Building a Secure Network
The architecture and build design of a secure network is a very intricate and detailed process. It requires a seasoned hand for the development and implementation of the network diagram. A network diagram is a graphical representation containing your backbone equipment, IP addresses, ISP, host machines, and peripherals. Mostly all network diagrams for SOHO networks are the same but may different depending upon the needs of the company. This context will describe and explain the design considerations that should go into building a secure network.
The first step in building secure network is creating the network topology. The topology is a physical and logical layout of the network. It is the DNA and basis of network design. A basic network will contain an Internet Service Provider (ISP) router, boundary router, firewall, switches, severs, and local hosts. The ISP is connected to the border router. The border router is the outside/inside router. The outside is public interface and the inside is the private interface. The boundary router is the first line of defense for traffic coming inside and going outside the network. The router must be configured properly to mitigate the vulnerabilities coming inside the network. The passwords for the router should be strong. Password should not be a common word. They should be alpha numeric with symbols and more than 8 characters. One must consider what ip’s are allowed to send and receive from the outside. IP tables are constructed within the router. These tables contain access lists which will filter the all traffic inbound and outbound outside in a network. Static routing with the router is a good practice it alleviates DDos attacks. Router interfaces not ...
... middle of paper ...
...acks. These systems have integrated within firewalls. Snot is free IDS that can be downloaded for free. Wireshark is a packet analyzer that to captures and displays the data packets. This tool helps users see a data packet and check it for tampering. It is used in conjunction with SNORT.
Building and Designing a network can long and tedious task. The time and development of security policies is a process that can equal the creation time of the network topology. The security implementations to secure the infrastructure must be based of best practices. Network administrators and users all must become a cohesive force in the protection of the network.
Works Cited
http://msdn.microsoft.com/en-us/library/ff648651.aspx http://www.sans.org/reading-room/whitepapers/bestprac/designing-secure-local-area-network-853 http://www.vicomsoft.com/learning-center/firewalls/
In order to protect the application servers from the internet, the most common un-trusted network, the proposal suggests a firewall to be installed between the internal network and external router. The firewall would be an Adaptive Security Appliance (ASA) firewall, "the ASA is not just a pure hardware firewall. In brief, the Cisco ASA is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. It provides proactive
The SIEM is a log management system where every network device, server or workstation will send their logs for storage, correlation and analysis. The analysis will provide alerts similar to the NIDS and HIDS. In addition, the log correlation could be used to help track where and when malicious activity has occurred and on what system(s) the activity was seen. The combination of the NIDS, HIDS and SIEM will provide a good array of detection for malicious users, software or unauthorized system access.
IDS is a device or software application that monitors a network for an unauthorised attack.
In 1980, James Anderson’s paper, Computer Security Threat Monitoring and Surveillance, bore the notion of intrusion detection. Through government funding and serious corporate interest allowed for intrusion detection systems(IDS) to develope into their current state. So what exactly is IDS? An IDS is used to detect malicious network traffic and computer usage through attack signatures. The IDS watches for attacks not only from incoming internet traffic but also for attacks that originate in the system. When a potential attack is detected the IDS logs the information and sends an alert to the console. How the alert is detected and handled at is dependent on the type of IDS in place. Through this paper we will discuss the different types of IDS and how they detect and handle the alerts, the difference between a passive and a reactive system and some general IDS intrusion invasion techniques.
The increasing use of NAT comes from a number of factors. The major factor is that there is a world shortage of IP addresses. As the Internet has grown, assigning perfectly good network addresses to private networks came to be seen as a waste. Under the Network Address Translation (NAT) standard, certain IP addresses were set aside for reuse by private networks. In addition to reducing the number of IPv4 addresses needed, NAT also provides a layer of obscurity for the private network, because all hosts outside of the private network observe communication through the one shared IP address. NAT is not the same thing as a firewall or a proxy server, but it does contribute to security. NAT also succeeds in the ease and flexibility of network administration. It can divide a large network into several smaller ones by exposing only one IP address to the outside, which means that computers can be added, removed, or have their addresses changed without impacting external networks. Other benefits include Protocol-level protection, Automatic client computer configuration control, and Packet level filtering and routing.
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
Although VPN is very popular in the market for networking technology, it may raise some concerns for IT managers. VPN requires an in-depth understanding of public network security issues and proper deployment precautions. The task of choosing and deploying a VPN solution is far from being simple and may require the training of workers in at least the basics...
Security for the network will be provided by a network based packet filtering firewall, proxy server and a Wi-Fi Protected Access 2 (WPA2) passphrase. I would also suggest not broadcasting the Service Set Identifier (SSID) and to set up the router to filter the Media Access Control (MAC) addresses so that devices that have their MAC addresses registered will be allowed access to the wireless network (Dean, 2013, p. 357). I would restrict access to the proxy, file and print servers by locking them in a secure climate controlled closet. Access would be controlled by a key card that would be held by the network administrator.
Although Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) have been grouped together here (IDPS), there are distinctions between them. On the most basic level, both will monitor the network...
ABSTRACT : This paper describes the basic threats to the network security and the basic issues of interest in designing a secure network. it describes the important aspects of network security. A secure network is one which is free of unauthorized entries and hackers. INTRODUCTION
Introduction: This is a 21th century, technology is the most important and improved thing of the human life. It makes life easier and faster. Development of faster sophisticated technology we have better and fast life. So all we are connect each other by computer network. There are two different way of network: Wired and wireless. Now day we can found network almost everywhere. Home, business, public place, Airport, Planes, hospitals, school, train everywhere we can found networking. Therefore, almost every sector of the economy that has affected by wired and wireless technology. Wired network and wireless protect both has security, But in general wireless network is less secure than wired networks. For proper security AP (access point) and its antenna should be right position. Also add a wireless access point or use a wireless router we can connect to network wirelessly. AS we using more and more of devices (smart phones, tablet and computers) rely on wireless networking, we have to improve our network security too.
Implement a system Intrusion Detection/Prevention System (IDS/IPS): - Make the investment in an IDS/IPS to distinguish and prevent potential system dangers. sensors ought to be circulated all through the system, with a specific focus on general society untrusted section. Take alerts very seriously.
The network management plan and security plan is important to help the company figure out how they will improve its network and security procedures for the company. Planning involves outlining objectiv...
A critical part of network planning involves setting up of security mechanisms. Deploying the network with security configuration provides superior visibility, continuous control and advanced threat protection across the extended network. Additionally, security procedures define policies to monitor the network for securing critical data, obtain visibility, mitigate threats, identify and correlate discrepancies.