Technology Implementation of Security Controls Template
Note: Your technology implementation follows up the strategies and controls you recommended in your network security plan. This template provides guidance on how to document the implementation of the proposed controls.
Overview
The report is all about First National University (FNU) which is planning to establish connection for all the branches and offices at report location. The campus network of this university is looking for implementation of security technology and applying it in the current network of organization for securing sensitive information of organization. Access control mechanism has been applied to network for providing restriction the unauthorized users for accessing the core network resources of an organization. Access control is mainly based various types like directions of power for users, policy of security and privileged which is allowed to large number of users. The report mainly reflects development of comprehensive network plan of security which is considered like a cost effective and is totally depended on various kinds of security programs. Security can be easily classified many types like personnel security, cyber security and lastly physical security. Present infrastructure of the organization also requires protection along with the implementation of various kinds of associated policies. This can ultimately eliminate the vulnerability of risk which is present in the network. Limitation of various kinds of network resources and security controls will ultimately increase the various kinds of associated risk associated in a network. So a proper kind of decision should be made for application of application or usage of the security control. Various domains of security control and issues must be taken into account for the development of various kinds of network security control. Various kinds of benefits must be obtained by the implementation of security control and it has been mainly done for reducing large number of errors.
NETWORK SECURITY- DMZ ZONE
Objective of Control
The ultimate goal of this network implementation is to build a demilitarized zone and followed by installation of server in that particular zone. It has been mainly done for preventing access to staff and local kinds of users. It ultimately creates an additional kind of network security layer on the provided network which ultimately provides restriction to various kinds of local nodes for accessing element which are installed in the demilitarized zone. Hosts are considered to be vulnerable to various kinds of attacks that is mainly installed in DMZ zones. It is mainly used for providing protection to rest of network from various kinds of attacks.
Resources Used
DMZ is mainly configured on router for establishing of DMZ zone. It needs to be work out configured as per the rules of DMZ firewall. Various other kinds of resources are needed for DMZ zone on firewall, Servers.
Developing the control
The development of DMZ zones and configuration of emails server is mainly remains associated to email server in DMZ. This mainly works for associated email and database which can be used in various kinds of primary servers. Information can be only accessed from various kinds of mail servers which are mainly present in DMZ network and access is provided to external users. The main notion of email server is mainly used for passing incoming and outgoing emails which are present in the server and internet. Web sides mainly handles the communication with internal database as it contains database server and also contains some kinds of sensitive information for an organization. Database server must be connected through a proper firewall which is used for maintaining secure kind of network communication and also aims in maintains overall security of organizational security. Installation of communication proxy servers in the zone of DMZ can be considered to be helpful for understanding various rules and associated standards.
Description of the System
The development of system comes up with various kinds of methodology which ultimately helps in understanding the infrastructure of the network which is being provided. Two well-known methodology which are used are single firewall and secondly using of two firewall. Single firewall also known as three legged model has a single firewall which comes up three kind of network infrastructure is mainly used for development of DMZ architecture. While in Dual firewall mode of DMZ consist of two firewall which comes up with one end in the front and other end one as back end.
Configuration of the system
For proper configuration of the system the provided external network should be connected with interface first of the provided network. Internal network is connected is mainly connected with second interface of the provided network and after that a network of DMZ is mainly created on third interface which is mainly present in the network. It is mainly used for tackling various kinds of network traffic in DMZ and associated internal network. Various colour codes are mainly used for providing indication of network traffic which is mainly present in different network interfaces. It is mainly used for different kinds of colour codes which are used in network traffic on various interfaces of network. It is mainly used for increasing various kinds of security in organizational network on the zone of DMZ. It can be considered be more secured with the implementation of two kinds of firewall. Firewall are mainly used in the front end as it allows the traffic of data to easily pass the DMZ. Back end of firewall is mainly used for creating a set up for the traffic to easily pass through the internal network of DMZ.
Test Plan Design
If a network design is created in certain way that it comes up with various kinds of errors in the provided configuration of the firewall by making use of same kind of configuration in the second firewall as it comes with same kind of error. Firewalls of various kinds of brands should be used at the provided entry and exit place. This should be used in such a way mistake of configuration is much lowered. A penetration test must be there so that it can easily identify the needs of security of the network and various kinds of errors can be easily resolved which are found in the organization. A penetration test should be done on the network for analysing various needs in the network. This test mainly overcomes various kinds of errors which are found in the network. Host should be connected to a DMZ network and after that ports for opening must be there for bocking them form any kind of external access. A fake security sense is mainly used for analysing configuration blocking the system from any kind of access made externally.
Test Plan Implementation
For the proper implementation of test plan the network should be configured in such a way that various firewall devices are installed in the network. There large number of tools for network configuration which is mainly used for analysing or checking various kinds of vulnerabilities which are present in the network and after that proper kind of testing of network must be done.
Test Results and Analysis
For proper analysis of result of test, it has been concluded that various kinds of networks can be kept secured from various kinds of external agents and so the vulnerability of the system should be kept secured from various kinds of solution for network.
Network security- Radius server
Objective of Control
Implementation of thee Radius server mainly focus on the fact that it can easily help in server management for the users which are connected in the network. It mainly focuses on the fact of authorization and mechanism of authentication which is used for securing the various resources which are mainly present in the provided network. It also aims in providing wireless networks and internal networks which is used for management of various integrated web services.
Resources Used
The ultimate resource which has been used for maintaining and running of radius in various system is all about understanding the various requirement of the system and as per that server must be chosen.
Developing the control
Radius authentication is mainly used by various kinds of devices and is mainly used for configuration of information which is provided which mainly comes with one or more Radius kinds of server which is present in the network. It can be mainly achieved by the help of statement of radius server which is present at the Radius server. This can easily take place due to the fact remote authentication is properly configured on large number of devices. It comes up with common configuration for large group of people. This is mainly inclusive of adding up of server address of IPv6 and IPv4, which is ultimately followed by strong kind of password. In many it is seen that various kinds of server of Radius server can be contacted easily. The default provided port number is 1812. After this the provided order is mainly specified in which the provided system can itself authenticate.
Description of the System
RADIUS or Remote Authentication is a well-known Dial up server is considered to be client or server protocol. It is mainly associated for enabling the various kinds of remote access on server for establishing communication with the central software for various kinds of authentication. Dial up users are mainly followed by various kinds of authorization of access to the user by various kinds of access which are requested by various kinds of users. This particular system also helps in maintenance of large number of records for various users in the provided central database that is again shared by all the remote servers which are present. This provided system will help in providing better kind of network security which will help the organization in setting some policies that is again applied to single administer point of network. Central database mainly helps in easy tracking of the usage on billing and also aims in keep track of statistic of network.
Configuration of the System
Quick configuration of CLI can be easily done for copy of large number of commands and after pasting it to the provided text file. After that line must be properly removed and provided details must be needed to be matched as per the network configuration which is matched according. GUI is mainly taken by step by step process and after that various details of the network are provided. From the provided results the mode of configuration can be easily configured by the help of commands which are provided. The output of files mainly provides configuration and then after that instruction are set for configuration which are again used for repetition.
Test Plan Design
It mainly describes the various kinds of schedules, approaches, resources and other kinds of scope which is needed for the activity. It also adds up some of the features which are needed for testing large number of activities. The activity mainly comprises of test and design which is needed.
Test Plan Implementation
Various kinds of inputs are mainly considered. Out of that the first one is the employee and deadline of provided project. In working days, various kinds of resources and deadline of project are considered like an important kind of factor. After that estimation of project comes into action. Depending on estimation the test manager of the project can easily effect of schedule of data which is provided. This ultimately help the project manager in proper scheduling of it. Understanding of risk in project mainly managers to easily incorporate some kind of extra schedule which is needed for dealing with project in terms of understanding various kinds of associated risk.
Test Results and Analysis
For the analysis of the RADIUS server configuration the errors in the network must be analysed.
For proper analysis of result of test, it has been concluded that various kinds of networks can be kept secured from various kinds of external agents and so the vulnerability of the system should be kept secured from various kinds of solution for network.
Network Security- IPS
Control objective
Security tools can be easily used for proper kind of analysis of intrusion path and there after a proper kind of penetration test is done for providing security at the entry and exit points. In the above steps of the report various steps have discussed which needs to be followed proper deployment of snort. Honey ports needs to be discussed which can help the team of network development for providing security to network from various kinds of external agents. Snort can be defined as a well-known mechanism that can be used in intrusion detection. It is mainly installed at various location of the provided network which can be used for capturing of data packets and providing security to sensitive kinds of organizational information. Deployment or implementation of honey pots ultimately helps in creating proper kind of tarp in the network which is provided. It can ultimately distract various kinds of attackers to easily gain access to original kind of resource which is provided to the organization. Various vulnerabilities in the system can be easily overcome by doing various kinds of penetration techniques. Various kinds of sensitive information of organization is generally kept secured.
Various kinds of resources used
Attackers can easily make use of different kinds of different kind of methodology for providing access to large number of networks. It mainly focuses on injection of SQL, overrun of buffer, execution of remote code and bypass of third party. It also aims in mitigation of various kinds of risk related to third party software which needs to be avoided or eliminated for various kinds of application that is kept up to dated. After that it is patched for minimizing various kinds of risk reduction which is associated with the network provided.
Development of Control
For performing research on various kinds of vulnerability on the network a proper kind of research needs to be done on various kinds of available penetration tools. It is mainly used for selection of tool where a study is mainly provided on various kinds of weak points and proper kind of security mechanism must be followed for providing security to network from any other kinds of external threats. Various points on vulnerability can easily be analysed and focus is provided application program which creates an ultimate effect on the security of network. Issues or flaws in code of programming can be checked and after that third party software which should be avoiding various kinds of risk of malware and open ports which are present in the network which ultimately cases intruder in the network. Rootkit also helps in increasing the vulnerability of the provided system and easily protect the provided network from loss of data and theft.
Description of system
Honeypots are mainly used in network for creation of large number of tarp on the provided network. It also helps in analysing logical activity of the various users that can be used in different levels and other kind of associated threats. Various kinds of research in honeypot is mainly used in the network for creation a proper kind of tarp on the network along with clos activity. Data which is placed in honey pot should come up unique identification property. It can be easily used for tracking of data which has been stolen and it also helps in identification of connection between attackers and participants that is used in penetration technique. Various kinds of virtual machine can be used for hosting the hosting the provided honeypots and providing the centre server. It also provides protection to the main server from any kind of authorized access.
Configuration of system
1st Step: In the first phase we need to download a pentbox which is used for setting up nectar pot in linux and it will ultimately provide framework for the terminal.
2nd Step: Provided compact disc that is 1.8/ is mainly utilized for undergoing into the pentbox index and pentbox.rb mainly adds up for executing various kinds of pentbox devices.
3rd Step : Second alternative which is provided for alternative to system instrument is mainly taken or chosen by 3 which is for honeypots.
4th Step: On properly analysing the alterative of honeypot two kind of incited are made like quick auto design and arrangement in a manual way.
5th stage: Alternative of auto design has been chosen as it can enact various kinds of nectar pot on port of 80. Manual arrangement of distinctive port address can be easily set and false message can be easily embedded in misinform and other kinds of alternatives for sparing large number of call records.
Design of test plan
Procedure of infiltration is mainly used for minimizing or breaking down of vulnerabilities or issues after analysing the objective of the framework along with execution of malignant strategy. Entrance procedure mainly abuses the presence of shortcoming and various kinds of mistake which are done for setup codes. The primary motivation behind the infiltrate mechanism is to provide security to authoritative information from various kinds of unapproved clients. Fruitful distinguishable proof of the defenceless is mainly used for analysing for getting into various kinds of sensitive data in the association.
Test plan for implementation
Test of Social engineering: It is mainly used for abusing various kinds of individual information, password and unauthorized data. It can be easily done by help of human blunders. Various kinds of security approaches and norms can be used for proper maintaining a proper kind of distance of kind of power which is provided. It mainly conducts various kinds of security approaches and can be easily used for maintaining strategic distance for powerless and conduction of reviews of security in evaluation of imperfection.
Web application test: Various kinds of software techniques is mainly used for presenting the danger related to security. Programming mainly focus on the use of framework which is used for framework which is abused in investigation for imperfection.
Entrance of physical test: It is mainly used for providing touchy information which is used for assuring information by providing a test on the system gadgets. It is mainly done for probability of break of testing and testing of large number of products.
Benefits of network test: Various kinds of open ports which are present in the system are considered to be indistinguishable for making utilization of distinctive kind of system investigation instruments and a system can be easily configured for system gadgets which are again reconfigured for relief in various kinds of hazards tests.
Test on client side: Customer side programming application is considered to be dissected for overcoming vulnerabilities.
Test on wireless security: Interlopers can easily meddle in the system by the help of unsecured data, focused on providing access and as per the requirements some kind of calculation are provided to unsecured data for checking the vulnerabilities of the system and various kinds of success parameter which mainly focus on limiting interface of hierarchical system.
There are large number of penetration test which are mainly installed or deployed in the system for checking some kinds of vulnerabilities which mainly stops connection without limiting the approval from the client. As present Snort and Honey pots are being used for performing large number of test and its selection depends on a large range of criteria:
- Ease of arrangement and organization for the use of instrument.
- Proper kind of device must be utilized for filtering the framework in minimum effort.
- It mainly aims in having a proper kind of capacity which is used for re confirm the previous defencelessness which are mainly found in the network.
- It comes up the capacity to easily make logs and various kinds of reports.
Network Security – IDS
Control objective
Intrusion detection system or IDS can be easily used for monitoring or tracking of various kinds of networks which is used for different kinds of activity. This mainly takes place like an autonomy of detection and providing reports in turn. It can be found as a main function as few kinds of IDS come with capability for making decision regarding malicious traffic which can be easily detected. This mainly inclusive of blocking of traffic which ultimately form various kinds of IP addresses which are suspicious.
Used Resources
Although a large number of methodologies and tools are available at present, the widespread fundamentals are considered to be important in every kind of security configuration. Enterprise makes use of IDS (intrusion detection system) and various kinds of associated firewall. Firewall is mainly used for controlling large number of departments and incoming traffic depending on large number of policies and procedure. Under the provided network IDPS has come into action for providing host for the traffic. This has come into action of undertaken measures of proactive measures for large number of blocks and attacks of log. Implementation of Snort, Honeypot and other kind of software identification for flow of network traffic which is used for identification of various kinds of vulnerability in the network.
Development of control
IDS project is developed in such a way it can be decide type of IDS is needed to be developed. It is mainly used for determining the fact IDS is based on signature or not. They just need to focus on one fact that host based detection system which is used by IDS. They just need to focus on one fact that various kinds of host based detection system for IDS. Along with they need to do an analysis on the fact of various correlation system and implementation of high order of IDS. Lastly the final architecture of IDS needs to be checked and the fact that how they can define the various kinds of detection technique. In the end it is not easy to decide the architecture of IDS which mainly focus on the fact of defining of detection technique. In the end mainly need decided the architecture which is inclusive of IDS architecture on the fact that how they can define the network. Finally, it is mainly requires deciding up of IDS architecture which is inclusive of the fact of defining network detection. Let us considered an example in which it has been found on various kinds of fact related to signature.
Details and Description of System
Proper selection tool will help in having proper kind of penetration that can be deployment in various kinds of location. It is mainly used for finding data flow in the network and proper kind of analysis of traffic of data. It is mainly used for both kinds of parameter like positive and negative like attackers which is used for having proper visibility of current network and intruder of path in the network. It can be easily used for securing the network by providing the details of unwanted network and configuration of firewall for providing restriction of the traffic.
System configuration
Various kinds of business bodies have developed IDS which is used for detection of any kind of break events. The screenshot which has been attached provides a proper kind of snort configuration which is used for detection of various kinds of intrusion in the network.
Design of test plan
First stage is all about implementation of single terminal in which a category is launched by single kind of service or equivalent logics. The next kind of phase is all about intruder multiple kind of terminal.
Plan for implementation
Implementation mainly focus on the fact that various kinds of signature based and anomaly dependent of IDS network. It is a well-known kind of approach which used for detection of protocol. This can be used for adopting various kinds of conformance of methods or techniques of testing. It can be used for testing it an effective investigating for proper its implementation. Snort rule mainly adds up according to the policy of network which is again used for various kinds of penetration testing on the network and this ultimately improve performance of provided network.
Conclusion
The above report mainly focuses on the implementation of firewall policy. RADIUS network can be considered to be secured for large number of users for getting access to core of the resource of network. Installation of firewall mainly focus on depending upon the requirement of the organization. A zone of demilitarized is mainly created for core of the network servers in such a way it can get access to the network. IDS can be easily used for monitoring of flow of data in the network. It is again combined with IDS for overcoming certain number of risk related to threats of cyber.
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Da Xu, L., He, W., & Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions on industrial informatics, 10(4), 2233-2243.
Faynberg, I., & Goeringer, S. (2017). NFV Security: Emerging Technologies and Standards. In Guide to Security in SDN and NFV (pp. 33-73). Springer, Cham.
Granjal, J., Monteiro, E., & Silva, J. S. (2015). Security in the integration of low-power Wireless Sensor Networks with the Internet: A survey. Ad Hoc Networks, 24, 264-287.
Ibrahim, A. S., Hamlyn-Harris, J., & Grundy, J. (2016). Emerging security challenges of cloud virtual infrastructure. arXiv preprint arXiv:1612.09059.
Kizza, J. M. (2017). Guide to computer network security. Springer.
Li, S., Da Xu, L., & Zhao, S. (2015). The internet of things: a survey. Information Systems Frontiers, 17(2), 243-259.
Li, S., Tryfonas, T., & Li, H. (2016). The Internet of Things: a security point of view. Internet Research, 26(2), 337-359.
Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., & Zhao, W. (2017). A survey on internet of things: Architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things Journal, 4(5), 1125-1142.
Loo, J., Mauri, J. L., & Ortiz, J. H. (Eds.). (2016). Mobile ad hoc networks: current status and future trends. CRC Press.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India.
Yang, N., Wang, L., Geraci, G., Elkashlan, M., Yuan, J., & Di Renzo, M. (2015). Safeguarding 5G wireless communication networks using physical layer security. IEEE Communications Magazine, 53(4), 20-27.
Zaalouk, A., Khondoker, R., Marx, R., & Bayarou, K. (2014, May). Orchsec: An orchestrator-based architecture for enhancing network-security using network monitoring and sdn control functions. In Network Operations and Management Symposium (NOMS), 2014 IEEE (pp. 1-9). IEEE.
Zhou, L., Wu, D., Zheng, B., & Guizani, M. (2014). Joint physical-application layer security for wireless multimedia delivery. IEEE Communications Magazine, 52(3), 66-72.
Network Design
Assessment Item 1 – Part A
Assessment Item 1 – Part B
List of Assumptions
The following are the list of assumption made for the development of the network solution for Cosmos Online newspapers.
- A windows Server 2012 r2 is used as virtual server for hosting the website and it is configured with proper security mechanism for securing its access.
- The server is backed up for increasing the redundancy and disaster recovery and uploaded to the cloud server in an encrypted form for increasing the security of the database.
- There are different sites for the different servers and they are connected to each other via the internet.
- The storage and the database servers are installed in a demilitarized zone for increasing the security of the resources.
- A VPN tunnel is used for transferring of the data packets between the different servers for increasing the security of data communication.
List of Requirements
The followings are the list of requirement that the network solution should meet for the development of the network solution for Cosmos Online newspapers.
- The network solution needs to integrate the advertisement server with the current network for streaming live ad contents with the live video feeds provided by the newspaper publishing company.
- Handheld smartphone devices must be provided to the news reporters for enabling live news reporting in the areas where there is average internet connectivity speed.
- Development of a network addressing plan for creating the local area network of the office and connect the permanent staffs with each other.
- Selection of a top down network topology for connecting the different communication devices and meeting the requirement of the users.
Logical Network Diagram
Explanation of the logical network diagram
The network diagram is created for the development of the network solution for Cosmos online newspapers. The network for the headquarters of the company is created by using two routers and one of the routers is used for connecting the database and the ad servers, job processing servers and it is configured with access control list for allowing the users to connect or block to access the resources of the servers connected in the network. The routers should also be configured with authorization such that the configurations are kept secured from the internal users using the system. Different VLANS are created in the switch for dividing the network into different subnets and reduce the wastage of the IP address. The firewall device is installed at the entry point of the network for securing the network from external agents and dropping the unknown request from different users for securing the internal network. The network is connected with freelancer via the internet and the freelancer uses their GPRS or UTMS connection for connecting with the resources of Cosmos Online newspapers. A wireless cell tower is used for connecting the telecommunication devices provided to the freelancing reporters located in different geographical location of the country. Three servers are used in the diagram and connected with the first floor switch
Justification of the network design
For the development of the logical design Cisco 2811 series router are used because it have all the ports available and can be configured by aligning the business rules of the organization. Cisco ASA5505 firewall is used for blocking the unknown request and the external users to connect with the core resources of the network and creation of a demilitarized zone. The wireless tower is used for demonstration of the connectivity of the freelancer that uses the handheld devices for connecting with the network and transfer the video or document in the network. The Web server is configured with authentication such that the user can connect with it with proper authentication for uploading or downloading media content. A router is configured with load balance such that the data can be divided and the servers does not gets overloaded.
Addressing and naming model
Addressing and naming scheme is important for connecting the devices and allocating unique IP address to each of the device connected in the network. The naming scheme helps in easy management of the network. A DNS server is used for the management of the address and the naming scheme used for the network. The router needs to be configured with DHCP address pool for automatically assign IP address to the internal device connected in the network. The naming of the servers in the name of the goddess can help in reducing the risk of DDoS attacks and the network devices are kept secured.
List of Routing and Switching protocol
The following are the list of routing and switching protocols used for the configuration of the network and are listed below:
- Configuration of VLANs on the ground floor and first floor switch for separating the server subnet and increasing the efficiency of the utilization of the IP address.
- Configuration of the router with DHCP for automatically assign IP address to the device connected in different VLAN of the network
- Configuration of the router with access control list ACL for aligning the business rules and secure the internal communication.
- Configuring the switch with STP spanning tree protocol and enabling dynamic routing for reducing the risk of link failure and congestion in the network
- Configuring the web server with active directory and grouping the users for proper authentication of the users.
List of Security Mechanism
The following are the list of security mechanism applied for the increasing the security of thee network
Authentication – Authentication must be applied in different levels such as at the router for restricting the internal users to access the configuration of the router. The servers must be configured such that all the users does not have the write permission.
Physical Security – The servers must be installed in the DMZ zone and the physical access must be restricted to the staffs working in the organization.
Data Encryption – The data residing in the database servers must be encrypted with the application of MD5 hash algorithm such that it cannot be retrieved by the illegal users.
Packet Filtering – The router must be configured with packet filtering such that it can drop the unknown data packets and restrict the vulnerable IP address to reach the servers connected with the router.
Firewall – A set of firewall rules should be created for allowing or denying the incoming or outgoing data packets in the network. The firewall is used for creating restriction in the incoming and the outgoing data packets.
References
Coskun, S., Ozgur, L., Polat, O. and Gungor, A., 2016. A model proposal for green supply chain network design based on consumer segmentation. Journal of Cleaner Production, 110, pp.149-157.
Li, H., Liu, Y., Ouyang, W. and Wang, X., 2017. Zoom Out-and-In Network with Recursive Training for Object Proposal. arXiv preprint arXiv:1702.05711.