Network architecture of the company consider as a blue print of a online network to support and provide technological framework, design and building a communication network to deal with online transaction, order processing, delivery scheduling etc. This architecture has a different layer and principle which divides the communication part in to many stages. Each stages task divided into several sub tusks which communicates with some defined ways. There are benefits of layering which allows part of communication to design and test and implement. The company has to implement and go through all the stages to create a network diagram for the efficient business activity.
Network diagram: [1]
A network diagram consist of several type of networking components and connection such as Ethernet, ring network straight bus connection etc. and the components are server, cable, super computer, printer scanner etc. diagrams and peripherals are given below :
A network diagram
Network Server:
Online server is the allocated in a central computer where the components of a network are connected through out communication technology. The server computer connects the other computers, printers, scanner, Internet etc.
This central server will connect other servers of the company such as File server, web server, FTP server, Printer server, Email server.
Web server: [1,2]
Web server is a program which delivers content, such as web pages and files using the HTP over the WWW service.Web server can also refer to the computer virtual machine operate the program. In fact within commercial business activities, a web server computer could be rack-mounted with other servers to operate a web farm.The company required a web server to operate websites and e-commerce. The function of a web server is to deliver web pages to the end user. That means delivery of HTML documents that may be included by a document such as images, etc. A client, initiates communication by making a request to a specific resource through HTTP and then the server responds with the content of that resource or an error message if it is unable to do so. The resource typically a real file to the server's storage device.
A web server
The webserver will initiate this following steps to the clients application server:
1. The client's browser divides the URL in to a number of separate parts including address, different path name and protocols.
2. A Domain Name Server will translate the domain name the client has entered in to its won IP address; a numeric combination of that address represents the web site's true address over the Internet.
3. Then the browser will determine which protocol will have to be used. Such as,, protocols include FTP or File Transfer Protocol, and HTTP, or Hypertext Transfer Protocol.
4. The server will sends a get request to the web server to send the address it has given. For example: when a user will type http://www.webgoogle.com.jpg1, the browser will send a get 1.jpg command to the above address and will wait for a prompt response. The server now responds to the web browser's initiate requests. It will be verified that the given address exists or not, finds the necessary files and information, which will runs on the appropriate scripts, and exchanges cookies if necessary for the web browser, and returns the results back to the web browser. If it cannot locate the file the server it will sends an error message to the client application.
5. The browser will translates the data it has given in to HTML and will displays the results to the client server.
This process is repeated until the client browser leaves the site.
File server:
File server will have to implement to the network where the entire file will be stored, users could have access the system and files through server. A password protection system will be implemented to authorized access of the server. This server could connect through bridge and hub within the systems or computers.
FTP Server:
The FTP server will have to install to the server to transfer files from one location to another location. This FTP server could be connected through Local Aria Network system within the company.
Database Server:
The company must have a database to record internal transaction, order processing and business analysis. There are many different type of database server Such as: Flat file, Relational, Object oriented database server. The most popular among them are relational database server. Each record of the transaction by the company will be stored on the server and the server could be access from the different geographical location with authorization protection.
A database server
Application server:
An application server is a software framework which dedicated to the efficient execution of procedures and programs to support the construction of any applications to the user. The term is originally use where the server runs SQL framework service. An application server acts as a set of components accessible to the software developer with an api defined by the platform. For web application thise components are normaly performed in the same machine where the web server is runes, and their job is to support the construction of dynamic pages to the company
Printer Server:
A printer server is a device that is connected to one or more then one printer to users PC over a network environment and can accept print output from the computers and send the jobs to the allocated printers within an organization. The retile company requires to create a print server to carry out print activities in different location within the organization.
Real-time communication server:
Real Time communication server developed for streaming audio, video and data over the WWW b through a multimedia player and a server. The retail company requir this server to use audio vedio strimix over the net to promote the product and services through out Internet
Wide Area Network:
The server will be connected with Wide Area Network to broadcast business application with Internet. WAN connects network server with local area network, metropolitan, regional and national network interface. Used to connect LAN and all other server within the organization through Hub and router.
Security:
The company must have a security policy in order to secure the network infrastructure to prevent unauthorized access. This could be done by installing firewall on the server and network component. Firewall will protect data from the users of the other network unless it's authorized.
The system accessibility:
Installing this severs and network will create an efficient environment to the organization to processing, handling e commerce, selling, online order processing, applications operating, file storing and document processing and transferring. The security measure will ensure the network architecture to deal with smooth business activities.
Task-3
Foot print of an organization:
The initial stage to calculate foot print of an online retile company by using NMAP, we have to go to the following site www.nmap.org. Then the software has to download and install to the computer. The software will allow the target site to enter to the software and calculate the footprint of the following website. The software will scan various aspect of the website such as which ports are open and unsecured.
I have done the footprint of the site www.mastergroup-bd.com.
The footprint of the site is given below:
Starting Nmap 5.35DC1 ( http://nmap.org ) at 2010-08-22 10:37 Central Asia Standard Time
NSE: Loaded 49 scripts for scanning.
Initiating Ping Scan at 10:37
Scanning www.mastergroup-bd.com (69.73.147.15) [4 ports]
Completed Ping Scan at 10:37, 0.41s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:37
Completed Parallel DNS resolution of 1 host. at 10:37, 0.63s elapsed
Initiating SYN Stealth Scan at 10:37
Scanning www.mastergroup-bd.com (69.73.147.15) [65535 ports]
Discovered open port 21/tcp on 69.73.147.15
Discovered open port 995/tcp on 69.73.147.15
Discovered open port 110/tcp on 69.73.147.15
Discovered open port 143/tcp on 69.73.147.15
Discovered open port 80/tcp on 69.73.147.15
Discovered open port 8080/tcp on 69.73.147.15
Discovered open port 22/tcp on 69.73.147.15
Discovered open port 53/tcp on 69.73.147.15
Discovered open port 3306/tcp on 69.73.147.15
Discovered open port 443/tcp on 69.73.147.15
Discovered open port 993/tcp on 69.73.147.15
Discovered open port 2096/tcp on 69.73.147.15
SYN Stealth Scan Timing: About 3.72% done; ETC: 10:51 (0:13:22 remaining)
Discovered open port 2077/tcp on 69.73.147.15
SYN Stealth Scan Timing: About 7.86% done; ETC: 10:52 (0:14:16 remaining)
SYN Stealth Scan Timing: About 9.75% done; ETC: 10:54 (0:15:54 remaining)
SYN Stealth Scan Timing: About 12.34% done; ETC: 10:56 (0:16:49 remaining)
SYN Stealth Scan Timing: About 15.10% done; ETC: 10:58 (0:17:48 remaining)
Discovered open port 81/tcp on 69.73.147.15
SYN Stealth Scan Timing: About 18.78% done; ETC: 10:57 (0:16:43 remaining)
SYN Stealth Scan Timing: About 21.96% done; ETC: 10:57 (0:15:31 remaining)
Discovered open port 7978/tcp on 69.73.147.15
Discovered open port 82/tcp on 69.73.147.15
SYN Stealth Scan Timing: About 27.35% done; ETC: 10:57 (0:14:31 remaining)
Expected outcome:
The footprint will enable me that which port are open of the sire. The detail host of the website , topology of the website. The IP address FTp address, http-proxy the site may use snmp, smtp, sslh, mysql server etc information could be achieved by the footprint.
The footprint screens shoot.
A hacker or an authorized user could easily gin this information through the footprint of an organization unless the proper method is taken to secure the network environment of the site
Task- 4
An online retailer company has to deal with various threats to its components, information system and network. The threats, attack, prevention and security policy has been given below:
Common password policy to the organisation
Password policies includes an advice on proper password management system for the better security to deal with such as:
Not to share a computer account with others.
Not to use the same password for more than one account or user.
Never tell a password to any people which including people who claim to be from customer service.
Do not write down a password in an unsecured envirenment.
Do not communicating a password over telephone, e-mail to anyone
Must be careful to log off before leaving a computer.
changing passwords often
operating system passwords and application passwords must be in different from each other
password should have to be alpha-numeric latters
make password random but easy to remember
Reason for these policies:
This password policy will make this work environment and network architecture more secured and accessible to the user this password policy might cope up to deal with this following threat to the organization:
Type of threat:
Physical security: it is essential to create a secure user environment to the computers, software, back up media networking system etc. there are various type of security threat in this arena of physical security which described bellow:
Physical theft:
Any kind of theft activity might produce loss to the company such as stealing computers, important business data, personal information's etc by the theft. Implementing card reader, badge reader, guard, and alarm system could prevent the situation
Physical damaged:
Vandalism, theft, abuse to the component will lead to the physical damage, installing camera, alarm system. Implementing rack and lock system for equipments could prevent access to the system and network device.
Service disruption:
An attacker could enter to the premises and create damage to the IT resources. An attacker could perform an attack through indirect mean such a cutting the electrical wire, telephone line, services network etc. this threat could stop business operations there for it is important to implement network system with ducts, telephone cable and networking and other complicated support system.
Unauthorized access to the system:
Security officer must ensure to prevent the passive threat of the organization which is unauthorized access of the information such as access of information which is not stored on the IT department.
Employee:
People consider as a weakest link to information security. Such as one single information leak b an employee could lead to the total disaster to the company's securities defense.
Social engineering attack:
It consider as a passive threat to exploiting organization employee with misleading conversation by an attacker.
Email attachment:
Malicious code could send through out the mail system which could compile and generate new code itself. So proper measure could not be taken a company's security could be in danger during email correspondence.
Password policy:
Password at minimum must be eight character long.
Password must contains combination of letter and number.
Example: 0174572 and shansharif is not a valid input of password instead 017shansharif572 might be a good choose.
Password would not except the input of user ID address
Password must have to change within 60 days of period.
Justification of this policy:
Password at minimum must be six characters long. Because the smaller password is easy to break. A hacker could easily breakdown the password in order to gain access of the system.
Password must contains combination of letter and number unless it is easy to break in. such 0174572 and shansharif is not a valid input of password instead 017shansharif572 might be a good choose, and is the better option to create a password for the system.
Password would not accept the input of user ID address. The reason is it is unsafe to use user information a hacker or unauthorized always will try first the user id address to get in to the system.
Password must have to change within 60 days of period. It is essential to change this password frequently because it secures the security environment.
Password duration
Users of the organisation must change passwords periodically, e.g. every 90 days. the user have to come up with many passwords because they will have to change them often, they should not end up using much weaker passwords
Security policy
Physical security facilities:
Server room access must be approved by the head of the administration department:
-All the business information, critical server function and networking system are stored in a server room this is the reason it is very importer to control who may enter the server room and only authorized and responsible person should allow to enter to the server room.
-All the server must be store in a room which is protected from access from general employee.
-Only who is responsible with business transaction for particular reason could enter the room with the permission of seniors IT officer and administration department.
All other visitors must accompany with responsible officer with the permission of admin department and IT manager.
Server room must be lock always
User ID policy:
User ID must not be shared with other staff employee of person - One ID for each individual employee.
If it is necessary to change user ID, a request letter has to be submitted to the admin department
The admin department will decide weather to issue a new ID or will provide modification to the existing ID.
Each user ID must log on 10 times during 90 days of period.
If the ID is log in less then 10 time during90 days the ID will be disabled.
If the user ID is disabled more then 60 days the ID will be deleted automatically with out notice.
IF an employee requires access of disable ID must submit a letter with the permission of managing department and have to submit the letter to the administrator.
After receiving the permission letter the ID will be regenerate within 3 working days.
If an employee wishes to leave the profession must inform to the administration to delete his/ her ID.
Access control:
User requires permission before enter to the operating system data would not be transacted unless permission is granted.
Only employee would be able to change and modified system file. General user will not have access to the system file.
Data owner will be responsible to their won individual operating file whole employee will be responsible to the operating system file
Task -5
It is important to make a connection secure in terms of business email correspondence otherwise it's a regular case of data stolen by unwanted user or break in a network solution to get the valuable information by hackers. However it is possible to make this connection secure which is recommended to the company and described bellow: [1]
Digital signature:
The users can communicate through PGP system PGP system supports both authentication of the messages and integrity checking which detect a message has been altered or not since it has been completed. And it also checks the person's status of the sender. An email sender use RSA or DSA signature which consist of hash and plaintext to create a digital certification of the email message.
How Digital Signature Works.
A digital signature scheme consists of three algorithms those are given below:
A key generating algorithm that selects a private key with random instant from a set of possible private keys. The algorithm outputs to those private key and a corresponding key which send by the public.
A signing algorithm which given a message and a private key will produces a digital signature.
A signature verifying algorithm will be given through a message , public key and a signature either these accepts or rejects the message's claim to authenticity.
To ensure efficient correspondance two main properties are required by through the signetures. First; a signature generated by a fixed authentic message and fixed private key will verify the authenticity of that message through using the correspondance key. Secondly, it must be complex to generate a valid signature tp a party who does not possess the private key.
Session encryption:
With this process a SMTP connection relays on encryption which take place in between SMTP relay but the operation doesn't take place between sender and receiver of the email. SMTP connection stops being sniped during message transmission to the both side
PGP is the feature to support encryption system through algorithm
Solution for the user:
The email sending environment could be easily secured by the digital signeture because its easy to emliment and not required any aditional software to install and to pay any vandors high amount for the securing software.
Bibliography
