Project Network Design Essay

The trump communicate design to ensure the hostage of crapper Techs natural vex while retaining unrestricted weave site approachability consists of several layers of defense in order to protect the corporations data and provide penetrationibility to employees and the public. The private-public intercommunicate edge is considered particularly unguarded to intrusions, beca social function the meshwork is a publicly gateible net income and f entirelys to a lower place the management purview of multiple net income operators. For these reasons, the meshing is considered an untrusted entanglement. So be wireless LANs, which-without the proper security measures in place-can be hijacked from outside the corporation when radio signals penetrate interior w all tolds and spill outdoors. The network infrastructure is the archetypical line of defense amongst the Internet and public facing weather vane servers. Firewalls provide the first line of defense in network security infrastructures. They accomplish this by comparing corporate policies about determinationrs network access rights to the inter-group communication information surrounding each access attempt.User policies and connection information must(prenominal) match up, or the firewall does not grant access to network resources this helps avert break-ins. net firewalls keep communication theory between informal network segments in check so that sexual employees cannot access network and data resources that corporate policy dictates are off-limits to them. By crack-up the corporate intranet with firewalls, departments within an organization are offered additional defenses against threats originating from other departments. In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a neutral zone between a smart sets private network and the outside public network. It prevents outside users from getting involve access to a server that has comp any d ata. A DMZ is an optional and more see approach to a firewall and effectively acts as a proxy server as well. gage is theheart of internetworking.The world has moved from an Internet of implicit trust to an Internet of pervasive distrust. In network security, no packet can be trusted all packets must earn that trust through a network devices ability to inspect and enforce policy. pass off text (unencrypted data) services represent a great weakness in networks. Clear text services transmit all information or packets, including user names and passwords, in unencrypted format. swear outs such as filing cabinet transfer protocol (FTP), email, telnet and basic HTTP authentication all transmit communications in illumine text. A hacker with a sniffer could easily set out user names and passwords from the network without anyones knowledge and gain executive access to the system. Clear text services should be avoided instead secure services that encrypt communications, such as safe(p ) Shell (SSH) and Secure Socket Layer (SSL), should be employ.The use of routers and switches will allow for network sectionalisation and help defend against sniffing Corporation Tech may want to apply their own web or email server that is accessible to Internet users without having to go to the expense and complexity of building a DMZ or other network for the sole purpose of hosting these services. At the very(prenominal) clock they may want to host their own server instead of outsourcing to an ISP (Internet Service Provider) or hosting company. Corporation Tech can use NAT (Network Address Translation) to direct inbound profession that matches pre-defined protocols to a specific server on the internal or private LAN. This would allow Corporation Tech to have a single fixed public IP address to the Internet and use private IP addresses for the web and email server on the LAN.Network Diagram and VulnerabilitiesNetwork infrastructure using Class C network address 192.168.1.0. T he Main Servers using Virtual Machine software was piece with a static IP address of 192.168.50.1. This server controls DHCP, DNS and sprightly Directory. The Web Server is located outside the network in the DMZ. Internal network is piece on separate VLANs to separate department concern and manage data access. Cisco Internal firewall was installed and configured to manage the internal network on the LAN. The Cisco firewall 2 implemented to manage external traffic entering the LAN.This provides layeredsecurity to the network. Several ports have been identify as vulnerabilities in the Corporation Techs network that allowed information to be transferred via clear text and as such they have been unlikable. Additional ports that could be utilise for gaming, streaming and Peer to Peer have been blocked or closed to reduce unauthorized access to the network. All ports known to be used for malicious purposes have been closed as a matter of best practices. All standard ports that do n ot have specific applications requiring access have been closed. The ports listed below are standard ports that have been blocked to pick at unauthorized packet transfer of clear textPort 21 FTPPort 23 -TelnetPort 110 POP3Port 80 Basic HTTPHardening PracticesDevelop a baselineClose all unused PortsRedirect traffic to secure ports example HTTPS (443) or high Configure Firewall to allow or deny secure traffic put IDS and IPSReview monitor logs on the network and compare to baseline for any intrusions PoliciesDevelop and Implement network Acceptable User policy (AUP) which must be signed before using the network Assign Permissions and Rightsnews Policy must be in place on all devices and enforceEnd Users must be trained about the various threats faced on the network Back Up must be done weekly and notify usersMaintain Bandwidth speed and monitor spot hoursNetwork Security realignment done using Class C network address 192.168.1.0.The Servers was configured on network address 192 .168.1.216 static and 192.168.1.218 for simplicity. DHCP, DNS and Active Directory were install and configured on one of the server. The second server was use for the Application. Both PCs were also configured on the same network address 192.168.1.0 for gentle management on the switch. The switch was configured with 192.168.1.200 static IP address. Router network address was changed toavoid conflicting addresses and easy management. Cisco Internal firewall 1 was installed and configured to manage the internal network on the LAN. The Cisco firewall 2 implemented to manage remote traffic entering the LAN. This provides layered security to the network.ReferencesCisco. (n.d.). (Cicso) Retrieved 10 26, 2014, from Cisco ASA 5500-X Series Next-Generation Firewalls http//www.cisco.com/c/en/us/products/security/asa-5500-series-next-generation-firewalls/index.html HP back down document HP Support Center. (n.d.). Retrieved October 10, 2014, from http//h20565.www2.hp.com/portal/site/hpsc/tem plate.PAGE/public/kb/docDisplay/?sp4ts.oid=412144&spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c02480766-2%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken HP Support document HP Support Center. (n.d.). Retrieved October 10, 2014, from http//h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?docId=bps53634&ac.admitted=1413144875821.876444892.199480143 Network Access Control. (n.d.). Retrieved 10 26, 2014, from Wikipedia http//en.wikipedia.org/wiki/Network_Access_Control Pascucci, M. (2013, August 06). Security Management at the Speed of Business. Retrieved October 25, 2014, from algosec.com http//blog.algosec.com/2013/08/the-ideal-network-security-perimeter-design-part-1-of-3.html Vaughan-Nichols, S. (2013, January 30). How to fix the UPnP security holes ZDNet. Retrieved from http//www.zdnet.com/how-to-fix-the-upnp-security-holes-7 000010584/ Wodrich, M. (2009, November 10). Vulnerability in Web work on Devices (WSD) API Security Research & Defense Site Home TechNet Blogs. Retrieved from http//blogs.technet.com/b/srd/archive/2009/11/10/vulnerability-in-web-services-on-devices-wsd-api.aspx