Question 1: Using
the concepts studied in this class, develop a
secure LAN or WAN for a hypothetical organization.
It would initially be important to consider that
the type of LAN being developed for organization
XYZ will be a wireless LAN. The first step to
take, therefore, would be to ensure that that
the default network name [SSID] is changed. This
is since the default SSID of most commonly available
hardware tend to typically be well known to hackers.
In order to further ensure that would be hackers
have no way of discovering the particular SSID,
moreover, it would essential to ensure that the
SSID doesn’t contain information that would
be useful in concern to unraveling the accurate
name or location of the company. The same should
also be done in concern to the administrator’s
password on the router/AP, and for similar reasons;
hackers know the default passwords for all of
the major brands of hardware. Furthermore, since
the organization has no need for wireless access
outside the perimeter of the building, each of
the routers/AP (s) will be placed within the workstation
at the center of the operations floor. This would
be especially advantageous as a result of the
fact that it significantly minimizes the degree
to which the [wireless] signals radiate. Implementing
media-access control [MAC], moreover, would be
the next step in consideration of developing a
maximally secure LAN for XYZ organization. This
is since MAC enables the specification of which
wireless PC cards can access the network, subsequently
ensuring that all others are denied access. It
would be conclusively relevant to conduct a security
check in as much as using software such as Network
Stumbler around the perimeter of the building
so as to ascertain the relevance of the data that
a would be hacker would have access to. This,
in turn, would be followed by a revision of particular
security measures, such as the placement of the
routers, in order to deal with the particular
security leaks (Ziff Davis Media, 2003).
Question 2: What security roles do the following
play in a LAN/WAN environment: Hub, Router, Gateway,
Client Server, Workstation, VLAN, LAN Media, Switch,
Spread Spectrum, Modem, Multistation Access Unit,
Bridge. Be specific and brief in your discussion.
If there is no role played by any of these please
state "NONE".
A Hub is an inexpensive device that is utilized
within the networking field in order to create
a link or links between multiple computers. Moreover,
it is apparent when considering hubs require external
power and can be connected to other hubs and similar
devices, that hubs can pose a security threat.
This is since the network (s) they are enabling
may be externally and physically hacked into.
A [network] gateway is basically a system, tangible
or intangible, that joins two networks together.
It would be noteworthy to acknowledge that while
a network gateway can be implemented completely
in software, hardware or a combination of both;
it also exists at the proverbial edge of the network
(s). Consequently, this renders it vulnerable
to hacking attempts, this being the result due
to which such security requirements as firewalls
are installed by default in gateways. Routers,
on the other hand are similar to gateways with
one exception. They are exclusively physical devices
that join multiple wired or wireless networks
together. Just like gateways, they exist on the
fringe of networks. However, they have the ability
to filter incoming as well as outgoing traffic
based on the IP addresses of senders and receivers,
thus making them relevant security factors. Switches
are similar to Hubs in regard to their physical
properties but have a higher intelligence capacity.
This ensures them to inspect data packets as they
are received, determine the source and destination
device of that packet, and forward the packet
appropriately. Furthermore, acknowledging that
wireless LAN adapters provide an interface between
the client network operating system (NOS) and
the airwaves via an antenna asserts the security
relevance of Client servers. A bridge device inspects
and filters data traffic at a network boundary,
subsequently forwarding or discarding. The Workstation,
VLAN, LAN Media, Spread Spectrum, Modem and Multistation
Access Units are comparatively insignificant in
concern to issues of LAN security (Mitchell, 2004
& Wireless LAN, 2004).
Question 3: What is security Forensics? How
can an organization ensure that the personnel
do not become part of the security problem?
Forensic is what people may call a legal term
that can be used in a court of law that is related
to the application of knowledge to a legal problem.
To give the reader a proper idea of what Forensics’
is all about the popular show C.S.I. (Crime Scene
Investigator) where the detectives use all sorts
of ways to find out what happened at the scene
of a crime. The ways that they use astound the
viewer; they use various sciences that may include
chemical, pathological and other ways to determine
the occurrence of the crime.
This term in the computer language is use d to
describe the art in which data is extracted or
gathered in which an intrusion had occurred. Organizations
that keep logs and keep good security policies
find that this is much easier to accomplish. But
with the right tools computer forensics can be
used to extract data from storage devices that
are damaged no matter how badly. To ensure that
an organization’s personnel do not become
part of the security problem is to keep sensitive
data from reaching the hands of unauthorized personnel.
Question 4: List the hardware products available
on the market that support LAN security. Identify
the software products required to support the
hardware you listed.
CRYPTO-Server 6.1:- a one-time password, token
authentication system that works better, implements
easier, takes hassle and responsibility away from
the user and costs less. This device is compatible
with all operating systems (Network Security,
2004)
AF2100:- AirFortress Security Gateways provide
the essential trusted relationship between wireless
devices, users and the secure network infrastructure.
The efficient, cost effective protection for the
privacy and integrity of your corporate applications
and network resources is now a simple plug-and-play
option. (Fortress Technology, 2004)
Question 5: Identify the standard organizations
and the standards associated with LAN, MAN and
WAN Security.
There are a number of standards organizations
and standards associated with LAN, MAN and WAN
Security. These are explained below:
STANDARD ORGANIZATIONS
IEEE: - The IEEE (Eye-triple-E) is a non-profit,
technical professional association of more than
360,000 individual members in approximately 175
countries. The full name is the Institute of Electrical
and Electronics Engineers, Inc., although the
organization is most popularly known and referred
to by the letters I-E-E-E.
ISO: - ISO (International Standard Organization)
is a network of the national standards institutes
of 148 countries, on the basis of one member per
country, with a Central Secretariat in Geneva,
Switzerland, that coordinates the system.
There are many standards associated with LAN,
MAN & WAN security. These are there so that
the industry on the whole can stay standardized.
These are all maintained and handled by large
organizations such as the ones mentioned above.
These standards and provide the software manufacturers
specific they can comply with. The question here
arises why have these standards? Do these help
in any way? The answer is yes these standards
give programmers who design software’s which
are to be used by the masses a specific to go
with. If there was no specific the end users would
be looking for the different manufacturers to
see if they software is compatible with the current
hardware that they have. The software that is
talked about here are those software that interact
with the hardware directly. Some e.g. of these
software’s are operating systems, disk utilities
etc.
Since being specific is what the standards tell
the manufacturers to do, they comply by producing
appropriate hardware for users. This increases
the level of security that can be provided. To
cite an example would be the common Network Interface
Card (NIC) all these cards by default have a unique
serial number on them that is known as the MAC
address. These numbers represents the manufacturer
and whom does the NIC belong to. These are used
for securing machines. An explanation in simple
words would be that if all humans had a number
we could assign which humans to do what and which
humans could not do something by programming the
computer with the required details.
|