NETWORK information SECURITY, Assignments of Network security

In this project we created a scenario which includes 1 company which is based on 2 different locations. Location one is Kuala Lumpur, Malaysia, and location two is Singapore. Both locations are connected to each other with VPN and the aim of this project is to protect the connection between 2 locations.

Typology: Assignments

2020/2021
On special offer
30 Points
Discount

Limited-time offer


Uploaded on 06/16/2021

saleh-muataz
saleh-muataz 🇲🇾

4.3

(4)

9 documents

1 / 21

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CT0373-2-NWS
GROUP ASSIGNMENT
INTAKE CODE: APU2F2006IT
NETWORK SECURITY
CT0373-2-NWS
LECTURER NAME: YOGESWARAN A/L NATHAN
HAND OUT DATE: TH OF NOV 2020
HAND IN DATE: 19TH OF FEB 2021
GROUP MEMBERS NAMES/TPs:
ATTIA SALEH/TP049178
MOHAMMED MUTAHAR YOUSEF/TP056093
FARHAN KABIR FARSHID/TP046743
1 | P a g e
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
Discount

On special offer

Partial preview of the text

Download NETWORK information SECURITY and more Assignments Network security in PDF only on Docsity!

GROUP ASSIGNMENT

INTAKE CODE: APU2F2006IT

NETWORK SECURITY

CT0373-2-NWS

LECTURER NAME: YOGESWARAN A/L NATHAN

HAND OUT DATE:

TH

OF NOV 2020

HAND IN DATE: 19

TH

OF FEB 2021

GROUP MEMBERS NAMES/TPs:

ATTIA SALEH/TP

MOHAMMED MUTAHAR YOUSEF/TP

FARHAN KABIR FARSHID/TP

Table of Contents

Introduction.............................................................................................................................................................................

  1. Client workstations (sales, engineering, and finance) must be able to access the web server at the DMZ over HTTP and HTTPS. The web server should be reachable from the external clients over HTTP and HTTPS only. (Solution and configuration).................................................................................................................................
  2. Clients should also be able to put and get files via FTP to the same server. The company requires implementing FTP with a user and password is essential for each transaction. (Solution and configuration.).........................................................................................................................................................................
  3. Engineering and sales workstations must be able to access the Internet (to reach company B) over HTTP and HTTPS with DNS. No other protocol access is allowed to the Internet. (Solution and configuration.).........................................................................................................................................................................
  4. Client workstations must be able to check their e-mail on the e-mail server at the DMZ. (Solution and configuration.).........................................................................................................................................................................
  5. The e-mail server should be able to receive email from external hosts over the simple mail transfer protocol (SMTP). (Solution.).....................................................................................................................................................
  6. No client from the sales, engineering and finance department is able to access clients in the other departments. (Solution and configuration.).............................................................................................................................
  7. Bastion host works as an application proxy. You are required to explain the solution in detail. (Configuration is not required.)...............................................................................................................................................
  8. Connectivity between company-A in Kuala Lumpur and company-B in Singapore is a requirement. What is the best solution? Elaborate on the solution. (Configuration is not required)............................................................
  9. Data transmitted over the network must be kept disguised and only intended recipient can read it. Hackers are unable to understand the content even they are able to wiretap the communication. (Solution on the techniques, no configuration is required).....................................................................................................
  10. The company requires implementing intrusion detection systems (IDS). (No Configuration is required.).................................................................................................................................................................................
  11. Implement VPN between Singapore and Kuala Lumpur. (Configuration is required.)....................................................... CONCLUSIONS.......................................................................................................................................................................... References............................................................................................................................................................................... Figure 1configuration of web...................................................................................................................................................

Introduction

In this project we created a scenario which includes 1 company which is based on 2 different locations. Location one is Kuala Lumpur, Malaysia, and location two is Singapore. Both locations are connected to each other with VPN and the aim of this project is to protect the connection between 2 locations.

1. Client workstations (sales, engineering, and finance) must be able to access the web server at the DMZ over HTTP and HTTPS. The web server should be reachable from the external clients over HTTP and HTTPS only. (Solution and configuration)

Figure 1 configuration of web

Click on web/ftp server. Navigate to services>html to activate them. Protecting the internal Local area network from the untrusted traffic is a job assigned to DMZ commonly known as demilitarized zone. According to the scenario, the zone has a job to protect 3 things. The Web mail, the Web server and overall system to be protected by the Blackhat hackers who may try to intrude. Moving on to the question http and https are both commonly used protocols on the web. The difference between HTTP and HTTPS is the SSL that is configured in the HTTPS. HTTPS uses port 443 to make the connection

2. Clients should also be able to put and get files via FTP to the same server. The company

requires implementing FTP with a user and password is essential for each transaction.

(Solution and configuration.)

Protocols used for transferring, downloading, or uploading files are commonly known as FTP.

Figure 3 Create txt file on any sales or engineering pc

Figure 4 FTP login

Open command prompt on any of the sales or engineering pc. Write ftp (FTP server IP address) then enter ftp username and password to connect ftp on pc.

Figure 5 Upload File

After you logged into ftp from the pc now enter and put “text file name” which you created on pc to upload that file on ftp.

Figure 6 File check

Figure 7 DNS configuration

Make sure DNS server is on and you added DNS with web server IP address.

Figure 8 DNS Ip Configuration

4. Client workstations must be able to check their e-mail on the e-mail server at the DMZ.

(Solution and configuration.)

Figure 10 Email Server Configuration

Make sure smtp and pop3 services are on so that clients can send and receive emails

Figure 11 Email configuration on client pc

When you will try to configure email on client pc so you have to write your name which is registered on email server, email address with DNS, incoming/outgoing mail server would be email server IP address, and username password would be the details you used to create the user.

The scenario requires that the clients located In Kuala Lumpur will be able to check their following emails. Moreover, send and receive emails

5. The e-mail server should be able to receive email from external hosts over the simple

mail transfer protocol (SMTP). (Solution.)

In this scenario students must configure the SMTP port in the router so that external hosts can send emails. Configuration can be done via ACL to deny other ports like FTP, HTTP etc and only permit SMTP.

6. No client from the sales, engineering and finance department is able to access clients in

the other departments. (Solution and configuration.)

In this scenario Sales, Engineering and Finance departments should not be able to access clients in other departments. Here again students can use ACL to stop departments accessing clients which are not in their department.

7. Layer two securities is a requirement in the company-A LAN. (Solution and configuration.)

Figure 14 Layer two securities applied on Company-A Lan

Layer two is basically a data link layer which is responsible for transmitting data and packets across physical networks. In this scenario students should add port security in switches so that every unauthorized MAC (Media Access Control) can gain access to the internet.

8. Bastion host works as an application proxy. You are required to explain the solution in

detail. (Configuration is not required.)

Bastion host is basically a method which allows us to be used as an application proxy and disable all protocols which are not in use. Bastion hosts also have capability to protect the network from attacks. As other hosts have id password so if someone managed to hack into other services so they can harm our network but if we use bastion host which allows us to block all services like email, write, print, login, file transfer/edit/download and all other services so if someone even managed to get unauthorized access to our network still that attacker will not be able to do anything as everything will be disabled. Plus, point of Bastion host is that it does not have any id password.

9. Connectivity between company-A in Kuala Lumpur and company-B in Singapore is a

requirement. What is the best solution? Elaborate on the solution. (Configuration is not

required)

Best solution to create connectivity between company A and company B is VPN. It is fast and secure so both companies can communicate easily and access protocols which they have access for. Another best solution is that we can use fiber-optic connection. Fiber optic-built connections using the latest technologies present in the world. It is fast, stable and provides secure connection. Unless copper or any other wires which should be present in front of us like television cable connection, fiber optic transfer data with the speed of light and is buried down in earth.

Furthermore, we have to configure an access list between the two authenticators. Analyzing this

scenario, the case is two firewalls. This has to be done before doing any IPsec VPN tunneling.

After everything is configured and set up, the only thing left to do is to perform a crypto map and

put everything together. This allows them to be applied, configured, and created

The set consists of three important features which includes data validation, data encryption and

the encapsulation mode. Going on, one of the two VPN protocols that we configured is used to

encapsulate the payload for security. Going deep into why it is important to use it on the

authentication header is because the VPN protocols used are used to provide a big advantage in

data encryption that leads the road to even more secure security and transmissions of data

13. Implement SSL encryption between Singapore and Kuala Lumpur. (Solution)

Mostly these days, the communication on the internet is done on HTTPS. The main reason

behind it is that HTTP is a communication protocol whose job is to communicate between a web

server and a web client, the problem with this is that they communication is solely performed

without any encryption or security implemented so that the data travelling cannot be seen, but

because of HTTP protocol its really easy to read and know about the communication that is

taking place during a wiretap attack. So as a solution it is necessary that we implement an SSL

encryption between the communications so that they communications are encrypted rather than

open and disturbed.

The first step in implementing SSL is to obtain an SSL certificate. The main sole job of that

certificate is to provide a secure connection and communications between the web server and

web client over an SSL. Without that certificate the SSL will not work, and the secure

established connection could not be established. After this the client who is ready to

communicate with the web server will send a request using SSL encryption to identify itself to

the server. Then the server responds back with the encrypted public key that it has to the client, if

so, the clients trust the certificate, a message goes again back to the server that the connection is

confirmed, if so, the client does not then it is just going to result in loss of the communication

and transmission. After receiving the message, the server delivers a digital signed document to

start a secure session between them.

CONCLUSIONS

In the end, if the SSL is implemented between both the zones in Kuala lumper and Singapore the

data is secure and encrypted.