Network Security
Task 1
1/a)
In this assignment, we have studied the scenario of the local area networking. In this scenario, we are focusing on the local area network security of the Mobile computer world LTD. There are various ways we can make the security of the local area network. In a local area network, we can connect a number of computers to each other in the network. Here, we have to set up all the hardware's in the small area network. We can secure local area network by properly configure a local area network. For the security of the local area network, we must properly configure the window's firewall and access point should be configured. The router in the network must configure properly and troubleshoot all networks related issues. Use the protocol and configure all protocol properly. Use security protocols and WPA (Wi-Fi Protected Access) which are password protected for all coming traffic in the network. Secure all the parts of the network and configured all devices properly. Local area network design also secures all the network component devices. Admin should filter the traffic with the knowledge of the area of the network (trusted).To secure the local area network, an Authentication policy should be applied where we can secure the accessing of the resources. An authentication policy helps to secure the access of the device of the computer where an unauthorized user cannot utilize the resources without admin permission and defend the system from unauthorized access. Here our firewall helps to filter the packets where unwanted packets will destroy outside and only trusted packets allow passing. To securely access the system over the network, we can use the secure tunnel mean we can utilize the virtual private network. Another security obtains the internal security where we have to add some security tools like antivirus and all. Antivirus helps to protect our system from viruses and malicious code. Antivirus also helps to protect from the other internet attacks. We need to protect our local area network from other vulnerabilities. Another security option is account policy where admin can access all the resources in the network while staff members can access limited sources. If there is a finance department then it allows accessing only by admin and other departmentscan'taccess. But the finance department can communicate with all departments of the company.
Here security is most important for protecting the network. By using security we can easily secure the network or other network data. In this assignment, we have used network security. Here we have used LAN (Local Area Network). In this network, we can easily connect a lot of computers and these are connected to each other. We have used the LAN network for securing the network. We must have to configure the local area network. Here, we have configured the local area network. In the network, the router is used to configure thewindow's firewall and configure it to the access point of the network.
1/b)
In the above section, we have studied the security of the local area network. The local area network is a small area network and range of the accessing resources is limited. So we need to extend the network range as per company goal that is a wide area network (WAN). The scope of WAN iswider than the range of LAN.We can make communicationfrom long distances also. And it doesn't matter what is the location of the user for access resources as the range of WAN is wider. Wide area network helps to share the resources over the network and speed of internet is dependent on the type of internet service provider you are using. Another factor on which the speed depends on is the bandwidth and consumption of the network. Wide area network helps to increase the traffic in the network and we can access more resources in the network inside the area or from outside the area. The wide area network helps to increase the traffic that means we are increasing sales for the company. Due to WAN, admin can access any online resources of the company from any location in the world. WAN is a wide area network that increases the traffic and put a wide impact on the network. As the scope of the WAN is high hence the risk of online attack also increases and chances of vulnerability is also highwhich badly impact on security. But there is one problem arises that is if admin wants to secure connection for access the resources remotely and this can be achieved by the VPN technology. Our basic aim isto make a secure connection because the wide area network generates a huge network and a large volume of network activities also increase the impact of illegal activities or attacks. There are different types of attack i.e. internal attacks and external attack. Here the external attack is not applicable in the network. To avoidinternal network attacks, we need to secure the system from the attack. So a company must use security tools. There are different security tools available in the market which helps to monitornetwork traffic. Snort, Nessus, etc. these help to scan vulnerabilities with minimum cost. To increase the bandwidth for better and reliable access company should use the fiber optic cables. Fiber optic cable helps to increase the bandwidth and provide reliable access.
1/c)
We know that weak network security increases the ill impact on the network. Weak network security increase the risk in the network and risk will be converted into the crash. There are many threats are available in the network which is responsible for the lossof data and crashing of resources and increases the loss if we ignore suchthreats. There is a collection of the software which we can also call as bots that create the army against threats.
In the information technology (IT), the damage or infected computer devicesare called zombie. This infected computer device is used to performillegal activities or properties.
Computer users, in reality, are not fully aware that their devices and systems have been taken.
Even if the infected computer has been compromised it can still be used. Occasionally, it may slow down slightly after infected by the threats. However, paying attention by the users is not enough.
If a zombie virus transmits your computer, then suddenly you will know that your ISP has canceled its service. You may finally know that we are being investigated as suspicious criminals.
When an infected computer sends hundreds or thousands of spam messages or starts attacking certain web pages, it and its owner become the focus of cyber-security checkers.
Here the zombievirus is getting the impact on the company. Here the company can be used to describe the uncompetitive company, and it needs to operate successfully.
There is another threat that is spam that is unwanted and unsolicited junk which sends email to the recipient list in bulk. UsedAnother threat is malware which is responsible for infected data in the system. You can also find the viruses in download files from the internet. Another type of threat is a Denial of service attack. In the Distributed Denial of service attack, it is possible that malicious users will use your computer and can send a huge amount of data. In this type of attack, an attacker can use your computer and control your system (Blogroll 2010-2019). This can happen due to the weakness of the security .to avoid this type of attack we must need to add a security tool. An antivirus is a security tool and it helps to control viruses. A network security tool helps to identify all the vulnerabilities. To avoid these risks we need to secure the system from the attack. We can also use an intrusion detection system which is a help to identify the attack over the internet and helps to control and monitor attacks.
Task 2
Task 2/a)
In this assignment, we have studied about the network security design, not cabling and cloud services.
Network security design
Here the network security design is the network designing process which includes measures that arepreventing the issues that are mentioned in the previous department. This is not an easy task.
Clouds service
Here the cloud security is also called cloud computing securities that are work together to protect the data, cloud-base services and the infrastructure. Here the security measures are configured to support regulatory compliance and protect data and customers privacy to secure the network, and setting an authenticationsystemfor individual's devices and users.
Cabling
Here the cabling behind the connection to another device. There is a number of communication cables such as fiber optic, coaxial, and twisted pair.
In this section, we have discussed the consideration of the network design. Network design is the backbone of any company, and it makes the network flexible and reliable. If our network design is not secure and designs have faults then it will be converted into risk. Our design should be confidential and secure from the threats and our design intensely secure in such a way that unauthorized users cannot access the resources. The topology of the network should be clear, and all the resources and components properly connected in the network and all the network devices should be properly configured in the network. Our network design should be reliable and allow us to access the resources in the network by authorized users only. It additionally provides resiliency. Here we need to develop a design in such a way that it will reduce idleness in the network. Make network design more flexible and reliable and provides the quality of the service. For better service, implement the cloud services and use different cloud serviced which helps to manage resources over the network. The design should be simple and more flexible in such a way that it will make clear visualization and provide good virtualization. Use better cabling in the network design. It is better if we use the fiber optic cable. Fiber optic cable produces the most rapid communication over the network. Fiber optic cable provides better utilization of the network and it also helps to increase the performance of the network. All the IP addresses should be assigned properly and configure properly. Avoid the conflict of the IP address if not then this will disturb the network and finally break the network. We should have to provide a strong security to the network and make a proper simulation of the network components and test and troubleshoot all the network related issues. We should build the wan network properly and check all the component are working properly or not. Another thing is to use proper security tool and scan the traffic to avoidthe threats and malicious code. Time to time network monitoring is necessary and makes an audit to check the performance. Here we have to use the redundancy storage of data, via backup systems and possibly cloud storage, so that you do not lose data if your main hard drives fail.
Here we have to develop a new security design and solution with the help of addressing the related parts of the network design which is given below.
1. Classify network resources.
2. Examine security jeopardies.
3. Examine security necessities and transactions.
4. Improve safety strategy.
5. Describe a security strategy.
6. Improve events for security strategies.
7. Improve a practical operation rule.
8. Train the managers and users and staff.
The network design should be reliable and flexible so that in the future we can upgrade it without disturbing the existing functionality of the system. In this assignment, we have used the Cisco packet tracer which is a reliable and user-friendly network design tool. The Cisco packet tracer helps in the rapid development of the network design.Here the network security protects the data and avoids or remove the threats, risks and assets. Here we can use the Cisco packet tracer for removing the risk. This technology is used for the rapid development of the network design.
2/b)
In this question, we are discussing the method for design network security which is based on the advanced network security plan. There are various types of security methodologies are available. Andthis method helps to manage and control security. It helps to define the specification, design and implementation steps. In the specification part, we first need to collect all the related information of the system and also need to do analysis of all the weak parts of the system. After analyzing all the data we proceed to design the security policy and plan. The security plan should be flexible so we can change the plan according to requirement and plan should be properly reviewed. After the design, the plan goes for the implementation. This security method helps to reduce the threats and help to increase the performance of the network. In the designing phase, we must check all services are implemented or not. If they are not implemented properly then first correct them. Define all the service primitive and implement the service protocol in the network (Catherine Paquet.2013). Developed the hardware and the software solution in the development phase and provide the security policy.An unauthorized user cannot access the system without permission.Here the OSI layeris an open system and it is an irreverent and absolute layer. It is divided network communication into the 7 layers.All the phases should be properly defined and tested and the most important thingis that the security method should fulfill all the requirement of Network security method and it should be feasible. The testing is most important because testing ensures the quality of the network services. In the security method, all the phases are related to each other. This method helps to clear the security of the network and helps to implement reliable security. In the above we have seen the ISO model and in ISO model we must implement the security on the physical layer.
Access control: To protect the system from the attack we have to reorganize the devices and all the users. After that, we need to enforce the security policy which helps to block the unwanted user.
Here we have used the Cisco packet tracer technology for protecting the network and get the security. And this is a network configuration tool for innovativedesign. Here the Cisco systems which allow creating the modern computer networks and network topologies.
Another technology is the use of an antivirus tool which helps to identify the threats and take the desired action when required and keep the system away from the malicious, virus.
Use an intrusion detection system which helps to monitor the network traffic and also helps to identify the vulnerability.
Provide email security and provide strong security which helps to avoid the breach. Use email security application which helps to block the attacks and monitor when we send emails.
2/c)
Network security policy helps to protect the system from network threats. There are two types of threats that are external threats and internal threats. The network security policy is a broad document and could be changed according to the current environment (Catherine Paquet.2013).
Here we have provides the network security policy, this network policy is proposed to protect the integrity of the network. And it is moderate the issues and risks with the security error to the computing resources.
In a network, the policy contains the following things
There should be rules and regulations to access the computer network and should be changed with the characteristic.
A rule should be properly implemented
Security procedures should be implemented on the terminal and network devices.
The network security policy must be flexible so it can be changed according to advance security threats.
Set the policy and privilege for accessing the resources. A policy should identify authorize an unauthorized user. If a user is unauthorized then policy should not allow them to enterinto the system.
Set another account policy where a user can access only their account. An administrator has a full right so he can access all user accounts and network resources. The staff has limited rights so staff can only access the limited resources over the network.
Security policy does not allow to access illegal sites and videos from the internet. A network security policyneeds to block unwanted resources.
The network policy contains the rule for access and uses external devices. The network tool should scan the entire external device and does not allow using it if it is infected from the viruses.
Network security provides security from the malicious code where the user can remove the threats from the network by using these tools.
Also, use the other security tool like snort, Nessus. These tools helpto scan the threats from the network and it also helps to identify the threats from the network. It also helps to protect our system from external attacks. Security helps to avoid unwanted traffic, helps to filter the traffic. The security policy also helps to increase the performance of the network.
For network policy, we have to identifywhat we have and what others want, what data is useful and most significant for you and your company.
Security policy
1. Governing policy:- This policy is a very significant policy for everyone .in this policy we implement the high level of security treatment. The technical person and manager identify the audience. This policy helps to control all concern security interaction within the business and department in the company.
2. End-user policies: - In this section, we had covered all the significant documents related to the audience.
3. Technical policies: -All the security employee member utilizes the policy and they are always ready to control and implement the policy. This policy needs more details than the governing and identifies the system issue example physical and access control security issues.
Take backup and recovery
An unauthorized user cannot access the account. An only authorized user can access the account
Time to time take upgrade the system.
Task 3
3. A
Following are the considerations
Security:
Nowadays security is the most important issue for the network. The security starts at the network level. We need to check the network safety and how to design the network security and we need to follow the idea of network security for easy modification of the solution. Network Security is a computer science area, network security focuses on basic network infrastructure. This is usually a combination of hardware and software solutions are as follows:
Unauthorized Access: These measures are sure to have access to the network with authorization only. When you log in to your computer network, you need to have the required certificate to enter.
Malicious Use: This remedy reveals itself in many ways. The most are using that high network sources are far from public access. An example is the computer room in your company.
Dangers: When these symptoms arise and it is related to finding and preventing potential problems. In the computer, the Temperature sensor in devices is an example of providing information about the operating conditions.
Tampering: The measurements are maintained when accessing devices, or cases are released to determine when something happens. An example is when credentials security are used to access the source.
Destruction: destruction is just like the malicious use and Works primarily in restrictive capacity. As mentioned above, the company's Computer Room is an example.
Disclosure: This measurement focuses on placing the details of network privacy, so that exploitation cannot be easily developed. Network security architecture is the process of creating a network that contains the measures to prevent problems that are mentioned in the section. You can imagine that this is not an easy task. Many changes need to do in the area, the area is vast and also it increasing constantly. It is difficult to get a complete solution. There are different ideas to improve your solution. Network security design help to prevent the future network issue and also help to increase the ratability and the performance of the network. If our network design is not secure then it will arise the weakness and problem and create the risk for future services and insecure design, increase the maintenance cost and decrease the performance of the network and also decrease the quality of the service (Mariusz Stawowski.2007). It is compulsory to secure the design and create an appropriate mode of a network.
Network performance: In this section, we have to focus on network performance. We need to increase the network performance by reliable network design and implement the appropriate strategy and plan and set up the devices.
Cost:-here we have to design the network security with minimum budget and develop the best security plan.
Reliability: We have to make the system more reliable and accessible with security.
Availability: We have to increase availability and accessibility for 24/7.
Manageability: Develop a flexible and reliable network that helps to decrease the maintenance cost.
3. B)
Here determining the exact security requirements of the given organization and it is essential for implementing the security and proper security measures. Heremany measures are designed to protect and secure the information system. And then the computer networking and internet requires the new polices and new security measures to reduce the threats from the new technologies, network devices and software application. Security measures are implanted to protect many organizations from various securities attacks.Here the computer networking and internet mean which isneeded to reduces the challenges and threats from the software application.
We can create a network by usingthe numberof systems or the devices, discovery, troubleshooting, and the encouraging exercise. I downloaded the packet tracer by using the given URL and I have to install the Cisco packet tracer (Cisco Packet Tracer.2019). After that, I have donethe complete installation of the Cisco packet tracer and then I have done a complete analysis of this tool. Then, I have seen the various components are available in the Cisco packet tracer.
In this assignment, we have used the WPA security because this is a security standard for the user of the computing devices by using internet connection devices. WPA security has discrete modes for personal use and enterprise users. Here the WPA security totally depends on the central authentication server. And also itprovides stronguser authentication based on the Extensible Authentication Protocol (EAP).
In the above figure, we can see the network design .this design is developed by the Cisco packet tracer. Here we have created the most flexible and reliable network design. The basic requirement of the client is cover in the design. In the network design, we can see that there are different departments and each department carry different subnet. Means in simple language we can see that each department have their small network. The router performs the subnetting. The router helps to connect the internal and external networks. Overall data is transfer among the different departments. Here we have to make the setting to access across the section and all the prerequisite is perform on the router. In the network design, we can see the other network device that is the switch. All the devices are connected in the section by using the network device i.e. Switch.
Here we can see that the device is connected to the router and switch .we can see the trunk where the IP is connected to the system of the department. All departments are connected to the cloud. Could services help to maintain and manage the resources over the network.it is also made easy to monitor and upgrade the software over the network. We have developed the network design which is more flexible and we can modify the design as per future requirement without disturbing the existing network. In this diagram, we have made and configured a router with password protected which restrictsthe access of the device without permission.
In this above design we can see that there are many routers, switches, PC, mobile phones, etc. this is LAN based design, and here we can see that there are two LANs are available. And the routers areconnected to each other. Here the data is used to transfer in different departments. This is used to configures the router by using a password that is protected from the network to access the device.
The device is connected to each other and it is authenticated. A key is a need for authentication. Here we can use the WAP2 for wireless protection. The printer can directly be connected to the router to each department. The network is secure by making use of a firewall.
Here we have designed the secure network and in this design there are many router and switches. In this design there are many departments are interconnected with each other with the router and switches. Each and every department is connected to the cloud and these cloud services are used to maintain the resources and manage over the network.
Task 4
4. A)
With the upgrading data security risks our network security needs to be upgraded. For securing your organization from dangerous malicious activities tight security is the solution. This is the latest technology that prevents your sensitive data from being misused. This technology provides you the solutions for overall control over contents, users and also applications.
Following are the processes we are providing with our solutions:
1) Our first step is detecting the threats. Preventing such hacks is our main focus- IDS (intrusion detection systems)/IPS.1 (intrusion prevention systems).
2) Visibility of the Application: Minimize productivity loss, issues in compliance, risk of data linkage and propagation of threat.
3) Control over Application: this will provide overall control over your application which can be regained. Categorized in good, bad and evasive this depends on user-based policies.
4) Security against the threat: scanning of all applications is allowed for detecting all kinds of threats. It will abort bad or malicious applications.
5) Scans against Malware: Malware includes worms, adware, viruses, Spam, Trojans, and many more active suspected contents. Our solution can find all these risks and destroy them from your network which increases productivity and reliability.
6) We will provide you with two versions of VPN services which allow you to choose the best version compatible with your system. Or you can use both versions.
7) Filtering of web content: nowadays if we are working over the internet the malicious websites pop-ups in every minute. This is the reason for slowing down the web content filter which needs to be updated manually. These filters are unable to recognize all the risks. We can fix this by undulating on an hourly basis. By making use of LDAP we can provide you a history of your browsing.
8) Analysis of network security: this facility gives you the freedom to check or scan all the network parameters and network devices. This scan will examine all the applications and devices for detecting vulnerabilities.
9) Now new threats web 2.0 evolving rapidly hence the today's firewall security is not enough to stop this hence with next-generation firewall we can stop this risk.
10) Network security management: no matter whether your network is wired or wireless we can provide you with the highest level of security over both the edges. Our engineering team continuously monitors your network and checks the status of your network. This team will also provide you the detail information about the threats found and deleted. All this will do on monthly charges without using costly network management.
4b
Security Policy
We know that security policy practices. These practices and rules help to manage and secure the resources. These rules and practice policies should be documented and implemented and developed and evaluated to manage and protect the network.
It has been continuously improving and implementing information security management. The network security process that we are using it depends on the model.
1. Model
It has set objectives, relevant procedures, policies, and related processes for improving data security and managing threats. For delivering solutions in accordance with the complete objectives and policy plan includes-
a) Establishing a network security system
b) Identify the scope of a network security system
c) Defining approach towards threat management
d) Detecting threats
e) Assessing the threats
f) Detecting and searching for new options for the management of risks
g) Selection of control objectives
2. Do (Implement policies)
a) Formulation of Plan of risk treatment.
b) Implementation of the formulated plan
c) Control implementation.
d) Managing awareness and treatment program.
e) Operation management
f) Resource management
g) Process implementation for handling incidents.
3. Check (Monitor the network security system)
Here weensure monitoring on a regular basis by managing assessment periodically and reviews.
a) Execution of procedure monitoring and other controls.
b) Taking regular reviews of network security effectiveness.
c) Risk review of acceptable and residual risk.
d) Internal network security management audit.
e) Review of network security management.
f) Event recording that could have an effect on network security management.
4. ACT (Improvement of Network security management)
a) Improvement of Services
b) Implementation of improved services.
c) Steps for correction and prevention.
d) Implementing identified improvements
e) Taking appropriate corrective actions and preventive actions
4/c)
Here we can focus on various strategies of potential change managementto overcome this resistance.
1) Here we make clear communication with the employees before the implementation. If we do communication i.e. before implementing the change in the system, our employees should be aware of the change and they will not react unknowingly regarding the same.
2) Help employees to know and understand the need for implementing change. Employees must be aware of why are doing these changes in the organization so that they will support you.
3) You have to make a team of experts who can spread a good or positive message about the change and also helps to note the reaction and temperament of the employees against the change. The employee's reaction should be noted against the reaction.
4) We have to provide full support for the changing environment. You can arrange a training program for the employees. Also, managers should give information. They also need to answer the questions of the employees.
5) Engagement of the employees in the process of changes and it is very much important. As they are the key factor who will play a vital role in creating and accepting the change.
6) We should make a team who will collect necessary data and reviews and get suggestions from the employees.
7) We have to assign role and divide the responsibilities.
8) Focus on those employees who will affect more because of the change.
9) Make a strong change management policy to prepare the change
10) We must successfully implement the change.
11) We have to take feedback from the employees and do the necessary changes in the plan.
Finally, we should do communication with employees before and after the changes.
Reflection:
This assignment is so long and it is difficult to manage with only one member so we have distributed the assignment work with the other members. Here, we have distributed the work to three members.
Member 1: in this assignment, member 1 studied network security and did the analysis of various tools and different network securities to secure the network. Then write the information about the various tool and network security. Then member 1 has done the analysis of the LAN security.
Member 2: member 2 placed an important role because they have created the design of the WPA security diagram. Then analyze the design and then write the description of the WPA security.
Member 3: in this assignment, member 3 has checked the report and also check the design because it donothave any problems after that sends the report to the client.