This paper is about one company's failure to protect against hacker. It is also about rebuilding of whole new secure network infrastructure where hackers and viruses have less probability to break into this network. For the smooth the progress of analysis a secure network plan is suggested in this paper.
Security violation could occur in a company. Secure network depicted to protection of sensitive data from insider login into corporate mainframe, viruses and unauthorized wireless access point that could be plugged into network. We can also introduce various security tools like antivirus packages, VPN and data encryptions. We must implement all network security tools together to keep our network safe.
Network security, Firewalls
Acme Widgets, Inc is worldwide leader in manufacturing. Their company consist 1000 employees, all are connected via internal ip network. They seem to be fashioned company with classic internet connection textbook tri-homed firewall. Demilitarized zone includes a web server to send static pages to DNS server and customers. Acme Widgets controls firewall and DMZ system through its internal management console within its network.
Get your grade
or your money back
using our Essay Writing Service!
An unsatisfied customer was able to take control of Acme entire network because of its old fashioned network policies and minor carelessness of employee.
Main motto of this case study is to provide effective and secure infrastructure without bothering the potential customers.
We should focus on security mechanism that will be cautious of application layer protocols. Not only this protection against unauthorized wireless access point, viruses, worms, spyware from HTTP,FTP and insider logging on network infrastructure. It also focus on protection of the local network from internet attacks and identification of harmful as well as old fashioned computers routers ,switches and modems inside LAN.
3.1 Hacker`s Adventure
Permission is not granted for digital or hard copies of all or part of this work for personal or classroom nobody is allowed to make copies for profit or commercial benefits.
Sagar Raj Mahat May23 2010, Karlskrona, Blekinge, Sweden
Hacker get Acme IP address w.x.y.o-255 and telephone no listed ABC-1024.Using THC-scan he found and modem is on and he took over old Windows 200ONT workstations i.e. clueless user He installed black orifice 2000 server for remote login. He also installed BO2K and disabled antivirus on clueless user`s machine. By using Nessus scanning a weak internal DNS sever on Solaris was detected. He used reverse WWW shell so that he took control of his victim machine as long as outgoing HTTP request was allowed through firewall. Using hunt`s integrated analyzer a bunch of telnet session going back and forth was detected
One session was going to the IP address of Web server which he discovered initially. He hijacked the session, now he took control over DMZ i.e. main web server. On DNS server he found location of firewall. He connected to the firewall via DNS server because the TCP port was open in firewall. By using Lynx web browser in DNS he was able to HTTP connection to open port of firewall .He also found management interface of firewall. Later he made couple of WebPages on Apache which he installed in internal DNS .He also created login screen similar to one provided by firewall. After some hours firewall administrator tried to make administrative connection to firewall box. Once she type d user name and password another pop up was displayed thinking as a bug she retyped the username password. Now hacker got firewall administrator password and finally took control over internal network. The complete network infrastructure of Acme is illustrated in fig 1.
Acme Widgets doesn't seem to be regularly attacked but an unsatisfied costumer with knowledge on networking was able to hack their systems. The main mistake was the turned on modem by a careless employee.
Trojan horse programs, backdoor and remote administration programs were run on clueless user. Denial of service attacked on External DNS whereas packet sniffing led on DMZ. Internal DNS totally thrashed by DNS cache pollutions and buffer overflows.
To build secure network old fashioned devices should be replaced by newest versions. A few network security personnel should be hired so that they could handle situations on emergency case as well as design secure network plan .To protect from threats like denial of service following steps need to be followed:
Always on Time
Marked to Standard
On regular basis inspection of device with unusual ports .One should be aware of corporate firewall and its performance on spoofed addresses generating within a corporate network
Turning down certain restrictive services.UDP should be disabled and use for network diagnosis only.
Introducing IPS as well as protection of routers and switches.
3.2.2Protection from outsiders
To protect against outsider there major mechanism should be used.
Firewall system for whole network: it provides control policy between network and internet. Based on polices it should scan all packets entering or leaving network .In our context only know port should be permitted.
TCP wrapper on Linux/Unix based machine: it monitors the packets and give access to only the authorized packets.
Intrusion detection system: IDS alerts about the real-time threats to network manager. A policy should be made so that IDS continuously monitors the network and provide alert from port scan, DOS attacks and TCP session hijacking.
3.2.3 Security policies
Different security policies should be enforced and it's better to consult with network specialist. Such policies should include rules and behaviors for all machine as well as man powers. Policies like firewall should allow known packets only. Creations of passwords for all users as well as employees that cannot be guessed
Microsoft and other software vendors always provide updates so regularly updates can be done
4 NEW NETWORK ARCHITECTURE
Acme widget should follow new network architecture shown in fig2.A boundary router, two LAN switches and an internal firewall is added in the system for better security. External firewall is placed with boundary router. The external firewall controls and provides protection for the DMZ system consistent with their need for outside connection and also provides basic level of protection for remaining network .Whereas the internal firewall more precise protects servers and workstation from outsiders. It also defend remaining network from attacked initiated from DMZ like malware .worms rot kits. Beside this it also gives protection to DMZ systems from attack originated from internal protected network. The proposal of multiple firewalls is because of the attacks that may take place between internal networks. Internal workstation are protected from internal sever or vice versa because firewall can be configured .For unyielding protection DMZ should be placed on different network interface on the external firewall from that used to access the internal networks.
.Fig1.Acme network Architecture