Network Security System - Case Study Example

Network Security System Table of Contents Table of Contents Introduction 2 Literature review 3 Research and Design 3 Information Security 4 Confidentiality, Integrity and Availability 4 Confidentiality 4 Integrity and Availability 4 Firewall 5 Information Security Issues 5 Antivirus and Antispyware 5 Firewall filtering 6 Assets, Vulnerabilities, Threats, and Attacks into information security 6 Assets 6 Threats and Attacks 6 Implementation 7 Server 7 Rooter 7 Testing and Evaluating 9 Conclusion 10 Bibliography 11 Introduction A network topology is crucial to the operations of a large institutions such an s a university. The present network topology and design of the computer present in the campus is highly at risk if being compromised in terms of Security Bridge. It faces also many challenges internally and externally. Internally the flow of information is not monitored well by the network. This is also a problem that needs to be checked before vital information is exposed to the public or whoever can access the information. The vital information of the University which is at risk of being compromised by malicious users should be checked by the use of a firewall in the computer system, either hardware firewall or software firewall (Mansfield-Devine, 2009). This paper evaluates the network topology in the institution in terms of efficiency and safety and provides the best alternative or option for maintaining the security apparatus of the network system in the institution. It specifically outlines the installation of a Perimeter Network Security system based on Cisco devices. Literature review Firewalls act as gatekeepers to any network. They allow or deny any traffic flow of data in any system. Filtering routers serve as alerts in case any malware interferes with the network (Mansfield-Devine, 2009). It is difficult to control all the security issues with a computer networking system using a single security solution. As a result, security measures are installed in form of multiple layers of several security details. In case one of the security layer or detail fails, then the others can take cover and ensure the system is always secured. The security system will entail various components installed to monitor and control the traffic flow. This system will consist of the following components: . Research and Design In my research about the case of the problem facing the current network present in the university, I have come to understanding that the star topology used in the system is not that bad but only needs a few adjustments and addition of some very important components. Information Security The security of information is an important component of the network system. In the present system centralized monitoring of the system is made possible which is a very important aspect of any network. This only needs to be improved to restrict users to only a limited amount of information on the system. It is also easy to extend the network by adding new computers and hardware to the system. In a few words the system is not completely bad but it has liabilities when the centralized point of the network becomes faulty the whole network breaks down, for this reason I have seen the need of improving the topology of the network from the current star topology to a more complex topology combining the star and bus linear topology. The complex topology will be more efficient and reliable in terms of security monitoring of the system (Roberts et al. 2000). Confidentiality, Integrity and Availability Confidentiality Other than external threats, the company should consider internal threats. The administration should ensure that none of the workers cause privacy problems in relation to the company data. It has been established that employees in various company can be involved in security and privacy breaches which calls for establishing of a centralized control point. The management will have a clearly defined policy to control security and privacy issues in the firm. Integrity and Availability With this form of network the integrity of the information in the system is guaranteed. With this form of arrangement the network will work more smoothly and security will be established more effectively taking in mind that I had placed a firewall at the bridge between the local network and the internet to monitor ingress and egress. I would also introduce a terminator at the end of each information cable to counter the problem of bouncing back of packet data. The bouncing back of data causes other well established and needed information to take a bit longer to reach its destination (Dario et al. 2010). Firewall To salve all the ingress and egress issues present in the system I would place hardware firewall or a computer that is running firewall software at the boundary of the two networks. This monitors users from outside accessing the local network without permission or also getting hand on information not meant for them. This also checks the local users from abuse of the internet as mentioned earlier in my introduction. The firewall may also be used to log all attempts to enter the private network and trigger alarms when a hostile unauthorized user is attempting to break through. It can also be used in address filtering (Vincenzo et al. 2009). Information Security Issues It is difficult to control all the security issues with a computer networking system using a single security solution. As a result, security measures are installed in form of multiple layers of several security details. In case one of the security layer or detail fails, then the others can take cover and ensure the system is always secured. The network will entail various components installed to monitor and control the traffic flow. This system will consist of the following components: Antivirus and Antispyware These will be installed to safeguard the software of employees from malicious programs such as viruses and worms Firewall filtering The system will also be installed with firewall filtering devices to block any illegal or unpermitted access to the network. It will also include a host-based firewall system to block illegal or unpermitted access to the host devices or at least filter the devices that can access information from the host. This will include a basic filtering device installed in the network’s main router to prevent unauthorized network. Since this is a network to serve an entire organization, it will require other security details. These will include a dedicated firewall system to enhance security, access control lists and intrusion prevention system (IPS). The security detail will be completed by a virtual private network. Assets, Vulnerabilities, Threats, and Attacks into information security Assets Other than security risked posed by hackers interfering with the system, the network might have issues with BYOD environment and cloud computing requirements. The security details installed will secure corporate data and ensure efficient and effective functioning of the system. Complete network security will consist of several items including protocols, WAP2 technology, devices and technologies to mitigate any risks. Threats and Attacks The system will be installed with relevant security measures to prevent attacks from viruses, worms and Trojans. These damage the software of any system and alter its functioning or even completely damage the entire network. The company should also be wary of spyware and adware that can affect the system. These usually collect information from a system secretly without the knowledge of other users. The system will be installed with logical and secured passwords to ensure that no one interferes with its functioning without authorization from the system administrator. Implementation In my proposed system I chose to use a combination of the bus topology with the star topology to form a complex topology that will be more effective. The star topology will be used to connect all computers in the system for effective administrative roles to be carried out by a single server. Server The rooter used in the system will connected to other rooters in the system in a bus topology arrangement. The arrangement will make data flow more effective through the otherwise big system and also make trouble shooting easier by the use of the rooters that indicate whether a connection is established or not (Andersen et al. 2010). At point a is where the cable enters the computer at this point a terminator is placed to prevent bouncing of data Rooter In a star topology all the parts of a network are linked to a core device called rooter and can either be a router or a switch. This is different from the Bus topology mentioned earlier in which nodes are linked together to a central wire where all the connections are fitted into a device through a point-point modification. It can thus be concluded that every PC is linked to a node through the rooter. In this case, all the data in this type of topology passes through the core device before being transmitted to the intended locations. The rooter therefore plays the role of a linking device for the various nodes in the network. It acts as a repeater or signal booster. The star topology is thus a type of Local Area Network (LAN) where all the nodes are independently linked to a core connecting point that is a rooter or a switch. A star will accommodate more cables compared to say a bus though it is vulnerable in case one of the nodes fails to function (Rochwerger et al. 2010). It requires a very strong central cable capable of controlling all the other rooter in the connection. It is however advantageous in the sense that it can function even with the failure of a single node provided it is not the central one. Since I am proposing the Star topology as the best form of network in terms of security and efficiency, I will provide a diagram of how the entire diagram will look like. The figure below represents a blueprint of how exactly all the devices in the system the system will be connected together to form a more effective and secure system than before. The security system will appear as shown below. The rooters are connected to computers in a star topology arrangement having a centralized point. This form of arrangement and topology is very efficient in terms of monitoring of the system using the administrative sever. It is also very easy to add more computers to the system since one will only need to add one cable to the star network topology adding the device to the system. Testing and Evaluating The changes I have suggested to be made to the system will definitely have a high impact in improving the security of the data in the network of the university. The understanding of the topology I chose to use together with the new components I introduced to the system will definitely make more effective and fast way of data sharing in a safe and faster way (Cucinotta and Berger 2010). Mesh topology would have also been an effective way to handle such an issue but will make use of a lot of cables in the system and will also be a bit more difficult to add more computers to the system. In the star topology this is made much easier and simpler. The combination of the bus topology together with the star topology and the various security components makes the network more secure. The rooters in the system would pose a great advantage since in a system it will indicate where there is flow of data at a point and thus saving a lot of time in trying to figure out where the problem might be. With this system I would have handled both present and future problems that might arise. The information used to determine the factors that the various components I have mentioned in this report are adopted from (computer security reference book) by K.M. Jackson (Kyriazis et al. 2010). Conclusion In my observation during the research I have come to realize that there is no complete way of having the network of a large institution with that many users both administrative and other users completely secure from security bridges. It faces many challenges of the system and also worse human problems. These may occur when a malicious user acquires the passwords to access information that was not intended for his or her knowledge. So it is highly recommended to keep the password very discrete and only to a limited amount of users so that the whole aim of improving the system does not go to waste. I would also recommend that officers be assigned the duty to monitor the system from time to time so as to keep it in good running conditions at all times and with this the system will serve the university for a very long time without having major problems. The topology used is a complex one and it will handle all the problems of insecurity within the system observed in the past (Rochwerger et al. 2010). This shows that the new topology used will be more superior to the one that was used before. In conclusion I highly recommend the new system layout together with the new components I had introduced into the system as a very effective way of tackling all the previous problems observed. Bibliography Cucinotta; S Berger (November 2010). "A Real-time Service Oriented Infrastructure". International Conference on Real-Time and Embedded Systems (RTES 2010) (Singapore). Dario Bruneo, Salvatore Distefano, Francesco Longo, Antonio Puliafito, Marco Scarpa, (2010). Workload-Based Software Rejuvenation in Cloud Systems. IEEE Trans. Computers 62(6) Kurose, James; Ross, Kieth (2005). Computer Networking: A Top-Down Approach. Pearson D. Andersen; H. Balakrishnan; M. Kaashoek; R. Morris (October 2001), Resilient Overlay Networks, Association for Computing Machinery, Retrieved 2014-11-12 Kyriazis, D; A Menychtas; G Kousiouris; K Oberle; T Voith; M Boniface; E Oliveros; T "Towards Continuous Cloud Service Assurance for Critical Infrastructure IT". The 2nd International Conference on Future Internet of Things and Cloud (IEEE FiCloud-2014). Retrieved 2014-11-11 Mansfield-Devine, Steve (December 2009). "Darknets". Computer Fraud & Security 2009 (12): 4–6 Rochwerger, B.; Breitgand, D.; Levy, E.; Galis, A.; Nagin, K.; Llorente, I. M.; Montero, R.; Wolfsthal, Y.; Elmroth, E.; Caceres, J.; Ben-Yehuda, M.; Emmerich, W.; Galan, F. (2010)"The Reservoir model and architecture for open federated cloud computing". IBM Journal of Research and Development 53 (4): 4:1–4:11. Roberts, Lawrence G.; Wessler, Barry D. (2000), "Computer network development to achieve resource sharing", AFIPS 70 (Spring): Proceedings of the May 5–7, 1970, spring joint computer conference, New York, NY, USA: ACM, pp. 543–549, Wendell Odom, Rus Healy, Denise Donohue. (2010) CCIE Routing and Switching. Indianapolis, IN: Cisco Press Vincenzo D. Cunsolo, Salvatore Distefano, Antonio Puliafito, Marco Scarpa: Volunteer Computing and Desktop Cloud: The Cloud@Home Paradigm. IEEE International Symposium on Network Computing and Applications, NCA 2009, pp 134-139 Read More