Mbps CAT 5 is sufficient enough for the transmission of data. If the network design will be implemented using a Wi-Fi technology, then the scenario will be different. Lot of security issues will be taken under consideration. Password encryption methods will be used. REQUIREMENTS CAT 5 cables requires switch after 100 meters. As SME, located on a small area will not have an issue regarding the scalability requirements. CABLING: The CAT 5 cabling scheme uses both data and voice communication. Forensic lab needs communication between different employees on different stages of the investigation. The cabling should support variety of communication standards, keeping in my mind the future aspect of the upcoming technologies as compatibility issues are sometimes so costly that whole network architecture and design needs to be created. NETWORK INTERFACES: Network interface is an access, which is required for the communication between the workstation and the network. Generally network interface card (NIC) which is also called an Ethernet card is used as a network interface for connecting on the network. REQUIREMENTS As far as forensic laboratory security is concerned, data should not be allowed to be hacked, and unauthorized access should also be prevented. The workstations will use only a LAN (Local Area Network) interface. The communication from the internet will only be performed by the server which will be connected behind the firewall for filtration and virus prevention. If the workstations will be provided with the global IP address, threat ratio will increase significantly. NETWORK PROTOCOLS Network protocols are the sets of rules which are used for electronic communication between network devices and network based electronic devices. Network protocols are of various types depending on confidentiality and significance of data. Medium by which the data needs to be transferred is also important. REQUIREMENTS Forensic Lab already consists of two types of medium for interchanging the data from the network to the network devices. One medium is by the Ethernet cables and other is by the Wi-Fi connection. The network protocols will be used as per the nature of data which needs to be transferred. If the password is travelling in the data packet, then SSL may be used for encrypting the data. On a wireless router, SSID protocol broadcast should be deactivated, preventing the wireless router for UN authorized access. SSIS is a service set identifier which is used for capturing all the wireless routers within range, when broadcast from other routers. NETWORK SERVICE REQUIREMENTS Network services are the basic platform on which other integrated services are built, which are used for various purposes as per the organization requirements. RECOMMENDED REQUIREMENTS Active Directory: It is a service which was launched by Microsoft Corporation. As per the forensic lab requirements, active directory is the perfect solution for centralized administration, user security, preventing UN authorized data access, and if the system crashed the data will be restored by the profiles stored in the active directory server. Some core features I have mentioned here from Wikipedia (2009) are: “Network services which are required for the forensic lab are: For Directory services LDAP (Light weight directory access protocol) will be used. Kerberos-based authentication which is required to identify the network node. DNS-based naming and other network information Central location for network administration and delegation of authority Information security and single sign-on for user access to networked based resources The ability to scale up or down easily Central storage location for application data Synchronization of directory updates amongst several servers” Using the same database, for use primarily in Windows environments, Active Directory also allows administrators to assign policies, deploy software, and apply critical updates to an organization. Active Directory stores information and settings in a central database. Active Directory networks can vary from a small installation with a few computers, users and printers to tens of thousands of users, many different domains and large server farms spanning many geographical locations.” DATA AND NETWORK SECURITY REQUIREMENTS As per the current network scenario, there is no firewall present for data and network protection. Organizations are spending significant amount of money for data protection and security. As the forensic lab will provide data recovery, theft, and fraud on the internet, there is more risk of UN authorize access in the network of the lab. For example someone does not want the lab to investigate the case as he or she may use top hackers to access the network and delete all the facts and figures by which the wanted person will be captured. Searching on the internet (Bromide, 2009) I found network security threats which gives clear understanding regarding the types of threats which a network of an organization has to face: “Threats to network security include: Viruses : Computer programs written by devious programmers and designed to replicate themselves and infect computers when triggered by a specific event Trojan horse programs : Delivery vehicles for destructive code, which appear to be harmless or useful software programs such as games Vandals : Software applications or applets that cause destruction Attacks : Including reconnaissance attacks (information-gathering activities to collect data that is later used to compromise networks); access attacks (which exploit network vulnerabilities in order to gain entry to e-mail, databases, or the corporate network); and denial-of-service attacks (which prevent access to part or all of a computer system) Data interception : Involves eavesdropping on communications or altering data packets being transmitted Social engineering : Obtaining confidential network security information through nontechnical means, such as posing as a technical support person and asking for peoples passwords” FIREWALL: As per an electronic source (Tyson, 2009) firewall is defined as: “A firewall is a barrier to keep destructive forces away from your property. In fact, thats why it’s called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you will learn more about firewalls, how they work and what kinds of threats they can protect you from” Firewall is a mandatory requirement for any organization. Firewall can be hardware and software based. Software based firewall can itself be corrupted by the viruses in the system, or some specific hardware issue can prevent the system to turn off. To eliminate this issue hardware based firewalls are the best solutions. The firewall will be placed in the server room and the wan connection will be terminated initially on the firewall. There will be an email server after the firewall, Active directory Domain server, 2 file servers, and a backup server, samba server which is compatible and is integrated with the active directory. NETWORK PERFORMANCE REQUIREMENTS: Network performance relies on the network devices, topology used, and the cabling standards. The network should be compatible with the network devices and the cabling standards used, so that the data should be transmitted in the same synchronization rate with maximum supported maximum transmission units (MTU). Bandwidth requirements: As per the given map in the assignment, there are ten areas or departments, and the organization is expanding on immediate basis. Depending on the nature of the operation which will be performed by the forensic laboratory for example cell site analysis will depend on how fast the results are required. If instant results are required then high bandwidth connectivity is required for tracking the exact location of the cell phone. 1 Mb/sec bandwidth is required. Bandwidth allocation: The bandwidth needs to be prioritized. The employees who are involved in investigating instant bulk amount of searches of images for example pornography, then high bandwidth is required. For memory allocation a proxy server is required. ISA (Internet Security and Acceleration) server is recommended: ISA server will distribute the bandwidth as per the requirement. Groups can be made for example users can be categorized High Bandwidth Consumers Moderate Bandwidth Consumers Low Bandwidth Consumers We can prevent unwanted websites and downloads, which may result in degradation and denial of service. Cache management feature is an excellent feature for storing the web pages in the hard drive for providing fast access of heavy multimedia web pages. The MTU for the Ethernet CAT 5 may vary of Wi-Fi technology is used on the network. COMPATIBILITY REQUIREMENTS: The new network requirements should be compatible with the old one, which will definitely save the cost of the new setup in the old software house. The Hubs are not too costly to be considered for operation in the new network design. The start topology was previously implemented so it was easy to implement the client / server active directory domain controller server, which can be easily be integrated with the SAMBA server, ISA Server, File Server. The backup server, print server, file server will be used as it is as there is no need for replacing them with the current scenario. Network Components and devices which are replaced: Hubs, PDC server, CAT 5 cabling scheme and RJ 45 connectors. REFERENCES "Active Directory ." Wikipedia, the free encyclopedia. 12 Dec. 2009. . "ISO 9000, ISO 9000. "ISO 9000 ." Wikipedia. 12 Dec. 2009. < http://en.wikipedia.org/wiki/ISO9000>. Bromide, Bradley. "Your Source for Famous Quotes." The Quotation Page. 3 Dec. 2009. . Tyson, Jeff. "How Firewalls Work- Learn How Everything Works! ." HowStuffWorks. 12 Dec. 2009. . Read More