This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
National Bank's headquarters are in Dublin and it has three different types of remote sites: 20 branch offices nationwide; two international offices; and two additional back-up sites. The enterprise network design is shown in Figure 1 and consists of two pages, with the metro Ethernet being the connection point between the two pages. The design has built-in security to protect the integrity of National Bank's systems, data and assets and to safeguard the confidentiality of its information and data (Cisco Systems, n.d.). The enterprise network design has a defence-in-depth structure, with many layers of protection built into the architecture. The different security tools are combined together for better visibility and control (Cisco Systems, n.d.).
The design in Figure 1 accommodates the headquarters and the 22 remote sites, which are all interconnected over a metro Ethernet. The network has a centralised Internet connection at National Bank's headquarters in Dublin that serves users at all of the locations and mobile employees. The network consists of a strong routing and switching network (Cisco Systems, n.d.). National Bank's services operate on top of this network and include banking and financial services applications, an automatic teller machine application, word processing and email applications, databases, a data warehouse, accounting and customer relationship management applications, human resources applications and other general office applications. The network includes the hosting of National Bank's website, which is accessible to customers and others over the Internet (with different restrictions), web browsing for employees and secure remote access for employees using laptops and smartphones. The majority of these services are deployed and managed at National Bank's headquarters, as this reduced the need for them to be operated at the 22 remote office locations. Data backups are done on-site at headquarters and also at the two remote back-up sites that are not included in the design. A serverfarm at headquarters serves the centralised systems and applications (Cisco Systems, n.d.).
The network consists of a variety of devices and appliances, including:
Switches: These connect network entities (Griffin, 2013a).
Routers: These transmit packets to destinations, making a route through multiple interconnected devices (Griffin, 2013a).
VLAN: A virtual local area network is a group of devices that allow computers to communicate virtually as if they were in a single local area network (LAN) (Techopedia, 2013).
WLAN: A wireless local area network links devices using a wireless distribution method and can provide a connection to the Internet (Techopedia, 2013)
Other parts of the network are described below.
The Internet Perimeter Connection
The Internet Perimeter is the part of the network that provides Internet connectivity (Cisco Systems, n.d.). The main purpose of the Internet perimeter is to allow safe and secure access for all employees, customers and other users and to provide services to customers and
Enterprise Network Design (Cisco, n.d.)
Main Site FIGURE 1
Serverfarm - all connected to the firewall
Video, Email, Web, Database, Backup, Log, File, Real-time, FTP Servers
Access - all items are connected to the switches
Video Camera (x10)
Secure Laptop (x50)
CCTV Monitor (x10)
IP Phone (x200)
Secure Computer (x200)
Secure Smart Phone (x5)
Secure Smart Phones
Access Control Server Appliance
Unified Communications Manager
Network Switch, Router, VLAN
Internet Firewall and DMZ
Internet Border Router
Remote Sites - Nationwide (x20)
Remote Sites - International (x2)
All items are connected to the switches
Secure Computer (x10)
Firewall and DMZ
Network Switch, Router, VLAN
CCTV Monitor (x4)
Secure Smart Phone (x3)
IP Phone (x10)
Secure Laptop (x3)
Video Camera (x4)
All items are connected to the switches
Network Switch, Router, VLAN
Secure Computer (x10)
Firewall and DMZ
Secure Smart Phone (x3)
IP Phone (x10)
Secure Laptop (x3)
Video Camera (x4)
CCTV Monitor (x4)
members of the public without compromising the integrity, confidentiality and availability of National Bank's resources and data.
The Internet perimeter consists of the Internet Edge, the metro Ethernet and parts of the Core Distribution. It is comprised of the following security functions and hardware:
Internet Border Router: This is the Internet gateway that routes traffic between the enterprise network and the Internet. It is the first layer of protection that fights against external threats (Cisco Systems, n.d.).
Internet Firewall: This provides access control and deep packet inspections to protect National Bank's resources and data from unauthorised access and disclosure (Cisco Systems, n.d.). The firewall includes a botnet filter to defend against botnet threats. An inspection and prevention security service module in the firewall provides additional threat detection and prevention (Cisco Systems, n.d.). It is configured to assist in blocking certain applications, e.g., instant messaging services and online games. It limits outbound resources going to the Internet. The firewall sends web traffic to the web security appliance along with information identifying the user by IP address and user name (Cisco Systems, n.d.). The firewall sends all traffic considered safe and acceptable to the user (Cisco Systems, n.d.). The firewall also has a routing capability. Intrusion prevention deployment is integrated in the Internet firewall (Cisco Systems, n.d.).
Demilitarised zone (DMZ): This is also integrated in the Internet firewall (the Internet firewall includes both an internal and external firewall) (Stack Exchange Inc., 2013). National Bank's ATMs, website, mail server and other public-facing services are on a DMZ for security and control purposes. This stops non-employees from accessing the Bank's internal servers and data. It protects the public resources by restricting incoming access and by limiting outbound resources goint to the Internet (Cisco Systems, n.d.).
Email Security: The email security appliance is located near the DMZ in order to inspect incoming and outgoing emails. It eliminates threats such as email spam, viruses and worms. It includes anti-virus software, virus outbreak filters and anti-virus engines. It also encrypts emails so that the confidentiality of messages is maintained and data loss is prevented (Cisco Systems, n.d.).
Web security: The web security appliance operates at the distribution switches to examine Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) traffic that is going to the Internet. It provides Uniform Resource Locator (URL) filtering processes to block access to websites containing non-business related content and protect from web-based malware and spyware (Cisco Systems, n.d.). The web security appliance controls and blocks messaging services, peer-to-peer file-sharing and other Internet applications. It blocks file downloads based on file size and type (Cisco Systems, n.d.). The web security appliance scans web traffic, enforces acceptable use policies and protects the user, including a mobile or remote user, from security threats. It tracks the requests it receives and applies policies specifically for remote users (Cisco Systems, n.d.).
Secure Mobility: The web security appliance and the Internet firewall provide secure connections to remote and mobile users, regardless of the type of mobile device used (Cisco Systems, n.d.). All Internet traffic scanning is done by the web security appliance, not the mobile device. This improves overall performance by not hampering the mobile device (Cisco Systems, n.d.).
The Core moves packets from one point to another as quickly as possible and with the least amount of manipulation (TechTarget, n.d.). The Distribution layer applies policies (TechTarget, n.d.). Features of the Core Distribution include:
Network Admission Control (NAC) Server Appliance: This enforces security compliance on all devices that try to access computing resources on the network (Cisco Systems, n.d.). It identifies whether networked devices, e.g., laptops and phones, are compliant with the network security policies and can repair problems before allowing access to the network. It isolates non-compliant devices from the rest of the network. It scans for virus and worm infections and port vulnerabilities (Cisco Systems, n.d.).
WLAN Controller: This device enables wireless performance of mobile devices (Cisco Systems, n.d.)
Network Switch: This device joins multiple computers, devices or networks (WiseGeek, 2013) .
The serverfarm contains the systems that serve business applications and store the data accessible to employees. It includes application servers, storage media, routers, switches and other media (Cisco Systems, n.d.). These are the main security features of the serverfarm (Cisco Systems, n.d.):
Firewall: This limits access to only the necessary and authorised applications and services for the intended users (Cisco Systems, n.d.). An intrusion prevention system module is included to improve threat detection. This identifies and blocks unusual traffic and well-known attacks (Cisco Systems, n.d.) . It can stop malicious traffic before it reaches its target.
Access Control Server Appliance: This controls network access. It provides device administration by authenticating administrators and providing authorizations and an audit trail. It helps regulatory and corporate compliance. For remote access, it works with a virtual private network (VPN) and other remote access devices. For wireless, it authenticates and authorises users and enforces wireless policies. It provides network admission control by enforcing admission control policies (Cisco Systems, n.d.).
Network Admission Control (NAC) Server Manager: This creates security policies and manages online users (Cisco Systems, n.d.). It authenticates servers and is used to provide user roles and compliance checks and to identify any remedial work that needs to be done. It communicates with and manages the NAC Server appliance (Cisco Systems, n.d.).
Gateways: These join networks together (Techopedia, 2013)
The Access layer connects devices to the network (Cisco Systems, n.d.). The devices include secure laptops and computers; video cameras; video monitors; fax machines; IP phones; and secure smart phones (TechTarget, n.d.).
The remote sites contain the same type of devices at those found in the Access layer and also contain ATMs and firewalls with DMZs.
The software applications include: Windows Operating System (Windows OS); MS Office, including Word, Excel, PowerPoint and Outlook for email; Sophis Risque for asset trading and risk management; Sophos Anti-Virus, Anti-Spam, Malware, Spyware Detection and Network Security for web, mobile, encryption, firewall and endpoint protection ; SAP; Swift; Oracle Data warehouse; VERITAS Volume Manager; VERITAS File System; Chrome web browser; and Java.
Vulnerabilities in a network refer to the known weaknesses in a system, which make it vulnerable to attack (Griffin, 2013b). The network's integrity, confidentiality and availability are vulnerable in a variety of ways. The Internet began as a link between government entities and universities to facilitate research and learning (Cisco, 2000). The amount and type of traffic that the Internet experiences now was not envisaged at the time it originated. Accordingly, security was not designed into the Internet Protocol (IP). It was only after several years that tools were developed to deploy IP in a secure way (Cisco, 2000)
Vulnerabilities associated with hardware include the possibility that:
An authorised person will gain either physical or remote access to the hardware.
A USB stick or CD will be used to download data, infect the system with malware or reboot the operating system and consequently have access to National Bank's resources (Cole, 2009, p. 212).
A secret monitoring device will be installed, such as a keystroke capturer, that records information that can be stored in the monitoring device (Cole, 2009, p. 212).
A computer will be accessed by an authorised person if it is not shut down when not required or does not have its screen lock on (Griffin, 2013a).
Devices or hard drives will be stolen because they are not locked down (Cole, 2009).
Other hardware will be infected if an infected device is connected to the network.
Default passwords will be used instead of customised passwords.
An attacker will reboot and get into the Basic Input/Output System (BIOS). If that happens, a BIOS password could be set to lock everyone else out of the workstation (Cole, 2009).
An inventory of key files on each workstation will not be kept.
Backups will not be monitored or logged.
Skimming devices, cameras and other detection devices will be installed at the ATMs by members of the public.
ATMs will be used by unauthorised users to access customers' accounts.
Equipment will deteriorate, add-in boards will be installed incorrectly and unknown magnets will cause damage (The Computer Doctor, n.d.).
Electricity supply will be inadequate and unprotected, which could result in power loss, damaging surges of power or frequency shifts (The Computer Doctor, n.d.).
Incompatibilities between devices will result in them not sharing interrupts (IRQ) (The Computer Doctor, n.d.).
Up-to-date and comprehensive inventory list of hardware, its location and restricted rights list will not be kept.
External computer repair people who are not competent or familiar with the components of the architecture will cause damage or inadvertently infect the system (The Computer Doctor, n.d.).
Security scans for vulnerabilities will not be run regularly and questionable applications are downloaded by users (Griffin, 2013a).
Awareness training and education will not be provided on a frequent basis (Griffin, 2013b).
Hardware security is in a poor state and has been for several years (Quinnell, 2013). The abundance of technology that is available for detecting and eradicating software threats is not available for hardware threats. Hardware developers do not tend to think about the vulnerabilities that their designs present. The tools that developers use to create and debug code can often be used to reverse engineer and exploit code vulnerabilities (Quinnell, 2013). There are three main '"attack surfaces": memory and firmware; exposed buses and interfaces; and passwords and cryptography' (Quinnell, 2013). For example, voting machines were easily compromised by replacing the ROM, which was in a socket, rather than being soldered to the board (Quinnell, 2013). Another system was attacked 'by attaching a clip to the serial EEPROM for easy reading and alteration of code, including security keys' (Quinnell, 2013).
The keyboard can be one of the biggest challenges for hardware security. For instance, a USB keylogger can be inserted between the keyboard and the computer (Quinnell, 2013). There have been a number of examples of computer hardware having Trojans or other programs that enable hackers to access confidential information (Skorobogatov, 2013). According to Skorobogatov (2013), MI5 have claimed that silicon chips can be infected. Research at Cambridge University in 2012 found that a very secure American military chip that was made in China with a sophisticated standard of encryption had a backdoor inserted on it by the manufacturer (Skorobogatov, 2013). The backdoor involves a key and if it is used, it can disable the chip or the chip can be reprogrammed, even if the user has locked it with their own key (Skorobogatov, 2013). Accordingly, hardware vulnerabilities may increase further if these types of programs are surreptitiously included in chips and other hardware during their manufacture.
Software is vulnerable to malware, both known and unknown. Known malware and attacks include viruses, worms, Trojans, spyware and ad support, keystroke loggers, backdoors, denial-of-service (DoS), packet sniffing and social engineering (Griffin, 2013a). Hackers discover vulnerabilities on an on-going basis, providing them with new ways to attack software (known as zero day attacks (Spam Laws, 2013)). Unencrypted data is vulnerable (Spam Laws, 2013). Software applications are vulnerable unless they require strong passwords and authentication systems that are changed regularly. Software that is developed in-house could be open to vulnerability if security measures are not in place (Griffin, 2013b).
Expected vulnerabilities for 2013 include: more SQL injection hacks of web servers and databases to steal user names and passwords; more ransomware malware, which encrypts data and holds it for ransom; more sophisticated attack toolkits, such as Blackhole; more social-engineering attacks across a wide variety of platforms; and new ways for cybercriminals to compromise security or privacy due to new technologies, such as near field communication (NFC) being integrated into mobile devices (Sophos, 2013).
Because 90% of all systems are run on Windows OS, hackers target it to find vulnerabilities (Griffin, 2013a). Microsoft regularly releases patches to update the Windows OS so that these vulnerabilities can be addressed.
A number of ports in the Windows OS are vulnerable and Port 139 - NetBIOS Session (TCP) for Windows file and printer sharing, is the single most dangerous port on the Internet (Griffin, 2013a). The macros in Windows OS make it vulnerable, e.g., in Windows and Excel (Griffin, 2013a). Outlook, the application for emails, is vulnerable to being hacked because emails can contain confidential s and sensitive data. Windows Explorer contains a number of vulnerabilities and for that reason, Chrome by Google will be used instead at National Bank (Spam Laws, 2013).
Another vulnerability in the Windows OS is in the Local Security Authority Subsystem Service during authentication of logons to computers that are connected to the network. If a hacker sends a packet containing malicious files during this authentication process, a DoS attack can occur (Spam Laws, 2013). An example of a zero day vulnerability in Windows involved the Windows Animated Cursor Remote Execution function. This vulnerability allowed code to be remotely executed by hackers (Spam Laws, 2013). Blackhole, the leader in malware today, can attack Windows (Sophos, 2013).
Google reportedly has stopped using Windows OS internally because of its security vulnerabilities, which they believe led to the company being open to Chinese hackers in 2010 (PC World, 2010).
Users include both authorised, e.g., employees, and unauthorised users, e.g., visitors and hackers. Both types can, inadvertently or advertently, constitute vulnerabilities for network integrity, confidentiality and availability.
Authorised users can be the weakest link in the chain. In a 2013 Pricewaterhouse Coopers survey, it was estimated that 36% of current employees were the highest source of information security incidents (Pricewaterhouse Coopers, 2013). Users of remote technology often use the same devices to access both business and personal information. Devices used outside enterprise onsite controls could possibly allow viruses, spyware, worms and other types of malware access the device to enter the network. Confidential and proprietary information may also be lost or stolen while mobile users connect outside the company premises.
In 2006, an employee at AOL mistakenly released a file on one of its websites containing 20 million search keywords of more than 650,000 users. Although the file was retrieved the following day, it had already been copied on the Internet. Personally identifiable information was included in the file (Armerding, 2012). An employee of Certegy Check Services stole 3.2 million customer records, including banking and personal information. The employee allegedly sold the data to a data broker, who then sold it to a number of marketing firms. The people whose information was stolen filed a class action lawsuit against the company. The employee was found guilty of fraud and was sentenced to almost five years in prison. The company paid almost $3.2 million in fines. Each person whose data was stolen was awarded $20,000 (Armerding, 2012).
In 2006, data from 94 million credit cards was taken from TJX Companies Inc. in the USA. There are two versions as to how this happened: one is that hackers used the company's weak data encryption system and stole the credit card information during a wireless transfer between two of the company's stores; the other is that the hackers broke into the company's network by using the in-store kiosks where people could apply for jobs electronically. This was possible because the company's network was not protected by firewalls. The main hacker was sentenced to 40 years in prison (Armerding, 2012). In the USA in 2005, hackers used an SQL Trojan horse to break into CardSystems Solutions' database. The Trojan input code into the database through the browser, resulting in data being sent back through zip files. The attack was successful because CardSystems was not compliant with data storage standards. The resulting exposure of 40 million credit card accounts ultimately caused the company to be unviable and it was subsequently acquired (Armerding, 2012).
Authorised and Unauthorised Users
Both authorised and unauthorised users can be responsible for or involved in certain types of vulnerabilities.
Authorised users such as employees and unauthorised users such as certain contractors and visitors can make the system vulnerable by downloading web content, using chat and messenger applications, engaging in social networking, using short-cut tools, such as macros for Word and Excel, engaging in peer-to-peer file sharing, playing online games and using pirated software. In general, access to non-business related content can expose the system and users to harmful and inappropriate content from the Internet, web browsing and email (Cisco Systems, n.d.).
Identity theft and fraud
This involves the theft of personal identity or fraud on servers and end users through phishing and email spam (Cisco Systems, n.d.). In 2011, a computer and security company in the USA had possibly 40 million employee records stolen by spear phishing. The hackers posed as people the RSA employees trusted in order to gain access to the network. The lesson is that even good security companies can be hacked (Armerding, 2012). Monster.com, the recruitment company, had its library of CVs hacked in 2007. The names, addresses, phone numbers and email addresses of 1.3 million job seekers were taken. The hackers sent out scam email looking for bank account numbers. They also asked the addresses to click on links in the email that could infect their computers with malware. Hackers then emailed the users, telling them that they had infected their computers with a virus and stating that they would delete files unless the addresses paid them money (Armerding, 2012).
Data loss involves the theft or leakage of private and confidential data from servers while being transmitted, or as a result of spyware, viruses, malware, etc. (Cisco Systems, n.d.). In 2006 in the USA, an unencrypted database of 2.5 million veterans and military personnel that contained names, tax numbers and dates of birth was stolen. The database was on a laptop and an external hard drive of an employee of the Department of Veterans Affairs and these were stolen during a home burglary. The Department of Veterans Affairs estimated it would cost $100 million to $500 to prevent and take care of possible losses (Armerding, 2012). In 2008, 134 million credit cards were exposed at Heartland Payments Systems in the USA by means of an SQL injection to install spyware on the company's data systems. The mastermind of the operation was sentenced to 20 years in prison. SQL injections were well known security vulnerabilities of many web-facing applications and security analysts had warned about them for several years (Armerding, 2012).
This involves disruption to the infrastructure, applications and other business resources caused by worms, Trojan horses, spyware macro viruses, malware, boot-record infectors, DoS attacks, Layer 2 attacks and other malicious software (Cisco Systems, n.d.). DoS attacks aim to disrupt IT services and can lead to the disabling of entire networks (UCC, 2013). In 2010, the Stuxnet worm was used in distributed DoS attacks. It only targeted certain software and was intended to attack Iran's nuclear power infrastructure (Armerding, 2012). It wreaked havoc and compromised traditional software defensive systems (Skorobogatov, 2013).
Enterprise networks are vulnerable to unauthorised access to restricted resources, including by employees (Cisco Systems, n.d.). In a 2013 Pricewaterhouse Coopers survey that asked companies for estimates of who was responsible for security incidents, former employees were estimated to be responsible for 27%, hackers were estimated to be responsible for 25%, competitors were estimated to be responsible for 17%, customers were estimated to be responsible for 16%, partners or suppliers were estimated to be responsible for 15%, criminals were estimated to be responsible for 16% and service providers and consultants were estimated to be responsible for 12%. (Note that the totals do not add up to 100% as companies were allowed to estimate multiple reasons (Pricewaterhouse Coopers, 2013)).
The enterprise network design for National Bank will need to be constantly reviewed and monitored to safeguard the data and resources of the Bank and to constantly address the vulnerabilities and defend against the persistent threats that will try to attack it.