Network Operating Systems and Security BEng - Assignment Example

Network Security Due to recurrent technological developments, information and communication technology frequently diverts in new dimensions. The research and development in the context of information and communication technology is very effective. Moreover, the new and advanced form of technology has also facilitated vulnerabilities and threats to be more intelligent. Organizations require advanced protection and security from these threats and vulnerabilities. Security is a mandatory trend that is implemented to protect anything that needs to be protected. The definition available on ‘www.businessdictionary.com’ covers the basics and states it as “Prevention of and protection against assault, damage, fire, fraud, invasion of privacy, theft, unlawful entry, and other such occurrences caused by deliberate action”. In the context of network security definition, it consists of concerns related to network communication privacy, confidentiality of data over the network, accessing unauthorized classified data, access to prohibited network domains and utilizing Internet for concealed communication (Network Security. 2007). The security predictions that were published in an article for the year 2010 incorporates new advanced threats named as advanced persistent threats (APT), Cyber war escalates, VoIP attacks, Perimeter shrinks and harden, social networking sites, malware, DLP for intellectual property protection and malware as a service (MaaS) (Watchguard Unveils Top 10 Security Predictions for 2011. 2011). In order to protect the computer network, organizations emphasize on implementing hardware and software application as well as a security policy. This policy is followed by constructing a security policy document that defines rules and procedures. A typical security policy is constructed on a set of rules that defines authorization and access of network resources of an organization (, what is security policy? definition and meaning).The aim of implementing these security policies is to establish rules and procedures for improper use of network services. Moreover, the objective is to create a framework that will assist in identification and prevention of unauthorized access of network services (, Network Security Policy). Network security issues can lead to many different aspects. For example, if the server containing customer data is breached, organization will lose its credibility and trust among the customer and that will result in business loss. Similarly, if a critical system is hacked by internal or external sources, organization’s financial data along with goals and objectives can be revealed to other competitors. In order to eliminate the threats including unauthorized access, viruses, Trojans, malware and malicious codes, a security policy document is required. The document will provide a consistent framework to secure the integrity of the network along with eliminating risk abided by security threats and vulnerabilities. 2 Risk Assessment Risk assessment is a process to evaluate risks associated with threats and vulnerabilities to the network. Three factors will be considered in this scenario i.e. Assets, Threats and Security Priority Identification. 2.1 Assets The identification of information assets is vital before conducting risk assessment. Information assets are defined as the entities that hold organization data. A good definition is available on ‘www.ibm.com’ which states it as, “information assets are specific to your business functions and business strategies, they may be contained within broad categories such as contractual and legislative compliance, those needing virus prevention, those critical to business recovery following security compromises, etc.” The information assets for an organization will be technology assets, data asset, service asset and people asset. In case of educational establishment the assets that need to be prioritized are: file space server, Linux web server, finance server, student database and email server. 2.2 Threats Threats are defined as the probable network security breach that may occur in the future and will harm the network, as well as Information systems. The current trends in technology advancement have enabled the networks to be prevalent. People are connected at home, offices, as well as when they are travelling either via laptop or mobile phones. The evaluation is conducted to identify the severity of each information system, which deserves priority due to the value of data that needs to be protected. Both threats and vulnerabilities need to be considered concurrently. Threats can provide damage to the confidentiality, availability and integrity of information present in the information systems. They explore opportunities for security breaches to cause confidential data invasion via unauthorized access, amendment of data, removal of information from information systems. Threats can hit the network from various sources. Threats are confidential on the parameters of different capabilities and approach including external approaches by cyber criminals, hackers, terrorists. In order to handle threats of different nature different risk mitigation and control methodologies are required in the context of protecting the prioritized information systems. An educational establishment is vulnerable to viruses, Trojans, hacking, unauthorized access, stealing data, penetration of email services, 2.3 Security Priority Identification The security priority identification is associated with importance of each asset with a priority level or importance. It is not necessary that the importance of assets will be similar, as it will differ according to the nature of business. For instance, a financial institution will give first preference to the financial records as compared to a university maintaining a student’s database. As per the scenario, an educational establishment may have identified risks as shown in Fig 1.1 Occurrence Risk Severity Identified Risks Highly likely to occur High risk Malicious code, Unauthorized Access (internal or external) Medium likely to occur High risk Hacking, Denial of Service attacks Not likely to occur Medium/low risk Highly likely to occur Medium risk Viruses, Spyware, Trojans Medium likely to occur Medium/low risk Email penetration, Power Failure Not likely to occur Low risk Highly likely to occur Low risk Medium likely to occur Low risk Not likely to occur Low risk Figure 1.1 3 Security Control Procedures Security control procedures for an educational development are illustrated in Fig 1.2, 1.3 and 1.4. Disruption Security Control Procedures Power Failure UPS Viruses Firewall, Antivirus Trojans Firewall, Antivirus Spywares Firewall, Antivirus Figure 1.2 Destruction Security Control Procedures Hacking Intrusion Detection System Unauthorized Access Active Directory, Account Audits Denial Of Service Attacks Deployment of intrusion Detection System Physical Data theft Biometric identification Figure 1.3 Disaster Security Control Procedures Fire Fire extinguishers Earth Quake Storage on alternate locations Floods Contingency Planning Figure 1.4 As shown in figure 1.2, the threats related to disruption are indicated. Power outage can be disruptive, as the network devices require constant supply of power. If any power issue occurs, UPS can be used as an alternate power source in order to avoid disruption of services. However, UPS can only provide power for a limited period. Moreover, viruses, Trojans and spywares can disrupt network services by damaging operating system boot files of the servers and broadcasting unwanted traffic on the network. Furthermore, broadcasting can cause network congestion along with degradation in network services. Figure 1.3 illustrates hacking as a destructive threat as it will take control on the network and data. Unauthorized access is related to internal and external access to resources that are confidential and prohibited. This can be prevented by deploying active directory with user credentials, as account audits will log all the activities of all employees from their workstation. Denials of service attacks are destructive as they halt all the services and activity on the network. IDS will sense and report these type of attack on initial stages as it is easy to counter them early. Installing biometric devices can prevent physical theft on critical rooms, as only authorized personal will be allowed. Figure 1.4 shows natural disasters along with their security control procedures. The risk assessment is conducted by categorizing risk identification, risk severity, and occurrence as shown in Fig 1.5 below: Occurrence Risk Severity Identified Risks Highly likely to occur High risk Malicious code, Unauthorized Access (internal or external) Medium likely to occur High risk Hacking, Denial of Service attacks Not likely to occur Medium/low risk Fire Highly likely to occur Medium risk Viruses, Spyware, Trojans Medium likely to occur Medium/low risk Email penetration, Power Failure Not likely to occur Low risk Highly likely to occur Low risk Medium likely to occur Low risk Not likely to occur Low risk Figure 1.5 4 Network Diagram The network diagram demonstrates the appropriate deployment of firewall, intrusion detection system, servers, switches and WAN connectivity. Figure 1.6 5 Proposed Backup Plan As per the proposed network for an educational establishment, 24 hours availability is required for services related to digital libraries, online learning and web application. In order to implement a disaster recovery plan, replication of data and services is required. This is conducted by installing additional hardware in terms of a backup server that will replicate data on regular basis. For instance, to secure data related to finance department, backup finance server will be deployed to synchronize data on small intervals. Disk mirroring techniques can also be employed. Disk mirroring is defined as “The recording of redundant data for fault tolerant operation. Data are written on two partitions of the same disk or on two separate disks within the same system. Disk mirroring uses the same controller. RAID 1 provides mirroring, which was first accomplished only with SCSI drives, but later with ATA (IDE) drives” (Disk Mirroring. 2011). However, RAID controllers are implemented in the process. A comprehensive definition of RAID is available in the network dictionary that says, “Redundant Arrays of Independent Disks (RAID) is a type of disk drives with two or more drives in combination for increasing data integrity, fault tolerance, throughput or capacity and performance. RAID provides seceral methods of writing data across/to multiple disks at once. RAID is one of many ways to combine multiple hard drives into one single logical unit. Thus, instead of seeing several different hard drives, the operating system sees only one. RAID is typically used on server computers, and is usually implemented with identically-sized disk drives. With decreases in hard drive prices and wider availability of RAID options built into motherboard chipsets, RAID is also being found and offered as an option in higher-end end user computers, especially computers dedicated to storage-intensive tasks, such as video and audio editing.”If ‘finance server’ stops responding or crashes, data can be restored from the backup finance server and services can be restored with minimal damage. Similarly, the same methodology can be implemented for student’s database. Moreover, WAN connectivity can be shifted from the disconnected link to the alternate link in order to provide constant connectivity without service interruption. In this case, an educational establishment may subscribe for two internet connections but different carriers. Both the connections will be terminated on the router WAN interface. In order to activate both connections, propriety-based protocol will be configured. Figure 1.7 illustrated the summary of a recovery plan. Server Roles Disaster Recovery Plan Finance Server Deploying Backup Servers equipped with RAID for Disk Mirroring Student’s Database Deploying Backup Servers equipped with RAID for Disk Mirroring Alternate WAN Configuring Priority Based Protocol Figure 1.7 References Watchguard Unveils Top 10 Security Predictions for 2011. 2011. Computer Security Update, 12(2), pp. 4-7. , Network Security Policy . Available: http://www.utoronto.ca/security/documentation/policies/policy_5.htm [5/8/2011, 2011]. , What is security policy? definition and meaning . Available: http://www.businessdictionary.com/definition/security-policy.html [5/8/2011, 2011]. Network Security. 2007. Network Dictionary, , pp. 339-339. , security definition . Available: http://www.businessdictionary.com/definition/security.html [3/9/2011, 2011]. , IBM - Security policy definition - Hong Kong . Available: http://www-935.ibm.com/services/hk/index.wss/offering/its/b1329378 [5/9/2011, 2011]. Disk Mirroring. 2011. Computer Desktop Encyclopedia, , pp. 1. Redundant Array of Independent Disks. 2007. Network Dictionary, , pp. 405-405. Read More