In one department, number of executive (head) computers may be around 10. The others are staff's. In each one, there will be around four servers namely, file servers, Communication Servers, Application Servers and Printing and Fax Server. The print server is connected with Multi-function Device that can print, scan, copying and others. The PCs and these servers are joined with gigabit cable. So, the switch will be Gigabit Switch. Otherwise, the internet connection will flow Wi-Fi. The NIC (network interface card) used in PCs is Wireless NICs. Therefore, the data transfer will be faster and there will be no cable complex. These four servers are managed by the Sub Main-Frame. Each department has four servers and one sub-mainframe. As there are ten departments, the number of sub-mainframes will be ten and the servers will be about forty. All the sub mainframes are directed with Main Frame that located in the center of the Diagram.
It is directly connected with the fiber optic backbone with the Main Frame. So, however the connection between the departments and Sub-Mainframe is, the connection of the Head will not be loose.
The ways of internet connection are ADSL (Asymmetric Digital Subscriber Line) and WiMax (World Wide Interoperability for Microwave Access). The two connections are balanced with Load Balancing Router. So, the connection will be balanced however the signal strength of one of these may be down.
Task 1
Task 1
Task One is about the equipment and parts that are very important in Computer and Network Security.
1.1 Access Control
Access Control is managing all the access to the network, devices, and important files of the Operating System. Access control is one of the most important in a System. The access control can repair the applications, files and all the resources of the system. It consists of Authentication, authorization and others.
The meaning of access control has been used to describe a variety of protection schemes. Sometimes it refer to all security features and used to prevent unauthorized access to a computer system or network. In this case, it may be confused with authentication.
(Ref: Fundamental Principles of Network Security and ISM Identity and access management)
1.2 User Authentication
An authentication is a feature concerned with Security to control the access to the whole network.
The most common authentication method is to control something that only the one who have the access, the valid user, should know. The most frequently used example of this is the common user id (or username) and password.
Another way to control authentication includes the use of something that only the users who have the access should have in their places. The most distinct of this way would be a simple lock and key. Only those individuals with the correct key will be able to open the lock.
(Ref: 20 Practical Tips on Authentication and Management )
1.3 Firewalls
A firewall is a hardware device or may be a software program. The function of firewall is to inspect the access going into or out of a network. There is also definition: A firewall is a program or hardware device that covered and protects the resources of a private or non-authoritative network from local or others.
There are two types of Firewalls: Hardware and Software firewall.
Hardware firewalls are used in the perimeter of the network. It uses a way of packet filtering. It scans the first packet of the series to seek the source and extension address. The information is checked with the pre-defined rules of the firewall, so the packet will be allowed or not.
Some Example of Hardware firewalls are listed below.
Software firewall is meant with "Filter". It is the filter between the simple applications and the network components of the Operating System. It consist the part of the whole network. It also analyzes the accesses with the rules of the program. Some firewalls are Window Firewall, Norton Firewall, and Panda Personal Firewall etc……………..
(Ref: CEHv6 Module 60 Firewall Technologies)
1.4 Virus Protection
Nowadays, we use a lot of networks like Internet, LAN (Local Area Network), WAN (Wide Area Network) etc. From this ways, virus can enter and damage our system. There are other malicious ones like worms, Trojans, malwares, rootkits and hoax virus. They can effect on the system and networks.
To protect the virus and other malicious ones, we have to use Antivirus (e.g.Kaspersky Antivirus, Avira Security Suite etc.). There are also ways to protect.
(Ref: Trojan White PaperAelphaeis Mangarae [Igniteds.NET] )
1.5 Accessing the Internet
Traditionally, computers plug directly into the internet over a LAN, WAN or leased circuit. In addition to the computer itself, such setups often require network routers and gateways. Needless to say, these can add up to a lot of money. As a result, direct internet connections are primarily only within the reach of organizations with high traffic needs.
An alternative for home users is to dial-up into a remote computer system that is directly connected to the internet. The user will need to be able to login to the remote system. Some Internet Service Providers limit the access of such users to a menu system while others allow shell access (like the MS-DOS command line on PCs) for users to roam around.
(Ref: Effective Teaching with Internet Technologies Pedagogy and Practice)
Task 2
Microsoft Outlook Express Email Account Configuration
Step-1
Task 3
Produce a Security Review report which details the specific threats to network security for ALL of the topics identified in Task 1, namely Access control, User Authentication, Firewalls, Virus Protection and Accessing the Internet, along with your proposed solutions aimed at reducing the risks associated with each threat.
ACCESS CONTROL
The access control is to control and manage user rights. For example, control access to users who install the programs into the computer, but if not, who can change the IP and who is not, who can enable or disable the computer parts and who does not open then who can, or write Check the files, but who is not. Thus, the access control to restrict the rights of users on computers. Therefore, access control means that it restricts the activities of users on computers. It has built-in access control accounts in operating system, especially in Microsoft products like Windows XP, 2000, Vista and 7 They have different user accounts and their assets. The table below shows the type of account and the asset class. For a typical user account, the table for Windows Server 2003 user accounts created.
Group
Rights
Administrators
Has complete control over the computer and domain
Account Operators
Can administer user and group accounts for the local domain
Backup Operators
Can back up and restore files that users normally cannot assess
Guests
Is permitted guest assess to domain resources
Print Operators
Can add, delete, and ,manage domain printers
Server Operators
Can administer domain server
Users
Has default access rights that ordinary users accounts have
Source: Guide to Networking Essential 5th edition by Greg Tomsho, Ed Tittel and David Johnson.
User Accounts and Their Rights
In typical Windows operating system, there are known three accounts as Administrator, Guest and standard accounts. By setting the users of the network of account types according to the extent it can change the default setting to prevent the network or operating system. It is the simplest and easiest way to access control.
Listen
Read phonetically
Administrator Account
The Administrator account is important to the entire network. The Administrator account should have a secure password and it is carefully guarded still important. The Administrator account can not be blocked or deleted, but it can be disabled or renamed. Renaming the Administrator account, so that when people access to the computer, they are frustrated when they recommended to use administrator as user name. Disable the Administrator account is not recommended, because if you forget the password to your personal account or your personal account is disabled or locked, you log on to the system using the administrator account to solve the problem with your personal account to.
Before you begin to create accounts, you have some decisions network administration:
• User name - What kind of naming convention for user login name should be used? How many characters are they going to do? If the username of the user based real name is, or should the administrator created, so it is hard to guess? Remember to try a person needs to break into the system is both a user name and password. If the user is hard to guess, breaking in is difficult.
• Passwords - Users should be able to change their passwords? How often should passwords be changed? How many characters should contain the password? How often should the user be able to reuse passwords? If unsuccessful attempts to log on to a lead account lockouts.
• Logon hours - if user logs on during certain times of day may be limited or only on certain days?
• Auditing - If (for example, log, log, access object and policy changes) User action to follow? To what degree?
• Security - Are all accounts required to use a secure network protocol such as IPSec, if the connection to the network be?
Not good report style and presentationAuthentication
Authentication and authorization are security features that allow administrators to control who has access to the network (authentication) and what the user after they allow on to the network (authorization) logged on. Network Oss includes tools that administrators a range of options and restrictions on how and when users can log on to the network can provide. There are options for password complexity requirements, registration times, registration locations, and remote applications, among others. After a user is to determine access to the file system controls and user permission settings, which a user can access a network and can perform what actions a user (such as shutting down a system) are logged on the network.
Firewall
fication Header (AH) traffic
• UDP port 500 (0x1F4) for Internet Key Exchange (IKE) negotiation traffic
Most packet filtering software allows you to be more accurate. Can she separate packet filter for inbound traffic (input filter), interface for outbound traffic (output filter), and for each. In addition, she Additional Can, IP addresses for cavity IPSec computers on the perimeter network. The Restrictive exchanged packet filter for IPSec traffic with a single IPSec computer on the perimeter network are described in the following sections. (0x1F4) for Internet Key Exchange (IKE) negotiation traffic
Most packet filtering software that allows you to be more precise. You can separate packet filter for inbound traffic (input filter), for outbound traffic (output filter), and for each interface. In addition, you can specify IP addresses for the IPSec computer on the perimeter network. The packet filters are restrictive for IPSec traffic with a single IPSec computer on the perimeter network exchanged as described in the following sections.
Filters on the Internet interface
Configure the following input packet filters on the Internet interface of the firewall to allow the specific types of traffic:
Destination IP address of the IPSec computer's perimeter network interface and UDP destination port of 500 (0x1F4)
This filter allows IKE traffic to be sent to the IPSec computer on the perimeter network.
Destination IP address of the IPSec computer's perimeter network interface and IP Protocol ID of 50 (0x32)
This filter allows IPSec ESP traffic to be sent to the IPSec computer on the perimeter network.
Destination IP address of the IPSec computer's perimeter network interface and IP Protocol ID of 51 (0x33)
This filter allows IPSec AH traffic to be sent to the IPSec computer on the perimeter network.
Configure the following output packet filters on the Internet interface of the firewall to allow the specific types of traffic:
Source IP address of the IPSec computer's perimeter network interface and UDP source port of 500 (0x1F4)
This filter allows IKE traffic to be sent from the IPSec computer on the perimeter network.
Source IP address of the IPSec computer's perimeter network interface and IP Protocol ID of 50 (0x32)
This filter allows IPSec ESP traffic to be sent from the IPSec computer on the perimeter network.
Source IP address of the IPSec computer's perimeter network interface and IP Protocol ID of 51 (0x33)
This filter allows IPSec AH traffic to be sent from the IPSec computer on the perimeter network.
Listen
Read phonetically
Protected traffic (using AH vs. ESP)
When deciding whether to use AH or ESP to protect your IP traffic, consider the following:
AH provides both data authentication and integrity services through the computation and inclusion of a keyed hash for each packet. With AH, the hash calculation includes the entire IP packet and header. Some fields that are allowed to change in transit are excluded. Packet replay services are provided through the inclusion of a sequence number for each packet.
ESP provides data authentication and integrity services through the computation and inclusion of a keyed hash for each packet. With ESP, the hash calculation only includes the ESP header, trailer, and payload. The IP header is not protected with the hash. ESP provides data confidentiality services by encrypting the ESP payload with the DES (Data Encryption Standard) or 3DES (triple DES) encryption algorithms. Packet replay services are provided through the inclusion of a sequence number for each packet.
It is easier to calculate and verify the hash for each packet than it is to encrypt and decrypt each packet. If performance is a consideration, you can use AH to protect most of your traffic. When confidentiality is required, you can use ESP instead. For example, you can use AH to protect traffic on your intranet and ESP for traffic that is sent over the Internet.
This performance consideration assumes that you are not using IPSec offload network adapters in your organization. Offload network adapters perform cryptographic calculations, such as the calculation and verification of the hash and the encryption and decryption services, on the adapter itself, enhancing performance for IPSec-protected traffic.
Unprotected traffic (using the default response rule)
You can easily implement an IPSec deployment scenario that secures traffic to a specific set of servers, as follows:
Place the servers in an organizational unit and assign an IPSec policy to a Group Policy object of that organizational unit with a rule that requires secured traffic between the servers and any other computer. Within the filter action for the rule, enable the secure servers to accept unsecured communication but always respond using IPSec.
Place the client computers in an organizational unit and assign an IPSec policy to a Group Policy object of that organizational unit that uses only the default response rule. For more information, see Rules.
A consequence of using the default response rule is that the client computer can send unsecured data to a secured server after the quick mode SA and dynamic filter have timed out. Client computers rely on the computer with which they are communicating to initiate secure communications. This reliance occurs both when communication is initiated and when it is resumed after a delay that is sufficient to time out a previously established quick mode SA and dynamic filter. To prevent client computers from sending unsecured data to secure servers, you must configure your client computer IPSec policy with additional rules that initiate secured communications to secure servers.
3.4 Virus Protection
Virus which can get into your computer in many forms such as sperm, Trojan and many others is protected by antivirus (anti mean opposite) program. Thus what does antivirus do? Antivirus program scans the computer hard disk to search the virus. But before you search your computer with antivirus program, you should firstly update the your antivirus program definition or signature to ensure to get the threats in the computer which are released by latest model.
For Philadelphia Inc, Norton Internet Security will be used. Norton is one of the most famous and trusted program in the world. Moreover, Norton can catch the latest virus in a short time. Thus, to prevent the data in Inc, the most trusted antivirus program, Norton Internet Security, will be used.
About Norton Internet Security 2010
The Norton Internet Security can proof its security by various awards that it got during 2008. The Norton Internet Security contains all antivirus things and other essential things that need for internet users. Therefore, although the Norton Antivirus and Norton Internet Security are produced by the same cooperation, Symantec, the Norton Internet Security is more suitable for users who have internet and network access as it contains full protection of internet and network.
Features of Norton Internet Security 2009
In Norton Internet Security, the key technologies are really the needs of customers. It can fulfill the customer's needs and desire. The key technologies are
Antivirus Spyware protection,
Two-way firewall,
Identity protection,
Antphishing
Network security
Botnet protection
Rootkit detection
Browser protection
Internet worm protection
Intrusion prevention
OS and application protection
Web site authentication
Pulse updates
Nortonâ„¢ Insight
SONARâ„¢ behavioral protection
Antispam
In Norton Internet Security 2010, the features that won over the other programs are uncountable. Among these, the first one is engineered for Speed. The Norton Internet Security scan all hard disk and network in a minute and catch the virus to maximum amount as it uses the Norton TM Technology of Intelligence-driven. The second one is that it is really to download updates in a minute and downloads will do automatically for 5-16 minutes so that the most popular virus and antispam and other vulnerability cannot be accessed. The next one is securing network, spam blocking and parental control so that the Norton Internet Security has no security hole. Another famous feature is SONAR (Symantec Online Network Advanced Response) which can detects threats and proactively found unknown security risk on your computer. It can detect virus and other malicious things in a second. When the threats or others are found the warning message appears in the left corner of the computer screen as below.
Fig 3.3.3 SONER Warning Message
Therefore, no sooner did you use removable disk, you do not need to scan manually. Norton will scan automatically and will show the warning message to know user the security risk had been removed. Another feature is that computer system performance can be checked by clicking "Flip Screen" on the Norton interface so the interface will flip to show the computer performance graph as shown in figures.
Fig 3.3.5 Norton System Performance Interface
Fig 3.3.4 Show Norton Startup Interface
Fig 3.3.4 Norton System Performance InterfaceAnother feature is Norton Insight - Application Ratings. From help file of the Norton Internet Security, Norton wrote about the Application Ratings as below. The Norton Insight - Application Ratings feature allows the smart scanning of files on your computer. It improves the performance of Norton Internet Security scans by letting you scan fewer files without compromising the security of your computer.
A Norton Internet Security Scan can identify threats on your computer by following ways:
The Blacklist technique
At regular intervals, Norton Internet Security obtains definition updates from Symantec. These updates contain signatures of known threats. Each time when Norton Internet Security obtains the definition updates, it performs a scan of all of the files that are available on your computer. It compares the signature of the files against the known threat signatures to identify threats on your computer.
The Whitelist technique
Norton Internet Security obtains specific information about the Files of Interest and submits the information to Symantec during idle time. The information includes such things as file name, file size, and hash key. Symantec analyzes the information of each File of Interest and its unique hash value and provides a trust level to the file. The Symantec server stores the hash value and trust level details of the Files of Interest. The server provides the details immediately after you open the Norton Insight - Application Ratings window. Even the slightest modification of the file causes a change in the hash value and the trust level of the file. Typically, most Files of Interest belong to the operating system or known applications, and they never change. These files do not require repeated scanning or monitoring. For example, Excel.exe is a file that never changes but you always scan it during a normal security scan.
Source: From Norton Internet Security 2010 Help - About Application Ratings
Network application interface rating
Fig 3.3.6 Norton Application Ratings
In Norton Internet Security firewall, it provides intelligent network and other important things to scope the needs of users. As Norton has the famous name and have a strong production network, and other needed and available for home users or business level users. Therefore, the more certain famous Inc's network, and be reliable Norton Internet Security 2010 needs to be selected. The following figure shows network setting.
Network setting of internet security
Listen
Read phonetically
3.5 Accessing the Internet
The Internet has become increasingly more popular in recent years. This is no surprise given the amount of attention it is of newspapers, magazines and books. Many people are eagerly trying to join the Internet community.
There are three basic levels of access to the Internet.
1. Only mail: This you can only send and receive e-mail to / from other users via the Internet. Through special e-mail gateway, you can make use of Archie, FTP, Gopher, World Wide Web (WWW) and posibly other Internet services. These gateways, however, are text-based and non-interactive and can be quite cumbersome to use.
2. Shell account: Here you can login to another remote computer system, which is itself connected to the Internet. Normally programs are running on the remote system to access Internet services to win. Because you choose-up of a terminal-emulation software in general, you are limited to text-mode programs only. This means that, for example, you can only use a text based web browser to explore the WWW.
3. Direct connection: this is the ultimate form of Internet connection where your computer system is itself directly on the Internet. He speaks the language of the Internet (TCP / IP). All access to Internet services via programs that run on your own computer system.
Traditionally, computer plug directly into the Internet over a LAN, WAN or leased line. Besides the computer itself, how often setups require network routers and gateways. Needless to say, this can take up to a lot of money. As a result, direct Internet connections in the first place has only within the reach of organizations with high traffic.
An alternative for home users is to build on a remote computer system, which is directly connected to the Internet dial. The user must be able to log on to the remote system. Some Internet service providers to access this user a menu system, while others allow shell access (such as MS-DOS command line on a PC) for users running around.
While we are only 3 basic levels of Internet access've mentioned, there is another mode of Internet access to speak of. Many commercial online services to add Internet-related functions, their existing services. This includes CompuServe and America Online. Singapore offers Teleview a facility to Internet services from a menu front-end on a UNIX-based Internet host access. Sometimes this value-added services are very similar to a shell account.
Reference: http://sunsite.nus.sg/pub/slip/access.html
Securing with Virtual private network (VPN) connections
With the Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP), which are automatically downloaded to your computer, you can safely installed on a network resource to connect to a remote access server via the Internet or other network . The use of private and public networks to create a network connection is called a virtual private network (VPN) .
Listen
Read phonetically
