ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

Network Security: Architecture, Attacks, and Prevention

Verified

Added on  2023/01/13

|13
|3784
|59
AI Summary
This document provides an overview of network security, focusing on the architecture and communication in Linux servers. It discusses different types of attacks against VoIP systems and the impact on infrastructure. It also explores the security policy and controls for VoIP systems, as well as the implementation of a network-based intrusion detection and prevention system.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Network Security
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
EXECUTIVE SUMMARY
It has summarised about the Architecture and communication that can be installed in the Linux
server and configured with logical addressing scheme. There are different types of attacks
against VoIP system which directly impact on the overall infrastructure. Furthermore, it should
be considered the security policy for VoIP system and controls against the attacks for
maintaining security aspects. It has summarised that comprehensive network-based intrusion
detection and prevention system that easily test overall efficiency at the time of VoIP
deployment.
2
Document Page
Contents
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................3
Block A: Architecture and Communication....................................................................................3
Block B: Secure Operations and Service Delivery..........................................................................5
Block C: Research and Development..............................................................................................7
CONCLUSION..............................................................................................................................10
REFERENCES..............................................................................................................................12
3
Document Page
INTRODUCTION
Network security is a type of process of taking software and physical prevention measure to
protect underlying the entire infrastructure from different type of unauthorised access. It is based
on the practice of protecting and preventing against the unauthorised intrusion into business
networks. It is becoming complements end-point security and also concern about the multiple
devices. The network security instead focused on how different devices that interact with one
another while creating the secure platform for users, programs to perform their permitted critical
function within secure environment.
The report will discuss about the Architecture and communication that installed in the Linux
server and configured with logical addressing scheme. It will determine the different type of
attack against VoIP system and impact on the overall infrastructure. Furthermore, the report will
analyse about the security policy for VoIP system and controls against the attacks. The report
will describe about the comprehensive network-based intrusion detection and prevention system
that easily test overall efficiency at the time of VoIP deployment.
MAIN BODY
Block A: Architecture and Communication
Discuss about the configure Linux server with Asterisk IP, which fully installed with the logical
address scheme.
Asterisk is based on the software that implementing the branches exchange and
conjunction with the most appropriate telephony hardware. it is mainly used for establish the
communication within telephone calls while control end point interactions. It is based on the
open source framework that useful for building a strong communication application. Sometimes,
it directly turns into the different communication servers. It is the most powerful technique that
handle overall business operations and functions (Atapattu and et.al., 2019).
Installation and configuration
First of all, it must require to patch with latest update while installing some packages
which may include development tools and other type of packages. It is an essential for
successfully implementing different operations.
After performing successful operation, it will need to see list of packages and update as
per requirement dependencies.
4

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
It will connect to establish connection with database without using any password.
Afterwards, it will enable or start MariaDB services.
It may access database and install the C library through decoding, encoding and
manipulating the JSON information.
We choose to download the Asterisk and download current package from asterisk and
then setup the modules.
Finally, it has been successfully installation of modules and set up Asterisk users,
database.
Describe that how it will create dial plan to sever different extension within soft phone and
configured into different environment.
Dial plan is basically heart of Asterisk system that mainly defined the handle inbound and
outbound calls. This type of dial plan is everything about the conferencing, voice mail. The
asterisk dial plan can be specified in the configuration plan which namely understand about
extension. The configuration File is assumed the “extension.conf” that mainly contained the dial
plan of Asterisk (Chaabouni and et.al., 2019). It also controlled to execute the flow of plan and
perform different operations. This type of plan is identifying that how outgoing and incoming
calls will be handled and routed.
The extension.conf is mainly organized that either for setting static plan in terms of
execution. There are different dial plan components represent that perform different role. It may
be referred as context. A special type of context such as macros, label by user defined name as
prefix.
Describe that how to implement and design the Postfix MTA in different ways of voice mail
from extension.
Postfix is based on the mail transfer agent that mainly uses in Linux to route message from
one place to another. It is the most probability to default MTA software on the Linux
distribution. this type of agent is mainly set up postfix in different public environment and easily
configure with the better quality of domain name server.
The postfix is implementing within system that needed to install different packages in
Asterisk. It helps to manage entire authentication and security layer.
During implementation, it should be required to do mail configuration and enter the
qualitied or actual name of particular domain.
5
Document Page
There are significant parameters configured within each server.
In Voice Mail, it can be generated the password that perform two authentication factors which
enable to establish connection. In most of cases, Postfix does not provide the authentication step
while it is important to measure security aspects and designed to restrict unauthorised access
during voice mail. In this way, it should protect to maintain security aspects.
Configuration of IAX trunks to demonstrate connectivity between different Asterisk servers.
IAX is based on the inter-Asterisk data exchange protocol that useful for establishing
connection between one or more nodes. First of all, it needed to Setup IAX connection between
two different Asterisk servers in different ways.
Configure the Asterisk server at different ends of extension.conf so that it has established
one as peer and another as users.
Afterwards, it has made a plan to setting dial plan through extensions.conf so as calls will
be made peers to users (Cuppens-Cuppens, Boulahia and Garcia-Alfaro, 2019).
It will require to register in both user and peer sides. afterwards repeat the multiple steps
that able to place call in different directions.
Block B: Secure Operations and Service Delivery
Discuss about three different type of attacks against VoIP system with evidence on their impact,
determine the attacks that should demonstrate pivoting against user mailboxes.
VoIP security is important that overlooked by information technology administrator and
other reseller where they can deploy VoIP in the business. it is one of common factor behind by
using VoIP that save money. In general event, security is often overlooked whether it has
controlled and secured web server and other type of email server. In most of cases, there are
some particular system become hacked and usually just an inconvenience, while minimal impact
on financial performance (Iskandar, Virma and Ahmar, 2019). When it come to VoIP that
needed to maintain their servers and gate ways, especially in the large organization which
already have many calls every month. It may also include the international business call. There
are possibilities of fraudulent call which easily access information or data through servers.
Nowadays, Hackers are smarter and they will attack on the large amount of traffic and
find actual path by gateways, it was not be set off any red flags. On the other hand, it was
designed the Dialed in switch access, which is one of hacker’s tricks to ger free calls easily. This
type of system will allow for employee to remotely call into PBX and also get from dial tone.
6
Document Page
In fact, many attackers are involved by using scripter dialer which can access the voice
mail system through automatically sending key. The attacker has only to make more than 10,000
calls and find out particular pin extension. It obviously gets chance to find out script in much less
than 10,000 and also get tries before voice mail hangs up. Once a pin found, Attacker have
accessed the voicemail of user and have access the DISA capabilities in the voicemail system.
Design and implement the comprehensive security policy for VoIP system and identify that how
will control against the attacks by using different steps.
There are common standards around in which maintain the security policy and should built or
implemented. In security policy, it is mainly considered the different element that provide
generic security policy outline and other type of IP telephony (Manasreh and et.al., 2019). The
enterprise follows security policy to understand line of existing corporate policy and also
developed the scratch.
The Acceptable use of IP telephony equipment within organization which may include
the overall calling plan restriction. It is translated into the different configuration
parameters in respective of security components.
The security policy should be maintained the confidential data by using mandatory and
discretionary access controls.
There is no internet and other type of service allows from the IP telephony data centre.
It will be implementing the restriction on calling access in globally and also controlled
the call cluster.
It will be secured the voice communication through encryption technique while layer 2
and 3 mechanism possible for controlling entire process (Manasreh and et.al., 2019).
The security policy allows to install different type of Antivirus, which enables to control
and maintain the entire process. Afterwards, it will make enterprise continuity plan and
developed on regular basis.
Implement the comprehensive network-based intrusion detection and prevention system to test
efficiency of VoIP deployment.
The network-based intrusion detection is based on the system that applicable in VoIP
networks. Initially, its primary goal is to work with build a single and local component of VoIP.
It can be designed into the structure ways to detect various type of intrusion classes (Manasreh
and et.al., 2019). It may include stream-based attacks, masquerading and other type of media
7

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
stream-based attacks. The intrusion system can be installed at different points such as servers,
proxies and client without any substantial system customization. It is mainly extended for
detecting various classes of attacks while IDS can handle client mobility. It is very important to
design goal of VoIP protocols that doesn’t flag false alarms in different situations. In this way, it
is to be considered the powerful abstraction for intrusion detection system, in particular cross
protocol detection. The methodology is suitable for system that use various protocol where attack
spanning and consideration of design that access information or data. VoIP system have gained
in the popularity where they can exist in the database (Misuri, Khakzad and Cozzani, 2019).
The architecture of intrusion detection and prevention provide the solution to check overall
functionality of system. if in case any type of error found to eliminate within system. Many VoIP
server and other type phones provide the unique protocol logs either to maintain standard output.
In order to help for performing debugging process However, Intrusion detection is not only
debugging but also identify security incident aspects. This type of network detection and
prevention system provides the correlation solution, check efficiency in different domain as
network management while monitor activities of application.
Block C: Research and Development
Discuss about the two different type of strong authentication mechanism for user agent and
critically discuss about the efficacy into VoIP environment while produced as a deployment.
The authentication mechanism is based on the extensible authentication protocol that need to
provide evidence of user and prove that it become legal person. In this way, they can allow to
access network and also check overall service, evidence provided by client against database. In
this way, it can be considered as a process that generally done on single servers (Paul and Aithal,
2019). It allows for client to access network by using pre-shared key where enter a single
password into the WLAN mode. There are two different ways to divided into strong
authentication mechanism for user agent.
HTTP Basic authentication: It is the most common mechanism that simply provide
facilities of username and password. In this way, it proves their authentication and does
not require the session, login pages and cookies. The problem has been raised when entire
process is strictly enforced throughout life cycle in terms of security because
authentication is transmitted into insecure open lines.
8
Document Page
Authentication API Key: it was developed to fix to the problem of authentication and
other system. in this approach, it may assign the unique value at each time and signify
that user is known about the attempt of re-enter system by using unique key.
There are different number of security mechanism used in VoIP system to protect or secure in
proper manner.
While growing the popularity of VoIP, it become more serious vulnerability without
physical protection in the network system. This type of VoIP is easier to be attacked, standard
security implementation process applicable in term of security mechanism. There are lot of
issues considered such as service quality, protocol security and attacks (Shaghaghi, Kaafar and
Jha, 2020).
Encryption is one of common mechanism that protect and secure authenticate message.
There are two important layers used on the IPsec and transport layers. it can be used to encrypt
setup call and control the entire signals, provide the secure call establishment. Encryption is the
simplest approach in better performance improvement but it is not enough.
The authentication by verifying user identity to control overall accessibility on network
and considered as powerful technique in terms of VoIP security.
Describe about the encryption VoIP traffic through standardised security protocol for media and
determine strength and limitation of protocol.
The securing voice over IP traffic is a type of biggest obstacles into the mainstream
business where it flows the VoIP traffic across the internet but they contain unencrypted packets.
It means that anyone use protocol to control network segments in both sender and receiver side.
It can intercept VoIP packages and captured packets as recorded data through phone
conversation. VoIP traffic tend to be unencrypted but it doesn’t mean to be done in properly.
VoIP traffic might be deployed on IP network which mainly including lack of connection
to rest of internet. This type of system will help internet protocol which may be carried out the
voice signals over IP network (Shen, Wang and Ling, 2019). It is referred to as protocol and
widely used in the implementation process. On the other hand, Session initiation protocol and
media gateway controller protocol are basically handling the intelligence at end point. There are
different type of devices, configurations and protocol seen in the VoIP deployment.
Session initiation protocol (SIP): it is the most suitable in terms of initiating, terminating
and modifying two ways communication, which may involve multimedia components such as
9
Document Page
online games, video and voice. It always provides the wide range of services to VoIP. SIP is
based on the application level protocol where it allows to use secure layer and maintain security
aspects. Another way, it supports as user mobility through different proxy servers and also
redirecting the request to client side.
Strength:
It provides the better facilities to establish the communication between one or more
people through interact with phone and video technique.
It is controlled variety of multimedia session that include two-way sessions.
Limitation:
It does not offer the network design in the implementation process where defeat the
various type of hazards to VoIP network.
Describe about the cyber resilience that achieved in unified communication and also determine
level of UC redundancy and reliability.
Cyber resilience is primarily referred the ability of entity that continuous deliver the
intended result or outcome, despite to adverse cyber events. It is mainly evolving the different
perspective that rapidly increasing and gaining recognition. Cyber resilience is an ability to adopt
any type of threat in communication and try to recover from attacks in the availability of
infrastructure. It is conceptual framework that can be applied as a risk management strategy.
indeed, determining events that might happens (Shaghaghi, Kaafar and Jha, 2020). In context of
unified communication, cyber resilience is helping for business to protect or secure themselves in
the environmental threats. it is very important for organization to secure their communication
devices, networks and systems. It only possible to minimize the privacy that can secure every
device. In this way, it can be applied encryption and decryption techniques to secure data
packets.
Apart from that it can be determined the Unified communication applications with different
organizations and consider as become more efficient. it provide facilities where user and
business will come together and making its mission critical (Shaghaghi, Kaafar and Jha, 2020).
In case if user cannot get to the application and they have not come to do work together. So that
organization require to take certain steps and ensure the reliability of Unified communication
implementation. Sometimes, it depends on the business that uses premises or cloud based unified
communication solution.
10

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Determine level of UC reliability within organization
It often when information technology (IT) reliability is important that maintain redundancy
in unified communication (UC). Many customers can find out details and invest more in
redundancy as increases UC system (Shaghaghi, Kaafar and Jha, 2020). in another way, it can
understand that organizations have used different data centre outfitted in terms of unified
communication server which provide backup services.
Second data centre consists of programmed into user’s handset but some cases, it will fail
the connection and automatically disconnect due to lack of back up plan.
If the wireless link goes slow down. Employee still use the subset of Unified
communication tool and communicate with one site to another through public internet
and backup connections.
Determine level of UC Redundancy within organization
In Unified communication architecture, it can be distributed in the nature while put calls
in processing through various applications that can run at various sites. Sometimes, it
happens when WAN fails so that user cannot establish the communication with another
(Shaghaghi, Kaafar and Jha, 2020).
The user, who have needed to maintain the fully back up plan in every location. It will
require to implement unified communication (UC) at multiple location. For Example-
Selling audio codes into another appliances which is known as Box 365.
CONCLUSION
In above discussion, it concluded that Network security is important process in term of
prevention and protection because it can easily measure criteria, underlying the entire
infrastructure from different type of unauthorised access. It is based on the practice of protecting
and preventing against the unauthorised intrusion into organizational network. It has summarised
about the Architecture and communication that installed in the Linux server and configured with
logical addressing scheme. There are different types of attacks against VoIP system and directly
impact on the overall infrastructure. Furthermore, it also understands the security policy for VoIP
system which controls against the attacks. It can be identified the comprehensive network-based
intrusion detection and prevention system to test overall efficiency in VoIP deployment.
11
Document Page
12
Document Page
REFERENCES
Book and Journals
Atapattu, S. and et.al., 2019. Physical-layer security in full-duplex multi-hop multi-user wireless
network with relay selection. IEEE Transactions on Wireless Communications. 18(2).
pp.1216-1232.
Chaabouni, N. and et.al., 2019. Network intrusion detection for IoT security based on learning
techniques. IEEE Communications Surveys & Tutorials. 21(3). pp.2671-2701.
Cuppens, F., Cuppens-Boulahia, N. and Garcia-Alfaro, J., 2019. Misconfiguration management
of network security components. arXiv preprint arXiv:1912.07283.
Iskandar, A., Virma, E. and Ahmar, A.S., 2019. Implementing DMZ in improving network
security of web testing in STMIK AKBA. arXiv preprint arXiv:1901.04081.
Manasreh, A. and et.al., 2019. Ensuring telecommunication network security through cryptology:
a case of 4G and 5G LTE cellular network providers. International Journal of Electrical
and Computer Engineering (IJECE). 9(6). pp.4860-4865.
Misuri, A., Khakzad, N. and Cozzani, V., 2019. A Bayesian network methodology for optimal
security management of critical infrastructures. Reliability Engineering & System Safety.
191. p.106112.
Paul, P. and Aithal, P.S., 2019, October. NETWORK SECURITY: THREAT &
MANAGEMENT. In Proceedings of International Conference on Emerging Trends in
Management, IT and Education (Vol. 1, No. 1, pp. 85-98).
Shaghaghi, A., Kaafar, M.A. and Jha, S., 2020. Software-Defined Network (SDN) Data Plane
Security: Issues, Solutions, and Future Directions. In Handbook of Computer Networks
and Cyber Security (pp. 341-387). Springer, Cham.
Shen, P., Wang, S. and Ling, N., 2019. Research on Security Architecture of Global Energy
Internet Standard Support System. In E3S Web of Conferences (Vol. 118, p. 01011). EDP
Sciences.
13
1 out of 13
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]