Network Security Essentials
VerifiedAdded on 2020/03/23
|10
|2046
|84
AI Summary
This assignment explores essential concepts in network security. It covers topics such as securing Wi-Fi networks by avoiding common antenna placement mistakes and understanding the difference between WEP and WPA encryption. User account management, secure password storage through hashing, and the importance of SSL/TLS certificates for server communication are also discussed. The document emphasizes best practices for implementing a secure network environment.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
IT NETWORK DESIGNING
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Task – 1 Firewalls.................................................................................................................................2
Task – 2 Wi-Fi Security.........................................................................................................................3
Task – 3 Access Control........................................................................................................................5
Task – 4 HTTPS and Certificates..........................................................................................................6
Task – 5 Internet Privacy.......................................................................................................................6
References.............................................................................................................................................7
1
Task – 1 Firewalls.................................................................................................................................2
Task – 2 Wi-Fi Security.........................................................................................................................3
Task – 3 Access Control........................................................................................................................5
Task – 4 HTTPS and Certificates..........................................................................................................6
Task – 5 Internet Privacy.......................................................................................................................6
References.............................................................................................................................................7
1
Task – 1 Firewalls
a)
Network Diagram
The above network diagram displays the three subnets such as DMZ, Student and
Staff. It using the three router and these are referred as DMZ, Student and staff router. The
routers are connected to the switches. The Student subnet has the one router, switch and three
PC. The router IP address is 10.4.20.0. The DMZ subnet IP address is 10.4.0.0. The Staff
subnet IP address is 10.4.10.0. These are interconnecting with each other.
b)
Firewall rules
Rule no. Transport Source IP Source Port Destination
IP
Destination
Port
Action
1 TCP 10.4.10.10 80 10.4.20.10 80 Allow
2 TCP 10.4.10.11 80 10.4.20.11 80 Allow
3 TCP 10.4.10.12 80 10.4.20.12 80 Allow
The Above table displays the firewall rules. It is used to block the TCP network traffic
between the client and server that is student and staff subnet. The First firewall rule Source IP
2
a)
Network Diagram
The above network diagram displays the three subnets such as DMZ, Student and
Staff. It using the three router and these are referred as DMZ, Student and staff router. The
routers are connected to the switches. The Student subnet has the one router, switch and three
PC. The router IP address is 10.4.20.0. The DMZ subnet IP address is 10.4.0.0. The Staff
subnet IP address is 10.4.10.0. These are interconnecting with each other.
b)
Firewall rules
Rule no. Transport Source IP Source Port Destination
IP
Destination
Port
Action
1 TCP 10.4.10.10 80 10.4.20.10 80 Allow
2 TCP 10.4.10.11 80 10.4.20.11 80 Allow
3 TCP 10.4.10.12 80 10.4.20.12 80 Allow
The Above table displays the firewall rules. It is used to block the TCP network traffic
between the client and server that is student and staff subnet. The First firewall rule Source IP
2
address is 10.4.10.10 and destination IP address as 10.4.20.10 that means. The Firewall
allows the action to block the TCP network traffic from the source IP address to destination
address. Similarly firewall allows the action between the staff and student subnet.
c)
In IP tables, the default rule is ACCEPT everything. But, this is not secure firewall. So, set
the secure firewall by using another default policies are DROP everything (Centos.org,
2017). It is shown below.
Task – 2 Wi-Fi Security
a)
WPA is stands for Wi-Fi protected access. It is one of the security protocol and it developed
by the Wi-Fi alliance to provide the secure wireless networks. It also referred as IEEE 80211.
It provides more secure wireless connection (Bartolic, 2017).
Advantages
It uses the stronger encryption algorithms
It uses the temporary key Integrity protocol
Disadvantages
Weak password
WPA packet decryption and spoofing
WPS PIN recovery
Very easy to crack.
b)
3
allows the action to block the TCP network traffic from the source IP address to destination
address. Similarly firewall allows the action between the staff and student subnet.
c)
In IP tables, the default rule is ACCEPT everything. But, this is not secure firewall. So, set
the secure firewall by using another default policies are DROP everything (Centos.org,
2017). It is shown below.
Task – 2 Wi-Fi Security
a)
WPA is stands for Wi-Fi protected access. It is one of the security protocol and it developed
by the Wi-Fi alliance to provide the secure wireless networks. It also referred as IEEE 80211.
It provides more secure wireless connection (Bartolic, 2017).
Advantages
It uses the stronger encryption algorithms
It uses the temporary key Integrity protocol
Disadvantages
Weak password
WPA packet decryption and spoofing
WPS PIN recovery
Very easy to crack.
b)
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Using antennas, transmit power and AP positioning are undervalues and poorly
understood elements in wireless network connection. It does not provide the secure wireless
connection. The antenna creates the lot of refraction and reflection causes multiple copies of
the signals (7SIGNAL, 2017).
Advantages
Deployment
Convenience
Expandability
Disadvantages
It creates the wireless performance problems.
Data Rate Availability
c)
The WPA allows to have various other authentication techniques like RSA, digital
certification and more (Support et al., 2017). But, these are implemented with a radius server.
Because all the techniques are beyond the easy username and passwords. The radius server
using the radius protocols and it us standard for most systems. The radius protocol needs the
authentication, accounting and authorization. The radius server easily protected by using the
firewall rules.
Advantages
Efficient
Lightweight
It supported by various clients.
Disadvantages
It limited use for desktop authentication
It has limited attribute set
d)
The Rogue detection is used to allows the network administrator to eliminate and
monitor the security concern. The cisco network architecture provides the two types of rogue
detection to enable the completed rogue identification and containment solution without
network tools (Support et al., 2017). The rouge containment basically introduces the legal
issues that put the infrastructure provider. It easily embeds the authentication information
4
understood elements in wireless network connection. It does not provide the secure wireless
connection. The antenna creates the lot of refraction and reflection causes multiple copies of
the signals (7SIGNAL, 2017).
Advantages
Deployment
Convenience
Expandability
Disadvantages
It creates the wireless performance problems.
Data Rate Availability
c)
The WPA allows to have various other authentication techniques like RSA, digital
certification and more (Support et al., 2017). But, these are implemented with a radius server.
Because all the techniques are beyond the easy username and passwords. The radius server
using the radius protocols and it us standard for most systems. The radius protocol needs the
authentication, accounting and authorization. The radius server easily protected by using the
firewall rules.
Advantages
Efficient
Lightweight
It supported by various clients.
Disadvantages
It limited use for desktop authentication
It has limited attribute set
d)
The Rogue detection is used to allows the network administrator to eliminate and
monitor the security concern. The cisco network architecture provides the two types of rogue
detection to enable the completed rogue identification and containment solution without
network tools (Support et al., 2017). The rouge containment basically introduces the legal
issues that put the infrastructure provider. It easily embeds the authentication information
4
element to provides the secure wireless connections. It uses the rouge location discovery
protocols.
Advantages
Increase worker productivity
Lightweight AP
Disadvantages
Data Rate Availability
Task – 3 Access Control
a)
The passowrd.txt and shadown.txt is created.
b)
All Linux distribution the user information is stored in /etc/passwd and a text file
contains the user login, encrypted password information, optional comment field, numerical
group id and unique numerical user id. But the encrypted password is not stored in
/etc/passwd (Access.redhat.com, 2017). It is stored in /etc/shadow file. The encrypted
password also stored in /etc/passwd. It is readable by the super user only.
c)
The password provides a means of proving the authentic of a user by indicated the
user name (Tldp.org, 2017). The password based authentication scheme and it has the various
aspects of the password such as password secret, resistance of the password to guessing and
resistance of the password to brute force attack. So, use the strong password. The system
administrator can create the passwords for all the users. So, system administrator guesses the
user password because the system administrator can let the users can create their own
passwords while system administer check the password and verifying the password is strong
or weak. So, it easily guesses the user password.
d)
The malicious user obtains the user password information file, the user selected the
long random passwords. Because users difficult to determine the actual passwords. The
malicious users are changes password by using the two methods like hashing and symmetric
5
protocols.
Advantages
Increase worker productivity
Lightweight AP
Disadvantages
Data Rate Availability
Task – 3 Access Control
a)
The passowrd.txt and shadown.txt is created.
b)
All Linux distribution the user information is stored in /etc/passwd and a text file
contains the user login, encrypted password information, optional comment field, numerical
group id and unique numerical user id. But the encrypted password is not stored in
/etc/passwd (Access.redhat.com, 2017). It is stored in /etc/shadow file. The encrypted
password also stored in /etc/passwd. It is readable by the super user only.
c)
The password provides a means of proving the authentic of a user by indicated the
user name (Tldp.org, 2017). The password based authentication scheme and it has the various
aspects of the password such as password secret, resistance of the password to guessing and
resistance of the password to brute force attack. So, use the strong password. The system
administrator can create the passwords for all the users. So, system administrator guesses the
user password because the system administrator can let the users can create their own
passwords while system administer check the password and verifying the password is strong
or weak. So, it easily guesses the user password.
d)
The malicious user obtains the user password information file, the user selected the
long random passwords. Because users difficult to determine the actual passwords. The
malicious users are changes password by using the two methods like hashing and symmetric
5
encryption. The malicious user using the hashing to create the strong password. So, the user
does not find the actual password (Dark Reading, 2017).
Task – 4 HTTPS and Certificates
The certificate.pem and https.pcap file is created.
The server certificate is a digital certificate and it issued to a web server by a
trusted certification service. The server certificate verifies the organization
identify to the client. So, the client securely browses the organization websites.
The SSL and TLS authenticates the secures the data transfer by using the
symmetric encryption key and certificate based authentication. It divided into
four sections like Scrannel SSP architecture, network ports, TLS/SSL protocol
ad TLS/SSL protocol processes and interactions. These four sections are used
to verifies the certificates (JCS, 2017).
The user certificate should contain the signature algorithm field followed by a
multiline random looking hex value. The signatures ware generated by digital
signatures to manage the sensitive information. The digital certificate is used
to authenticate the message sources. It is used for software distribution and
financial transactions. It plays a key role in software distribution. It provides
the secure signatures for user certificate.
The Certificate authorities are should be keep their private keys very secure.
The malicious users could be access the certificate authorities private key. But,
certificate authorities do not allow the malicious users are accessing the
private key. Because it uses the heavy procedures to manage the private key. It
certificate authorities key are stored in a hardware security module. It
physically protected the private key by using the two methods such as
retrospective and proactive measures. The Proactive measures are preventing
the attacks from succeeding. The retrospective measures are used to
recovering the after an incident.
Task – 5 Internet Privacy
6
does not find the actual password (Dark Reading, 2017).
Task – 4 HTTPS and Certificates
The certificate.pem and https.pcap file is created.
The server certificate is a digital certificate and it issued to a web server by a
trusted certification service. The server certificate verifies the organization
identify to the client. So, the client securely browses the organization websites.
The SSL and TLS authenticates the secures the data transfer by using the
symmetric encryption key and certificate based authentication. It divided into
four sections like Scrannel SSP architecture, network ports, TLS/SSL protocol
ad TLS/SSL protocol processes and interactions. These four sections are used
to verifies the certificates (JCS, 2017).
The user certificate should contain the signature algorithm field followed by a
multiline random looking hex value. The signatures ware generated by digital
signatures to manage the sensitive information. The digital certificate is used
to authenticate the message sources. It is used for software distribution and
financial transactions. It plays a key role in software distribution. It provides
the secure signatures for user certificate.
The Certificate authorities are should be keep their private keys very secure.
The malicious users could be access the certificate authorities private key. But,
certificate authorities do not allow the malicious users are accessing the
private key. Because it uses the heavy procedures to manage the private key. It
certificate authorities key are stored in a hardware security module. It
physically protected the private key by using the two methods such as
retrospective and proactive measures. The Proactive measures are preventing
the attacks from succeeding. The retrospective measures are used to
recovering the after an incident.
Task – 5 Internet Privacy
6
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The above diagram displays the client server communication between the number of
routers and malicious users. To provides the internet privacy for client and server
communication by using the below three techniques.
Web proxies
VPNs
Tor
Web proxies
The web proxies do not provide the internet privacy for client and communication.
The web proxy is a point to point connection between the client and server. The web proxy is
connecting the two sites and it hiding the various trace of your presence. Many peoples are
use the web proxy to keep their searches private or hide their online identify. The web
proxies are acts as a middleman between a user accessing the website and a web. the It
provides another layer of anonymity. I mask the user information from the sites they are
attempting to access the web and it helps to hiding the user identify. The web proxies include
the following the resources. These are,
Privoxy
Tor Project
Free privacy and proxy tools.
But it does not provide the better security. Because there is no encryption. It provides
Slow speed and basic compatibility.
VPN
The VPN networks also good for internet privacy compared to web proxies. It
encrypts the all network traffic and routes another server to mask the locations. The VPN
services have been tied to deceptive the business practices (WIRED, 2017). The virtual
private network is a network connection and it used to create the secure connection to another
location. The user computer creates the encrypted virtual tunnel to the VPN server and it used
to encrypted the internet traffic through the VPN tunnel and it keeping the user data from
being exposed to eavesdroppers between the computer and VPN server. the VPN service
provider encrypts the all network traffic from user computer. But it has various
disadvantages. It does not provide the secure internet privacy and high costs.
Tor
7
routers and malicious users. To provides the internet privacy for client and server
communication by using the below three techniques.
Web proxies
VPNs
Tor
Web proxies
The web proxies do not provide the internet privacy for client and communication.
The web proxy is a point to point connection between the client and server. The web proxy is
connecting the two sites and it hiding the various trace of your presence. Many peoples are
use the web proxy to keep their searches private or hide their online identify. The web
proxies are acts as a middleman between a user accessing the website and a web. the It
provides another layer of anonymity. I mask the user information from the sites they are
attempting to access the web and it helps to hiding the user identify. The web proxies include
the following the resources. These are,
Privoxy
Tor Project
Free privacy and proxy tools.
But it does not provide the better security. Because there is no encryption. It provides
Slow speed and basic compatibility.
VPN
The VPN networks also good for internet privacy compared to web proxies. It
encrypts the all network traffic and routes another server to mask the locations. The VPN
services have been tied to deceptive the business practices (WIRED, 2017). The virtual
private network is a network connection and it used to create the secure connection to another
location. The user computer creates the encrypted virtual tunnel to the VPN server and it used
to encrypted the internet traffic through the VPN tunnel and it keeping the user data from
being exposed to eavesdroppers between the computer and VPN server. the VPN service
provider encrypts the all network traffic from user computer. But it has various
disadvantages. It does not provide the secure internet privacy and high costs.
Tor
7
The Tor is used to provide the secure internet privacy for the client and server
communication. It does not log user activity and it allows users to prevent he IP v4 and IPv6
leakages by using the VPN client. It provides the high internet privacy for the client and
server communication. It provides the secure access and does not allow the malicious users
using the client and server information.
Tor provides the secure internet privacy. The Tor is best techniques for internet
privacy. The Tor also captures the network traffic from the network.
References
7SIGNAL. (2017). 10 Huge Wi-Fi Antenna Mistakes - 7SIGNAL. [online] Available at:
http://7signal.com/10-wi-fi-antenna-placement-mistakes/ [Accessed 19 Sep. 2017].
Access.redhat.com. (2017). Managing User Accounts and Resource Access. [online]
Available at: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/
html/Introduction_to_System_Administration/ch-acctsgrps.html [Accessed 19 Sep. 2017].
Bartolic, I. (2017). WEP vs WPA – What is the Best Wireless Internet Security?. [online] The
Best Wireless Internet. Available at: http://thebestwirelessinternet.com/wep-vs-wpa.html
[Accessed 19 Sep. 2017].
Centos.org. (2017). iptables FORWARD ACCEPT, is this not secure? - CentOS. [online]
Available at: https://www.centos.org/forums/viewtopic.php?t=30337 [Accessed 19 Sep.
2017].
Dark Reading. (2017). Safely Storing User Passwords: Hashing vs. Encrypting - Dark
Reading. [online] Available at: https://www.darkreading.com/safely-storing-user-passwords-
hashing-vs-encrypting/a/d-id/1269374 [Accessed 19 Sep. 2017].
JCS, 6. (2017). Secure Server Certificates: What They Are and How to Get One. [online]
Its.virginia.edu. Available at: http://its.virginia.edu/identity/certificate/server/ [Accessed 19
Sep. 2017].
Support, T., Mobility, W., Wireless, L. and Paper, T. (2017). Rogue Detection under Unified
Wireless Networks. [online] Cisco. Available at:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/70987-
rogue-detect.html [Accessed 19 Sep. 2017].
8
communication. It does not log user activity and it allows users to prevent he IP v4 and IPv6
leakages by using the VPN client. It provides the high internet privacy for the client and
server communication. It provides the secure access and does not allow the malicious users
using the client and server information.
Tor provides the secure internet privacy. The Tor is best techniques for internet
privacy. The Tor also captures the network traffic from the network.
References
7SIGNAL. (2017). 10 Huge Wi-Fi Antenna Mistakes - 7SIGNAL. [online] Available at:
http://7signal.com/10-wi-fi-antenna-placement-mistakes/ [Accessed 19 Sep. 2017].
Access.redhat.com. (2017). Managing User Accounts and Resource Access. [online]
Available at: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/
html/Introduction_to_System_Administration/ch-acctsgrps.html [Accessed 19 Sep. 2017].
Bartolic, I. (2017). WEP vs WPA – What is the Best Wireless Internet Security?. [online] The
Best Wireless Internet. Available at: http://thebestwirelessinternet.com/wep-vs-wpa.html
[Accessed 19 Sep. 2017].
Centos.org. (2017). iptables FORWARD ACCEPT, is this not secure? - CentOS. [online]
Available at: https://www.centos.org/forums/viewtopic.php?t=30337 [Accessed 19 Sep.
2017].
Dark Reading. (2017). Safely Storing User Passwords: Hashing vs. Encrypting - Dark
Reading. [online] Available at: https://www.darkreading.com/safely-storing-user-passwords-
hashing-vs-encrypting/a/d-id/1269374 [Accessed 19 Sep. 2017].
JCS, 6. (2017). Secure Server Certificates: What They Are and How to Get One. [online]
Its.virginia.edu. Available at: http://its.virginia.edu/identity/certificate/server/ [Accessed 19
Sep. 2017].
Support, T., Mobility, W., Wireless, L. and Paper, T. (2017). Rogue Detection under Unified
Wireless Networks. [online] Cisco. Available at:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/70987-
rogue-detect.html [Accessed 19 Sep. 2017].
8
Support, T., Mobility, W., Wireless, L. and TechNotes, C. (2017). RADIUS Server
Authentication of Management Users on Wireless LAN Controller (WLC) Configuration
Example. [online] Cisco. Available at: https://www.cisco.com/c/en/us/support/docs/wireless-
mobility/wlan-security/71989-manage-wlc-users-radius.html [Accessed 19 Sep. 2017].
Tldp.org. (2017). Linux Password & Shadow File Formats. [online] Available at:
http://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html
[Accessed 19 Sep. 2017].
WIRED, P. (2017). Proxy Services Are Not Safe. Try These Alternatives. [online] WIRED.
Available at: https://www.wired.com/2015/07/proxy-services-totally-unsecure-alternatives/
[Accessed 19 Sep. 2017].
9
Authentication of Management Users on Wireless LAN Controller (WLC) Configuration
Example. [online] Cisco. Available at: https://www.cisco.com/c/en/us/support/docs/wireless-
mobility/wlan-security/71989-manage-wlc-users-radius.html [Accessed 19 Sep. 2017].
Tldp.org. (2017). Linux Password & Shadow File Formats. [online] Available at:
http://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html
[Accessed 19 Sep. 2017].
WIRED, P. (2017). Proxy Services Are Not Safe. Try These Alternatives. [online] WIRED.
Available at: https://www.wired.com/2015/07/proxy-services-totally-unsecure-alternatives/
[Accessed 19 Sep. 2017].
9
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.