Network Security and Vulnerability Threat Table

LAN Security

Is the local area network that access control using the private VLANs and it’s a networking device within a small geographical area. They are not safe and secure compared to other networks because it’s easy to access the WLAN security compared to others its more of convenience over security thus it will help business and IT organizations to improve on their network by providing suitable choices for WLAN security for organizations to have a safe WLAN in their working place they must have procedures that outlines forms of double connections that are allowed in the work place for security purposes, also to consider security and its impacts to other networks for instance theWLAN ,to have client devices and APs,also to perform attack and vulnerability monitoring respectively to support this type of network and lastly to carry out a regular assessment about WLAN security in the organization.

The wireless system helps devices to connect to the computer minus them being connected to the network,WLAN consists of client devices for examples the laptops and the access points(APs),the APs connect client devices with distributing system(DS) and DS it’s the only way by which client devices can pass information or communicate with LAN and other networks. Also we have wireless switches that help the WLAN is administrators to manage it.

WLAN Architecture

It has the following components including the client devices,APs and the wireless switches, this part tries to show the importance of having a standard mechanism of security  thus providing recommendations for implementing, evaluating and maintaining those configurations of the client devices.

The architecture of an organization should be standard when it comes to the issues of security configurations because it provides a base for security thus reducing the vulnerabilities and consequences of attacks that might be successful, it will improve the consistency and predictability of security. The following makes up WLAN architecture: roaming, microcells, infrascture, and independent.

Independent WLAN is the simplest one which consists a group of computers that are equipped with client adapter and access points are not necessary in this case.

Infrastructure WLAN consists of wireless stations and access points combined with DS that help roaming and mediating wireless network traffic.

Microcells and roaming; a microcell is an area coverage for an  AP,they help users to move between  access points without having to log in again and restarting the applications again, for roaming to work, access points must have a way of exchanging information as a user connect

Threats of WLAN

The following explains the security threats of WLAN that are likely to happen: eavesdropping, spoofing and denial of service

A) Eavesdropping

Involves attack against the confidentiality of data that is transmitted across the network, eavesdropping is a big threat because the attacker can intercept the transmission over air from a distance that is away from the organization

B) Spoofing

It is where the attacker could gain access to data and resources in the network by assuming the identity of a valid user this is because some networks do not authenticate the source address thus the attackers may spoof MAC addresses and hijack sessions.

C) Denial of service

This is where the intruder floods the network with either genuine or fake information affecting the availability of the network resources, WLAN are very vulnerable against denial service attacks due to the nature of the radio transmission.

Cyberattactks in tabular format

The following will be employed to mitigate the above types of attacks on the computer:

Threat intelligence reports, are documents that describe types of system and information that is on mission or the one being targeted and information important to the organization.

We have security alerts that are notifications about the current vulnerabilities and some security concerns.

Tool configuration is the recommendations for mechanisms that support the exchange, analyzing, and the use of threat information.

Indicators can also be used, they suggest or tell that an attack is imminent or its underway for instance we have the IP.

Plan of protections

openStego-it’s a free steganography that has the following functions:

Data hiding where it can hide data within a cover file watermarking files with an invisible signature.

Quickstego -helps someone to hide text in pictures so that its only users of quickstego who can be able to retrieve and go through those messages.

Oursecret -enables the user to hide text files for instance images and videos thus suitable for sending confidential information.

Veracrypt -it adds enhanced security to the algorithms used for system and partions encryption making it immune to new developments in brite-force attacks.

Axcrypt -it integrates seamlessly with windows to compress, encrypt, decrypt, store, send, and work with individual files.

GPG-it enables to encrypt and sign data, communication, as well as access modules for all public directories.

Cryptographic mechanisms to organization

Cryptographic is writing is in secret code within the context of any application and these are the requirements for it;

Authentication, privacy, intergrity, and non-repudiation

They include:schannel CNG provider model,ECC cipher suites,AES cipher suites and the default cipher suite preference. so the basic mechanism is to covert data into  cipher text form and then again into the decipherable when it gets into the user. Encryption and decryption is the main mechanism which works and ensures free flow of data within the system.

Benefits

The use of using public keys enables individuals to convert data into the encrypted form.

Used to hide crucial important and vital information.

Helps in preventing leakage of vital data from a network

Helps in the authentication of users over the transfer or flow of data in electronic way.

Risks associated with these are that they make the problem of general key recovery difficult and expensive and too insecure and expensive for many applications and users as large.

File encryption tools

Veracrypt, axcyrpt, Bitlocker, GNU Privacy Guard and 7-zip

File encryption method

We have the following methods; exceptions, syntax, remarks and security

Results of the encryption files

They provide an overview and pointers to resources on EFS

They also point to the implementation strategies and best practices

Encryption technologies

Shift/Caesar cipher-it’s a tool that uses the substitution of a letter by another one further in the alphabet.

Polyalphabetic cipher-is a cipher that is based on substitution using the multiple substitution alphabets.

Perfect cipher-these are ciphers that can never be broken even with after an unlimited time.

Block ciphers-is an algorithm deterministic that operates on fixed-length groups of bits.

Triple DES-is a symmetric-key block cipher that applies the DES algorithm three times to the data bits in the system.

RSA-is a public-key in the cryptosystems and is used for the transmission of secure data.

Advanced encryption standard-it’s a cipher based on the substitution-permutation network and works fast in both the hardware and software.

Symmetric encryption-these are the algorithms that uses the same cryptographic keys for both encryption and decryption of the cipher text.

Text block coding-are the family of error-correcting codes that do encode data in bits.

Information hiding and steganography-is the process of concealing a file, video, image or file.

Digital watermarking-is the practice of hiding digital information in a carrier signal in the system.

Masks and filtering-masks show which of the part of the message is displayed.

Network security vulnerability and threat table above

Common Access Card Deployment Strategy

How identity management can be part of security program and CAC deployment plan

Identity management involves telling what the user can do to certain devices at a given time. Identity management can be part of the program because of its reasons well known for instance: increasing security, also production while decreasing the cost and effort.

The program tools of identity management need to run as application towards a server because it defines the type of user and devices allowed to work on a certain network this for it to be part of the program, must depend on alerts, reports, policy definition and alarms

Thus offering directory integration and connection of the wireless and non wireless users and meeting almost the operational and security requirements.

Deployment plan of the common access control

Can come for different reasons so as to deploy and enforce the authorization policy for instance:

The organization -wide authorization policy  that is driven from compliance level of organizational requirement.also departmental authorization policy where they have some special data handling the requirements that would be passed to various department. Then the specific data management relating to compliance and targeting at the  protection of the right access of information.

Email Security Strategy

Types of public-private key pairing

Public keys may be disseminated widely but private are only known to user owner. This makes two functions-the authentication when public key is used to verify or show a private user sent a message and encryption where the holder of the private key can decrypt the message.

Authentication-is when the public key is used to verify that a holder of the paired private key sent the message.

Non-repudiation-it’s an attribute of communication that seeks to prevent the occurrence of the untrue or false denial of involvement by either party because it provides the originator of data with credible evidence showing information was received as it was addressed.

Hashing -it’s used to index and retrieve items in database because it is faster to find an item through the use of shorter hashed key thus hashing being the transformation of a string of characters into a shorter fixed length than the original size.

This added security benefit will ensure integrity of messaging by:

Speeding being high  this is when the number of entries is large because maximum number of entries can be predicted in advance so that the bucket array can be allocated once also one may reduce the average lookup cost by a careful choice of the hash function and even the internal data  of structures.

Pretty Good Policy-it’s a program that is used to encrypt and decrypt email over the internet as well as to authenticate digital messages with signatures the stored files that are already encrypted.

GNU privacy Guard-it’s an encryption software program since it uses the combination of conventional symmetric-key cryptography for speed.

Public key infrastructure -it’s a cryptography key that enables the distribution and the identification of the public encryption keys thus enabling the devices to exchange data securely over various networks.

Digital signature -it’s an electronic signature that can be used to authenticate the identity of the person sending the message.

Mobile device encryption-they help mitigate security risks whereby data must be encrypted while it is in transit and when in storage.

How to use smartcard readers tied to computer systems

Smartcard are the credit-sized plastic cards that do contain the circuit card that are integrated they can be deployed together with readers to provide user authentication and the non-repudiation for wider range of security purposes.

A single smart card can be issued to each network user so as to provide a single set of credentials for logging to remote networks.

Complexibility of cost and technical of email encryption strategic to security benefits

The following elements must be considered:

The basics because encryption is a process that is based on the cipher that makes or ensures information is hidden.Aslo choosing what to encrypt because it will be part of the risk management and the planning process of data governance. The three states of data in order for data to be secure from data in motion to data at rest and last data in use.

Recommendation

Smart card can be deployed together with readers to provide user authentication and the non-repudiation for wider range of security purposes.

A single smart card can be issued to each network user so as to provide a single set of credentials for logging to remote networks

A deployment plan  it’s a step to step on what need to happen in the last stage in the email security strategy, for a deployment plan to be effective the following must be put into consideration:

Layered application that deals with the design management dependencies   between components also the people who structure application layers should not be same again to structure the hardware infrastructure.

Reference

Atul.kahate, cryptography, and Network security Tata mc Graw.Hill Publishing Company Limited, 2003

E .kranakis primarily and cryptography, Wiley, 1986