This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
As a consultant of the energy company I have to suggest ideal network architecture for their company. The company has a website that allows customers to upload readings, make payments and report/track faults. It must be online for all time. This company already faces some security breach. So security will be one of the main features of the design.
I use two firewalls, two router (one of them is Internet router), DMZ, some switches and Fiber optic cable as the medium.
Here I am describing why I use them to design the network architecture and what their function is and how they work. I will also discuss how they will increase the security of the website.
The routers choose where to send data from one computer to another. It is a specialized computer that can send messages and chose the best path to their destinations along thousands of pathways. The router has two separate but connected works
It ensures that data goes where it is needed.
It ensures that data does make it to the destination.
In dealing with these 2 jobs, it is extremely valuable in working with two separate networks. Router joins the two subnets, passing data from one network to the other. It also protects the networks. The basic operation and function of the router remains the same though how many networks are attached. It is an absolute necessity as the Internet is one massive network which made up of many of smaller networks.
Basically Internet router and the router (used for the internal network) both work for the same purpose; connect the networks. But the Internet router will be more powerful than the internal router. I designed the internal network in to three different subnets for increase the security. They are internal server, main servers and workstations. For this reason the internal router is needed to connect those subnets.
This internal server will work as Domain controller for of all the workstations. This server will help to control direct access to the main server systems. All employees will work under this domain server and the server admin can control them by giving various types of user authentication and permission. This system will increase the security and accessibility.
A firewall is a system or combination of systems that control access policy between two networks. Here the two networks are internal corporate network and the external network (Internet). It is mostly used to protect unauthorized Internet users from access private networks which are connected to the Internet, mainly intranets. All data leaving or entering the intranet go by the firewall, which examines every data and blocks those that do not meet the specific security criteria.
Here I use two types of firewalls. They are application firewall and third generation firewall.
Compared to packet filter firewalls an application firewall is much more secure and reliable cause it works on all 7 layers of the OSI model. This is parallel to a packet filter firewall but here we can also filter data on the basis of content.
Third-generation firewalls is generally referred to as a stateful packet inspection as it maintains records of all connections passing through the firewall and is able to decide whether a packet is the start of a new connection, a part of an existing connection or is an invalid packet.
In the network diagram DMZ is a computer host as a "neutral zone" between public network and the company's network. Demilitarized zone blocks outside users from getting direct access to the company's server. It provides more security than firewall and successfully acts as a proxy server.
For this company DMZ (configured on a separate host) receives requests from clients within the company private network for access to Web sites. The DMZ host then creates sessions for these requests on the external public network. The DMZ host is not able to initiate a session back into the company's private network. Its can only forward requested packets.
Outside the company, users of the public network can access only the DMZ host. The DMZ could serve the company's Web pages to the outside world because it may also have the pages. DMZ blocks access to other company data. In the event that an outside user penetrated the DMZ host's security, the Web pages might be corrupted but no other company information would be exposed.
A Web server is a Computer system whose primary function is to connect to the internet and to download stored web pages and files on to the client computers when requested .It often come as part of a larger package of Internet- and intranet-related programs for serving e-mail, downloading requests for File Transfer Protocol files, and building and publishing Web pages. A single web server may support multiple websites, or a single website may be hosted on several linked or mirrored web servers.
Database server is a computer in network that is dedicated to database storage and retrieval. It holds the database management system (DBMS) and the databases. The database server is a key component in a client/server environment .Upon requests from the client machines, it searches the database for selected records and passes back the results. It is the main storage system for the company. So many valuable information should be kept on this server.
Web servers may need to communicate with the database servers to provide some specialized services. Since the database server is not publicly accessible and may contain sensitive information, it should not be in the DMZ. Generally, it is not a good idea to allow the web server to communicate directly with the internal database server. Instead, an application firewall can be used to act as a medium for communication between the web server and the database server. This may be more complicated, but provides another layer of security.
In this task I need to use one foot printing tools to scan an online selling company. I am going to use NMAP tools to do this task. Nmap is a Network mapper which is a free and open source .It is available under the GNU General Public License as published by the Free Software Foundation. It is most often used by network administrators and IT security professionals to scan enterprise networks, looking for live hosts, specific services, or specific operating systems. Part of the beauty of Nmap is its ability to create IP packets from scratch and send them out utilizing unique methodologies to perform the above-mentioned types of scans and more. In addition, Nmap comes with command-line or GUI functionality and is easily installed on everything from Unix and Windows to Mac OS X.
Using Nmap for Security Testing:
Testing for Security can be one of the most important detective security controls you perform in enterprise infrastructure. The purpose of security testing is to measure the critical components of the organization to the policies and controls that govern them.
Responsibility to stay on top of the latest requirements and also to ensure that security testing is done in both an orderly and timely fashion. Much like designing and maintaining the policies themselves, security testing requires persistent and ongoing attention.
There are many different types of security testing where Nmap could be utilized as part of the solution.
Testing for open ports on the interfaces of a firewall.
Performing scans across workstation IP address ranges to determine if any unauthorized networking applications are installed.
Determining if the correct version of web service is installed in your De-Militarized Zone (DMZ).
Locating systems with open file sharing ports.
Locating unauthorized File Transfer Protocol (FTP) servers, printers or operating systems.
Using Nmap for Security Auditing:
Security auditing can be defined as creating a set of controls specific to the technology or infrastructure being reviewed and then applying those controls, like a filter, to your environment. Any gaps in or outside that filter become audit points and could negatively impact the audit's overall assessment of your security framework. Nmap can assist with such audit needs as:
Auditing firewalls by verifying the firewall filters are operating properly.
Searching for open ports on perimeter devices (perimeter being anything from Internet-edge, to extranet or intranet boundary lines).
Performing reconnaissance for certain versions of services.
Utilizing the OS detection feature to pin-point outdated or unauthorized systems on your networks.
Discovering unauthorized applications and services.
Installing Nmap from Windows Self-Installer:
A Windows self-installer is created for each stable Nmap release. The self-installer executable is named nmap-version-setup.exe.
1. Download the Nmap executable from http://nmap.org/download.html
Figure 1: Installation of nmap
2. Begin the installation process by double-clicking the installer: nmapversion- setup.exe. The first screen is the Nmap GNU General Public License Agreement. After reading the terms of the license, click I Agree to accept the license and continue.
Figure 2: Installation of nmap
3. The next screen allows you to choose the following Nmap components to install:
Nmap Core Files Installs Nmap executables and script files.
WinPcap Installs WinPcap (required for most Nmap scans unless it is already installed).
Network Performance Improvements (Registry Changes) Installs recommended modifications to the Windows registry values to improve TCP connect scan performance.
Register Nmap Path: Registers Nmap path to system path so you can execute it from any directory.
Zenmap GUI frontend Installs the multi- platform graphical Nmap front end and results viewer. Accept the default settings and click Next to continue.
Figure 3: Installation of nmap
4. The next screen allows you to choose the folder where you would like to install Nmap. Accept the default of C:\Program Files\Nmap and click Install.
Figure 4: Installation of nmap
5. The Nmap installation screen shows the status of the installation process, giving line-by-line details of what is happening behind the scenes, as well as an overall progress bar. If WinPcap is already installed you will see a Window stating that the installer is skipping the WinPcap installation. Click OK to continue, and proceed to step 7. If you don't have WinPcap already installed, the Nmap installer will now install it for you.
Figure 5: Installation of WinPcap
Figure 6: Installation of WinPcap
Figure 7: Installation of WinPcap
6. A new window appears to allow you to install WinPcap. Click I Agree to accept the license agreement. The next screen allows you to choose the folder where you would like to install WinPcap. Accept the default of C:\Program Files\WinPcap and click Install. A screen shows the status of the WinPcap installation process will appear. It gives line-by-line details of what is happening behind the scenes, as well as an overall progress bar. Once the WinPcap installation is completed click Finish to close this window.
Figure 8: Installation of nmap
7. Once the Nmap installation is complete click Next to continue.
Figure 9: Installation of nmap
8. The next screen allows you to create an Nmap start menu folder and add an Nmap GUI desktop icon. Accept the defaults or uncheck the boxes if you don't want a start menu folder or desktop icon. Click Finish to complete the installation.
Figure 10: Installation of nmap
All done! Nmap is now installed and ready to go. You can double-click the Nmap - Zenmap GUI desktop icon to open the Nmap GUI, or you can run the Command line version of Nmap from C:\Program Files\Nmap. The C:\Program Files\ Nmap directory also includes the Nmap uninstall.exe file.
The processes of foot printing:
To scan a website firstly I choose a website. The company mainly maintains online selling system. To foot print this website a use nmap. To do it I download nmap from Internet. After downloading I started the scan process of website.
Website Address: www.diy.com
In the step I was show some nmap output of the website from the step I know that the scan system may occur by ping scan and I also noticed four ports opened.
Figure 11: Nmap output
Nmap Output. The Nmap Output tab displays the same interactive output that Nmap displays to standard out. This tab is displayed by default when a scan starts. Figure 12 shows the Nmap Output tab with example results.
Figure 12: Port/host
Figure 13: topology
Figure 14: host viewer
Figure 15: info
Scan: The Scan tab lists miscellaneous information about the scan itself, such as the Nmap command that was executed, Nmap version, verbosity and debug level, scan start and finish times, host and port information, and scan type information.
Figure 16: Host details
Host Details. The Host Details tab displays host information, such as addresses, host names, state, port information, operating system, and uptime, in a hierarchical format. The output also shows a vulnerability icon based on the number of open ports. You can also enter remarks in the Comment field, which are saved when the scan results are saved to a file. Figure 16 shows the Host Details tab with example results.
Some important commands:
Nmap has achieved mass following from system administrators, security and network engineers, incident response teams, firewall administrators, penetration testers, desktop administrators, and domain administrators - the list goes on. Anyone who has ever had a job function that required locating a system, testing for an open port, determining what service might be running on a given port, or identifying a target's operating system has looked to Nmap to help fulfill these service needs