SophiaPretty
$14/per page/Negotiable
can you please see the attachment and rewrite it.
thank you
Prepared for:
University of Maryland University College
Prepared by:
I. Vulnerability Assessments
Comprehensive network security assessments are extremely useful to help find ‘easy’ network vulnerabilities. These assessments, when performed periodically, help network security administrators keep their network secure from malicious attacks. They also help to identify areas in the network that can use more attention or updated policies. Upgrading the network as new industry standards are released are important to keep both company and client information safe [1]. Staying up to date on new “known vulnerabilities” of devices that may be used by the company’s network is also very important.
The first main vulnerability to be addressed is the completely wireless network. If network security is important to the company, solely wireless networking should not be used. While wireless networks can be used, it is paramount that it only be on areas of the network that does not have any sensitive or proprietary information. Purely wireless networks are more susceptible to attacks because an attacker can be in the general area within radio range and launch an attack. This can be a variety of attacks including denial of service (DoS), rogue access points, various authentication attacks, and unauthorized access attacks [2]. Simple web browser searches can reveal tools and programs already set up to crack weak wireless encryption standards with the click of a button.
The company’s decision to hire a contractor to install Cat 6 cabling throughout the building was a smart choice. This not only upgrades the network security, but also upgrades the speed of the network. Using cable is inherently faster than wireless in all environments. Having a dedicated LAN (Local Area Network) line for each workstation now means that employees are no longer fighting over bandwidth being put out over a single wireless router [3]. It does, however, require more network devices, which will be covered in section two of this report.
The next vulnerability to be addressed is the use of a Peer-to-Peer (P2P) network instead of a client-server configuration. The main difference between P2P and client-server networks is that there is no central server used in P2P. This means there is no central file storage or more importantly, authentication service. In a P2P network each workstation files are shared amongst all members with minimal security and discrimination. Anyone on the network has access to files. This also means that if a workstation is offline, no one will have access to files stored on that workstation if needed. This could cause a problem if an employee is on vacation or out sick and has files that others need. This also presents a hazard for losing important files as no central back up service is implemented in a P2P configuration. P2P networks are normally implemented in the home or very small companies that do not require much security [4].
A client-server configuration offers security, centralized management, stability, and shared access. A prime example of centralized security is implementing an Authentication, Authorization, and Accounting (AAA) service. This service controls who can access to the network, what they can access and when, as well as enforces policies while monitoring session statistics. This service alone is exponentially more secure than a P2P network. This service limits employee access to the areas of the network that they need access to [5]. For instance, the accountants probably don’t need access to the vice president’s personnel files that could contain personally identifiable information (PII). The client- server configuration also allows centralized management, which a P2P network does not. This helps the network administrator by having a single access point to all the workstations on the network. From here, the administrator can push security updates from one location instead of going to each individual workstation to perform updates. This service also means that all workstations on the network will have the same security standards unlike on a P2P network where it was up to each individual to perform updates manually.
The main disadvantage of a client-server configuration is cost. Additional hardware and software are required for this configuration. Servers, routers, patch panels, firewalls, network media (cabling), and a secure location are all needed for this implementation. A dedicated employee is also required to manage all the new devices and to monitor the network for issues and to support end users. There is also the issue of single point of failure in a client-server network. If the server or switch goes down, the network is essentially down. Therefore, redundancies should be used to mitigate the risk of the network being unavailable to both employees and customers alike [6].
Using a client-server configuration will also address other vulnerable areas of the current network. This new system will replace the old and outdated NETGEAR MR814 router and the Motorola SB3100 modem. A quick Internet search shows that both the router and the modem are at their “End of Service Life” [7]. This means that there is no longer any manufacturer support by the way of software and firmware updates leaving the devices extremely vulnerable. Without these critical updates, attackers basically have the key to the network because device vulnerabilities are regularly published on the Internet for all to see and take advantage of. Periodic software and firmware patches from the manufacturer help protect against known vulnerabilities with their products.
This configuration will also help set up the network to host the new company website in a secure manner. The additional hardware that will be implemented will allow the creation of a Demilitarized Zone (DMZ) on the network. This will allow the Internet-facing web server to be on the company network but not allow access to the company’s internal files. This means that the website hosted on the web server will be accessible from the Internet by customers but they will not have access to the company’s internal network [8]. The DMZ can be created by directly connecting the web server to the firewall and setting up rules and policies for that device. This essentially puts the web server in its own network with very limited traffic running through it. Below is a basic block diagram of a DMZ showing the company LAN physically and logically separate from the web server located in the DMZ.
Basic DMZ block diagram [9]
The final vulnerability addressed is the use of personal devices on the company network. It is known that the owner uses his personal iPad at work, but it is not known if other employees connect their personal devices as well. This presents security issues of employees having potential sensitive information on their personal devices. This goes back to the P2P vulnerability of not all workstations having the same security policies implemented on each device. It is now up to the employee to ensure their devices are both physically and logically protected, which is not best practice. This allows a potentially infected phone or tablet to connect to the network without any authentication or security and could infect the company network with malware and security breaches [10]. If a device is lost or stolen, sensitive or proprietary company files are now compromised as well.
To help mitigate this risk, Bring Your Own Device (BYOD) policies should be put in place that clearly define what types of devices can connect and when. One solution is to implement a Mobile Device Management (MDM) system for all employees. Implementing a MDM system allows the network administrator to manage and secure employee’s various devices. This system ensures that security policies are followed as well as optimize functionality. The administrator can now push required security updates to each device furthermore securing the network. MDM also protects against lost and stolen devices with remote wipe capabilities. With MDM, an employee can report a lost or stolen device and the administrator can log in and remotely erase all data on the device before it gets in the wrong hands [11]. This is especially important if sensitive or proprietary information is being handled.
Without addressing the vulnerabilities brought forward, it is only a matter of time before the network will be rendered useless, or worse, sensitive information leaked. This can severely hurt a business and potentially send them under. Customers will not trust a company that cannot guarantee their information is secure from malicious attackers.
References:
[1]"What is a Network Vulnerability Assessment? - Definition from Techopedia", Techopedia.com, 2016. [Online]. Available: https://www.techopedia.com/definition/29831/network-vulnerability-assessment. [Accessed: 8- Sep- 2016].
[2]"Wireless Attacks and Their Types", ExamCollection, 2016. [Online]. Available: http://www.examcollection.com/certification-training/security-plus-wireless-attacks-and-their-types.html. [Accessed: 8- Sep- 2016].
[3]"Wireless vs. wired security: Wireless network security best practices", SearchSecurity, 2016. [Online]. Available: http://searchsecurity.techtarget.com/answer/Wireless-vs-wired-security-Wireless-network-security-best-practices. [Accessed: 8- Sep- 2016].
[4]"Understanding the differences between client/server and peer-to-peer networks - TechRepublic", TechRepublic, 2016. [Online]. Available: http://www.techrepublic.com/article/understanding-the-differences-between-client-server-and-peer-to-peer-networks/. [Accessed: 9- Sep- 2016].
[5]"Network Authentication, Authorization, and Accounting: Part One - The Internet Protocol Journal - Volume 10, No. 1", Cisco, 2016. [Online]. Available: http://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-35/101-aaa-part1.html. [Accessed: 9- Sep- 2016].
[6]"Client Server Network : Advantages and Disadvantages ~ I Answer 4 U", Ianswer4u.com, 2016. [Online]. Available: http://www.ianswer4u.com/2011/05/client-server-network-advantages-and.html#axzz4Jyh6APNI. [Accessed: 9- Sep- 2016].
[7]"MR814v1 | Product | Support | NETGEAR", Netgear.com, 2016. [Online]. Available: https://www.netgear.com/support/product/MR814v1.aspx?cid=wmt_netgear_organic. [Accessed: 9- Sep- 2016].
[8]E. Dart, L. Rotman, B. Tierney, M. Hester and J. Zurawski, "The Science DMZ: A Network Design Pattern for Data-Intensive Science", Scientific Programming, vol. 22, no. 2, pp. 173-185, 2014.
[9]I.stack.imgur.com, 2016. [Online]. Available: http://i.stack.imgur.com/aFNLH.jpg. [Accessed: 10- Sep- 2016].
[10]"BYOD: data protection and information security issues", ComputerWeekly, 2016. [Online]. Available: http://www.computerweekly.com/opinion/BYOD-data-protection-and-information-security-issues. [Accessed: 11- Sep- 2016].
[11]"The Best Mobile Device Management (MDM) Solutions of 2016", PCMAG, 2016. [Online]. Available: http://www.pcmag.com/article/342695/the-best-mobile-device-management-mdm-software-of-2016. [Accessed: 11- Sep- 2016].
Attachments: