Network Security: Threats, Procedures, and IT Security Solutions, Study Guides, Projects, Research of Network security

Its consist of security issues related to Network and elements related to increase it.

Typology: Study Guides, Projects, Research

2017/2018

Uploaded on 06/23/2022

rd-chhanel
rd-chhanel 🇳🇵

3.5

(6)

24 documents

1 / 49

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Security Assignment
Table of Contents
PART ONE............................................................................................................................................5
Introduction........................................................................................................................................5
Risks in Network Security..................................................................................................................5
1. Physical Threats.........................................................................................................................5
2. Network Threats.........................................................................................................................5
3. Host Threats...............................................................................................................................6
4. Application Threats....................................................................................................................6
Organizational Security Procedure.....................................................................................................7
Developing local policy, process, and guidance............................................................................7
Designing network and user authentication strategy......................................................................8
Identifying Network Vulnerabilities and Threats...........................................................................8
Identifying Problems and Resource Requirements........................................................................9
Creating Plans for Identified Resource Requirements...................................................................9
Applying Appropriate Information Assurance Controls................................................................9
Performing Certification and Accreditation.................................................................................10
Providing Information Assurance Training..................................................................................10
Conclusion........................................................................................................................................10
PART TWO..........................................................................................................................................11
Introduction......................................................................................................................................11
Firewall.............................................................................................................................................11
Virtual Private Network (VPN)........................................................................................................12
Types of VPN...............................................................................................................................13
Benefits of VPN...........................................................................................................................13
Third Party VPN...............................................................................................................................14
Impact of Firewall and VPN on IT Security.....................................................................................14
Avinna Shrestha (HND / Second Semester)
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31

Partial preview of the text

Download Network Security: Threats, Procedures, and IT Security Solutions and more Study Guides, Projects, Research Network security in PDF only on Docsity!

Table of Contents

  • PART ONE............................................................................................................................................
    • Introduction........................................................................................................................................
    • Risks in Network Security..................................................................................................................
        1. Physical Threats.........................................................................................................................
        1. Network Threats.........................................................................................................................
        1. Host Threats...............................................................................................................................
        1. Application Threats....................................................................................................................
    • Organizational Security Procedure.....................................................................................................
      • Developing local policy, process, and guidance............................................................................
      • Designing network and user authentication strategy......................................................................
      • Identifying Network Vulnerabilities and Threats...........................................................................
      • Identifying Problems and Resource Requirements........................................................................
      • Creating Plans for Identified Resource Requirements...................................................................
      • Applying Appropriate Information Assurance Controls................................................................
      • Performing Certification and Accreditation.................................................................................
      • Providing Information Assurance Training..................................................................................
    • Conclusion........................................................................................................................................
  • PART TWO..........................................................................................................................................
    • Introduction......................................................................................................................................
    • Firewall.............................................................................................................................................
    • Virtual Private Network (VPN)........................................................................................................
      • Types of VPN...............................................................................................................................
      • Benefits of VPN...........................................................................................................................
    • Third Party VPN...............................................................................................................................
    • Impact of Firewall and VPN on IT Security.....................................................................................
    • Demilitarized Zone (DMZ)...............................................................................................................
    • Network Address Translation (NAT)...............................................................................................
    • NAT Terms.......................................................................................................................................
      • Inside Local Address:...................................................................................................................
      • Inside Global Address:.................................................................................................................
      • Outside Local Address:................................................................................................................
      • Outside Global Address:..............................................................................................................
    • Types of Network Address Translation (NAT)................................................................................
      • Static NAT:..................................................................................................................................
      • Dynamic NAT:.............................................................................................................................
      • Port Address Translation (PAT):..................................................................................................
    • Advantages of NAT..........................................................................................................................
    • Disadvantages of NAT.....................................................................................................................
    • Use of NAT to improve network Security........................................................................................
    • Static IP Routing...............................................................................................................................
      • Advantages of Static IP Routing..................................................................................................
      • Disadvantages of Static IP Routing..............................................................................................
    • Conclusion........................................................................................................................................
  • PART THREE......................................................................................................................................
    • Introduction......................................................................................................................................
      • Identify and Prioritize Assets.......................................................................................................
      • Identify Threats............................................................................................................................
      • Identify Vulnerabilities.................................................................................................................
      • Analyze Controls..........................................................................................................................
      • Assess the Impact a Threat Could Have.......................................................................................
      • Prioritize the Information Security Risks.....................................................................................
      • Recommend Controls...................................................................................................................
      • Documentation of Results............................................................................................................
    • Data Protection and Regulation........................................................................................................
      • Identify and Access Management (IDAM)..................................................................................
      • Data Loss Prevention....................................................................................................................
      • Encryption & Pseudonymization..................................................................................................
      • Incident Response Plan................................................................................................................
      • Third-Party Risk Management.....................................................................................................
    • Conclusion........................................................................................................................................
  • PART FOUR........................................................................................................................................
    • Design and Implement a security policy for an organization...........................................................
      • DMZ.............................................................................................................................................
      • VPN..............................................................................................................................................
      • Domain Controller........................................................................................................................
      • Group Policy................................................................................................................................
      • Domain Policy..............................................................................................................................
      • Backup Policy...............................................................................................................................
      • Firewall Policy.............................................................................................................................
    • Design of Security Policy of HDLC Bank.......................................................................................
      • Password Policy...........................................................................................................................
      • NTFS Security Policy...................................................................................................................
      • Quota Management Policy...........................................................................................................
      • Group Policy................................................................................................................................
      • Firewall Policies...........................................................................................................................
    • Disaster Recovery Plan.....................................................................................................................
    • Data Backup and Recovery..............................................................................................................
      • Data Backup Method....................................................................................................................
    • Redundant Array of Inexpensive Disks (RAID)..............................................................................
    • Storage Area Network (SAN)...........................................................................................................
    • Internet Small Computer System Interface (iSCSI).........................................................................
    • Business Continuity Plan (BCP).......................................................................................................
    • Conclusion........................................................................................................................................
  • References............................................................................................................................................

PART ONE

Introduction Network is the set of computer or networking devices connected together to establish communication between the computers and to share data and resources electronically. Large enterprise and business such as banks, international companies, etc. remain connected with its branches and associates with the help of network. The data and information shared by them in the network may be confidential and should be kept secured and encrypted. In this technological and modern world, data of anything is very valuable which costs a million of dollars. So, people try to steal that data in order to earn money by selling data or to know the secrets of military or the government or business and cyber- crimes are increasing day-by-day. Cyber criminals use various techniques and tools in order to bypass the security in-place or to breach the network. Techniques and tools previously used by cyber-criminals to breach the network can be identified earlier to design and implement a proper risk management plan to mitigate the potential risk. Risks in Network Security

1. Physical Threats Physical threats are the threats which are caused by physical actions and events which could lead to damage and loss of data from hardware, software, and networks. There are mainly two types of forces internal and external forces which are sources of physical risks. External forces are those forces which can happen any time and no one knows the actual occurrences of these events. Some of the external forces are natural disasters such as flood, earthquake, landslide, wildfire, tsunami, etc. and vandalization of the private property and hardware’s storing the data. We cannot tell the actual damage these physical risks can cause to the system and company so, the solution for these types of risks is to back up all the data and information to multiple locations so that, at the time catastrophe, the data can be easily restored and resume the services. Internal forces that affect the system or network is likely to happen because of the lack of maintenance, proper indoor storage environment, hardware malfunction, and lack of interest and determination. 2. Network Threats Network threats likely occur in a network or cloud which stores a confidential data and if criminals bypass the security measures then it causes a high impact to the company or a government. There are Avinna Shrestha (HND / Second Semester)

which can be exploited easily and caused because of several reasons such as use of old versions, cracked applications, bugs in an application, etc. Also, an application has become so critical in a business that without which the business cannot function properly and has become the main target of attackers. There are various types of threats to an application of an organization such as SQL Injection (Technique used to inject malicious SQL query in a SQL query of an application intended to destroy the database), Cross-site Scripting (Inject client-side script into application to steal cookies), Buffer overflow attack (Putting more data into the buffer than it can handle resulting into corrupting, overwriting, and overflowing of the data stored in the disk), Session Hijacking (a type of attack in which stolen session login details cookie is used to access other’s session state). This type of attack can be mitigated or prevented by validating all kinds of data entering and exiting the network, transfer data through secure layer such as HTP, SSH over Telnet, etc., blocking overflow data, etc. Organizational Security Procedure Organizations depend on data and effective network for carrying out various tasks for the growth and success of an organization. Data/Information in the system may be important for the company and to get hand on that data various outsiders and hackers tend to gain access to the system by identifying and exploiting the vulnerabilities present in a network system. So, to prevent any kind of attack to an organization’s network proper security procedure should be implemented in a network system to minimize or eliminate the vulnerabilities of a system and monitor different network traffic as well as network activities of every employee of a company. “A security procedure is a set sequence of necessary activities that performs a specific security task or function. Procedures are normally designed as a series of steps to be followed as a consistent and repetitive approach or cycle to accomplish an end result.” (Fay & Patterson, 2018) Once security procedures are implemented, it provides set of actions for regulating various security events of an organization which includes training, auditing processes and network, and improvement of a network system over time while maintaining integrity, confidentiality, availability, and authenticity of a data/information stored in a network system. Some procedure for maintaining network security of an organization are as follows: Developing local policy, process, and guidance Policies are the first and foremost security procedure that should be defined and developed to control all the activities of a network and monitor different types of network traffic flowing into the network and achieve the desired objective of the policy using procedures. Before developing and documenting any kind of policies, the overall objective of a policies and processes and system Avinna Shrestha (HND / Second Semester)

affected by the policies must be defined. Guidelines are the standards and baselines that defines configurations, products and other methods to secure the network system. After defining the policies, next step is to develop procedures or processes which defines how to use guidelines and standards while implementing countermeasure which supports the defined policy. These processes can be used to outline everything from configuration of system operating system, hardware, software, and databases to the process of adding, updating, deleting users, hardware, and software. Designing network and user authentication strategy In today’s generation, to have proper establishment and settlement of a business, a proper network system is required so that all the works can be done through network to save time as well as resources. So, before implementing network system in a business, it is necessary to create a network design of a company based on its needs, desires, and the criticality of a system to different types of threats. Network of a company must include different networking hardware and software’s to secure the network from any kind of external as well as internal threats. Additionally, we can implement different policies into the network such as we can define rights and permissions for different user’s based on their job position in the company and their level of expertise to prevent unnecessary access and usage of data by different employees’ of a company. Also, with proper authentication strategy, we can make network system more secured and reliable by allowing only authenticated users to gain access of the system and its resources by limiting unnecessary expenditure on maintenance, repairs, and updates of a network hardware used to secure the data stored in a system. Identifying Network Vulnerabilities and Threats Different organizations have their own network system and each organization stores particular type of data in its network system which may be critical and confidential. So, different attackers or hackers tries gain access to network system and ultimately to the data stored in a network by exploiting the vulnerabilities present in the system. Threat can be anything or person that could potentially exploit the existing vulnerability of a system to breach the network security in place and harm an organization. On the other hand, vulnerability is a weakness present in a network system which the threat exploits to gain access to the system and carry our illegal tasks. So, the vulnerabilities of the system should be identified along with the threats that could exploit that vulnerability and the risks associated with these threats and vulnerabilities should be analyzed and evaluated to develop a plan to eliminate or minimize the identified vulnerabilities of a system. Avinna Shrestha (HND / Second Semester)

Controls includes devices like Firewalls, data encryption, data backup and restoration, security policies, configuration, etc. Performing Certification and Accreditation Certification and Accreditation is a systematic process in which a system and its activities are evaluated, tested, described, and authorized before or after its deployment. In certification process, a system, process, event, or product is evaluated against the pre-defined policies and standards. Whereas, Accreditation is the process in which credibility is given by authorized third-party organization. Certification and accreditation helps an organization to verify that the products and services meets the demands of a customer and helps to prove that an organization has successfully achieved some level of compliance in a particular field. There are mainly four phases for performing certification and accreditation process as defined by National Institute of Standards and Technology (NIST): Initiation and Planning, Certification, Accreditation, and Continuous Monitoring. Providing Information Assurance Training Information Assurance is the process which defines and implements different policies, methodologies, standards, services, and mechanisms to maintain the integrity, confidentiality, availability, authentication, privacy, possession, utility, and nonrepudiation of the information stored in information systems. The main objective of information assurance is to ensure that the data stored in a system is valid and authentic and deliver proper content to right location at a particular time. This field is closely related to information security and business continuity as it is more focused to business level and risk management of information systems instead of developing and implementing different security controls. There are mainly five process to assess the information assurance: Enumeration and classification of assets, risk assessment, risk analysis, risk management, and at last, test and review. Conclusion Computer Network is the set of computer or networking devices that are connected together to establish communication between devices and share data and resources electronically. Data is one of the most valuable thing in the market today and organizations takes on various security approaches to protect that data from various types of risks such as host risks, network risks, application risks, natural risks, etc. These risks hamper the data of an organization in various ways resulting into the data loss/theft/corruption. So, to avoid these risks various security procedures has to be considered Avinna Shrestha (HND / Second Semester)

which performs various tasks/functions to filter the packets of the network in a cycle to achieve the final result. PART TWO Introduction Network is key thing that drives tasks of an organization and the network system may have different risks which can be exploited to gain access of the system and carry out different unlawful tasks. So, to minimize different risks to the network system various IT securities should be considered in order to make network secure. There are various IT security solutions which impacts the network of an organization such as VPN, Firewall, DMZ, etc. are described below: Firewall A firewall is a security tool, which can be hardware or software that is used to filter the data and resources that comes from the outside world which is threat to internal network of an organization. So, for this purpose, firewall is mainly placed at entry or exit points of a network by which firewall can control the flow of data in and out of the internal network. It can also be deployed in various parts of network to separate different network within the corporate network architecture and data centers. Hardware firewall can be used in all types of network and is used by combining it with other networking devices such as router. Hardware firewall is mostly used between the router and Internet so that unnecessary data does not go to the internal network and affect the network and also we can apply different security policies in a company’s network such as restriction the Facebook application in a network. On the other hand, Software firewall is used in the Operating System (OS) such as Windows Servers, Windows OS, and MAC OS which is used to control network traffic and protect from any kinds of threats from public Internet. Firewall use one or more processes to control traffic flowing in and out of the network:  Packet filtering: In this method, the data packets are send through the set of filters and are analyzed. So the packets which pass through the filter are send to the requesting system and those packets who does not pass are all discarded. Avinna Shrestha (HND / Second Semester)

between two system called VPN tunneling in which data packets as well as IP address and MAC address are encrypted and encapsulated. To provide extra layer of security, VPN tunnel as provide fake IP address as well as MAC address of host and destination system. Also, VPN ensures the integrity of a data packets by checking if the data are not being changed or altered in the path before it reaches the destination system. Another advantage of VPN is scalability which means we can connect multiple new users to headquarters network simply by using Internet connection. This method also makes connectivity process much cheaper and reliable. Types of VPNRemote-access VPN: Remote-access VPN is a type of VPN which allows users to access the network of a headquarters remotely by establishing secure end-to-end connection. Users can access all the resources of a connected network as if they are directly connected to company’s network server. It encrypts and encapsulates all the data and information before it sending it to public network through VPN tunneling to VPN gateway located at the edge of destination network. This VPN gateway handles all the traffic and data as handled by site-to-site VPN. Remote-access VPN uses two VPN technologies: IPsec and SSL (Secure Sockets Layer) to enable authentication, encapsulation, and encryption services between two or more endpoints on a network.  Site-to-Site VPN: Site-to-Site VPN is a type of VPN which allows multiple branches or sites of a company located at a fixed location to establish a secure connection with a headquarters network through public network. It helps to extend the network of a company by making all the data/resources of company available to all the sites of a company. There are mainly two types of site-to-site VPN: Intranet-based (Created to connect branches of an organization) and Extranet-based (Used to connect other partner company network). This type of VPN uses IPsec VPN technology to transmit data packets from one location to another location. Benefits of VPN There are various benefits of using either Site-to-Site VPN or Remote-access VPN and some are described below:  Confidentiality: VPN maintains the privacy or confidentiality of data sent over the public network by scrambling the payload or content of packet using cipher text making the data packets meaningless who cannot decrypt the scrambled data packets. While sending the data over Avinna Shrestha (HND / Second Semester)

the network, VPN uses certain algorithms to encrypt the data and this algorithms has their own key to encrypt and decrypt the data which is known by both sender and receiver. When receiver gets the encrypted data, it decrypts the data using the same key. This type of methodology prevents anyone present in the middle to look at the data being transmitted.  Data Integrity: Data Integrity is the process of maintaining the accuracy as well as consistency of a data packets while transmitting it from one system to another system. VPN ensures that the integrity of the data is not affected by anyone by manipulating or modifying the bits or data while it is in VPN session. It maintains data integrity by comparing the data packets send by the sender and the packets that reach the destination device.  Authentication: Another benefit of using VPN is that it helps to authenticate the system at the other end of VPN tunnel to validate if the system is authentic system or attacker’s system. Before transmitting any kind of data/information we can authenticate the end system using several ways such as user authentication, pre-shared keys for authentication purpose only, Passive Key, two- factor authentication using soft or hard tokens, etc.  Anti-replay Protection: Anti-replay is the functionality of a VPN in which it blocks the VPN packet to be sent for second time in a VPN session once that packet is send and accounted for already. This functionality helps to prevent attackers from replaying the VPN traffic to fool the VPN endpoint into believing that the endpoint which is trying connect is a valid endpoint and send data packets to that device. Third Party VPN There are mainly three types of VPN: First-Party VPN, Second-Party VPN, and Third-Party VPN. Out of these, third-party VPN is general-purpose VPN developed by companies and sold to different companies for their use. There are various third-party VPN such as TeamViewer, OpenVPN, PureVPN, etc. Impact of Firewall and VPN on IT Security Firewall is one of the most used and preferred security tool in a network system placed in various segments of a network to monitor all kinds of traffic flowing in or out of the network and prevent any kind of unauthorized access to the network system. When a network traffic passes through the firewall, it examines each and every bits, packets, and blocks to verify that these traffic meets the defined security policies before permitting it to enter inside the network. If the packet does not meet the defined security policy then that packet is denied or dropped to enter inside into the network. In other words, it completely and effectively isolates an internal network from all external threats by Avinna Shrestha (HND / Second Semester)

potential security breach can happen when client changes the VPN client parameters randomly, such as ciphers key. The value of the key is not known to the client and client cannot establish VPN connection. So, when client tries to connect VPN again with correct parameter then security breach may occur. Demilitarized Zone (DMZ) Demilitarized Zone (DMZ), also known as perimeter network, is a logical or physical network used to connect two different network, mostly private network and public network (Internet) in order to keep private internal network isolated and separated from any insecure external network. In other words, it acts as bridge or buffer zone between private and public network. In this zone, mainly the system which provides services and resources to users outside the private internal network and are very vulnerable to different types of attacks are kept inside it. These systems includes e-mail services, DNS, proxy, and web servers, FTP, VoIP etc. These systems are more vulnerable and reachable to attackers so these system need to designed and developed so that it can resist constant attack on it. The systems in DMZ can communicate with both internal as well as external network, but internal network has limited access to DMZ and is tightly monitored and restricted. DMZ provides additional layer of security of internal network as it does not allow attackers or hackers to directly gain access to internal systems and resources through internet. There are various ways to design a company’s network with a DMZ and most common and effective approach is using two firewalls which helps in expanding the architecture of a network as per the requirements. By deploying DMZ between two firewalls, we can monitor and filter all the inbound traffic before it is forwarded to system placed in DMZ. Network Address Translation (NAT) Network Address Translation (NAT) is a process which is used to translates or maps multiple local IP addresses to one single global IP address and viceversa. Its main objective is slow down the legally available IP addresses by using smaller number of public addresses to route data in an Internet. Also, it translates or masks host port number to another port number which will be used to Avinna Shrestha (HND / Second Semester)

route packet to proper host. After that, it generally inserts corresponding IP address and port number to a NAT table to ensure that the packet reaches the proper destination node. It is generally configured on border devices such as firewall or router which have two interfaces: one for inside local network and one for public or global network. When a client from internal network sends request to system on Internet then router recognizes the request that it is not for the system in internal network, so it forwards that request to firewall, which then forwards that request to correct system in an Internet in its own public IP address using NAT and then returns the response of a request to client inside a private network. This means all the clients in an internal private network has same public IP address while accessing resources stored in a cloud or Internet. NAT Terms Inside Local Address: This is the IP address that is assigned to a system located inside a private network. This IP address may not be assigned by service provider instead it may be provided by organization’s network administrator. Inside Global Address: This is IP address through which systems of an internal network is known to public network or Internet. This is also called actual Internet address. Outside Local Address: This is an actual IP address of outside host located inside a private network after translation. Outside Global Address: This IP address is an IP address of outside host before translation. This address is globally unique and is assigned to host by its owner. Types of Network Address Translation (NAT) Static NAT: This is the type of NAT configuration in which one private IP address is mapped with one public IP address. In other words, it is a one-to-one mapping between global and local IP address. This type of configuration requires unique public address to be assigned to every host of a network. Doing this, depletes the legally registered public IP address and buying public address to every host becomes Avinna Shrestha (HND / Second Semester)

 As IP is translated, it results into the loss of end-to-end traceability of a system.  Using this in a network, complicates different tunneling protocols such as Secure Shell, IPsec, etc. Use of NAT to improve network Security Network Address Translation or NAT is a protocol which operates in layer 3 (network) of OSI model. NAT is transparent to both source as well as destination hosts and does not know which third device it is dealing with. Dynamic NAT when implemented in a network automatically deploys firewall between private internal network and public network or Internet. It only allows data packets coming from the host located inside stub domain which means that a host from external network cannot connect to the host inside a network until and unless connection had been initiated by the host located inside a network. Hosts inside a network can easily go to public network and do various online activities such as watch/download a file/video but other host cannot latch IP address being used and use it to connect to the port of a host that is on public Internet. On the other hand, when Static NAT is configured in a router or firewall, it allows external hosts to initiate connection with the hosts on a stub domain. For example, if we want to establish connection from inside global address to inside local address assigned to web server, static NAT enables the connection. NAT routers also has a feature to filter and log the traffic. Filtering helps to prevent unnecessary traffic to enter inside the method and can control that traffic to allow inside a network and what not. Traffic logging can be used to create a log file to record all outgoing as well as incoming traffic and generate reports from it. Using NAT, we can easily change the host system of a server such as web, FTP without making system vulnerable to different threats. Also, making changes to internal network is very easy as there is less number of public global address that belongs to router. Following is the configuration of NAT in a local area network: Avinna Shrestha (HND / Second Semester)

Avinna Shrestha (HND / Second Semester)