Wednesday, December 12, 2018
'Project Network Design Essay\r'
'The best meshwork design to go through the gage of each(prenominal)iance techs internal accession maculation retaining humans Web site availability consists of several(prenominal) layers of defense in order to protect the raftââ¬â¢s data and provide accessibility to employees and the unrestricted. The private-public intercommunicate edge is considered particularly vulnerable to intrusions, beca utilise the meshwork is a publicly hearty intercommunicate and f anys d let the stairs the negotiatement purview of multiple entanglement operators. For these reasons, the net is considered an uncorporate trusted profits. So are wireless LANs, which-without the proper credentials measures measures in place-can be hijacked from outside the corporation when radio signals penetrate interior walls and spill outdoors. The net profit base of operations is the root line of defense between the meshing and public facing web master of ceremoniess. Firewalls provide the f irst line of defense in vane bail root words. They accomplish this by comparing corporate policies some substance abusersââ¬â¢ network access rights to the connection cultivation touch each access attempt.\r\nUser policies and connection information moldiness match up, or the firewall does not take into account access to network resources; this helps avert break-ins. Network firewalls bread and butter communications between internal network segments in check so that internal employees cannot access network and data resources that corporate indemnity dictates are off-limits to them. By partitioning the corporate intranet with firewalls, departments within an fundamental law are offered additional defenses a attainst threats originating from other departments. In data processor networks, a DMZ (demilitarized zone) is a computer army or small network inserted as a ââ¬Å"neutral zoneââ¬Â between a political partyââ¬â¢s private network and the outside public network . It prevents outside users from getting direct access to a innkeeper that has company data. A DMZ is an elective and more unspoilt approach to a firewall and efficaciously acts as a proxy server as well. protective cover is the heart of internetworking.\r\nThe world has moved from an Internet of implicit trust to an Internet of pervasive distrust. In network gage, no packet can be trusted; all packets must earn that trust through a network deviceââ¬â¢s ability to inspect and enforce policy. Clear text edition (un encrypted data) service represent a great helplessness in networks. Clear text services leave all information or packets, including user names and passwords, in unencrypted format. Services such as rouse maneuver protocol ( FTP), email, telnet and basic HTTP authentication all transmit communications in imbibe text. A hacker with a sniffer could easily capture user names and passwords from the network without anyoneââ¬â¢s knowledge and gain administrator access to the system. Clear text services should be avoided; instead secure services that encrypt communications, such as situate Shell (SSH) and Secure Socket Layer (SSL), should be used.\r\nThe use of routers and careenes will cede for network segmentation and help defend against sniffing conjunction Tech may want to pack their own web or email server that is accessible to Internet users without having to go to the expense and complexity of expression a DMZ or other network for the sole purpose of hosting these services. At the same magazine they may want to host their own server instead of outsourcing to an ISP (Internet Service Provider) or hosting company. Corporation Tech can use NAT (Network Address Translation) to direct incoming traffic that matches pre-defined protocols to a specific server on the internal or private LAN. This would allow Corporation Tech to have a single inflexible public IP speak to the Internet and use private IP copees for the web and email server on the LAN.\r\nNetwork Diagram and Vulnerabilities\r\nNetwork infrastructure utilize Class C network send 192.168.1.0. The Main Servers employ Virtual Machine software system was put together with a static IP address of 192.168.50.1. This server controls DHCP, DNS and energetic Directory. The Web Server is regain outside the network in the DMZ. home(a) network is configured on snap off VLANââ¬â¢s to separate department traffic and address data access. cisco Internal firewall was installed and configured to manage the internal network on the LAN. The Cisco firewall 2 implemented to manage remote traffic entering the LAN.\r\nThis provides layered security to the network. Several ports have been identified as vulnerabilities in the Corporation Techs network that allowed information to be transferred via clear text and as such they have been closed. superfluous ports that could be used for gaming, streaming and compeer to Peer have been blocked or closed to strike down unauthorized access to the network. All ports known to be used for malicious purposes have been closed as a matter of best practices. All stock(a) ports that do not have specific applications requiring access have been closed. The ports listed below are standard ports that have been blocked to minimize unauthorized packet transfer of clear text:\r\n carriage 21 â⬠FTP\r\nPort 23 -Telnet\r\nPort 110 â⬠POP3\r\nPort 80 â⬠Basic HTTP\r\nHardening Practices\r\n fall in a baseline\r\nClose all unused Ports\r\n send traffic to secure ports ex deoxyadenosine monophosphatele HTTPS (443) or higher(prenominal) Configure Firewall to allow or deny secure traffic\r\nInstall IDS and IPS\r\nReview manage logs on the network and compare to baseline for any intrusions Policies\r\nDevelop and Implement network Acceptable User policy (AUP) which must be signed before using the network Assign Permissions and Rights\r\nPassword Policy must be in place on all devices and enforce\r\nEnd U sers must be deft about the different threats faced on the network Back Up must be through weekly and notify users\r\nMaintain Bandwidth speed and monitor peak hours\r\nNetwork Security realignment done using Class C network address 192.168.1.0.\r\nThe Servers was configured on network address 192.168.1.216 static and 192.168.1.218 for simplicity. DHCP, DNS and Active Directory were install and configured on one of the server. The fleck server was use for the Application. Both PCââ¬â¢s were also configured on the same network address 192.168.1.0 for easy management on the switch. The switch was configured with 192.168.1.200 static IP address. Router network address was changed to avoid conflicting addresses and easy management. Cisco Internal firewall 1 was installed and configured to manage the internal network on the LAN. The Cisco firewall 2 implemented to manage remote traffic entering the LAN. This provides layered security to the network.\r\nReferences\r\nCisco. (n.d.). ( Cicso) Retrieved 10 26, 2014, from Cisco ASA 5500-X Series Next-Generation Firewalls: http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/index.html HP hold memorial â⬠HP Support Center. (n.d.). Retrieved October 10, 2014, from http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?sp4ts.oid=412144& antiophthalmic factor;spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c02480766-2%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken HP Support document â⬠HP Support Center. (n.d.). Retrieved October 10, 2014, from http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?docId=bps53634&ac.admitted=1413144875821.876444892.199480143 Network Access Control. (n.d.). Retrieved 10 26, 2014, from Wikipedia: http://en.wikipedia.org/wiki/Network_Access_Control Pascu cci, M. (2013, August 06). Security Management at the Speed of Business. Retrieved October 25, 2014, from algosec.com: http://blog.algosec.com/2013/08/the-ideal-network-security-perimeter-design-part-1-of-3.html Vaughan-Nichols, S. (2013, January 30). How to fix the UPnP security holes | ZDNet. Retrieved from http://www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584/ Wodrich, M. (2009, November 10). Vulnerability in Web Services on Devices (WSD) API â⬠Security Research & Defense â⬠come out Home â⬠TechNet Blogs. Retrieved from http://blogs.technet.com/b/srd/archive/2009/11/10/vulnerability-in-web-services-on-devices-wsd-api.aspx\r\n'
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment