Describe the security features of network hardware devices. All network hardware devices need to have security functions which would prevent unauthorised access to systems and data and helps stop viruses malicious software from accessing the network.
Network hardware devices include:
Wireless Routers/WEP (Wireless Access points)
Each network hardware device comes with its own security features.
Workstations rely greatly on software to protect them from network threats. Anti-virus software programs help keep workstations safe and a software firewall is deployed to keep ports closed even if a program tries to open them. Keeping ports from being opened is like keeping a door closed; nothing can go in or out. This reduces the threat from unauthorised access.
To access the security settings of a router, a username and password is needed. If this is not configured anyone who gains access will be able to administer the network as if it was owned by them. This is set buy the administrator or the ISP.
Wireless Routers/WAP (Wireless Access point)
Wireless routers are more venerable to unauthorised access. This is because the LAN (Local Area Network) does not need to be accessed physically. If the wireless functions of a router are not configured properly, the network can be accessed and configured in administrative mode by anyone. This is a serious security risk.
The wireless access can be controlled by configuring an encrypted password, setting a SSID (Service Set identifier) and choosing whether it is visible or not. If it is not visible, people will not be able to search for the access point; they will have to know the SSID before hand. For password encryption WEP and WPA can be used. WPA is more secure than WEP. Doing this stops unauthorised users from accessing the network.
Configure a networked device or specialist software to improve the security of the network.
I have been asked to implement security to the plan below. This is the network security set-up of a bank. I have been given the task of creating a detailed diagram coupled with a full write-up including any evidence of how the network security has been improved.
I will analyse the potential risks of each asset in this network to find out what types of threats the business may face and what can be done to defend or prevent these threats.
Mainframe with customer accounts
Customers are able to log directly onto the extranet using their personal details. This means that they are essentially giving away their personal, confidential information. Although an extranet is a private network it uses the internet for its external access feature. When sending information across the internet without the right protection, information could be intercepted and taken for later use. Information can even be altered at the time of sending for example a hacker might change the address that a customer wants to send money to in order to commit fraud. This is called the 'man-in-the-middle' attack.
If the website does not use encryption, people may start attempting to target the sites vulnerabilities. Depending on how popular the service is the likelihood of an attack can vary. The can be easily prevented by using a secure HTTPS connection on the website when dealing with personal and private information. This will also prevent the 'man-in-the-middle' attack as time-stamps are used. This means if information transfer has been delayed, it may be altered so it is ignored.
The network set-up can be made more secure by adding a dedicated firewall in between the extranet and the external customers. Although a firewall has already been installed, alternative routes can be taken to avoid the firewall. An example of when this will happen is when the connection is cut between the firewall and extranet, an alternative route may be taken when accessing customer details.
Internal Bank Systems and All other bank data
Because there is not firewall installed between the internet and extranet, malware and/or spyware may make it through the network, through the Internal Bank Systems and into the server that holds all the other bank data. This data can range from customer accounts to the banks future strategies and projects. This makes the bank venerable to hackers and even competitors as this information can be used for fraud and blackmail or it can be taken secretly by another bank to give the competitor an extra edge in the market.
If the internal bank systems are taken over externally, money transferred illegally and records deleted, this would cause a huge problem for the banks as well as all of its customers and employees.
Although it is not likely that other banks will hire hackers to attack the network, it is common for hackers to try to find information or ruin a banks system. This is popular and is also often seen in films. This can be prevented by installing anti-malware/spyware software on the server and installing a dedicated, properly configured firewall between the extranet and internet.
External Access via Customers
Advice can be given to customers to prevent Phishing and other threats. If the customer is knowledgeable in this area they will notice that it is a risk. This can be stopped by informing the customers that they should only go directly to the site before logging in and not to follow email based links.
It's all good having lots of firewalls installed on the network blocking every possible entrance but if they are not configured correctly they may let in experienced hackers. In some cases the user cannot access the internet with a program they use often and so they open a bunch of ports on the firewall so they can access the internet. This is unprofessional and doing this greatly increases the risk of unauthorised access the network. A network administrator should be contacted in this type of situation to open the port needed and minimised network traffic.
If unnecessary ports are open the bank will be extremely venerable to a Distributed Denial of Service Attack (DDoS). This type of attack in often aimed towards commercial websites that sell/provide goods and/or services.
This attack involves a computer sending a virus to a large number of other computers. The virus will have a trigger. When this trigger is set off (by time or by another computer,) all of the computers infected will flood the victim server(s) with network traffic in order to shut down the server and their service.
Here is a diagram that shows how this process takes place.
If the server was turned off for even 5-10 minutes a vast amount of customers would complain. This bank may be targeted because if it is popular and well known.
This type of attack can also be prevented by using a dedicated firewall that examines network ports to determine whether it is from a reliable or safe source. If it is a malicious packet it is dropped immediately. After receiving a packet it will send in on to the main server only if the packet is safe.
Wireless Access point with WEP
Wireless routers are more venerable to unauthorised access. This is because the LAN (Local Area Network) does not need to be accessed physically. This is done by using an encryption algorithm called Wired Equivalent Privacy (WEP). As this security measure has become used more, it has been examined by hackers and now had been cracked. For this reason the newer, more secure security method should be used;
Wi-Fi Protected Access (WPA/WPA2)
If the wireless functions of a router are not configured properly, the network can be accessed and even configured in administrative mode by anyone. This is a serious security risk. The administrator needs to set an admin password and username in order to prevent this.
I have produced an improved network diagram using the countermeasures mentioned above. This new network had improved the network security in every aspect above. I have done this by configuring all devices, installing security software on relevant devices and installing two extra firewalls.
Explain the similarities and differences between securing a wireless and wired network system.
Wired and wireless networks are very similar in a logical diagram but physically can be very different. Wireless networks can go further than a wire, for example they can go through walls and building floors. Because of this wireless and wired network security is very different is some ways.
Securing a traditional wired network, physical aspects of the network have to be looked at. For example servers have to be located in secure rooms with locked doors and wires have to be protected using wire covers. Below are examples of the kind of products that professional networks will have installed.
Wire networks also need physical security but they can still be accessed wirelessly, because of this a password has to be used to restrict unauthorised access. This can be implemented using Wired Equivalent Privacy (WEP) or the more secure Wi-Fi Protected Access (WPA/WPA2). The network SSID (Service Set identifier) can be configured to an unsearchable setting. This prevents people even knowing that the wireless network exists. The SSID would have to be known in order to connect to the network in this case.
One of the main disadvantages to wireless networking is the reduced speed. Wireless Ethernet is either 11Mbps (802.11b) or 54Mbps (802.11a) or 160 Mbps (802.11n) whereas Wired Ethernet is can be from 100Mbps to 1Gbps (1000Mbps) or more!
Although the speed of wireless has been greatly increased due to the introduction of 802.11n, it still cannot keep up with the demand for bandwidth in networks today. If multiple people are gaming over the internet, sharing/downloading files and using bandwidth the network may be overloaded. With wired Ethernet 1Gbps can handle the large bandwidth demand and provide a good service to all users on the same network.
Both wired networks and wireless networks can communicate across a peer-to-peer network. This can be used to store and share data, communicate privately or transfer files. Although with a wireless connection files over 100MB problems have been said to occur.
Client servers are used to centrally store client data and programs on a server giving them access from multiple locations. This is not possible over a wireless connection as a high performance and high bandwidth is needed.
For communication wired and wireless systems have to use different protocols. Both use standard protocols such as HTTP, UDP and TCP. But for wireless connections encryption has to be used. This is because anyone can interrupt a wireless signal without being noticed.