TASK 01

TASK 1.1
Analyzing Network Monitoring Tools for Current Network
Status
What are Network Monitoring Tools?
Network Monitoring Tools calculates the bandwidth utilization, and scans the traffic
for errors through SNMP. The tool also provides asset details such as the OS, installed
software, and hardware and informs you about the general availability and
performance of the network elements.

Examples of Networking Monitoring Tools

Microsoft Network Monitor
Network Miner
Capsa
Nagios
PRTG Network Monitor

Network Miner
A network forensic analysis tool for Windows, Network Miner by security software
company Netresec is designed to collect data about the hosts on the network as
opposed to the traffic. It sniffs for packets and even parses PCAP files in order to help
its users detect the OS, hostname and open ports of hosts on the network. This can
prove an excellent tool for incident response teams seeking to reassemble transmitted
files and certificates without adding additional traffic to the network.

The picture represented above shows how a Network Miner captures packets. The
images displayed are pictures of soccer during the users session in Google Images.
The packet capture process is initiated by clicking on the start button and choosing a
network adapter to bind.

Microsoft Network Monitor

Microsoft Network Monitor is a packet analyzer that allows us to capture, view and
analyzer network traffic. Main features include support for over 300 public and
Microsoft proprietary protocols, simultaneous capture sessions, a Wireless Monitor
Mode and sniffing of promiscuous mode traffic, amongst others.

To launch Microsoft Network Monitor, Choose an adapter to bind to and click on New
Capture to initiate a new capture tab and hit start to initiate the packet capture process.
To change filter options, adapter options, or global settings accordingly within click
Capture Settings, within the Capture Tab.

Capsa Free
Capsa Free is a network analyzer that allows you to monitor network traffic,
troubleshoot network issues and analyze packets. Features include support for over
300 network protocols, MSN and Yahoo Messenger filters, email monitor and autosave, and customizable reports and dashboards. Moreover, Capsa Free is a perfect
choice for students, teachers and computer geeks to learn protocols and networking
technology knowledge.
Why Choose Capsa Free;
Your own dashboard, important parameters in one place and in graphs
Record network profile, set your analysis objective and perform customized
analysis.
Powerful customizable alarm, customize dozens of alarm trigger combinations.
Identify and analyze more than 300 network protocols, create and customize
protocols, analyze unique protocol traffic.
Intuitive TCP timing sequence chart.
Accurate MSN & Yahoo Messenger monitoring statistics.
Email monitor and auto-saving Email content.
Enhanced, Customizable Reports.

To launch Capsa, choose the adapter you want it to bind to and click Start to initiate
the capture process. Use the tabs in the main window to view the dashboard, a
summary of the traffic statistics, the TCP/UDP conversations, as well as packet
analysis.

Nagios
Nagios is a powerful network monitoring tool that helps you to ensure that your
critical systems, applications and services are always up and running. It provides
features such as alerting, event handling and reporting. The Nagios Core is the heart of
the application that contains the core monitoring engine and a basic web UI. On top of
the Nagios Core, you are able to implement plug-in that will allow you to monitor
services, applications, and metrics, a chosen frontend as well as add-ons for data
visualisation, graphs, load distribution, and MySQL database support, amongst others.

PRTG Network Monitor

PRTG monitors system availability using a variety of methods from simple ping
through SNMP and WMI protocols to specific tasks such as HTTP, DNS, and Remote
Desktop availability using various sensors. Using specific sensors for specific
machines, an administrator can monitor service availabilityincluding Exchange and

SQLand be notified instantly of problems. Also, PRTG comes with some bandwidth
monitoring sensors, so you can ensure that malware designed to do DoS, phone
home, and other overload activities are not operating on your network.

TASK 1.2
Network Security Issues that arise within the Boundary
Hacking
In the computer security context, a hacker is someone who seeks and exploits
weakness in a computer system or computer network, also defined with the term
hacking. Hacking could be as dangerous as your personal information can be
obtained by the hacker such as personal bank account security number if stored in the
computer.

Data Modification
After an attacker has read your data, the next logical step is to alter it. An attacker can
modify the data in the packet without the knowledge of the sender or receiver. Even if
you do not require confidentiality for all communications, you do not want any of
your messages to be modified in transit.

Malware
One source of Internet traffic that can be difficult to track down is malware. Many
types of malware infect systems in order to take control of the servers and use them
for various nefarious purposes, such as the distribution of spam e-mail or distributed
attacks on other servers. When activated, these programs can flood your upstream
connection with data, though some might try to camouflage their activity by keeping
their bandwidth usage low. In any case, regularly updating your companys anti-virus
software can head off these kinds of infections and prevent this source of traffic.

Sniffer Attack
A sniffer is an application or device that can read, monitor, and capture network data
exchanges and read network packets. If the packets are not encrypted, a sniffer
provides a full view of the data inside the packet. Even encapsulated (tunneled)
packets can be broken open and read unless they are encrypted and the attacker does
not have access to the key.
Using a sniffer, an attacker can do any of the following:
Analyze your network and gain information to eventually cause your network
to crash or to become corrupted.
Read your communications.

Identity Spoofing (IP Address Spoofing)

Most networks and operating systems use the IP address of a computer to identify a
valid entity. In certain cases, it is possible for an IP address to be falsely assumed
identity spoofing. An attacker might also use special programs to construct IP packets
that appear to originate from valid addresses inside the corporate intranet.
After gaining access to the network with a valid IP address, the attacker can modify,
reroute, or delete your data. The attacker can also conduct other types of attacks, as
described in the following sections.

T1.3
Importance of maintaining network service for each user level
An organization can be divided into three levels as Low level, Middle level and Top Level
Management as shown in the figure below

Top Level Management

Middle Level Management
Low Level
Management

Top Level Management:- CEO, Board of Director and Owner of a Business

Entrepreneur
Can manipulate the information with full control

Middle Level Management:- Project Manager, System Administrator, Finance

Manager and H R manager
Can manipulate the information under the order of the top level management

Low level Management :- All Staff

Can only read but not manipulate any information.

By restricting certain information and limiting permissions to a specific user

guarantees information to be not tampered with and ensures security with full
potential.

User access controls-User access control mainly focuses on students who use Pc
in IT labs. Restricting certain controls ensures that students do not download
unwanted software that has malware Trojan or any unwanted viruses. Downloading
could also cause network traffic leading to low performance so access control ensures
better network Performance.

Security-With attackers shifting focus to emerging technologies, IT security staff

should carefully consider what workloads they send to third-party who is introducing
newly. Network security requires foresight on the part of the customer, as well as
flexibility, skills and a willingness to negotiate on the part of the Customer or
students.

Note-The most effective means for managing security in the network may be through service
level agreements (SLAs) because of the limited impact that an organization can realistically
exercise over the network service.

Administration of Group Policy Objects-Delegation of authority will depend

largely on whether you use centralized or distributed administration in your
corporation. Based on their particular corporate requirements, network administrators
can use security groups and Discretionary Access Control List permissions to
determine which administrator groups can modify policy settings in GPOs. Network
administrators can define groups of administrators, and then provide them read and

write access to selected GPOs, allowing the network administrator to delegate control
of the GPO settings.

Other recommendations for maintain the better network services for

organizations secure

Their data in the light of these new threats include performing regular third-party
external and internal security audits

Training users about phishing and spear phishing

Download and upload acceptance

This will effect to all level of management and as well as student also because some time
some file can be download automatically without user understanding so data lost
happening usually, if we maintain carefully it menace Download and upload acceptance
for each level of organization network performance will be fine.

TASK 1.4
Securing Network by externally using Hardware devices
Firewall
The role of the firewall is to block all unnecessary ports and to allow traffic only from
known ports. The firewall must be capable of monitoring incoming requests to prevent
known attacks from reaching the Web server. Coupled with intrusion detection, the
firewall is a useful tool for preventing attacks and detecting intrusion attempts, or in
worst-case scenarios, the source of an attack.
Like the router, the firewall runs on an operating system that must be patched
regularly. Its administration interfaces must be secured and unused services must be
disabled or removed.
This is clearly undesirable in many organizations, as proprietary information is often
displayed freely within a corporate intranet (that is, a TCP/IP network, modeled after
the Internet that only works within the organization).
In order to provide some level of separation between an organization's intranet and the
Internet, firewalls have been employed. A firewall is simply a group of components
that collectively form a barrier between two networks.

Switch
The switch has a minimal role in a secure network environment. Switches are
designed to improve network performance to ease administration. For this reason, you
can easily configure a switch by sending specially formatted packets to it.

Secure Network Devices

It's important to remember that the firewall is only one entry point to your network.
Modems, if you allow them to answer incoming calls, can provide an easy means for
an attacker to sneak around (rather than through) your front door (or, firewall). Just as
castles weren't built with moats only in the front, your network needs to be protected
at all of its entry points.

Access Control List (ACL).

Many routers now have the ability to selectively perform their duties, based on a
number of facts about a packet that comes to it. This includes things like origination
address, destination address, destination service port, and so on. These can be
employed to limit the sorts of packets that are allowed to come in and go out of a
given network.

Bastion host.
A general-purpose computer used to control access between the internal (private)
network (intranet) and the Internet (or any other non-trusted network). Typically, these
are hosts running a flavor of the Unix operating system that has been customized in
order to reduce its functionality to only what is necessary in order to support its
functions. Many of the general-purpose features have been turned off, and in many
cases, completely removed, in order to improve the security of the machine.

Cryptography device
Enabling cryptographic operations on hardware devices
You can enable cryptographic operations on hardware devices. The keys that are used
can be stored in a Java keystone file it is not necessary to store them on the hardware
device. The decision to use enable cryptographic operations on hardware devices is
made at the server level only, not at the application level.
If cryptographic operations on hardware device are enabled, the Web service security
runtime first attempts to use the hardware device for cryptographic operations. If the
attempt to use the hardware device fails or if the algorithm is not supported by the
hardware device, the runtime uses a software provider from the security providers list.
Enabling this feature might improve the performance, depending on the hardware
device. For more information on how to enable cryptographic operations on hardware
devices, see Configuring hardware cryptographic devices for Web Services Security.

Proxy.
This is the process of having one host act in behalf of another. A host that has the
ability to fetch documents from the Internet might be configured as a proxy server ,

and host on the intranet might be configured to be proxy clients . In this situation,
when a host on the intranet wishes to fetch the <http://www.interhack.net/> web page,
for example, the browser will make a connection to the proxy server, and request the
given URL. The proxy server will fetch the document, and return the result to the
client. In this way, all hosts on the intranet are able to access resources on the Internet
without having the ability to direct talk to the Internet.

Repeaters
Repeaters remove the unwanted noise in an incoming signal. Unlike an analog signal,
the original digital signal, even if weak or distorted, can be clearly perceived and
restored. With analog transmission, signals are restrengthened with amplifiers which
unfortunately also amplify noise as well as information.
Because digital signals depend on the presence or absence of voltage, they tend to
dissipate more quickly than analog signals and need more frequent repeating. Whereas
analog signal amplifiers are spaced at 18,000 meter intervals, digital signal repeaters
are typically placed at 2,000 to 6,000 meter intervals.

TASK 02
TASK 2.1

Secure protection for your software

Software is now part of everyday life: applications at work, PC games at home, and
programmable machine control in industry. Over the last few years, software
applications have also become increasingly important in server and virtual cloud
environments. Regardless of location, the development and distribution of software is
a time-consuming and cost-intensive process.
Avoid accidental exposure
Close sensitive documents and applications and lock your workstation screen
when you leave, no matter how briefly.
Put away and secure all documents with confidential information.
Restrict access to confidential information
Never ask for or supply more confidential information than necessary for any
operation.
Anyone who can access confidential information should be made aware of its
importance and be trained in handling it.

Virtualization economics across your data center

Software-defined data center technology helps attain new levels of infrastructure
utilization and staff productivity, substantially reducing both capital expenditures and
operating costs.

Applications at business speed

Enabling deployment of applications in minutes or even seconds with policy-driven
provisioning that dynamically matches resources to continually changing workloads
and business demands.

Business aware IT control

Driving right availability, security and compliance for every application via automated
business continuity, policy based governance and virtualization-aware security and
compliance.

Your data center on your terms

The software-defined data center can be leveraged as a private, hybrid or public cloud
in each case, infrastructure is fully abstracted from applications so they can run on
multiple hardware stacks, hypervisors and clouds.

File Sharing
Do not share copyrighted material. Any sharing of copyrighted materials on the
company network is a violation of the Eligibility and Acceptable Use Policy, and may
lead to disciplinary proceedings. In some cases, legal action ensues. Become aware of
the following topics to ensure that you comply with copyright laws and policies:
The File Sharing policy for sharing copyrighted materials on the company
network
The Digital Millennium Copyright Act Agent is the agent designated to receive
and act on copyright violations under the Digital Millennium Copyright Act
View a list of legal alternatives for downloading music, movies and TV shows
Find out more about copyright issues from the Copyright Information Center

Use file-level and share-level security

To keep others out of your data, the first step is to set permissions on the data files and
folders. If you have data in network shares, you can set share permissions to control
what user accounts can and cannot access the files across the network. With Windows
2000/XP, this is done by clicking the Permissions button on the Sharing tab of the
file's or folder's properties sheet.

However, these share-level permissions won't apply to someone who is using the local
computer on which the data is stored. If you share the computer with someone else,
you'll have to use file-level permissions (also called NTFS permissions, because
they're available only for files/folders stored on NTFS-formatted partitions). File-level
permissions are set using the Security tab on the properties sheet and are much more
granular than share-level permissions. In both cases, you can set permissions for either
user accounts or groups, and you can allow or deny various levels of access from readonly to full control.

Password-protect documents
Protect your passwords: Use strong passwords and never share them. Do not leave
written copies of passwords in unsecure places like your desk or under your keyboard.
See Choosing Good Passwords and Keeping Them Secure for more information.
Many productivity applications, such as Microsoft Office applications and Adobe
Acrobat, will allow you to set passwords on individual documents. To open the
document, you must enter the password. To password-protect a document in Microsoft
Word 2003, go to Tools | Options and click the Security tab. You can require a
password to open the file and/or to make changes to it. You can also set the type of
encryption to be used.
Unfortunately, Microsoft's password protection is relatively easy to crack. There are
programs on the market designed to recover Office passwords, such as
Elcomsoft's Advanced Office Password Recovery (AOPR). This type of password
protection, like a standard (non-deadbolt) lock on a door, will deter casual would-be
intruders but can be fairly easily circumvented by a determined intruder with the right
tools.You can also use zipping software such as WinZip or PKZip to compress and
encrypt documents.

Make use of a public key infrastructure

A public key infrastructure (PKI) is a system for managing public/private key pairs
and digital certificates. Because keys and certificates are issued by a trusted third party

(a certification authority, either an internal one installed on a certificate server on your

network or a public one, such as VeriSign), certificate-based security is stronger.
You can protect data you want to share with someone else by encrypting it with the
public key of its intended recipient, which is available to anyone. The only person
who will be able to decrypt it is the holder of the private key that corresponds to that
public key.
ENCRYPT HIGH RISK FILES
When storing or sharing a high risk file, you should first encrypt the file so that
you don't disclose confidential information in ways that may harm yourself or
someone else. Visit the IT Services Knowledge Base for instructions on how to
encrypt a Microsoft Office file.
Use encrypted thumb/flash drives for external mobile data storage.

Secure wireless transmissions

Data that you send over a wireless network is even more subject to interception than
that sent over an Ethernet network. Hackers don't need physical access to the network
or its devices; anyone with a wireless-enabled portable computer and a high gain
antenna can capture data and/or get into the network and access data stored there if the
wireless access point isn't configured securely.

You should send or store data only on wireless networks that use encryption,
preferably Wi-Fi Protected Access (WPA), which is stronger than Wired Equivalent
Protocol (WEP).

LAPTOP AND MOBILE DEVICES SECURITY

Access from any smartphone, tablet or laptop
Edit with full-featured functionality on any device
Annotate any type of document with integrated tools
Single Pane of Glass functionality provides easy access to SharePoint, file
shares, Google Drive, and more.

 Avoid using insecure wireless networks to access confidential information. Use

the UChicago Virtual Private Network (cVPN) whenever possible off-campus.
This will help IT Security trace your network traffic in case of compromise.
If your laptop or other portable device with confidential information was
compromised or stolen, the data can easily fall into the wrong hands. View
our Protect Your Laptop tip sheet for further information.

T2.2
Ensuring the security of Network Data through software Protection
Virus Protection
A computer Virus is a software program designed that can manipulate data files such
as record corrupt or delete data or spread themselves through other computers through
a network system
Computer viruses range from the mildly annoying to the downright destructive. They
also take on new and different forms. The good news is that with an ounce of
prevention and a little knowledge, you are less likely to fall victim to viruses and you
can diminish their impact. With antivirus guards, virus are obliterated.

File Backup and Restore

Microsoft windows are designed to back up files when necessary. Copies of Important
files and Documents can be stored via a CD, DVD or an external Hard Drive in case
of emergency. Backups could be done manually or automatically depending on the
users preference.

Windows Firewall

A firewall is a software program or a piece of hardware that helps screen out hackers,
viruses and worms that try to reach your computer over the internet. It also acts as a
barrier between a trusted network and other non trusted network. A firewall controls
access to the resource of network through a positive control model. This means that
the only traffic allowed onto the network defined in the firewall policy ; all other
traffic is denied.

Allowing Exceptions the Risks

Each time you allow an exception for a program to communicate through Windows
Firewall, your computer is made more vulnerable. To allow an exception is like
poking a hole through the firewall. If there are too many holes, there's not much wall
left in your firewall. Hackers often use software that scans the Internet looking for
computers with unprotected connections. If you have lots of exceptions and open
ports, your computer can become more vulnerable.
To help decrease your security risk:
Only allow an exception when you really need it.
Never allow an exception for a program that you dont recognize.
Remove an exception when you no longer need it.

Malware Protection across All Networks Software

Commonly Internet Security (includes Antivirus and Firewall) with Default Deny
Protection protects against all of today's sophisticated malware threats. This model
combined with central management eliminates threats and reduces the administrative
burden.

Stay updated on all suspicious files

Prevention-based technology stops viruses
Provision virus updates through Comodo Offline Updater
Constantly protects with real-time on-access scanning
Manage from a single console
Seamless integration for easy to manage solution

Windows Defender

Spyware is often associated with software that displays advertisements (called

adware) or software that tracks personal or sensitive information. That does not mean
all software that provides ads or tracks your online activities is bad. For example, you
might sign up for a free music service, but "pay" for the service by agreeing to receive
targeted ads. If you understand the terms and agree to them, you may have decided
that it is a fair tradeoff. You might also agree to let the company track your online
activities to determine which ads to show you.
Windows Defender (Beta2) is a security technology that helps protect Windows users
from spyware and other potentially unwanted software. Known spyware on your PC
can be detected and removed, which helps reduce negative effects caused by spyware,
including slow PC performance, annoying pop-up ads, unwanted changes to Internet
settings, and unauthorized use of your private information

T2.3
Risks that may affect the network servers and prevention respectively to
the risks
Brute Force Attack
In a brute force attack, the intruder attempts to gain access to a server by guessing a
user password (usually the root administrator) through the SSH server, Mail server, or
other service running on your system. The attacker will normally use software that
will check every possible combination to find the one that works. Brute force
detection software will alert you when multiple failed attempts to gain access are in
progress and disable access from the offending IP address.

Malware
Malware can take many forms, but as the name implies, it is malicious software. It can
take the form of viruses, bots, spyware, worms, Trojans, root kits, and any other
software intended to cause harm. In most cases, malware is installed without the users
direct consent. It may attack the users computer and/or attack other computers
through the users own system. Having proper firewall and security software
protection can usually prevent malware from spreading.

IP spoofing
An attacker may fake their IP address so the receiver thinks it is sent from a location
that it is not actually from. There are various forms and results to this attack.
The attack may be directed to a specific computer addressed as though it is
from that same computer. This may make the computer think that it is talking to
itself. This may cause some operating systems such as Windows to crash or
lock up.
Gaining access through source routing. Hackers may be able to break through other
friendly but less secure networks and get access to your network using this method.

DoS
DoS stands for Denial of Service, and is a technique attackers will use to effectively
shut off access to your site. They accomplish this by increasing traffic on site so much
that the victims server becomes unresponsive. While some DoS attacks come from
single attackers, others are coordinated and are called Distributed Denial of Service
(DDoS) attacks. Often times, the users of computers executing a DDoS do not even
know their computers are being used as agents.

Actions of protect the Network server

Verify the backups are working-Before making any changes to system, be sure
that your backups are working. You may even want to run some test recoveries if you
are going to delete critical data. While focused on backups, you may want to make
sure you have selected the right backup location.

Check disk usage- Delete old logs, emails, and software versions no longer used.
Keeping your system free of old software limits security issues. A smaller data
footprint means faster recovery should a disk fail. If your usage is exceeding 90% of
disk capacity, either reduce usage or add more storage. If your partition reaches 100%,
your server may stop responding, database tables can corrupt and day can be lost.

Check RAID Alarms- If you are using RAID, check that your RAIDs error
notification system is configured properly and work as expected. Most RAID levels
tolerate only a single disk failure. If you miss a RAID notification, a simple disk
replacement could turn into a catastrophic failure.

Update your OS- Updates for systems are release almost often. Many of these fix
important security issues. If you do not have a management service or auto-updates
enabled, be sure to review your OS for any critical security updates. Get on the
mailing list for your OS so you know when critical security patches are release.

Check system security- Regular security audits serve as a check on system

configuration, OS updates and other potential security risks. By regularly checking
system security the user can come across if any potential virus or if the suspicious
firewall activity.