Network Security: Incident Response, Protocols, and Configuration, Assignments of Network security

learn it and use wisely. all the fact is from me and form online. it is very interesting paper and hop to improve to you.

Typology: Assignments

2020/2021

Uploaded on 01/17/2022

sitt
sitt 🇲🇲

1 document

1 / 45

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Sitt Thway Nyunt Unit 15: Network Security Batch-48
HND
Unit-5 Network Security
Head Quarter Network Security of Golden Dimension
1
Info Myanmar University
SITT THWAY NYUNT
Batch – 48
Second year, First semester
Start Date : 17/9/2021
End Date : 7/10/2021
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d

Partial preview of the text

Download Network Security: Incident Response, Protocols, and Configuration and more Assignments Network security in PDF only on Docsity!

HND

Unit-5 Network Security

Head Quarter Network Security of Golden Dimension

Info Myanmar University SITT THWAY NYUNT Batch – 48 Second year, First semester

Start Date : 17/9/

End Date : 7/10/

Contents

  • LO1 Examining of Network Security principle, protocols and standards...................
    • P1 Discuss the different types of Network Security devices...........................................
      • Computer Emergency Response Team........................................................................
      • Role of CERT..............................................................................................................
      • Important of Network Security....................................................................................
      • Network Security Devices...........................................................................................
      • Firewall........................................................................................................................
      • Intrusion Detection System (IDS)..............................................................................
      • Intrusion prevention system (IPS).............................................................................
      • Network Access Control (NAC)................................................................................
      • Proxy server...............................................................................................................
      • Network load balancer...............................................................................................
      • Span filters.................................................................................................................
    • P2 Examine Network Security Protocols.......................................................................
      • Network Security Protocols.......................................................................................
      • IPsec protocol.............................................................................................................
      • Hypertext Transfer secure protocol (HTTPS)............................................................
      • Secure shell (SSH).....................................................................................................
      • Secure socket layer (SSL) or transport layer protocol (TSL)....................................
      • Comparison between IPsec and SSL protocol...........................................................
      • IPsec operates.............................................................................................................
      • SSL operates..............................................................................................................
      • Comparing IPsec and SSL.........................................................................................
  • LO2 Design a secure network for a corporate environment........................................
    • scenario.......................................................................................................................... P3 investigate the purpose and requirements of a secure network according to a given
    • P4 Determine which network hardware and software to use in this network................
      • Network Hardware device.........................................................................................
      • Network Software......................................................................................................
      • Network Address Translation (NAT)........................................................................
      • Access List Control (ACL)........................................................................................
  • LO3 Configure Network Security measures for the corporate environment............
    • P5 Configure Network Security for your network.........................................................
      • Ip address...................................................................................................................
      • VLAN configuration in ASA firewall.......................................................................
      • DHCP configuration..................................................................................................
      • Default route configuration........................................................................................
      • SSH configuration......................................................................................................
      • NAT configuration.....................................................................................................
      • ACL configuration.....................................................................................................
      • Username Password and Enable mode password......................................................
    • P6 Discuss different cryptographic types of Network Security.....................................
      • Cryptography and features.........................................................................................
      • Types of Cryptography..............................................................................................
      • Traditional cypher......................................................................................................
      • Caesar cypher.............................................................................................................
      • Simple Substitution Cipher........................................................................................
      • Monoalphabetic and Polyalphabetic Cipher..............................................................
      • Playfair Cipher...........................................................................................................
      • Vigenere Cipher.........................................................................................................
  • LO4 Undertake the testing of a network using a Test Plan.........................................
    • P7 Create a Test Plan for your network.........................................................................
      • Test plan for the GD network....................................................................................
      • Private network to public network.............................................................................
      • Private network to DMZ network..............................................................................
      • Public network to private network.............................................................................
      • Public to DMZ network.............................................................................................
    • P8 Comprehensively test your network using devised Test Plan..................................
      • Evidence.....................................................................................................................
      • Private network to public network.............................................................................
      • Public network to private network.............................................................................
      • Public network to private network.............................................................................
      • Public to DMZ network.............................................................................................
  • Reference..........................................................................................................................

LO1 Examining of Network Security principle, protocols and

standards

P1 Discuss the different types of Network Security devices.

Computer Emergency Response Team Computer Emergency Response Team also known as CERT is a form of group they are security expert and their purpose are organization’s cybersecurity incidents protection with against, detection of and response. A CERT may be responsible for solving incidents such as data breaches and denial-of-service attacks, as well as sending out notifications and giving incident response guidelines. In addition, CERTs run continuing public awareness efforts and perform research to improve security systems. Figure (1.1) CERT Role of CERT Responding to computer security issues in order to restore control and reduce vulnerability, providing or supporting with efficient incident response and recovery, and avoiding computer security incidents from recurring are all aims that organizations are attempting to achieve. In general, there are three universal model for the incident, they are-  Protect  Detect  Respond

 Proxy server  Network Load Balancer (NLB)  Spam filter Firewall The firewall is the protector of our assets. A firewall is the defender of the entire network because it is related from one network to another network. In a network, data packets are transfer from one place to another and the firewall is filtering all these packets with the permit or deny rule based on the network for example (192.168.0.1 IP address is going to port 80 so then the firewall is checking the mechanisms rule and permit to go or deny). The firewall is acting as a tour gate in our real world. The firewall can be standalone or it may be associate with router or server infrastructure. The firewall is in both software and hardware. Firewalls are mostly used in enterprises or organizations and the only expert can handle those hardware and software firewalls. The firewall contains a console, RJ-45, USB port to communicate. Firewalls do not allow malware and illegal network traffic to access the systems of the company. The firewall will automatically reject any traffic or all traffic, or it may carry out verification in portion or all of the traffic, depending on the firewall policy of the organization. There is two widely known policies of firewall whitelisting and blacklisting. Whitelisting is denying all the connection except the allow special list and blacklisting is allows all the connection except the denies connections. There are 4 types of usually use firewall-  Packet-filtering firewalls  Stateful packet-filtering firewalls  Proxy firewalls  Web application firewalls

Figure (1.2) firewall Packet-filtering firewall Packet-filtering firewall is primary and monitoring incoming and outgoing packets by controlling the network access and allow those packets permit or deny based on the ACL (Access control List) rule which is contain ports, protocols and source or destination IP address. In Layer 3 and 4 of the OSI model, Packet-filtering firewall can be found. The primary advantage of packet-filtering firewalls is the speed with which they operate, as the majority of work occurs at Layer 3 or lower, and no specialized application-level expertise is necessary. Typically, packet-filtering firewalls are used in the outskirts of an organization's security networks. For example, packet-filtering firewall are huge successful at defending against denial-of-service (DoS) cyber-attack that attempt to bring down critical services on internal networks.

Proxy firewall Proxy firewalls operate at the OSI model's Application layer. While proxy firewalls are the most secure form of firewall, they sacrifice speed and functionality by limiting the apps that the network may handle. A proxy firewall provides greater security because, unlike other types of firewalls, information packets do not travel via a proxy. Rather than that, the proxy works as a middleman; computers connect to the proxy, which then establishes a new network connection in response to the request, thus acting as a mirror of the data transmission. This eliminates direct connections and packet transmission between the two sides of the firewall, making it more difficult for attackers to deduce the network's location based on packet information. A firewall proxy server allows computers on a network to access the internet, but is primarily used to ensure safety or security by regulating the information that enters and exits the network. Firewall proxy servers filter, cache, log, and manage client requests to keep the network safe and virus-free. Web application firewall (WAF) A WAF, also known as a web application firewall, is a security tool that helps safeguard web applications by filtering and monitoring HTTP traffic between a web application and the Internet, among other things. Web applications are usually protected against attacks such as cross-site forgery, cross-site scripting (XSS), file inclusion, and SQL injection, among other things, using this kind of security. As a layer 7 protocol protection in OSI, a WAF does not aim to protect against all kinds of assaults. This technique of attack prevention is often used as part of a larger set of tools that work together to provide a comprehensive protection against a variety of malware attacks. By installing a Web application firewall (WAF) in front of a web application, a barrier between the web application and the Internet is created. While a proxy server shields the identity of a client machine through the use of an intermediary, a WAF acts as a reverse proxy, shielding the server from exposure by requiring clients to pass through the WAF before accessing the server.

Intrusion Detection System (IDS) An intrusion detection system (IDS) helps to improve cybersecurity by identifying a hacker or malicious software on a network so that it can be removed quickly to prevent a breach or other problems, and by using the data logged about the event to better defend against similar intrusion incidents in the future. Investing in an intrusion detection system that allows us to respond to assaults promptly can be considerably less expensive than repairing the damage caused by an attack and dealing with the legal concerns that arise as a result of the attack. Intrusion prevention system (IPS) An intrusion prevention system (IPS) is a network security technology that not only detects attackers but also prevents them from launching any known attack effectively. Intrusion prevention systems (IPS) are a hybrid of firewalls and intrusion detection systems that combine their capabilities. However, putting in place an efficient intrusion prevention system on a large scale may be expensive, so organizations should carefully consider their IT risks before investing. Furthermore, some intrusion prevention systems (IPS) are not as fast or as strong as other firewalls and intrusion detection systems, thus an IPS may not be the best choice when speed is a must-have feature in a network environment. Network Access Control (NAC) NAC is a network security control device that limits network resources' access to endpoint devices that adhere to your security policy. Certain NAC systems can automatically secure non-compliant devices before enabling them to connect to the network. Network access control can significantly improve a network's endpoint security. Before granting access to the network, NAC verifies that the device's security settings comply with the specified security policy; for example, it may verify that the host is running the most recent antivirus software and updates. The device is permitted to join

communications, they can also be used to scan outbound messages to assist in identifying internal PCs that may have caught a virus.

P2 Examine Network Security Protocols.

Network Security Protocols Network Security Protocols are used to secure the computer data and communications while they are in transit between the network end-devices, router and servers and they define rules. Cryptography is the main technique used to secure data during its transmission over a network. Cryptography makes data unreadable to unauthorized users by encrypting it using algorithms. Cryptography, in general, relies on a set of rules or protocols to control data flow between devices and networks. These cryptographic methods, when combined, significantly improve the security of data transmission. There are well known network security protocols, they are-  IPsec protocol  Secure hypertext transfers secure protocol (https)  Secure socket layer (SSL) or transport layer protocol (TSL)  Secure shell (SSH) The main purpose for these protocols is to prevent form the network such as unauthorized user permission and encryption to secure network. IPsec protocol Internet Protocol Security (IPsec) is a collection of protocols that are used in connection to providing encrypted communications between devices. It contributes to the security of data sent over public networks. IPsec is a kind of VPN that is often used to establish virtual private networks. It operates by encrypting IP packets and verifying the source from which the packets originate. "IP" represents the "Internet Protocol" and "sec" refers to the word "secure." The Internet Protocol (IP) is the protocol of default for sending data over the Internet, and it assigns IP addresses to indicate where the data will go. Authentication and encryption are

Hypertext Transfer secure protocol (HTTPS) HTTPS (hypertext transfer protocol secure) is an updated version of the HTTP protocol and it is much better in security, which is the main protocol used to transmit data between a web browser and a website. HTTP is a short form that stands for hypertext transfer protocol secure. It is necessary to encrypt HTTPS traffic to improve the security of data transmission. In particular, when users send sensitive data, such as when entering into their bank account, email service, or health insurance provider, security measures must be taken. HTTP port is 80 and HTTPS port is 443. The main difference between HTTPS and HTTP is HTTPS protects data sent over a network, especially public networks such as Wi-Fi. Due to the fact that HTTP is not encrypted, it is susceptible to attack by eavesdropping attackers who may get access to a website's database and critical information. Due to its bidirectional structure, HTTPS encryption ensures that the data is encrypted on both the client and server ends of the network connection. Only the client has the ability to decode the information received from the server. Consequently, HTTPS encrypts data sent between a client and a server, providing protection against eavesdropping, falsifying information, and tampering with information. HTTPS should be used on every website, but it is particularly important for sites that need login credentials. Websites that do not utilize HTTPS are marked differently from those that do. This is true even in contemporary web browsers such as Chrome. Secure shell (SSH) SSH, also referred to as Secure Shell or Secure Socket Shell, is a network protocol that enables users, especially system administrators, to securely access a computer across an insecure network. SSH is a term that refers to a suite of services that perform the SSH protocol in addition to offering secure network services. Secure Shell enables robust password and public key authentication, as well as secure data transmission between two computers connected over an open network, such as the internet. Along with offering robust encryption, SSH is commonly used by network

administrators to remotely manage systems and programs, allowing them to log in to another computer across a network, execute commands, and transfer data between computers. SSH is a term that refers to both the cryptographic network protocol and the collection of tools that implement it. SSH operates on a client-server system, linking a Secure Shell client program, which serves as the front end for the session, to an SSH server, which serves as the back end for the session. Oftentimes, SSH installations include support for application protocols such as terminal emulation and file transfers. An SSH server listens on the TCP port 22 of the standard Transmission Control Protocol (TCP). Secure socket layer (SSL) or transport layer protocol (TSL) SSL is a networking protocol that was created to protect communications between web clients and web services across an unsecured network, such as the internet. SSL was also used to authenticate and encrypt other applications at the network transport layer, in addition to protecting internet connections. SSL was usually used to encrypt data sent between a web browser (client) and a website (server). It enabled secure transactions between customers and companies, laying the groundwork for the development of e- commerce. Without SSL, a threat actor may intercept data transmitted to and from a website. in 1995, Netscape was developed TSL and later SSL is the predecessor of TSL. SSL secures connections between devices interacting over a TCP/IP network by encrypting public and private keys and performing other cryptographic tasks. SSL uses asymmetric cryptography and public-key encryption to scramble clear text input on a website. This is only one use of public key infrastructure (PKI) that today companies take advantage of.

IPsec operates IPsec, commonly known as Internet Protocol Security, is the standard architecture for protecting IP network communication and is defined by the Internet Engineering Task Force. Internet Protocol Security (IPsec) defines methods through which IP hosts may encrypt and authenticate data sent at the Internet Protocol network layer. In order to establish a secure tunnel between two organizations that are identifiable by their IP addresses, IPsec is needed. When connecting a remote host to a network VPN server, IPsec VPNs are usually utilized the traffic transmitted over the public internet between the VPN server and the remote host is encrypted between the two parties. When communicating hosts utilize IPsec, they can negotiate which cryptographic methods will be used to encrypt or authenticate the data being sent. SSL operates Modern SSL VPNs utilize Transport Layer Security (TLS) to encrypt streams of network data that are being sent between processes. The Transport Layer Security (TLS) protocol allows for the encryption and authentication of communications between applications. The IP addresses of the endpoints, as well as the port numbers of the applications executing on those endpoints, are often used to describe these connections. TLS allows the communicating hosts to agree which cryptographic methods will be used to encrypt or authenticate data in order to protect their privacy and security. While certain settings allow for the usage of obsolete SSL versions, security best practices suggest that only the most recent versions of TLS be used wherever possible. Comparing IPsec and SSL In order to make the best decision for any enterprise, they should consider the following factors are network's circumstances, their needs, and company budget. The real choice should be based on fact-based assessments of benefits and drawbacks as they relate to the actual deployment, not on philosophical or theoretical preferences for one model over the others.

to compare IPsec vs. SSL virtual private networks, it is necessary to identify the needs of the business and its users, as well as the most essential features and functions of the VPN to be compared.