Thursday, April 4, 2019

The Perimeter Network Security System Computer Science Essay

The gross profit interlocking Security System Computer Science EssayAs desire in the real life, securing the beleaguers atomic number 18 the early level of defence mechanism to protect the infixed interlock of an organisation. The intend of this communicate is to programme a border mesh guarantor system t palpebra impart en dig aegis advancement on the existing communicate infrastructure of Napier University. Network circumference is an important gillyflower of defensive measure in an enterprise meshing and e genuinely organisation has this auspices deposit cyberspace. boundary line lucre is where the inside meshing meets the border net income. The master(prenominal) certification architecture using this potential argona of the network is firew eithering. Here this report discusses the egress and unveiling filtering of mail boats by the firewall in order to let the bad job out(a) of the molding and concede nonwithstanding the good barter to effronteryed inherent network. One of the warmheartedness ideas behind the securing the network from outside threat is to develop and implement octuple overlapping layers of protection solutions with different auspices components care Firewalls, VPN, IDS/P and Proxying. Though in that respect are no single earnest solutions to protect the university network, multiple layers of gross profit gage solution will provide maximum available protection from both outside and internal threats. (Watkins, 2011) The awayise considers hardening of network devices by striping down unnecessary protocols and services and manages the guarantor perimeter from a focusing network for proper monitoring and mitigation.The main challenges to build and implement a perimeter security is to de terminationine the proper firewall design, as Perimeter firewall and border routers are key components that decide the security to internal network. Most modern day lash outs are happening in the App lication layer and filtering in this top layer is extremely important for a successful security design. An enhanced packet followup with proper monitoring and reporting is required throughout the end points of the network to freeze out the malicious vocation from in and out of the network. There are number of ways and techniques involved in designing a perimeter security and this design proposes the specific solutions to the security threats in a campus wide network than in a highly complex enterprise network.1CSN11111 Perimeter Network Security System10800584 research AND DESIGN (25/ chiliad words)Security is not a product save a process. Network security depends on multiple components, policy and procedure to enforce the best practices on systems, people and infrastructure (Michael E. Whitman, 2009). The elementary idea of information security is to protect the three fundamental components of information security that are Confidentiality, one and Availability. Perimeter sec urity design follows this principle to protect these components by using various security components. The design of the perimeter security depends on what resources need to be protected and the business need.SECURITY ARCHITECTUREThe main design of the security architecture consists of segregating different geographical zones in a network. These zones drop different levels of security trust levels that allow or deny calling. This layered architecture will provide the University to keep out of assailants (the term attacker is utilize in this report and not hacker, as an attacker is a hacker with a malicious intent and not all hackers are malicious intent). In the enterprise network, the network is divided up generally into three zones and these are limit Network, Perimeter network and internal network.The perimeter security consists of border network and perimeter network as shown in the picture. Each of these considered as single entity against potential threats. In a network perimeter has m any points where an effective security policy should be established. The network perimeter is the most important points of security against2CSN11111 Perimeter Network Security System10800584 foreign threats. umpteen types of security dope be implemented like packet filtering, intrusion contracting systems/pr resultion and unusual person detection etceteraBorder NetworkBorder network is the network facing zone via a border router (Edge router) that provides an initial layer of protection against all the starting point of attacks. It is most likely an integrated selective information processing (Intrusion Detection and Prevention) System to be placed to create an extra layer of security.The border router will allow the handicraft as per the Ingress and Egress filtering gets set on the router. Apart from protecting the outside threats these knock against router and IDP as well help to reduce the network load on the perimeter firewall by filtering spoofed cra ft out of r severallying to the perimeter firewall. Egress filtering helps to prevent specific types of traffic going out of the University that whitethorn be nigh confidential information or thunder mug an attacker plant traffic from a payload. A common rules utilize in the border router is to filter out the ICMP traffic to avoid the trenchant of network infrastructure. (Dailey, 2009)Perimeter NetworkPerimeter network sits in between the Border network and the trust internal network often referred as demilitarized zone. A Perimeter Firewall is the main component to filter the traffic to demilitarized zone and passes the traffic to internal network. This firewall allows traffic from outside the network to innkeepers like Web server or Email master of ceremonies and also allows a limited access from the internal users.3CSN11111 Perimeter Network Security System10800584Perimeter firewall allows the filtered traffic to internal firewall where traffic is further scrutinised by th e set of rules accord the security policies of the organisation. These firewalls are commonly uses the stateful reassessment technology where the states of legitimate traffics are depotd in the firewall cache. Only traffic matching the states of the connection is allowed and others are dropped.REQUIREMENT ANALYSISWhen designing a secure network there are number of factors are taken into considerations. Security is not just a technical release but a business issue. The goal is to make sure a balanced approach towards the requirements in general. The general security requiement is to provide the services gibe to the CIA triad of the information security. Apart from these there are also factors like budget, existing infrastructure and scalability. different factors also constitute the decision making of a proper design are reduce cost, employee productivity, avoid business down time, comply with industry stayards etc.SECURITY THREATSThis section discusses the better known attacks and the reason behind using perimeter security as first line of defense. Attacks hatful be devided into away attacks- feeler from the internet and internal attacks- culmination from the internal network. Information Gathering is the first method an attacker try to get the maximum informaiton about the network architecture.4CSN11111 Perimeter Network Security System10800584The external attacks are from the simpleton probing of the network to DoS( Denial of Service Attacks). An insider attack considers one of the major threats to any perimeter security design. These attacks may cum from a mischievous user to a disgruntled employee who wanted to grab confidential information or to steal company secrets like financial data, personal information etc. A well assemble internal firewall along along with the perimeter firewall can be the good level of defense against these attacks other types of attacks inlcude intrusion packet sniffing, IP spoofing and DoS attacks that poses a direct threat to the organisation. Application layer security is one of the important design area to be take care of. Well known attacks like SQL injection are of these types. These exploits the known or unknown vulnerability on a web server or database server in order to gain the unauthorised access to the internal network.DESIGNThe design of each of the security zones for the Napier University may be different but as whole these components acts in concert to provide a common goals by protecting the perimeter. It is important to understand where the perimeter of the network exists and what technologies are used against the threats. Perimeter security is handled by several different technologies including border router, firewalls, intrusion detection sytems and prevention systems, VPNs.Border RouterThe border router sits in the border or the edge of network where there is a direct porthole to Internet. It acts like a traffic policeman, directs the traffic in or out of the network and als o stop dead the traffic which are not allowed to. The border router will do a NATing to provide this feature. This will transcend the outside network to probe the internal network. Although these routers are do not act like a firewall, it helps to protect the very first line of defense.Firewall5CSN11111 Perimeter Network Security System10800584A firewall is an active device that job is to permit or deny the data packets as per the rules set or the states of the connection. Perimeter firewall is the center point of defense against all the threat that coming to internal network. Firewall can be software based or hardware based hardned for the filtering of packets. The proposed perimeter security can be stand alone or multiple layers that combined with other security devices like IDS, IDP and VPN. A nonmoving filter firewall is the common and simplest firewalls. These firewal allow or block traffic based on the packet header. A perfect example is blocking of Spoofed IP traffic. The main advantage of this type is that I has a very fast throughput but the down side is this firewall block already established connection which may be malicious intent. On the other hand the stateful inspection firewall is the best way of defending the maliciuos attacks. Stateful inspection firewall keeps a copy of the state of each connection so that the traffic will be allowed or denied according the states in the state cache maintained in the firewall. The disadvantage of using this firewall is slow traffic coming out of the firewall as invidiual packets need to be verified and checked with the cache table. Another firewall which is effective against the diligence program layer attacks are the Proxy firewalls. Since the most modern day attacks are pointed against the application protocols the stateful or stateful firewalls will not block the malicious traffic coming to/out of the network. A proxy firewall acts in the bosom of the internet and private hosts and the proxy by acti ng on behalf of the host. The filtering rules are applied in the application layer. The ruleset or signature can be created according to the latest threats. Because of the huge number of traffic these firewalls considered the last throughput than any other firewall but top end in droping unwanted malicous application layer traffic. A web application filter and a spam filter are the example of a proxy firewall.DMZA DeMilitarized Zone or DMZ is the separate zone from the perimeter firewall between the external network and trusted internal network. The public internet facing servers like Web servers, email servers are placed in this area because the DMZ is considered the the most sensitive area with high security stance. The firewall ricochet the traffic in this zones in order to avoid the potential threats that may suffice into the internal6CSN11111 Perimeter Network Security System10800584network. The network inside this zone cannot initiate a sitting to the outside world unlcess it is a reply to an incoming connection.Intrusion Detection Systems (IDS)/ Prevention systems (IPS)An intrusion detection system or prevention system industrial plant in sync with the firewalls by providing a coming security goal of blocking unwanted traffic and notify any event that pop up in the network or host. IDS anlayse the packets for any suspicious act and alerts the executive director. An IPS will prevent these activity by droping apart from the detection the same way IDS does. IDS and IPS have extensive rules set or singnatures of malicious activity which matches the incoming or outdoing traffic when in operation. One disadvantages with the IPS or IDS is that it may alert an legitimate traffic which considered false commanding. A proper configuration of these devices is required in order to kept the false positive minimum as some times this will be a menace to handle excessively many logs with many thousands of false positives. A host based IDS also provide the secur ity executive with alerts against he malicious activity destined against a particular server like in Database server.VPN practical(prenominal) Private Nework (VPN) establish a secure remote connection to the private network by creating a secure virtual cut into through the public untrusted network. VPN provides perimeter security by ecrypting the data in the tunnel and establish a secure connection over the internet. VPN considered to be the potential threat when an attacker comprise the tunnel as the traffic cannot be verified by the IDS or IPS because of the encrypted pakcets it uses for communication. An SSL VPN with an end-to-end VPN can be the best possible way to stay the attacker out of the network.A perimeter security design is incomplete without a proper firewall policy and an organisation wide security practices. For example if an administrator keep a weak password for these devices or any hosts in the network can keep down the entire effort put on designing a perimeter security. These security policy should also be applied to7CSN11111 Perimeter Network Security System10800584systems, and users as there require to be a minimum level of secure access policy with proper Authentication, Autherisation and Authentication(AAA) methods.http//www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtmlManagement NetworkManagement and logging is the most important aspects of a perimeter security. This network has the high security stance as all the administrative access are controlled in the management network. An attacker can take direct access by accessing the management network. The traffic to management network to be encrypted to avoid any possible attack on the internal network. For example to access the IDS, ISP and or routers to be through a secure shell, or SSL, or a https access. Log monitoring is another(prenominal) important aspect of a perimeter security like keeping the IDS and IPS logs or firewall logs. Log files ca n help to identify the probable attack on the internal or malicious activity originating from the internal network. Another possible thing to do to harden all the security devices destined to do only services that (Convery, 2004).IMPLEMENTATION (20/ 800 words)Building a perimeter security system consists of bringing different security technologies explained in the previous topic together for a common goal-to protect the internal network from external or internal threats. The router and firewall separate the public untrusted network from the internal network, the IDS/IPS monitors all traffic, and the VPN provides remote access. All of these components together form a defense in depth security in a perimeter. Figure xxx shows the outline prototype of the proposed design.8CSN11111 Perimeter Network Security System10800584authentication server-dmzOne of the first best practices before the implementation is to develop a firewall policy. The policy mainly defines the security trust level s of each zone in the network and the flow of the data traffic. The flow of data traffic is one of core in implementing the organisation wide security technologies. Perimeter firewall is the centre point in this prototype. This firewall is a stateful inspection firewall and manages traffic from external and internal network. This firewall is a closed security stance by blocking all traffic except those required for the University network.9CSN11111 Perimeter Network Security System10800584The figure - preceding(prenominal) shows how the data flows through different layers of security first where the first line of defense is border router. This multiple layers of security filter the bad traffic in different layers in the network. The first level of defense is border router with a backup from the NIDS. This can be implemented by enabling basic packet filtering rules and Access Control Lists. Blocking the IP Spoofing and ICMP traffic are the examples. This outline NIDS will detect the any unknown behaviour in the traffic, which will be alerted to the administrator through management network. In some deterrent examples border router may not required as the perimeter firewall it self can handle the security threats but that depends on the business decision like cost and availability.Diagram for flow of trafficAs shown in the figure the data flow in the perimeter firewall. Perimeter firewalls allows or deny traffic as per the ingress and egress filter rules. Almost all the traffic coming to the internal network will be blocked by firewall and only allow as per the egress rules. The exception for this rule is for VPN clients and the VPN uses the encrypted tunnel and the VPN server is inbuilt in the Firewall itself. The Perimeter firewall also allows ingress traffic to DMZ zone but drop traffic originates from the webserver other than the reply to the already established connection. DMZ is the least trust level and this is why DMZ is isolated from other network zones. The internal network is allowed to access the Internet and Intranet through a proxy server in the DMZ zone. A web filtering software in the Proxy server can be implemented to filter out the unintended malicious URLs and links. The DMZ also has an inline NIPS in order to defend attacks against the application level threats like DoS attacks. The in line IPS behind the Perimeter firewall act like a sub-cop to check the malicious activity originating both from external and10CSN11111 Perimeter Network Security System10800584internal network. immanent threat may come from a disgruntled employee or a malicious traffic from a Trojan program or a zombie for a possible DDoS (Distributed Denial of Service) attack by a hacker (black hat off course) harvested by using techniques like social engineering.The table explains the detailed egress and ingress rules on the Perimeter firewall.TRAFFIC TYPESINGRESSEGRESSALLOWHTTP/S Request,DMZAllowICMPDMZDenyEmail (SMTP) RequestDMZAllowEmail ( replace RP C)DMZAllowAll Other avocationDMZDenyHTTP ReplyDMZAllowSMTP ReplyDMZAllowExchange RPC ReplyDMZAllowAll Other TrafficDMZDenyICMP (depends on policy) inwrought NetworkDenyRemote VPN ConnectionInternal NetworkAllowAll Other (Including from DMZ)Internal NetworkDenyProxy Server (Port 8080)- InternetInternal NetworkAllowEmail Server Access (DMZ)Internal NetworkAllowICMPInternal NetworkDenyAll Other TrafficInternal NetworkDenyManagement network in the proposed diagram is one of the top security trust level where the management of all the security devices can be done. Log analysis, Secure tunnel access to routers, firewalls, IDS/P are all done in this network. The trusted servers in the internal network are protected with an internal packet filter firewall with only few of the protocols and ports are allowed. This will give the server off the beaten track(predicate)ms with highest level of security. The staff and bookman networks are segregated with VLAN, as staffs should have access to s tudent network but not vice versa. VLAN separate the traffic like a router and this will be important when considered in a University network.11CSN11111 Perimeter Network Security System10800584Both staffs and Students can have access to trusted servers through the internal firewalls. The NIDS is also monitor any suspicious event and alerted. The other Host based IDS and personal firewall in each of the workstations provides an extra layer of security. So the proposed design with a defense-in-depth can be implemented to enhance the existing infrastructure of the Napier.TESTING AND EVALUATION (25/ 1000 words)12CSN11111 Perimeter Network Security System10800584CONCLUSION (15/ 600 words)Unifiied threat management Appliance emerge cobb.One persons good enough is another persons never Bandwidth for authentication is trivial in any case I can think of that doesnt include downloading extremely large biological mappings of the authentication target.As faraway as security measurements, I dont know what yard stick youre using, but strong on-host, per-host authentication works well when you have a trusted path, everything else is a usability or management compromise, I dont think Id bobble them as security features.Placement of authentication server Placement of internal firewall.http//www.sans.org/reading_room/whitepapers/firewalls/achieving-defense-in-depth-internal-firewalls_797he single, authenticated/anonymous, and severalise DMZ designs are all secure designs that provide the best protection for various network sizes. The single DMZ is respected for its simple design which separates itself from a private network. The authenticated/anonymous DMZ classifies servers and the data they protect in order to segregate servers that need strong access controls from the ones that do not. The13CSN11111 Perimeter Network Security System10800584individualized DMZ gives the greatest security for a mature network, but also has the highest setup and maintenance costs. All of t hese secure DMZ designs are susceptible to a seedy configured server which can allow a criminal access to a data store or worse, the entire private network.In a nutshell, theres no such thing as absolute security. How much you invest in firewalls should be a function of how much you have to lose if an attack is successful.(reword)You probably heard a number of so called security experts claim the perimeter is dead because it is not effective at blocking attacks. Nothing cluld be further from the trust. Its accredited that attacks have become far more complex. The concern is no longer simple port scans. What we need to do however is enhance our posture, not scrap useful technologies.To be fair however, its not just the perimeter that is having the problems with modern attacks vectors. Tools like metasploit have reduced the time of exploit development from days to minutes. Networks are being spear targested with Malware which goes undetected by their Antivirus software, in some cas es for as long as two days. Attackers have figured out that they do need to completely defeat forensics, they just need to make it difficult enough that it is no longer cost effective in a CFOs eyes to fully analyse the comprosmised system. So the true problem is attack technology is advancing and we need to keep up. Sometimes this is finding new security technologies and sometimes its by retasking the ones we are already using. To draw a parallel, think of what has happened with the common automobile. 40+ years ago a tuner could tweak more power out of an engine with a simple toolkit from sears. Many of those old times tuners will tell you that engines are now too complex t work on. To the modern tuner however who is willing to add things like OBD-II adapters and laptops to their toolki, the payoffs are huge. Power levels that used to equire huge V8 engines can be produced in tiny four cylinders with as much displacement as half gallono fmilk.14CSN11111 Perimeter Network Security System10800584https//ondemand.sans.org/b20080814/viewer.php?mode=2lo=7652moduleid=530 7pos=0hint=1viewer justly configured firewalls and border routers are the cornerstone for perimeter securityThe Internet and mobility increase security risksVPNs have exposed a destructive, pernicious entry point for viruses and worms in many organizationsTraditional packet-filtering firewalls only block network ports and computeraddressesMost modern attacks occur at the application layer15CSN11111 Perimeter Network Security System10800584

No comments:

Post a Comment