Beruflich Dokumente
Kultur Dokumente
MAJOR ASSIGNMENT
STUDENT ID
INTRODUCTION
This assignment is designed to help students to enhance their knowledge about the way security of a network
can be improved. Network design of a company called “Lucent Pharma” is given and we, as a network
security consultant, need to identify the vulnerabilities existing in the network. Furthermore, we need to
place security devices and controls to improve the system and mention IDS, firewall and security policies
that can help in increasing the overall security of the network. In the last part of the assignment we use the
cyber security tools ‘Nmap’ and ‘Wireshark’ to conduct different scans on a server ‘scanme.nmap.org’ and
analyze the traffic. We were only permitted to scan the server ‘scanme.nmap.org’, because scanning any
other server, without permission, is unlawful and unethical.
OBJECTIVES
The basic aims of this assignment is to not only test and enhance the knowledge of students about network
security and topology of an existing network, but also test the hands-on experience on the use of cyber-
security tools ‘Nmap’ and ‘Wireshark’. Elaborating the aims of this assignment, it assess the students
whether they can identify the vulnerabilities present in an existing system and provide reasonable solutions
to reduce the risks present in the system. Furthermore, it examine the student’s knowledge about importance
of network segregation into multiple domains and importance of setting firewall, IDS and security policies
in improvement of network security. Lastly, student’s knowledge of analyzing traffic on a webserver using
cyber security tools is tested, which required students to conduct and analyze different type of scans on the
webserver.
b) IDS/IPS
Intrusion detection is a detection method, in which traffic or packets within your network is monitored and
then analyzed for any possible violation, threats or unusual activity. Intrusion prevention comes after the
intrusion detection. Once the threats are detected, Intrusion prevention take measures to stop the attack.
These security measures are available as intrusion detection systems (IDS) and intrusion prevention systems
(IPS), which are necessary part of your network. (Juniper Networks, 2018)
There are several access points, both public and private, with an organization’s network. Therefore, it is a
big challenge to main the security of the network in presence of these many access points. Especially now
a days, when attackers have developed new ways to attack the networks, which resulted in a situation in
which networks are not entirely secure by just firewall and encryption methods. (Pappas, 2008)
IDS/IPS can be set passively, but in this way, the attack can still reach the network. Therefore, IDS should
be set inline, attached to a spanning port of a switch, or make use of a hub in place of a switch. The idea
behind is that IDS/IPS able to monitor all the incoming and outgoing packets.(Beale, Baker, Esler,
Kohlenberg, & Northcutt, 2007)
c) Honeypot
Honey pots are a way of trapping the attacker, by misleading him that he is inside your network; however,
attacker is actually inside the honeypot and all the information of the attacker is being accessed by our
network, using the logs. It is a great tool in knowing the type of the attack and information about the attacker.
In other words, Honeypots is a type of active defense i.e. essentially tempting cybercriminals to attack it.
Once they are inside your network, you can build the profile about attacker and the type of the attack, which
will boost up the protection of the network
There are three types of honeypot, according to their involvement. As the involvement increases, the risk
associated with it increases. Low involvement is the level in which the honeypots provide simple services
and the freedom given to attackers is minimum. They are passive in approach so attackers cannot use them
to attack other systems, thus they are well suited for organizations and many production honeypots come
into this category (Verma, 2003). Medium level and high level involvement honeypots are higher in risk,
but provide greater benefits. Due to the high cost and complexity associated with designing such controls,
they are not being considered to implement in this network.
Honeypots can be placed externally as well as internally according to the purpose of their deployment.
However, by placing them inside the DMZ (De militarized zone), they can easily emulate the servers that
are freely accessible to the public domains. This also increases the security of the production environment
because of the limited access to internal network from the DMZ. (Lui, 2016)
e) Proxy server
Proxy server intercept the connections between the sender and the receiver. The incoming data is entered in
one port and the outgoing data is forwarded to the receiver in the network via the other port. Proxy server
monitor the traffic coming and going out of the network. It can be used to monitor the employee use of the
outside resources. It can also be used to block few of the services of the network to some of the employees.
For example, the IT department can have their own VLAN and the access of data of IT department is only
to the IT department employees and administrator, not to the other staff members.
Proxy servers can be place at the start of any network. They can be place in line with the firewall or can be
a part of the firewall. (Luotonen, 1998)
f) WPA2/APS
The wireless encryption method used in the company’s network was WEP and we have already seen the
vulnerabilities present in this type of encryption method. Therefore, it is necessary to change the encryption
method to WPA2 + AES, which is the most advanced, latest and secure encryption method in the market.
Another benefit of using this method is that it doesn’t compromise the speed of the network. (Lashkari,
Danesh, & Samadi, 2009)
5. IDS/IPS policies
Any suspected or confirmed incident of any type of intrusions must be reported immediately to the
company’s administration.
Audit process of all the types of application and accounting software should be enabled at all times on
all host and server systems
Logs of all the devices must be monitored and reviwed
Monitor both host and network based IDS/IPS system regularly.
6. Security policies
All devices connecting to the network should meet the specific standards.
The hardware address (MAC address) should be registered and can be accessed by the
administrator(SANS, 2018)
There should be restriction on various features across the network i.e. UDP and TCP small services, IP
directed broadcasts, web services on the router etc.
The credentials of the router and switch should be kept in an encrypted form.
There should be a separate file for the database usernames and passwords. The file should not be
readable or writable and the credentials should be in encrypted form.
Different software/program should have different credentials requirement to access the database.
(SANS, 2018)
All passwords should have a combination of letters, numbers etc. as mentioned by the company’s
password creation guideline
System would not accept any password used within a year (SANS, 2018)
7. Email policy
This policy highlights the limited use of ‘Lucent Pharma’ email system, alert the users to adequately use the
email system.
The account for ‘Lucent Pharma’ must be used business related purposes, personal use is restricted.
There is no privacy on company’s email account from company’s email system. (SANS, 2018)
8. VPN Policy
This policy is used to outline all the requirements and restriction in regards to VPN.
All other traffic will be dropped out when VPN traffic will pass through VPN tunnel.
Employees using VPN rights are responsible to make sure that unauthorized users have no right to use
company’s networks. (SANS, 2018)
Only one connection is allowed at one time, split tunneling is not allowed.
All the connected computers to company’s network through VPN must have updated antivirus
software.
No WLAN should be created without the permission, registration or consolation with the IT
department.
There should not be any attempts to access the restricted WLAN. If you think you are required to access
a certain WLAN, then you should contact the IT department
There should not be any WLAN created in the organization that can’t be monitored or accessed by the
IT department. (SANS, 2018)
There should be no personal communication or recreation such as reading, gaming etc. through the
company’s network
The usage social media APPs (Facebook, Instagram) and other messengers on the company’s network
is prohibited.
Employees may use their mobile device to access the following company-owned resources: email,
calendars, contacts, documents, etc. (SANS, 2018)
1. NMAP Scan
In this part, we scan the server scanme.nmap.org using the tool ‘Nmap’. The command use for this port scan
is “nmap scanme.nmap.org”. The screenshot of the results are given in the appendices of the report.
The result is as follows:
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-22 23:55 AUS Eastern Standard Time
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.17s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
9929/tcp open nping-echo
31337/tcp open Elite
Nmap done: 1 IP address (1 host up) scanned in 9.49 seconds
CONCLUSION
In this report, we able to identify the vulnerabilities present in the lucent pharma network and add security
controls and devices such as firewall, IPD/IDS etc. to the network. We proposed a new design and policies
for the company. Additionally, we able to successfully conduct various types of scan on the webserver
scanme.nmap.org and able to capture traffic of the scan on the Wireshark. We also analyze the traffic using
different types of filter. In short, all of these tasks help us in enhancing our knowledge about the security of
the network, cyber security and efficient design of a network.
REFERENCES
1) TCP/SYN SCAN
2) OS detection and version detection
3) Quick Scan