Csi5212 Network Security Fundamentals - Assessment Answers

‘Lucent Pharma’ is a pharmaceutical firm based in Perth and has two offices in two different suburbs. The firm’s current network topology was deployed in haste and as such does not have any effective security control. The CEO of the firm has started feeling the concerns around the cyber security of its network, as Lucent Pharma’s business is flourishing, and competitors are also becoming more and more active in the region.

 

Requirement:

 

As a network security consultant, you are required to:

 

1. Analyse the current network topology implemented at ‘Lucent Pharma’ and identify five major vulnerabilities that exist in the network. You are also required to provide sound reasoning behind these identified vulnerabilities.

 

2. Place the following security devices/controls, bearing in mind that these devices do not compromise either the network performance or the security of the network:

 

a. Firewall
b. IDS/IPS
c. Honeypot
d. Routers/Switches
e. Other devices that may add value to the ‘Lucent Pharma’ network
3. Explain/Justify why these devices were placed in the chosen locations in (2)?
4. Does the Lucent Pharma network require segregation into multiple domains (i.e. requirement of VLANs)? If yes, please add these additional sub-networks to yourtopology.
5. Create a set of firewall policies and a set of firewall rules that should be implemented by the network administrator for firewall(s) placed in the network. Policies must be sound and robust to cover the cyber-security of the entire network.

6. Create a set of IDS/IPS policies and corresponding rules that are to be implemented by the network administrator. Policies must be sound and robust to cover cyber-security of the entire network.
7. Devise ten security policies that are essential for the Lucent Pharma network. Hint: You may refer to security policies from the SANS (SysAdmin, Audit, Network, and Security) website.
8. Design the ‘Proposed Secure Network Design’ for the pharmaceutical firm preferably in Microsoft Visio. An image of this design must be appended to the report.

 

Part 2

 

This part is independent of Part 1 and requires you to use software tools to examine remote machinesand traffic thus captured. You are required to undertake this activity preferably through a ‘Kali Linux’ Virtual Machine (other VM’s are also acceptable).

 

Requirement:

Use ‘Nmap’ tool to scan the server scanme.nmap.org. You are cautioned not to scan any  other server as this is considered unethical and unlawful. This activity is known as ‘Port Scanning’, and only those servers should be scanned for which you have explicit permissions.

 

There might be a situation where you find that running a port scanner on the above server may cause delay especially when run from within the ECU network. In this case, you are encouraged to run the scan outside ECU’s network to avoid unnecessary delays.

 

2. Record the above traffic using the ‘Wireshark’ tool. You may use the Wireshark tool available in ‘Kali Linux’, or you may install Wireshark on your base operating system. Hint: It is always better to check the interface on which your Virtual Machine is running to avoid delays.

The major vulnerabilities that mainly exist within the current network topology of “Lucent Pharma” are listed below:

Missing patches: Missing patches is considered as one of the major vulnerabilities that is present within the present network topology of “Lucent Pharma”. It is identified that missing patches generally permits an authenticated backdoor path as well as command prompt into the web environment for the attackers or rouge insider. Therefore, it quite necessary to be quite careful during the application of patches. It is identified that it is necessary to follow best practices for network security by updating the operating system as well as the software that is generally running with the security patches.

Weak or default passwords: It is identified that though passwords are not considered within the network security vulnerability however it is identified that many of the content management system as well as web applications generally configured by utilizing weak passwords that generally requires SQL injection as well as file inclusion within the database as well as file system that can generally be accessed. This problem can be resolved by testing the passwords regularly for ensuring that the passwords that are generally utilized are proper as well as strong.

 Misconfigured firewall releases: The misconfigured firewall release is also one of the major vulnerabilities that is present within the network of the organization. It is identified that misconfiguration of firewall release can be one of the serious configuration related weakness that generally helps in allowing unauthorized web environment. In order to mitigate this issue, it is quite important to utilize appropriate security policies.

 USB flash drives: The danger that is associated with USB flash drives can create number of network vulnerabilities as well as issues. It is identified that USB drivers are one of the most common ways through which the entire network can be infected from or inside the firewall. In order to mitigate this issue, it is quite important to utilize proper security related policies in context to personal storage devices.

Explanation of the security devices/controls

 The security devices/controls that are generally placed by assuming that none of the devices can compromise security as well as network performance. The security devices or controls that are generally placed are generally elaborated below:

Firewall: Firewall is considered as one of the device of network security that generally assists in monitoring both outgoing as well as ingoing traffic that generally helps in deciding whether to block or allow the entire traffic that is mainly based on number of security rules. firewall is considered as one of the first line of defence within the network security. They generally assist in creating proper obstruction between controlled as well as secured internal network which generally can trusted and untrusted outside network including the internet.

IDS/IPS: Intrusion detection is considered as one of the procedure that assists in monitoring the entire event that generally occurs within the entire network by determining the signs of various types of incident violations as well as imminent threat in context to various security policies. However, on the other hand, system prevention is one of the procedure that helps in performing the entire intrusion detection that generally helps in obstructing the incident that is detected. It is found that this security measures that are generally present as IDS and IPS become one of the part of the network for detecting and stopping different types of potential incidents.

Honeypot: Honeypot is one of the computer system that is generally set for acting as one of the decoy in order to lure various cybercriminals and for detecting and deflecting various study attempts in order to achieve unauthorized access to various information system. It generally compromised of various applications, data as well as computers that generally helps in simulating behaviour of the real system.

Router/Switches: Router generally helps in forwarding various data packages within the network. It is identified that it is mainly connected with the network that. They are generally located within the gateways for connecting various networks as well as devices. Routers generally utilizes headers in order to forward tables for determining proper path in order to forward the entire packet. On the other hand, switch is defined as of the device that helps in filtering as well as forwarding packets between LAN segments. It is identified that switches generally operates as the data link layer and therefore assists in supporting the packet protocol.

Explanation for placing the security devices/controls

The devices like Firewall, IDS, Honeypot, Routers are generally placed within the selected location due to the reasons that are generally explained below:

Firewall: The firewall is mainly utilized within the network in order to prevent unauthorized access or from different private network. It is identified that network firewalls generally assist in preventing unauthorized users of the internet from accessing network that re private and connected with intranets. All the messages that enters as well as leaves the intranet needs to pass through the firewall and the then the firewall examines each of the messages properly and generally assists in blocking those messages that do not generally assists in meeting the security related criteria.

IDS/IPS: Network intrusion detection system is mainly placed within the network so that they can be able to monitor the behaviour of the system and can be able to provide alert on various types of potentially malicious network traffic. It is found that both IDS and IPS are generally utilized so that the symptoms of traffic as well as intrusions can easily be detected so that the security related vulnerabilities as well as challenges can be resolved in the initial stage. IPS/IDS also helps in analyzing unusual behaviour as well as malicious code that generally can create security challenges for the network.

Honeypot: This is considered as one of the vulnerable as well as isolated system that is generally kept within the network in order to know about the various methods as well as techniques of attacks and for protecting the actual system from different types of attacks. Honeypots is considered as one of the most effective security of network that generally can helps in emulating vulnerabilities, accepting as well as responding to various probes that is mainly set by various attackers.

Routers/Switches: Routers or switches are generally utilized between various types pf networks in order to connect the network with the help of internet. It generally assists in checking both the destination as well as source IP address that is associated with each packet and helps in routing the packet to another router. It is found that routers generally assist in providing ISP that further helps in assigning router IP address which is one of the public IP address.

Need of network segregation into multiple domains

 Yes, the lucent pharma requires network segregation into multiple domains which reflect that VLANs are utilized. VLANs are mainly defined as one of the network computer that is mainly located within the same area. It is found that VLANs are mainly utilized within the network in order to make the entire network management system much easier in number of ways. It is identified that VLAN are generally categorized into number broadcast domains as well as number of logical subsets for making the entire network management system easier. One of the greatest advantage of VLANs is that it generally assists in establishing specific collision domain segment for each of the single equipment that is related to the switch.

 It is identified that VLANs provides number of advantages that are generally listed below:

 Security: VLANs helps in providing enhancing network security. It is identified that VLAN network environment helps in controlling each port as well as user. A malicious user can generally plug workstation for switching network.

Broadcast control: Broadcast is considered as one of the normal function of the network. It is identified that there are number of protocols as well as applications that generally depend on the communication broadcast to functions appropriately. It is identified that utilization of VLANs within the network generally assists in reducing the broadcast traffic as each of the broadcast are generally sent to the relevant as well as specific VLAN only.

Physical layer transparency: VLANs are quite transparent on the physical topology and medium over which the entire network is connected.

 Cost: It is identified that segmenting large VLAN helps in creating proper routed network with the routers as routers are generally quite costlier as compared to the switches.

 It is identified that VLANs generally helps in minimizing the need to have router deployment on the network that generally have broadcast traffic. In addition to this the confinement of the broadcast domains generally assists in reducing the traffic.

Set of firewall policies and rules

Firewall is considered as one of the appliance that is mainly designed for controlling the flow of the internet protocol in order to form proper network or electronic equipment. In order to examine the network traffic as well as for enforcing policies that is dependent on instructions contained within the ruleset of the firewall. The policy that is mainly designed is helpful in providing proper guidance when the firewall is needed. The firewall policies that is utilized is quite helpful in raising awareness on the significance of properly configured firewall. The firewall policies that must be implemented by the network administrator are listed below:

Network connection: All the wireless connection of the organization network must pass through the firewall of the network. Additionally, all the network connections that generally enters high security network generally passes through the network firewall.

Dedicated functionality: The network firewall must be utilized for protecting the network of the organization by running on single purpose devices. Each firewall network must have appropriate set of rules that must be specific to its purpose as per the ITS standard of network firewall.

 Network firewall change control: It is identified that network firewall configuration rules should not be changed unless proper permission is provided by the information security officer as well as network manager. It is found that any of the of the changes to various services as well as rules needs to be properly documented.

Regular auditing: Proper audit on the network firewall must be done properly. These audits must include the proper execution of vulnerability scanning as per the ITS vulnerability assessment policy. Audits are generally performed by the team of the information security as well as network services.

Network firewall physical security: The network firewall of the organization is generally located on the ITS data centre and it must be accessible by the roles and responsibilities that generally provides access to the network firewall that is defined within the entire ITS access control policy. It is identified that this secure space generally has proper security related measures installed and therefore all the physical access that is generally secured will be generally automatically logged. It is identified that all the visitors access must helps in securing spaces that is generally abide by the ITA access control related policy.

Developing set of IDS/IPS policies 

 Intrusion detection system are considered as one of the automated system that assists in monitoring as well as analyzing the network traffic in response to various activities that generally matches through known patterns of malicious activities. It is identified that to analyze as well as monitor the traffic, number of policies are required to be implemented by the network administrator so that the policies and rules are quite helpful in resolving the challenges of cybersecurity from the network. The policies that are required to be implemented are mainly listed below:

• It is identified that the perimeter firewall should be placed between the switch as well as the router
• It is found that both inbound as well as outbound of network must be restricted and it must be dependent on the system classification as properly identified by the technique of risk assessment
• It is identified that system must hold the restricted data that must be outbound as well as inbound the entire traffic that is restricted to that is needed for the business for functioning all other inbound as well as outbound traffic.
• Firewall configuration must be successfully updated as per the new types of vulnerabilities that are generally identified
• IDS as well as IPS must be appropriately monitored for restricting the entire data
• Proper risk analysis requires to be successfully conducted for determining the internal restricted system as well as IDS IPS.
• It is found that all the IDS as well as IPS that generally assists in restricting data environment must be properly configured for alert personnel of various suspected compromises.
• It is found that all the IPS as well as IDS, baselines as well as signatures are required to be kept up to date.

Security policies that are essential for Lucent Pharma network

The security policies that are very much essential for the network of Lucent Pharma are mainly listed below:

 Sys admin: The entire power of the network depends on the system admin. The entire role of the system admin depends on the entire functionality of the network in order to intend the work of the network. It is found that if any type of security related challenges occurs then the system admin needs to deal with various functionality of the system. The system functionality must considers all the security related policies while working with the system so that no security related challenges can be able to affect the system effectively.

Audit: It is identified that the audit sector plays a great role in the field of networking due to number of factors that are generally involved with the various sectors of the functionality that is achieved from the entire system. It is found that the main policy that is mainly applicable within the devices must be performed successfully as well as system requirements. The audit concept must be done so that the person can take the entire responsibility. It is found that if any type of error is found within the network it would generally helps in securing the entire system. Sometimes proper planning must be done in context to policy due to number of types of alterations within the system which would affect the normal functionality of the system.

Network: The policy that is mainly related with the network can be within the sector which reflects that all the packets that generally transferred within the network must be properly accessed. It is found that the main motive of the network is to minimize the overall time that is mainly associated with the packets delivery from one part to another. It is found that the network must be properly secured so that no activity can impact the working of the network negatively. It is identified that as network comprises of various types of packets and therefore it must include different types of vital information that are very much essential.

Security: Security is considered as one of the important aspect in the perspective of networking. This is generally since there are number of types of attacks that can generally be initiated within the system so that the entire functionality of the system does not get affected. The main policy that is applicable within the concept is enhancing the security of various system components that should be done effectively so that it would not create any type of impact on the external as well as internal working of the organization. It is identified that there are number of rules and policies that must be included within the concept of network in order to maintain both external as well as internal working of the entire system.

Command used to scan server	Sudo nmap scanme.namp.org
IP address of the server	45.32.33.156
Ports open in the server	22 – ssh 25 – smtp 30 - http
Sunning Web server	Http Server, port 30
web server version in use is patched	No

Bibliography

Acemoglu, D., Malekian, A., & Ozdaglar, A. (2016). Network security and contagion. Journal of Economic Theory, 166, 536-585.

Chen, G., Gong, Y., Xiao, P., & Chambers, J. A. (2015). Physical layer network security in the full-duplex relay system. IEEE transactions on information forensics and security, 10(3), 574-583.

Cruz, T., Barrigas, J., Proença, J., Graziano, A., Panzieri, S., Lev, L., & Simões, P. (2015, May). Improving network security monitoring for industrial control systems. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on (pp. 878-881). IEEE.

Durkota, K., Lisý, V., Bosanský, B., & Kiekintveld, C. (2015, July). Optimal Network Security Hardening Using Attack Graph Games. In IJCAI (pp. 526-532).

Hyun, S., Kim, J., Kim, H., Jeong, J., Hares, S., Dunbar, L., & Farrel, A. (2018). Interface to Network Security Functions for Cloud-Based Security Services. IEEE Communications Magazine, 56(1), 171-178.

Jang, H., Jeong, J., Kim, H., & Park, J. S. (2015, March). A survey on interfaces to network security functions in network virtualization. In Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on (pp. 160-163). IEEE.

Kountouras, A., Kintis, P., Lever, C., Chen, Y., Nadji, Y., Dagon, D., ... & Joffe, R. (2016, September). Enabling network security through active DNS datasets. In International Symposium on Research in Attacks, Intrusions, and Defenses(pp. 188-208). Springer, Cham.

Mishra, S. (2015, December). Network security protocol for constrained resource devices in Internet of things. In India Conference (INDICON), 2015 Annual IEEE (pp. 1-6). IEEE.

Moreira, R., Moreno, R., & Strbac, G. (2016). Value of corrective network security for distributed energy storage applications. IET Generation, Transmission & Distribution, 10(7), 1758-1767.

Ochang, P. A., & Irving, P. (2016). Performance analysis of wireless network throughput and security protocol integration. Int J Future Generation Commun Netw, 9(1), 71-78.

Olivier, F., Carlos, G., & Florent, N. (2015). New security architecture for IoT network. Procedia Computer Science, 52, 1028-1033.

Shin, S., Wang, H., & Gu, G. (2015). A first step toward network security virtualization: From concept to prototype. IEEE Transactions on Information Forensics and Security, 10(10), 2236-2249.

Shin, S., Xu, L., Hong, S., & Gu, G. (2016, August). Enhancing network security through software defined networking (SDN). In Computer Communication and Networks (ICCCN), 2016 25th International Conference on (pp. 1-9). IEEE.

Singhal, A., & Ou, X. (2017). Security risk analysis of enterprise networks using probabilistic attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.

Wang, L., Jajodia, S., Singhal, A., Cheng, P., & Noel, S. (2014). k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities. IEEE Transactions on Dependable and Secure Computing, 11(1), 30-44.

Yang, N., Wang, L., Geraci, G., Elkashlan, M., Yuan, J., & Di Renzo, M. (2015). Safeguarding 5G wireless communication networks using physical layer security. IEEE Communications Magazine, 53(4), 20-27.

Yu, T., Sekar, V., Seshan, S., Agarwal, Y., & Xu, C. (2015, November). Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (p. 5). ACM.

Zaalouk, A., Khondoker, R., Marx, R., & Bayarou, K. (2014, May). Orchsec: An orchestrator-based architecture for enhancing network-security using network monitoring and sdn control functions. In Network Operations and Management Symposium (NOMS), 2014 IEEE (pp. 1-9). IEEE.

Zseby, T., Vázquez, F. I., King, A., & Claffy, K. C. (2016). Teaching network security with IP darkspace data. IEEE Transactions on Education, 59(1), 1-7.