Network Security Final Assignment, Assignments of Network security

Network Security Final Assignment

Typology: Assignments

2018/2019

Uploaded on 04/29/2023

manish_mahaseth
manish_mahaseth 🇳🇵

9 documents

1 / 178

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Niraj Yadav
ISMT COLLEGE THIRD SEMESTER | TINKUNE,GAIRIGAU
Network security
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Network Security Final Assignment and more Assignments Network security in PDF only on Docsity!

Niraj Yadav

ISMT COLLEGE THIRD SEMESTER | TINKUNE,GAIRIGAU

Contents

  • [Task1]
    • Introduction
    • Evaluating Current System
    • Managements of Threats
    • Various Threats
    • Security Policy
    • Physical Access Control
    • Personnel Based Security.....................................................................................................
    • Impact of Productivity
    • Backup Data Configuration
    • Recovery Policies.................................................................................................................
    • Patch.....................................................................................................................................
    • Update
    • Access Policy
    • User Access Policy
    • Network Access Control
    • Estimating Risk
    • Prioritize Processes and Operations
    • Penetrating Testing
    • Threat and Vulnerabilities of system
  • Conclusion
  • [Task 2]
    • Introduction
    • Overall Design of Network
    • Social Impact of Network Security
    • Corporate Impact
    • Impact due to Social Engineering
    • Impact on Productivity.........................................................................................................
    • Impact on CIA......................................................................................................................
  • Conclusion
  • [Task 3]
    • Introduction
    • Reconnaissance
    • Unauthorized Access
    • Denial of Services (DoS)
    • Phishing................................................................................................................................
    • SQL Injection
    • Sniffing
    • IP Spoofing
    • Session Hijacking.................................................................................................................
    • Middle-in-middle Attack
    • Brute Force Attack
  • Conclusion
  • [Task 4]
    • Introduction
    • Estimation of Network Device Required
    • Subnetting design plan
    • LAN Design scenario
    • VLAN Design Scenario
    • VPN Design scenario
    • Switch Port Security Design
    • Firewall Rules design
    • User access, group and permission design plan
    • Physical Security plan
    • Network Security Policy Design
    • ACLs Design
    • Web Server Design
    • Design of Overall Network
    • Evaluation of the Design
  • Conclusion
  • [TASK 5]
    • Justification of uses of different devices in Network Design
    • Feedback for Improvement
    • Recommendations
  • Conclusion
  • [Task 6]
    • Introduction
    • Server
    • Perform Users, Group and Permissions
    • Firewalls
    • Adding IP tables firewall rules using Red Hat...................................................................
    • Firewall Configuration Rules
    • IP Tables
    • Packet Filtering
    • Switch System
    • VPN Implementation
    • New VPN Connection........................................................................................................
    • Edit VPN Connection
  • [Task 7]
    • Introduction
  • Conclusion
  • Task
    • Introduction
    • Physical Access
    • Clarification
    • System Access
    • Security Audits and Penetration Testing Planning and Management
    • Security Audit
    • Penetration Test
    • Management
    • Periodic Review
  • Conclusion
    • Ongoing network security policies and practices
    • Traffic
    • Tools used in checking network Traffic:
    • Traffic Management in Commercial Bank
    • Utilization of Firewall
  • Conclusion
  • [Task 9]
    • Introduction
    • Change Management Plan
    • Recommendation for change
    • Network Devices
    • Server Add/Remove
    • User Group and Organization
    • Services
    • Network Monitoring Tool
    • Impact of Productivity
  • Conclusion
  • References:

Introduction The term network security is a complex and a vast course which seems like it is only dealing with maintaining security in any organization or network created but it is much more than that. Network security is the study of networks and to decipher how it works in order to create balance in the amount of resources that can be accessed by different clients. “Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become wired, an increasing number of people need to understand the basics of security in a networked world.” According to Curtin and his work on network security giving an introduction to network security, he mentions how the need of basic understanding for network security is needed in this world. While most of the files and information are being digitalized, it is with utter importance that we must face the truth of that information being vulnerable and susceptible to threats, hijacking or being stolen. I mean hijacking as the process of being able to re-route or disrupt the path of certain network packets in the internet highway to a different path. The “wired” as described by Curtin (1997) is the phrase he used to describe people getting connected to the internet. (InterHack, n.d) As per the system requirement of Commercial Banking Enterprise, which has its own IT department to manage the technological infrastructure, we need to be able to manage, support and implement a secure network infrastructure for banks LAN/WAN environment with the advances in technology and internet, many users are becoming aware of different resources that are available to use in which can help them exploit various websites and servers. In recent example, website Twitch.tv which is an online streaming site was attacked by DdoS which in turn made the website unable to use for two days. DdoS is better known as Destructive Denial of Service attacks. Similarly there are countless new exploits and methods being born and already present in the internet ready to use to be able to disrupt online resources. This is what we must be prepared for in terms of securing the network. Since both of the branch offices needs to be connected through a VPN server and also be a part of the domain server, it is possible that the network is already secured using this method. An private login method which uses its own personal password and login method to connect to the head office is legit in making the network secured already. But we must prepare and enable different types of strategies provided by the windows server itself to make the network trustworthy.

Most importantly, we need to audit the current network security of the bank in order to identify threats and risk. Here I am, auditing bank network security as per ISO standard. Evaluating Current System Control ID Control Name Status Evidences/Justification Recommendation Yes No Partial 5.1.1 Information security policy document  There exists an information security policy, which is approved by the management, published and communicated as suitable to all employees and the policy states management commitment and sets out the organizational approach to managing information security. 5.1.2 Review of Informational Security Policy  There are many information security policy review procedures exist and they include required for the management review but the results of the management review are not taken into account. The information security policy should be reviewed at planned intervals, and if significant changes occur to ensure its continuing suitability, adequacy and effectiveness and the Information

6.1.3 Allocation of information security responsibilities  There is responsibilities for the protection of individual assets, and for carrying out specific security processes, were clearly identified and defined. 6.1.4 Authorization process for information processing facilities  The management authorization process is defined and implemented for any new information processing facility within the organization. 6.1.5  The organization’s need for Confidentiality or Non- Disclosure Agreement (NDA) for protection of information is clearly defined and regularly reviewed. But this does not address the requirement to protect the confidential information using legal enforceable terms

6.1.6 Contact with authorities  There exists a procedure that describes when, and by whom: relevant authorities such as Law enforcement, fire department etc., should be contacted, and how the incident should be reported. 6.1.7 Contact with special interest groups  The appropriate contacts with special interest groups or other specialist security forums, and professional associations are maintained. 6.1.8 Independent review of information security  The organization is not managing information security, and its implementation, is not reviewed independently at planned intervals, or when major changes to security implementation occur. The organization should manage information security, and its implementation, and should review independently at planned intervals, or when major changes to security implementation occur.

requirements. 7.1.1 Inventory of assets  All assets are identified and an inventory or register is maintained with all the important assets. 7.1.2 Ownership of assets  Each asset identified has an owner, a defined and agreed- upon security classification, and access restrictions that are periodically reviewed. 7.1.3 Acceptable use of assets  The regulations for acceptable use of information and assets associated with an information processing facility were identified, documented and implemented. 7.2.1 Classification guidelines  The information is classified in terms of its value, legal

requirements, sensitivity and criticality to the organization. 7.2.2 Information labelling and handling  An appropriate set of procedures are defined for information labelling and handling, in accordance with the classification scheme adopted by the organization. 8.1.1 Roles and responsibilities  Employee security roles and responsibilities, contractors and third party users were defined and documented in accordance with the organization’s information security policy but role and responsibility are not clearly defined. The roles and responsibilities should be defined and clearly communicated to job candidates during the pre- employment process

8.2.1 Management responsibilities  The management has made compulsory to employees, contractors and third party users to apply security in accordance with the established policies and procedures of the organization. 8.2.2 Information security awareness, education and training  No any training has been held since it 5 year. All employees in the organization, and where relevant, contractors and third party users, should receive appropriate security awareness training and regular updates in organizational policies and procedures as it pertains to their job function. 8.2.3 Disciplinary process  There is a formal disciplinary process for the employees who have committed a security breach.

8.3.1 Termination responsibilities  There is a responsibilities for performing employment termination, or change of employment, are clearly defined and assigned. 8.3.2 Return of assets  There is a process that ensures all employees, contractors and third party users surrender all of the organization’s assets in their possession upon termination of their employment, contract or agreement. 8.3.3 Removal of access rights  There is access rights of all employees, contractors and third party users, to information and information processing facilities, will be removed upon termination of their employment, contract or agreement, or will be adjusted upon change.

The building where the company is located is prone to earthquake as it is too old. 9.1.5 Working in Secure Areas  This area is physical protection and there is guidelines, for working in secure areas is designed and implemented. 9.1.6 Public access delivery and loading areas  The delivery, loading, and other areas where unauthorized persons may enter the premises are controlled, and information processing facilities are isolated, to avoid unauthorized access 9.2.1 Equipment siting protection  The equipment are protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access

9.2.2 Supporting utilities  The equipment are protected from power failures and other disruptions caused by failures in supporting utilities. The permanence of power supplies, such as a multiple feed, an Uninterruptible Power Supply (ups), a backup generator, etc. are being utilized. 9.2.3 Cabling Security  The power and telecommunications cable, carrying data or supporting information services, is protected from interception or damage. There are any additional security controls in place for sensitive or critical information