This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Security is a set of processes and products. In order for a security program to be effective, all of the following parts must work and be coordinated by the organization:
1) Antivirus software
2) Access control
5)accessing the internet
Access control This area evaluates mechanisms that protect an organization from internal and external intrusions. Issues such as password management, authentication systems, and event logging are part of this section
Implementing Access Control
The process of implementing access control is critical. Access control defines how users and Systems communicate and in what manner. In other words, it limits-or controls-access To system resources, including data, and thus protects information from unauthorized Access. Three basic models are used to explain access control.
The Mandatory Access Control Method
The Mandatory Access Control (MAC) model is a static model that uses a predefined set of access privileges for files on the system. The system administrators establish these parameters and associate them with an account, files, or resources.
The MAC model can be very restrictive. In a MAC model, administrators establish
access. Users can't share resources dynamically unless the static relationship already exists.
The acronym MAC appears in numerous computer-related contexts. One of
the most common uses is to represent the Media Access layer in networking.
Be careful not to confuse MAC addressing as it relates to network cards with
Mandatory Access Control.
MAC uses labels to identify the level of sensitivity that applies to objects. When a user
attempts to access an object, the label is examined to see if the access should take place or be denied. One key element to remember is that when mandatory control is applied, labels are required and must exist for every object.
The Discretionary Access Control Method
The Discretionary Access Control (DAC) model allows the owner of a resource to establish privileges to the information they own. The difference between DAC and MAC is that labels are not mandatory but can be applied as needed.
The DAC model allows a user to share a file or use a file that someone else has shared.
It establishes an access control list (ACL) that identifies the users who have authorization to access that information. This allows the owner to grant or revoke access to individuals or groups of individuals based on the situation. This model is dynamic in nature and allows information to be shared easily between users.
The Role-Based Access Control Method
The Role-Based Access Control (RBAC) model allows a user to act in a certain predetermined manner based on the role the user holds in the organization. The roles almost always shadow the organizational structure.
Users can be assigned roles systemwide and can then perform certain functions or duties based on the roles they're assigned. An example might be a role called salesperson. The user assigned the salesperson role can access only the information established for that role. Users may be able to access this information from any station in the network, based strictly on their role. A sales manager may have a different role that allows access to all of the individual salespersons' information.
The RBAC model is common in network administrative roles.
Authentication this is one of the mainly critical parts of a security system. Its division of a process that is besides referred to as identification and authentication. The identification procedure starts as soon as a user logon name is typed into a sign-on screen. Authentication is proficient by exciting the argue regarding who is access the reserve. With no authentication, any person is capable of claim to be anyone.
Network authentication can't be seen by a user who uses a domain account. Local users who use computer account must give qualifications (such as a user name and password) whenever they get into a network resource. Through using the domain account, the client has qualifications that are automatically used for on its own sign-on.
Biometric readers use physical characteristics to identify the user. Such devices are becoming
more common in the business environment. Biometric readers include hand scanners, retinal scanners, and soon, possibly, DNA scanners. To gain access to resources, you must pass a physical screening process. In the case of a hand scanner, the screening may include fingerprints, scars, and markings on your hand. Retinal scanners compare your eye's retinal pattern to a stored retinal pattern to verify your identity. DNA scanners will examine a unique portion of your DNA structure to verify that you are who you say you are
Certificates are one more common form of authentication. A certificate includes a digital autograph from the certification license so as to issue the certificate. In the EAP-TLS certificate authentication process, your computer present its client certificate to the distant approach server, and the distant approach server presents its computer certificate to client computer, as long as common authentication. Certificate is authenticated by means of a in the public domain key to confirm the integrated digital signature.
Challenge Handshake Authentication Protocol
Challenge Handshake Authentication Protocol (CHAP) challenges a system to verify identity.
CHAP doesn't use a user ID/password mechanism. Instead, the initiator sends a logon request from the client to the server. The server sends a challenge back to the client. The challenge is encrypted and then sent back to the server. The server compares the value from the client and,
if the information matches, grants authorization. If the response fails, the session fails, and the request phase starts over. Figure 1.4 illustrates the CHAP procedure. This handshake method involves a number of steps and is usually automatic between systems
Password Authentication Protocol
Password Authentication Protocol (PAP) offers no true security, but it's one of the simplest forms of authentication. The username and password values are both sent to the server as clear text and checked for a match. If they match, the user is granted access; if they don't match, the user is denied access. In most modern implementations, PAP is shunned in favor of other, more secure authentication methods
Firewalls are individual of the primary lines of security in a network. Here are unlike types of
Firewalls and they preserve to be either set -alone systems or built-in in other devices for instance routers or servers. Firewall solutions with the intention of market as hardware lone and others that are software lone. A lot of firewalls, consist of integrate software that is accessible for servers or workstations.
Firewalls are appropriate as appliances, significance installed as the most important device sorting out two networks. Appliances are self-supporting devices to facilitate function in a largely independent manner, require less preservation and hold up than a server-based product.
Firewalls perform as one or extra of the following:
- Envelope filter
- Deputy firewall
- Stateful assessment firewall
Packet Filter Firewalls
A firewall operating as a packet filter passes or blocks traffic to specific addresses based on the type of application. The packet filter doesn't analyze the data of a packet; it decides whether to pass it based on the packet's addressing information. For instance, a packet filter may allow web traffic on port 80 and block Telnet traffic on port 23. This type of filtering is included in many routers. If a received packet request asks for a port that isn't authorized, the filter may reject the request or simply ignore it. Many packet filters can also specify which IP addresses can request which ports and allow or deny them based on the security settings of the firewall.
Packet filters are growing in sophistication and capability. A packet filter firewall can
allow any traffic that you specify as acceptable. For example, if you want web users to access your site, then you configure the packet filter firewall to allow data on port 80 to enter. If every network were exactly the same, firewalls would come with default port settings hardcoded, but networks vary, so the firewalls don't include such settings.
A proxy firewall can be thought of as an intermediary between your network and any other network. Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data and makes rule-based decisions about whether the request should be forwarded or refused. The proxy intercepts all the packages and reprocesses them for use internally. This process includes hiding IP addresses.
When you consider the concept of hiding IP addresses, think of Network
Address Translation (NAT) ,The proxy firewall provides better security than packet filtering because of the increased intelligence that a proxy firewall offers. Requests from internal network users are routed through the proxy. The proxy, in turn, repackages the request and sends it along, thereby isolating the user from the external network. The proxy can also offer caching, should the same request be made again, and can increase the efficiency of data delivery.
Stateful Inspection Firewalls
The last section on firewalls focuses on the concept of stateful inspection. Stateful inspection is also referred to as stateful packet filtering. Most of the devices used in networks don't keep track of how information is routed or used. After a packet is passed, the packet and path are forgotten. In stateful inspection (or stateful packet filtering), records are kept using a state table that tracks every communications channel. Stateful inspections occur at all levels of the network and provide additional security, especially in connectionless protocols such as User Datagram Protocol (UDP) and Internet Control Message Protocol (ICMP). This adds complexity to the process. Denial-of-service (DoS) attacks present a challenge because flooding techniques are used to overload the state table and effectively cause the firewall to shut down
Appreciating Antivirus Software
Computer viruses-applications that carry out malicious actions-are among the most annoying trends happening today. It seems that almost every day someone invents a new virus. Some of these viruses do nothing more than give you a big "gotcha." Others contaminate networks and wreak havoc on computer systems. A virus may act on your data or your operating system, but it's intent on doing harm-and doing so without your consent. Viruses often include replication as a primary objective and try to infect as many machines as they can, as quickly as possible.
The business of providing software to computer users to protect them from viruses has
become a huge industry. Several very good and well-established suppliers of antivirus software exist, and new virus-protection methods come on the scene almost as fast as new viruses. Antivirus software scans a computer's memory, disk files, and incoming and outgoing e-mail. The software typically uses a virus definition file that is updated regularly by the manufacturer. If these files are kept up-to-date, the computer system will be relatively secure. Unfortunately, most people don't keep their virus definition files up-to-date. Users will exclaim that a new virus has come out, because they just got it. Upon examination, you'll often discover that their
virus definition file is months out-of-date. As you can see, the software part of the system will break down if the definition files aren't updated on a regular basis.
STRUCTURE OF TROUBLE SHOOTING METHODS
A networker should determine the problem definition and the scope, such as:
Considering possible causes
Devise a solution and Implement a solution
Test the solution
Document the solution
Device the preventive measures
Determine the problem definition
For instance you reach the user computer, request about the problem using open question, at this point the user will tell you all of his/her problems in his/her own language and understanding. Followed by ask close questions whereby the user will answer back by agreed or refusal answers.
In that case we should ask about the scope. is him/her the individual one with the trouble, or else the entire network experience the problem.
At this juncture we gather every information concerning the users address and names, the computers operating system, the software existing and in addition at this point we bring together the computers information from example the
CONSIDERING POSSIBLE CAUSES
The followings are the list of possible causes
No internet connection available
Cabling is faulty, or the use of wrong cables
Faulty NIC card
Faulty mail client settings
Mail server availability
Wrong ip addressing
Printer not installed correctly
No printer drivers in computer
Printer is not turned on
No ink inside the printer
No papers inside the printer
DEVISE A SOLUTION AND IMPLEMENT A SOLUTION
At this point it depends on top of your findings. Every part of problems covers the solution, example
No internet connection available- potential solution is to make surely get connected to the internet, instance attach cable to the switch and further end to the computer, and must get the network icon at bottom of the computer. Also try to access at least Google server.
Cabling is faulty, or the use of wrong cables-between the switch and the computer make sure that the cable connected to the network is straight through cable
Faulty NIC card-the blinking at the nic card should blinking to ensure that the nic card is working properly if its not blinking then the nic card is not okay, as well perform command prompt and confirm if loopback addressing is okay for example, ping loopback
Faulty mail client settings- prefer a default mail client
Mail server availability- be able to access other server
Wrong ip addressing- approve the addressing from the administrator
Printer not installed correctly- attempt a print test, and re install the printer
No printer drivers in computer-check at device manager for the printer driver if the print driver not available then install them on computer
Printer is not turned on-switch on the printer
No ink inside the printer- replaces the cartridge if ink is finished, or considers refilling
No papers inside the printer- make sure the papers is inside, if not add some print papers on the paper tray
TEST THE SOLUTION
As soon as implementing the solutions try to access the internet, or more particularly the mail server, and as well check if you can print once more.
DOCUMENT THE SOLUTION
If the same problem happens; current available networker will be alive to follow the same procedure.
DEVICE THE PREVENTIVE MEASURES
Give details to the computer user what was the trouble and how to avoid it in the future example, in the issue of the email problem, the user has to recognize and write down his/her mail client settings. In the case of the print problem, explain to him/her about how to safely use the printer, as well how to update printers driver, and how to install anew printer.
My collage network is linked to internet through a cisco security appliance.
Producer - My cisco security appliance producers are cisco systems.
Model number : 2610 series cisco router.
A Firewall is solitary of the most helpful security tools accessible for defending internal network users from external threats. Firewall products use a range of techniques for influential for what is permitted or denied access to a network.these are the security features.
Application / Web Site Filtering - Prevents access based on the application.
Stateful Packet Inspection (SPI) - Received packets must be legitimate responses to demand from internal hosts. The SPI can besides include the means to recognize and filter out specific types of attacks such as DoS.
Packet Filtering - It Prevents or allows access based on IP or MAC addresses
A proxy firewall can be thought of as an agent between your network and any other
network. Proxy firewalls are used to process requirements from an outside network.
NAT (network address translation) Nat is a mechanism for preventing intranet from being recognized by the intruders, it translates the internal private addresses into one or more public address purchased from the isp.
REASONS FOR CHOOING THIS FIREWALL
it supports NAT,so with nat our collage can hide internal ip addresses so that they will not be routed to the internet.
it supports SPI(stateful packet inspection) by means of this feature here will be security for the intranet.
it support packet filtering fpr simple management and control mechanism
it filters based on names and websites, thus intranet users cant access porn sites and harmful websites.
ACCEPTABLE USER POLICY
Classify of rules set by the holder of network, A UP documents are in black and white for many organizations together with schools, businesses, ISP's to minimize the potential for legal action that may be taken by users.
AUP are important in safety of an organization.
Consequently all members of a company include to sign the AUP before they are given right of entry to companies information system.
AUP has to be uncomplicated and clear, it be supposed to show what users should execute and not execute with the companies system and infrastructure.
Acceptable internet use policy (IMIT COLLAGE)
Use of the internet by employees of [IMIT COLLAGE] is permitted and confident where such use supports the goals and objectives of the business On the other hand, [IMIT COLLAGE] has a strategy for the use of the internet thus employees should make sure that they:
obey with the legislation
use the internet in an suitable way and safe way
do not generate avoidable business risk
In exacting the following is improper use by employees:
doing fraud using the computer
visiting sites that contain pornographic or otherwise illegal material
downloading commercial software or any copyrighted materials
revealing confidential information about [IMIT COLLAGE] in a personal online posting, upload or transmission
introducing any form of harmful software into the corporate network
using the internet to abuse or send annoying messages to others
hacking into unauthorized sectors
undertaking useless activities that waste staff effort or networked resources
Company-owned information held on third-party websites
At whatever time you collect, create any information in the route of your job, the information leftovers is the belongings to IMIT COLLAGE, and this it includes the in turn stored on your hard drive.
Monitoring - IMIT COLLAGE understands that the use of the internet is a important business means. Though, abuse of this service preserve negative effect ahead employee efficiency and the status of the commerce.
Sanctions - At whatever time that member of staff has disastrous to comply with this guiding principle, they determination face the company's corrective process. If the employee is starting to have despoiled the policy, they will face a judgement, which can be a spoken warning or dismissal.
Agreement - Every one of company employees, who have been approved to have the acceptably to use the company's internet access are vital to sign this agreement confirming their understanding and agreement of this policy.
Acceptable email use policy
On the other hand, [IMIT COLLAGE] has a policy for the service of the email. Employees be supposed to:
fulfill with legislation
use email in an suitable way and safe
do not create unnecessary business risk
forwarding of company confidential messages to external locations who are not allowed to get the message
storing images, text or materials that might be considered discriminatory, offensive or abusive,
use of company email systems to set up personal businesses or send chain letters
storing images, text or materials that might be considered indecent, pornographic
accessing copyrighted information in a way that violates the copyright
transmitting unsolicited commercial or advertising material
undertaking useless activities that waste staff effort or networked resources
introducing any form of computer virus or malware, Trojan into the corporate network
Monitoring - [IMIT COLLAGE] accepts that the use of email is a valuable business tool. Though, mistreat of this facility can contain a negative impact upon employee productivity and the reputation of the business.
When an employee has unsuccessful to comply with this policy, they will countenance the company's disciplinary process. If the employee is found to have dishonored the policy, they will countenance a judgement, which can be a spoken warning or dismissal.
Agreement - Every one of company employees, who receive the right to use the company's internet access are essential to sign this agreement confirming their understanding and acceptance of this policy.
ACCEPTABLE INSTANT MESSANGERS AND CHAT ROOM
Though, IMIT COLLAGE has a policy for the use of the internet so employees be supposed to ensure that they:
comply with the legislation
use the internet in an acceptable way and safe way
do not create unnecessary business risk
In particular the following is unacceptable use by employees:
For the purposes of this policy, a "chat" system is defined as a Web site or portion thereof that encourages visitors to post messages in order to engage in "real-time" conversation with other visitors at the same site.
Interactive Web applications are not suitable for IMIT'S shared hosting environment
IMIT usually permit its Users to host forums provided that they are moderated in accordance with IMIT'S Forum Rules
"chat", are not allowed on IMIT servers,
IMIT'S permits its users to host their own personal web logs (blogs) on the following basis:
you accept and understand that any content that you provide to a blog enters an open, public forum, and is not confidential;
by disclosing personal information such as your name and email address in a blog, you acknowledge and understand that this information may be collected and used by other persons to communicate with you;
you may be held legally liable for the content that you provide in a blog;
IMIT'S have the right to remove any offending content or stop your use of a blog or hosting a forum.
Company-owned information held on third-party websites
At any time you collect, generate any information in the flow of your work, the information remains is belongings to IMIT COLLAGE, this includes the information stored on your hard drive or third party sites eg yahoo messengers.
Monitoring - [IMIT COLLAGE] accepts that the use of the internet is a valuable business tool. However, misuse of this facility can have a negative impact upon employee productivity and the reputation of the business.
Sanctions - At whatever time an employee has unsuccessful to comply with this policy, they resolve the company's disciplinary process.
Agreement - Each and every one of the company employees, who hold the right to use the company's internet access, is essential to sign this agreement confirming their understanding and acceptance of this policy.
MICROSOFT IPSEC DIAGNOSTIC TOOL
Tool which assists network administrators with troubleshooting network related failures.
Internet Protocol security (IPsec) is a framework of open standards for safe guarding communications over Internet Protocol networks. IPsec supports data origin authentication, data integrity, data confidentiality.
IPsec is supported by the Microsoft Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000 server also.
USING IPSEC DIAGNOSTIC TOOL TO COLLECT IPSEC POLICY INFORMATION
The main function of the IPSec Policy Agent is to rescue policy information and pass it to other IPSec machinery that require this information to execute security services.
GO TO OUTPUT LOGS
Here you will see the followigs two files
1)policy agent registry
POLICY AGENT REGISTRY
Debug REG_DWORD 0x1
EnableLogging REG_DWORD 0x1
StrongCRLCheck REG_DWORD 0x1
MaxRespOpenMM REG_DWORD 0x1f4
NLBSFlags REG_DWORD 0x0
IKEFlags REG_DWORD 0x0
EnableDOSProtect REG_DWORD 0x0
QUERY POLICY AGENT
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
USING IPSEC DIAGNOSTIC TOOL TO COLLECT SYSTEM INFORMATION
Used to gather information about your computer.
System Information collects system information, such as devices installed in your computer, or drivers that are encumbered in your computer.
GO TO OUTPUT LOGS
Here you will see systeminfo file
Host Name: IIMIT-84BAE7E0F
OS Name: Microsoft Windows XP Professional
OS Version: 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Uniprocessor Free
Registered Owner: iimit
Product ID: 76487-640-2195981-23928
Original Install Date: 5/22/2010, 10:08:42 PM
System Up Time: 0 Days, 1 Hours, 28 Minutes, 20 Seconds
System Manufacturer: Hewlett-Packard
System Model: HP Compaq dx7300 Microtower
System type: X86-based PC
Processor(s): 1 Processor(s) Installed.
: x86 Family 15 Model 6 Stepping 4 GenuineIntel ~2990 Mhz
BIOS Version: HPQOEM - 20060830
Windows Directory: E:\WINDOWS
System Directory: E:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (GMT+03:00) Nairobi
Total Physical Memory: 1,007 MB
Available Physical Memory: 420 MB
Virtual Memory: Max Size: 2,048 MB
Virtual Memory: Available: 2,004 MB
Virtual Memory: In Use: 44 MB
Page File Location(s): E:\pagefile.sys
Logon Server: \\IIMIT-84BAE7E0F
Hotfix(s): 222 Hotfix(s) Installed.
: File 1
: File 1
: File 1
: File 1
: File 1
: File 1
: File 1
: File 1
: File 1
: File 1
USING IPSEC DIAGNOSTIC TOOL TO COLLECT NAP CLIENT INFORMATION
Network Access Protection (NAP), a feature that, allows you to define and implement client computer health policies so that harmful computers are less likely to access your network.
According to our diagnosis our nap feature are correctly configured but not turned on or not enabled.
USING IPSEC DIAGNOSTIC TOOL TO COLLECT WINDOWS FIREWALL INFORMATION
Windows firewall protects the personal computer from external access,its between intranet and extranet,it has lots of security features like firewalling and packet filtering.
We can conclude that windows firewall has blocked udp port 500 as a safety measure.In turn it has allowed certain udp ports example 137 and lots of tcp ports.
GO TO OUTPUT LOGS
Here you will see netsh_firewall_show_state file
Profile = Standard
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = None
Remote admin mode = Disable
Ports currently open on all network interfaces:
Port Protocol Version Program
1025 UDP IPv4 E:\Program Files\Syslogd\Syslogd_Service.exe
137 UDP IPv4 (null)
139 TCP IPv4 (null)
138 UDP IPv4 (null)
3300 TCP IPv4 E:\Program Files\Syslogd\Syslogd_Service.exe
3389 TCP IPv4 (null)
445 TCP IPv4 (null)
514 UDP IPv4 E:\Program Files\Syslogd\Syslogd_Service.exe
USING IPSEC DIAGNOSTIC TOOL TO COLLECT RRAS AND WIRELESS INFORMATION
By enabling Routing and Remote Access (RRAS) you can spin your Windows Server 2003 computer to act as a remote access server. In this role, the server proceeds as the interface between remote access clients and the private network. Remote access clients join to the remote access server using a VPN or dial-up connection.
Here we conclude that RRAS is not enabled so our host cant act as a remote access server.
USING IPSEC DIAGNOSTIC TOOL TO COLLECT SYSTEM EVENTS INFORMATION
System events keeps track of all significant occurances in system and programs,it works on backgroung.
Windows XP maintains
The application log : this is where applications / programs log their events. For example, when your virus scanner encounters a problem, it could bring this to your attention through the application log.
The security log : is used to bring valid and invalid logon attempts to your attention.
The system log : where you will find events logged by Windows system components
Based on the results it seems like our host has system ,security and application logs collected.