Security Analysis of A2Z and Redesign of its Network - Assignment Example

Security Analysis of A2Z and Redesign of its Network Insert Insert Introduction In this report, I examine the merging of two companies to form one. ABC, which is virtual with a proprietary website, joins efforts with XYZ a brick and mortar company. ABC does a preliminary work on the invitations they get consult with their designer for a final product. XYZ, on the other hand, ensures that their customers submit designs and are in a position to track their orders. They also do management and invoicing of their system. Consequently, ABCs infrastructure will couple with XYZs network diagram. ABC moves its facilities to use XYZs data center and their systems. Both companies individually have had security loopholes in the past. As A2Z, they have agreed to address this issue by hiring me to carry out a safety analysis on their network and make recommendations on how to establish it securely. My duty will involve carrying out a reconnaissance on XYZ to find out the kind of information that is available to an attacker. I will then analyze the XYZ network diagram using their latest network diagram and nmap report chart. Further, I will ascertain the users password strength and redesign the system. In addition, I will establish system hardening procedures for both IIS and Apache. Finally, I will create a security policy and a template for future security systems. Reconnaissance Information gathering I gathered information on XYZ so as to ascertain the kind of information that was readily available to attackers. The findings included the location of the company that was One Microsoft Way, Redmond, WA 98052-6399. It also included the workers of the organization all the way from its founder. The breakdown of the workers obtained appears below: Name of the work Their duty William H. Gates III Founder and Technology Advisor, Microsoft Corporation Maria M. Klawe President, Harvey Mudd College Teri L. List-Stoll The Executive V. P and chief financial Officer, at the Kraft Foods Group, Inc. G. Mason Morfit President, ValueAct Capital Satya Nadella Chief Executive Officer, Microsoft Corporation Charles H. Noski Former Vice Chairman, Bank of America Corporation Dr. Helmut Panke Former Chairman of the Board of Management, BMWAG Charles W. Scharf Chief Executive Officer, Visa Inc. John W. Stanton Chairman, Trilogy Equity Partners John W. Thompson Chairman, Microsoft Corporation The information also revealed the IP address of the XYZ as 134.170.185.46 and 134.170.188.221. In addition, it also demystified the mail server IP as ns1.msft.net alongside with the uniform resource locator as Microsoft.com. More pertinent was the listing of sites linking to the XYZ. They included 188 internal connections and 232 outbound connections. Current Network Diagram Analysis Through the results of NMAP scan, the official network diagram of XYZ before merging with ABC is shown. It reveals that the servers used are windows server version 2003. The company uses a private IP address of 192.168.x.X where x represents variations in the different servers in the enterprise. Quantitative Analysis Ranking of Assets Assets in A2Z are grouped and listed after the two companies come together. Each company, individually owned assets(Katsaros, Dimokas & Tassiulas, 2010). After you categorize them, their market value is then established. Such information is vital to the company. The purpose is to determine proper means to ensure that assets are well taken care of and accounted NMAP Analysis NMAP analysis depends on the results of the NMAP scan done as part of an agreement for consultation with infosecwizards. It reveals vital information on the fascinating ports on XYZDomainController, XYZInviteDesign, XYZAcct, XYZPrinting and XYZChart. Further, at each of the above classifications of ports, the type of operating system and the number of filtered ports is revealed. It shows the internet protocol of the server at any given point. Nmap was able to tell 6 IP addresses alluding to six hosts present in a span of 42.27 seconds. The service information was a Linux-based operating system 2.5.25 -2.6.3 or Gentoo 1.2 Linux 2.4.19 rec1-rc7. The breakdown is as follows: Interesting ports on XYZDomainController IP address: 192.168.0.1 Filtered ports not shown: 997 Service information: Os: Microsoft Windows 2003 Server or XP SP2 Port State Service Product Version Extra Info 135 TCP open Msrpc     139 tcp open netbios-ssn     427 TCP open Svrloc     445 tcp open Microsoft-s     Interesting ports on XYZInviteDesign IP address: 192.168.0.2 Filtered ports not shown: 997 Service information: Os: Microsoft Windows 2003 Server or XP SP2 Port State Service Product Version Extra Info 135 tcp open Msrpc     139 tcp open netbios-ssn     427 tcp open Svrloc     445 tcp open Microsoft-ds     Interesting ports on XYZAcct IP address: 192.168.0.3 Filtered ports not shown: 997 Service information: Os: Microsoft Windows 2003 Server or xp SP2 Port State Service Product Version Extra Info 135 tcp open Msrpc     139 tcp open netbios-ssn     427 tcp open Svrloc     445 tcp open Microsoft-ds     Interesting ports on XYZPrinting IP address: 192.168.0.4 Filtered ports not shown: 997 Service information: Os: Microsoft Windows 2003 Server or xp SP2 Port State Service Product Version Extra Info 135 tcp open Msrpc     139 tcp open netbios-ssn     427 tcp open Svrloc     Interesting ports on XYZPrinting IP address: 192.168.0.4 Filtered ports not shown: 997 Service information: Os: Microsoft Windows 2003 Server or xp SP2 Port State Service Product Version Extra Info 135 tcp open Msrpc     139 tcp open netbios-ssn     427 tcp open Svrloc     Interesting ports on XYZWebsrv IP address: 192.168.0.5 Filtered ports not shown: 997 Service information: Os: Microsoft Windows 2003 Server or xp SP2 Port State Service Product Version Extra Info 135 tcp open Msrpc     139 tcp open netbios-ssn     427 tcp open Svrloc     1025 tcp open NFS-or-IIS     Interesting ports on XYZChart IP address: 192.168.0.6 Ports that are closed are not shown but are scanned: 1656 Service information: Os: Microsoft Windows 2003 Server or xp SP2 Password Cracking Their system did not consider putting into place any password policy. Consequently, there were fragile passwords used as indicated by the md5 decrypter (Shin & Yoon, 2012). The attackers did not have to struggle to get these passwords since they were common passwords. The results are as follows: 5f4dcc3b5aa765d61d8327deb882cf99 - MD5 :password 200ceb26807d6bf99fd6f4f0d1ca54d4 - MD5 :administrator 391d878fd5822858f49ddc3e891ad4b9 – NTLM :devry a2345375a47a92754e2505132aca194b – NTLM :windows Policy Creation A2Z now needs a new policy to govern its security to avoid future breaches. They mostly involve protection from losing data, weak password policy and the computer system behaving abnormally. Further, it is to prevent the dissemination of information from its website to the attackers. It involves the use of antivirus, adware, and spyware. The policy covers how often to carry out the routine maintenance and updating computer systems. Moreover, it tastes programs that aid to eliminate malware. In addition, it blocks individual emails and determine the best antivirus for the server (Shin & Yoon, 2012). Furthermore, it includes encapsulating the firewall and how to transfer information to trusted sites. The new policy will cover the use of computer systems in the company in entirety. It encompasses bring your device. All network connections in the organization are inclusive. The antivirus should be installed computers in the organization and provide real time protection. It protects the files and the applications. Its successful use will depend on frequent updates presumably once a week and scanning of files at the terminals and the servers on a weekly basis. Spyware is a software application that collects information from the clients computer while they are online and delivers it to third parties. Use of anti-spyware is vital to detect and protect the organizations data from leaking out to other parties. There are exclusions when not mandatory. It includes systems running SQL server, dedicated mail servers or a different platform from Windows. Before that, the owners need permission to do so from the system administrators. The security manager has the mandate to remove or prevent the adware. They need to do this in the awareness of the management. They also need to narrate to the management the standards and compliance of antivirus that can remove or manage the adware. There is anti-spyware that also does the same. There are security tools to aid the company avoid these attacks. They include network-based antivirus. Malware operating at this interface will surpass firewall penetration. Host-based antivirus stops strange malware. They commonly target the servers and client Stations. Network-based web content filtering helps evade malware on the web. Include spyware to detect and removal utility (Zhang, 2005). It eliminates spyware commonly aiming at the servers and terminal points. Network-based spam filtering works to spyware that target emails and could alter vital files in the system. To monitor intrusion to the network and avoid worms, use network-based intrusion prevention. Recommendations Redesigned Network Diagram Information Security Policies The security systems will under updates, maintenance, and the authenticity. Computer systems that are allowed in the organization are those that have been tested and certified (Practical Packet Analysis: using Wireshark to solve real-world network problems, 2011). Even personal gadgets allowed in the organization have to be ascertained to avoid malicious attacks or other charges in case they are counterfeit. Maintenance in the group should be scheduled to happen after a particular period. It ensures that the lifespan of the gadgets increases and their uptime period enhanced. It avoids attacks that could come as a result of negligence. Updating the system ensures that the latest security updates and patches installs in the machines. Consequently, they cannot handle new malware and viruses that are better adapted to surpass old security systems. Web server hardening procedures IIS Administrators managing IIS need to make sure that it is locked down. It is because Internet Information services are a common target for hackers. First, you need to set up NTFS specifically for IIS application and data. You also need to set permissions on the drive according to the user level (XU, 2009). For instance, the developer has full access while the user has read and executed only permission. In addition, you use a software firewall to make sure that end users cannot have access to other ports on the IIS machine apart from port 80. Web server hardening procedures Apache There is the need to disable directory browsing especially for users of the internet. Htaaccess would allow such users to overwrite the default Apache directives that might become detrimental to the institution (Shin & Yoon, 2012). It is also very necessary to eliminate the banner showing the server version. Exposing the server version accelerates the hackers speed of speeding the reconnaissance process. It is also required to disable directory listing in browsers. It ensures that visitors do not see the files and folders you have under the root directory or subdirectory. References Airoldi, E. (2007). Statistical network analysis. Berlin: Springer. Katsaros, D., Dimokas, N., & Tassiulas, L. (2010). Social network analysis concepts in the design of wireless Ad Hoc network protocols. IEEE Network, 24(6), 23-29. doi:10.1109/mnet.2010.5634439 Practical Packet Analysis: using Wireshark to solve real-world network problems. (2011). Network Security, 2011(8), 4. doi:10.1016/s1353-4858(11)70082-4 Shin, S., & Yoon, M. (2012). Virtual vectors and network traffic analysis. IEEE Network, 26(1), 22-26. doi:10.1109/mnet.2012.6135852 XU, Y. (2009). Reconfigure ZigBee Network Based on System Design. Wireless Sensor Network, 01(03), 206-211. doi:10.4236/wsn.2009.13027 Zhang, L. (2005). Network design. New York, NY: Springer. Read More