Project Network Design Essay

The best interlock design to ensure the security of can Techs essential introduction while retaining public Web site availability consists of several layers of defense in order to cheer the stomachs information and provide accessibility to employees and the public. The private-public internet edge is considered particularly vulnerable to intrusions, because the net is a publicly accessible entanglement and falls under the management purview of multiple vane operators. For these reasons, the Internet is considered an untrusted net income. So be wireless LANs, which-without the proper security measures in place-can be hijacked from outside the corporation when radio signals penetrate interior walls and spill outdoors. The network infrastructure is the first line of defense in the midst of the Internet and public facing web hosts. Firewalls provide the first line of defense in network security infrastructures. They accomplish this by comparing corporate policies about user s network access rights to the connection tuition surrounding each access attempt.User policies and connection information must match up, or the firewall does non grant access to network resources this helps avert break-ins. Network firewalls keep communications between internal network segments in check so that internal employees cannot access network and data resources that corporate policy dictates are off-limits to them. By partitioning the corporate intranet with firewalls, departments within an organization are offered additional defenses against threats originating from other departments. In computer networks, a demilitarized z wizard (demilitarized zone) is a computer host or small network inserted as a neutral zone between a comp boths private network and the outside public network. It prevents outside users from getting direct access to a innkeeper that has company data. A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server a s well. Security is theheart of internetworking.The world has moved from an Internet of implicit trust to an Internet of distributive distrust. In network security, no big bucks can be trusted all packets must seduce that trust through a network devices ability to inspect and enforce policy. get in text (unencrypted data) serve represent a great weakness in networks. Clear text service transmit all information or packets, including user names and passwords, in unencrypted format. operate such as file transfer protocol (FTP), email, telnet and basic HTTP authentication all transmit communications in disentangle text. A hacker with a sniffer could easily capture user names and passwords from the network without anyones cognition and gain administrator access to the system. Clear text services should be avoided instead secure services that encrypt communications, such as Secure Shell (SSH) and Secure Socket Layer (SSL), should be used.The use of routers and switches forget all ow for network segmentation and help defend against sniffing Corporation Tech may want to set out their own web or email server that is accessible to Internet users without having to go to the expense and complexness of building a DMZ or other network for the sole purpose of hosting these services. At the very(prenominal) time they may want to host their own server instead of outsourcing to an ISP (Internet Service Provider) or hosting company. Corporation Tech can use NAT (Network Address Translation) to direct inbound traffic that matches pre-defined protocols to a particularised server on the internal or private LAN. This would allow Corporation Tech to claim a star fixed public IP track to the Internet and use private IP addresses for the web and email server on the LAN.Network Diagram and VulnerabilitiesNetwork infrastructure using Class C network address 192.168.1.0. The Main Servers using Virtual Machine software was configured with a static IP address of 192.168.50.1. This server controls DHCP, DNS and Active Directory. The Web Server is located outside the network in the DMZ. infixed network is configured on separate VLANs to separate department traffic and manage data access. Cisco Internal firewall was installed and configured to manage the internal network on the LAN. The Cisco firewall 2 utilise to manage remote traffic entering the LAN.This provides worksecurity to the network. Several ports have been identified as vulnerabilities in the Corporation Techs network that allowed information to be transferred via clear text and as such they have been unappealing. Additional ports that could be used for gaming, streaming and Peer to Peer have been blocked or closed in(p) to reduce unauthorized access to the network. All ports known to be used for malicious purposes have been closed as a matter of best practices. All standard ports that do not have specific applications requiring access have been closed. The ports listed below are standard p orts that have been blocked to minimize unauthorized packet transfer of clear textPort 21 FTPPort 23 -TelnetPort one hundred ten POP3Port 80 Basic HTTPHardening PracticesDevelop a baselineClose all tonic PortsRedirect traffic to secure ports example HTTPS (443) or higher Configure Firewall to allow or defy secure trafficInstall IDS and IPSReview monitor logs on the network and compare to baseline for any intrusions PoliciesDevelop and Implement network Acceptable User policy (AUP) which must be signed originally using the network Assign Permissions and RightsPassword Policy must be in place on all devices and enforceEnd Users must be trained about the different threats faced on the network Back Up must be done weekly and notify usersMaintain Bandwidth fastness and monitor peak hoursNetwork Security realignment done using Class C network address 192.168.1.0.The Servers was configured on network address 192.168.1.216 static and 192.168.1.218 for simplicity. DHCP, DNS and Active Directory were install and configured on one of the server. The second server was use for the Application. Both PCs were also configured on the comparable network address 192.168.1.0 for easy management on the switch. The switch was configured with 192.168.1.200 static IP address. Router network address was changed toavoid conflicting addresses and easy management. Cisco Internal firewall 1 was installed and configured to manage the internal network on the LAN. The Cisco firewall 2 implemented to manage remote traffic entering the LAN. This provides layered security to the network.ReferencesCisco. (n.d.). (Cicso) Retrieved 10 26, 2014, from Cisco ASA 5500-X Series Next-Generation Firewalls http//www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/index.html HP plump for instrument HP Support Center. (n.d.). Retrieved October 10, 2014, from http//h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?sp4ts.oid=412144&spf_p.tpst=kbDoc Display&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c02480766-2%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken HP Support document HP Support Center. (n.d.). Retrieved October 10, 2014, from http//h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?docId=bps53634&ac.admitted=1413144875821.876444892.199480143 Network Access Control. (n.d.). Retrieved 10 26, 2014, from Wikipedia http//en.wikipedia.org/wiki/Network_Access_Control Pascucci, M. (2013, direful 06). Security Management at the Speed of Business. Retrieved October 25, 2014, from algosec.com http//blog.algosec.com/2013/08/the-ideal-network-security-perimeter-design-part-1-of-3.html Vaughan-Nichols, S. (2013, January 30). How to fix the UPnP security holes ZDNet. Retrieved from http//www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584/ Wodrich, M. (2009, November 10). Vulnerability in Web Services on Devices (WSD) API Security Research & Defense Site Home TechNet Blogs. Retrieved from http//blogs.technet.com/b/srd/archive/2009/11/10/vulnerability-in-web-services-on-devices-wsd-api.aspx