Project on Network and Information Security
VerifiedAdded on 2023/06/13
|103
|21907
|91
AI Summary
This project report focuses on the network redesign and security plan for First National University. It includes identifying the organization's needs and constraints, technical goals, and security strategies. The report also covers the implementation of security controls and technology, such as access control, DMZ zone, RADIUS server, IPS, IDS, backup and recovery technology, and penetration testing.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: PROJECT ON NETWORK AND INFORMATION SECURITY
Project on Network and Information Security
Name of the Student
Name of the University
Author’s Note
Project on Network and Information Security
Name of the Student
Name of the University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
PROJECT ON NETWORK AND INFORMATION SECURITY
Table of Contents
Chapter 1 - Network Redesign........................................................................................................5
Overview....................................................................................................................5
Identify Organisation’s Needs and Constraints..........................................................7
Protocols and Quality of Service Requirements......................................................22
Logical Network Redesign.......................................................................................25
Physical Network Redesign.....................................................................................33
Conclusion................................................................................................................36
Chapter 2 - Network Security Plan................................................................................................38
Introduction....................................................................................................................................38
Scope..............................................................................................................................................38
Objectives......................................................................................................................................39
Assumptions..................................................................................................................................40
Risk Analysis.................................................................................................................................40
Security Policies............................................................................................................................54
Acceptable Use Policies...........................................................................................54
Email and Communications Policy..........................................................................54
Internet and Network Access Policy........................................................................54
Workstation Policy...................................................................................................55
Wireless and BYOD Policy.....................................................................................55
Network Security Policies........................................................................................55
Antivirus Policy.......................................................................................................55
DMZ Policy.............................................................................................................56
Extranet Policy.........................................................................................................57
VPN and Remote Access (Work-at-home) Security Policy....................................57
Firewall Policy.........................................................................................................58
PROJECT ON NETWORK AND INFORMATION SECURITY
Table of Contents
Chapter 1 - Network Redesign........................................................................................................5
Overview....................................................................................................................5
Identify Organisation’s Needs and Constraints..........................................................7
Protocols and Quality of Service Requirements......................................................22
Logical Network Redesign.......................................................................................25
Physical Network Redesign.....................................................................................33
Conclusion................................................................................................................36
Chapter 2 - Network Security Plan................................................................................................38
Introduction....................................................................................................................................38
Scope..............................................................................................................................................38
Objectives......................................................................................................................................39
Assumptions..................................................................................................................................40
Risk Analysis.................................................................................................................................40
Security Policies............................................................................................................................54
Acceptable Use Policies...........................................................................................54
Email and Communications Policy..........................................................................54
Internet and Network Access Policy........................................................................54
Workstation Policy...................................................................................................55
Wireless and BYOD Policy.....................................................................................55
Network Security Policies........................................................................................55
Antivirus Policy.......................................................................................................55
DMZ Policy.............................................................................................................56
Extranet Policy.........................................................................................................57
VPN and Remote Access (Work-at-home) Security Policy....................................57
Firewall Policy.........................................................................................................58
2
PROJECT ON NETWORK AND INFORMATION SECURITY
Intrusion Detection Policy........................................................................................58
Vulnerability Scanning Policy.................................................................................59
Internet Policy..........................................................................................................59
IP Address and Documentation Management Policy...............................................59
Physical Security Policies........................................................................................60
External Protection...................................................................................................60
Internal Protection....................................................................................................60
Personnel Policies....................................................................................................60
Visitors Policy..........................................................................................................60
Employee Hiring and Termination Policy...............................................................61
User training Policy..................................................................................................61
Data Policies.............................................................................................................61
Information Classification and Sensitivity Policy....................................................61
Encryption Policy.....................................................................................................61
Backup Policy..........................................................................................................61
Password Management and Complexity Policy.......................................................62
System and Hardware Policies.................................................................................62
Hardware Lifecycle and Disposal Policy.................................................................62
Workstation Policy...................................................................................................62
Switch and Router Policy.........................................................................................62
Server Security Policy..............................................................................................62
Logging Policy.........................................................................................................62
Disaster Recovery and Business Continuity..................................................................................63
Security Strategies and Recommended Controls...........................................................................65
Security Strategies....................................................................................................65
Specific recomended Controls to mitigate the risks uncovered...............................65
Residual Risks...............................................................................................................................66
Resources.......................................................................................................................................68
Conclusion.....................................................................................................................................68
PROJECT ON NETWORK AND INFORMATION SECURITY
Intrusion Detection Policy........................................................................................58
Vulnerability Scanning Policy.................................................................................59
Internet Policy..........................................................................................................59
IP Address and Documentation Management Policy...............................................59
Physical Security Policies........................................................................................60
External Protection...................................................................................................60
Internal Protection....................................................................................................60
Personnel Policies....................................................................................................60
Visitors Policy..........................................................................................................60
Employee Hiring and Termination Policy...............................................................61
User training Policy..................................................................................................61
Data Policies.............................................................................................................61
Information Classification and Sensitivity Policy....................................................61
Encryption Policy.....................................................................................................61
Backup Policy..........................................................................................................61
Password Management and Complexity Policy.......................................................62
System and Hardware Policies.................................................................................62
Hardware Lifecycle and Disposal Policy.................................................................62
Workstation Policy...................................................................................................62
Switch and Router Policy.........................................................................................62
Server Security Policy..............................................................................................62
Logging Policy.........................................................................................................62
Disaster Recovery and Business Continuity..................................................................................63
Security Strategies and Recommended Controls...........................................................................65
Security Strategies....................................................................................................65
Specific recomended Controls to mitigate the risks uncovered...............................65
Residual Risks...............................................................................................................................66
Resources.......................................................................................................................................68
Conclusion.....................................................................................................................................68
3
PROJECT ON NETWORK AND INFORMATION SECURITY
Chapter 3 – Technology Implementation of Security Controls.....................................................70
Overview........................................................................................................................................70
Network Security – Access Control..............................................................................................71
Overview..................................................................................................................71
Objective of Control.................................................................................................71
Resources Used........................................................................................................71
Developing the control.............................................................................................72
Description of the System....................................................................................73
Block Diagram.....................................................................................................74
Configuration of the system.................................................................................75
Test Plan Design..................................................................................................76
Test Plan Implementation....................................................................................77
Test Results and Analysis....................................................................................77
Network Security – DMZ Zone.....................................................................................................77
Objective of Control.................................................................................................77
Resources Used........................................................................................................77
Developing the control.............................................................................................78
Description of the System....................................................................................78
Configuration of the system.................................................................................78
Test Plan Design..................................................................................................79
Test Plan Implementation....................................................................................79
Test Results and Analysis....................................................................................79
Network Security – RADIUS Server.............................................................................................80
Objective of Control.................................................................................................80
Resources Used........................................................................................................80
Developing the control.............................................................................................80
Description of the System....................................................................................81
Configuration of the system:................................................................................81
Test Plan Design:.................................................................................................81
PROJECT ON NETWORK AND INFORMATION SECURITY
Chapter 3 – Technology Implementation of Security Controls.....................................................70
Overview........................................................................................................................................70
Network Security – Access Control..............................................................................................71
Overview..................................................................................................................71
Objective of Control.................................................................................................71
Resources Used........................................................................................................71
Developing the control.............................................................................................72
Description of the System....................................................................................73
Block Diagram.....................................................................................................74
Configuration of the system.................................................................................75
Test Plan Design..................................................................................................76
Test Plan Implementation....................................................................................77
Test Results and Analysis....................................................................................77
Network Security – DMZ Zone.....................................................................................................77
Objective of Control.................................................................................................77
Resources Used........................................................................................................77
Developing the control.............................................................................................78
Description of the System....................................................................................78
Configuration of the system.................................................................................78
Test Plan Design..................................................................................................79
Test Plan Implementation....................................................................................79
Test Results and Analysis....................................................................................79
Network Security – RADIUS Server.............................................................................................80
Objective of Control.................................................................................................80
Resources Used........................................................................................................80
Developing the control.............................................................................................80
Description of the System....................................................................................81
Configuration of the system:................................................................................81
Test Plan Design:.................................................................................................81
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Implementation....................................................................................82
Test Results and Analysis....................................................................................82
Network Security – IPS.................................................................................................................82
Objective of Control.................................................................................................82
Resources Used:.......................................................................................................83
Developing the control.............................................................................................83
Description of the System:.......................................................................................83
Configuration of the system:....................................................................................84
Test Plan Design:.....................................................................................................86
Test Plan Implementation........................................................................................86
Network Security – IDS.................................................................................................................88
Objective of Control.................................................................................................88
Resources Used:.......................................................................................................88
Developing the control.............................................................................................88
Description of the System:.......................................................................................89
Configuration of the system:....................................................................................90
Test Plan Design:.....................................................................................................90
Test Plan Implementation........................................................................................91
Backup and Recovery Technology................................................................................................92
Penetration testing....................................................................................................96
Scanning Server.......................................................................................................96
Conclusion.....................................................................................................................................98
Bibliography..................................................................................................................................99
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Implementation....................................................................................82
Test Results and Analysis....................................................................................82
Network Security – IPS.................................................................................................................82
Objective of Control.................................................................................................82
Resources Used:.......................................................................................................83
Developing the control.............................................................................................83
Description of the System:.......................................................................................83
Configuration of the system:....................................................................................84
Test Plan Design:.....................................................................................................86
Test Plan Implementation........................................................................................86
Network Security – IDS.................................................................................................................88
Objective of Control.................................................................................................88
Resources Used:.......................................................................................................88
Developing the control.............................................................................................88
Description of the System:.......................................................................................89
Configuration of the system:....................................................................................90
Test Plan Design:.....................................................................................................90
Test Plan Implementation........................................................................................91
Backup and Recovery Technology................................................................................................92
Penetration testing....................................................................................................96
Scanning Server.......................................................................................................96
Conclusion.....................................................................................................................................98
Bibliography..................................................................................................................................99
5
PROJECT ON NETWORK AND INFORMATION SECURITY
Chapter 1 - Network Redesign
Overview
The First national university FNU is an institution off public higher education and the
institution deals with distance education and online study programs. This is the first higher
education institution of the country which has been associated with providing a distance
education facility and the recent facility includes the online programs. Besides the main campus
of the University there also exists five regional campus and ten metropolitan campus. The
present situation of the University has been associated with providing a diverse range of
undergraduate and postgraduate programs along with Vocational as well as educational trainings
and short professional programs. There exists around more than 45,000 students who are
currently studying in the various levels of the University as an on-campus student. Besides this
there exists around 15000 students who are currently studying under the online facility and the
distance education program.
There exists three major facilities which has been associated with supporting the IT
services which includes the Headquarters, Operations and the backup. The headquarter is
situated in the main campus and the operation facilities are located at a distance of 50 K.M. away
from the headquarter at a warehouse which is owned by the university in an industrial area of the
country. The Operation facility is associated with housing the technical functions at the back
office, Data Centres and the staffs of the It department. The location of the backup facility is
almost at a distance of 1000 K.M. from the headquarter. The University is associated with using
the backup facility for the purpose of using it as a warm-site which would get operational
whenever failure in the operation facility takes place.
PROJECT ON NETWORK AND INFORMATION SECURITY
Chapter 1 - Network Redesign
Overview
The First national university FNU is an institution off public higher education and the
institution deals with distance education and online study programs. This is the first higher
education institution of the country which has been associated with providing a distance
education facility and the recent facility includes the online programs. Besides the main campus
of the University there also exists five regional campus and ten metropolitan campus. The
present situation of the University has been associated with providing a diverse range of
undergraduate and postgraduate programs along with Vocational as well as educational trainings
and short professional programs. There exists around more than 45,000 students who are
currently studying in the various levels of the University as an on-campus student. Besides this
there exists around 15000 students who are currently studying under the online facility and the
distance education program.
There exists three major facilities which has been associated with supporting the IT
services which includes the Headquarters, Operations and the backup. The headquarter is
situated in the main campus and the operation facilities are located at a distance of 50 K.M. away
from the headquarter at a warehouse which is owned by the university in an industrial area of the
country. The Operation facility is associated with housing the technical functions at the back
office, Data Centres and the staffs of the It department. The location of the backup facility is
almost at a distance of 1000 K.M. from the headquarter. The University is associated with using
the backup facility for the purpose of using it as a warm-site which would get operational
whenever failure in the operation facility takes place.
6
PROJECT ON NETWORK AND INFORMATION SECURITY
The regional as well as the metropolitan campuses are almost similar to the main campus
in terms of the size, staff as well as the technologies. The IT infrastructure that the university is
having is associated with the usage of the old and complex technologies. Along with this the
university is still associated with the usage of numerous protocols for the purpose of enabling the
communication in the campus and the main server farm which are located in the various
locations. In order to support the day-to-day learning and the activities as well as the teaching
activities, academics and administrative staffs present in the university. This is done for the
purpose of dealing with the external partners which includes the hospitals, research centres and
many more in various ways which are not necessarily compatible with each other. The current
network that the university is having has various problems related to consistence, performance
and reliability and this has been responsible for owing the growth of the enrolments and the
expansion of the operations which are very recent. There has been an increase in the number of
students for this reason the IT department of the university has been informed about the increase
in the number of students along with informing them about the various complaints received from
the faculties. Particularly it can be stated that the faculties and the academic staffs has been
associated with facing a problem related to the network. For this reason they are not capable of
submitting the grades in an efficient way or maintain a consistent connection amongst the
colleagues at the other units or keeping up with the research or conducting of the daily tasks.in
an similar way the students are also facing lot of problem and this includes late submission of the
tasks and many more. This problem has mainly occurred after the introduction of the online
submission method. For all this problems this report has been prepared in order to analyse the
business goals of the university along with redesign the network as the physic structure for the
purpose of elimination of all the problems.
PROJECT ON NETWORK AND INFORMATION SECURITY
The regional as well as the metropolitan campuses are almost similar to the main campus
in terms of the size, staff as well as the technologies. The IT infrastructure that the university is
having is associated with the usage of the old and complex technologies. Along with this the
university is still associated with the usage of numerous protocols for the purpose of enabling the
communication in the campus and the main server farm which are located in the various
locations. In order to support the day-to-day learning and the activities as well as the teaching
activities, academics and administrative staffs present in the university. This is done for the
purpose of dealing with the external partners which includes the hospitals, research centres and
many more in various ways which are not necessarily compatible with each other. The current
network that the university is having has various problems related to consistence, performance
and reliability and this has been responsible for owing the growth of the enrolments and the
expansion of the operations which are very recent. There has been an increase in the number of
students for this reason the IT department of the university has been informed about the increase
in the number of students along with informing them about the various complaints received from
the faculties. Particularly it can be stated that the faculties and the academic staffs has been
associated with facing a problem related to the network. For this reason they are not capable of
submitting the grades in an efficient way or maintain a consistent connection amongst the
colleagues at the other units or keeping up with the research or conducting of the daily tasks.in
an similar way the students are also facing lot of problem and this includes late submission of the
tasks and many more. This problem has mainly occurred after the introduction of the online
submission method. For all this problems this report has been prepared in order to analyse the
business goals of the university along with redesign the network as the physic structure for the
purpose of elimination of all the problems.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
PROJECT ON NETWORK AND INFORMATION SECURITY
Identify Organisation’s Needs and Constraints
Business Goals: different type of business goals of the university has been identified and
this include the providing of a network for the students as well as for the faculties to work in a
proper way. Besides this the university is also thinking of providing the facility of BYOD or
work at home policy. The university aims at providing a network which would be much faster
and would be helping the peoples associated with it to work efficiently and with much more
efficiency. Besides this the university is associated with providing with various type of
educational courses. The university has been focus on improving its IT infrastructure as they
think that the enrolment process of the campus is likely to grow by 50 % in the upcoming years.
Besides this they are also associated with improving the efficiency of the faculties and the
academic staffs. This is done for the purpose of helping them in taking active part in various type
of research processes by taking help from the other peoples who are present in the other units of
the university. The university is also aimed at improving the efficiency of the students. This is to
be done for the purpose of helping them in obtaining good marks along with helping them in
doing faster submissions and do their works in an efficient way. They are also thinking of giving
remote access of the campus network to the students and the faculties so as to help them in doing
their work from home. Another major goal involves saving themselves from any type of
intruders.
Technical Goals aimed to support business transactions:
Scalability
The following are the list of the scalability of the network needs that are needed for
redesigning the network solution for the first national university
PROJECT ON NETWORK AND INFORMATION SECURITY
Identify Organisation’s Needs and Constraints
Business Goals: different type of business goals of the university has been identified and
this include the providing of a network for the students as well as for the faculties to work in a
proper way. Besides this the university is also thinking of providing the facility of BYOD or
work at home policy. The university aims at providing a network which would be much faster
and would be helping the peoples associated with it to work efficiently and with much more
efficiency. Besides this the university is associated with providing with various type of
educational courses. The university has been focus on improving its IT infrastructure as they
think that the enrolment process of the campus is likely to grow by 50 % in the upcoming years.
Besides this they are also associated with improving the efficiency of the faculties and the
academic staffs. This is done for the purpose of helping them in taking active part in various type
of research processes by taking help from the other peoples who are present in the other units of
the university. The university is also aimed at improving the efficiency of the students. This is to
be done for the purpose of helping them in obtaining good marks along with helping them in
doing faster submissions and do their works in an efficient way. They are also thinking of giving
remote access of the campus network to the students and the faculties so as to help them in doing
their work from home. Another major goal involves saving themselves from any type of
intruders.
Technical Goals aimed to support business transactions:
Scalability
The following are the list of the scalability of the network needs that are needed for
redesigning the network solution for the first national university
8
PROJECT ON NETWORK AND INFORMATION SECURITY
To restructure the current network infrastructure that the university is having. This can be done
by offloading the database of the university. Which means that they have to stay away from the
database as much as possible but this does not mean that they have to open the connections.
It should not to start any type of transactions unless and until there is a need of doing this. The
caches present in the network can also be removed. The overhaul of the IP addressing scheme is
also increased in the technical goal of the university.
The bandwidth of the internet connection is to be increased in order to provide much more
availability for the users. The increase in the bandwidth of the network would be greatly helping
out the users as well as the university. The increasing of the bandwidth would be providing much
more availability. The increase of bandwidth is to be done because there is lot of congestion in
the network of the university which are responsible for slowing the various services of the
university.
The congestion in the network should be handled with connecting the network device using
multiple links. The performance of the network would be greatly enhances as well. The
enhancement in the network would be very much helpful because the working process of
different units of the university would become much faster which would be responsible for the
eliminations of the various delays occurring due to slow network.
New security elements are also to be included in the network and this would be greatly helping in
securing the network. By providing a secure and private wireless network the university would be
opening a wide range of opportunities for the students and the staffs to work in an efficient way.
The security elements would also be ensuring the fact that the information stored in the database
of the university is secure.
The response time of the network should be minimum such that students are able to work faster
with the network the research processes would be greatly enhanced and submission of the grades
in correct time would be increasing the efficiency of the faculties. The network which is to be
PROJECT ON NETWORK AND INFORMATION SECURITY
To restructure the current network infrastructure that the university is having. This can be done
by offloading the database of the university. Which means that they have to stay away from the
database as much as possible but this does not mean that they have to open the connections.
It should not to start any type of transactions unless and until there is a need of doing this. The
caches present in the network can also be removed. The overhaul of the IP addressing scheme is
also increased in the technical goal of the university.
The bandwidth of the internet connection is to be increased in order to provide much more
availability for the users. The increase in the bandwidth of the network would be greatly helping
out the users as well as the university. The increasing of the bandwidth would be providing much
more availability. The increase of bandwidth is to be done because there is lot of congestion in
the network of the university which are responsible for slowing the various services of the
university.
The congestion in the network should be handled with connecting the network device using
multiple links. The performance of the network would be greatly enhances as well. The
enhancement in the network would be very much helpful because the working process of
different units of the university would become much faster which would be responsible for the
eliminations of the various delays occurring due to slow network.
New security elements are also to be included in the network and this would be greatly helping in
securing the network. By providing a secure and private wireless network the university would be
opening a wide range of opportunities for the students and the staffs to work in an efficient way.
The security elements would also be ensuring the fact that the information stored in the database
of the university is secure.
The response time of the network should be minimum such that students are able to work faster
with the network the research processes would be greatly enhanced and submission of the grades
in correct time would be increasing the efficiency of the faculties. The network which is to be
9
PROJECT ON NETWORK AND INFORMATION SECURITY
introduce would be very easy to maintain. And the adaptation of this network can be done in a
very easy way.
Availability
The following are the details of the requirement that includes the steps required to be
followed for the increasing the availability of the network are listed below:
Availability with relation to the network that is to be used by the university and this generally
refers to the ability of the users to access different information or resources within a specified
location and also in a correct format. This is one of the five pillars of the Information Assurance
and the other four pillars includes the integrity, authentication, confidentiality and lastly the
nonrepudiation.
The system that the university is having is non-functioning and also the availability of the
information is also effected and is also having a significant impact over the users. Besides this the
data servers are not secure and is easily available so the information security is affected. The
availability of the network is also effected by the time required.
The availability of the network has been compromised as it is not capable of delivering the
information in an efficient way. The availability of the network must be ensured. The high
availability of the network would be associated with providing a redundant infrastructure for the
university and all this can be switched as the network of the university is facing various type of
problems.
This is to be make sure before increasing the availability that a table is created regarding the
applications which generally requires fault tolerance or the high availability of the networks.
Besides this the identification of the different parts of the network topology which is to be used
by the applications in the university. The single point of failure is to be identified and this is one
PROJECT ON NETWORK AND INFORMATION SECURITY
introduce would be very easy to maintain. And the adaptation of this network can be done in a
very easy way.
Availability
The following are the details of the requirement that includes the steps required to be
followed for the increasing the availability of the network are listed below:
Availability with relation to the network that is to be used by the university and this generally
refers to the ability of the users to access different information or resources within a specified
location and also in a correct format. This is one of the five pillars of the Information Assurance
and the other four pillars includes the integrity, authentication, confidentiality and lastly the
nonrepudiation.
The system that the university is having is non-functioning and also the availability of the
information is also effected and is also having a significant impact over the users. Besides this the
data servers are not secure and is easily available so the information security is affected. The
availability of the network is also effected by the time required.
The availability of the network has been compromised as it is not capable of delivering the
information in an efficient way. The availability of the network must be ensured. The high
availability of the network would be associated with providing a redundant infrastructure for the
university and all this can be switched as the network of the university is facing various type of
problems.
This is to be make sure before increasing the availability that a table is created regarding the
applications which generally requires fault tolerance or the high availability of the networks.
Besides this the identification of the different parts of the network topology which is to be used
by the applications in the university. The single point of failure is to be identified and this is one
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
PROJECT ON NETWORK AND INFORMATION SECURITY
of the important and easiest way which can be done economically for the purpose of improving
the availability of the network.
The fault-tolerance is also to be planned. The hardware subsystems are to be replicated besides
this there should exist a standby hardware and fast bot methods as well. The total remote
management would also be very much helpful and concurrent Backups and restore mechanism
can be used whenever the system of the university would be facing any kind of problem.
Network performance
The performance of the network that is currently being used by the university can be
increased by simply following certain steps and the most important step is to understand the
understanding the network that is being used. The following are requirement for increasing the
performance of the network that are required for the development of the network and restructure
the network device connected in the network.
The first step include the analysis of the workload, number of users using the network framework
and the university area that is needed to be covered using the network infrastructure.
The next steps includes the balancing of the bus loads in the system. The faculties and the
students should be md well aware about the effects that the use of the network for unnecessary
purposes can have over the speed of the network. FNU should also organize different workshops
regarding the security and the safe practices. The requirements of the network should also be
understood by the organization as the requirements change all the time along with the traffic
patterns, applications and many more.
It is to be made sure that everyone is on the same page when it is regarding the best practices and
the configurations. The server of the university is consisting of all the I/O on the same bus.
Certain ideas needs to be considered for the purpose of optimizing the use of same bus. The users
PROJECT ON NETWORK AND INFORMATION SECURITY
of the important and easiest way which can be done economically for the purpose of improving
the availability of the network.
The fault-tolerance is also to be planned. The hardware subsystems are to be replicated besides
this there should exist a standby hardware and fast bot methods as well. The total remote
management would also be very much helpful and concurrent Backups and restore mechanism
can be used whenever the system of the university would be facing any kind of problem.
Network performance
The performance of the network that is currently being used by the university can be
increased by simply following certain steps and the most important step is to understand the
understanding the network that is being used. The following are requirement for increasing the
performance of the network that are required for the development of the network and restructure
the network device connected in the network.
The first step include the analysis of the workload, number of users using the network framework
and the university area that is needed to be covered using the network infrastructure.
The next steps includes the balancing of the bus loads in the system. The faculties and the
students should be md well aware about the effects that the use of the network for unnecessary
purposes can have over the speed of the network. FNU should also organize different workshops
regarding the security and the safe practices. The requirements of the network should also be
understood by the organization as the requirements change all the time along with the traffic
patterns, applications and many more.
It is to be made sure that everyone is on the same page when it is regarding the best practices and
the configurations. The server of the university is consisting of all the I/O on the same bus.
Certain ideas needs to be considered for the purpose of optimizing the use of same bus. The users
11
PROJECT ON NETWORK AND INFORMATION SECURITY
are to be educated as well. The users of the network would mainly include the students and the
employees of the university.
It should also be made sure that all the employees of the organization are equipped with proper
tools for the purpose of getting their work done in an efficient and effective way. The processors
are also to be prioritized in order to make sure that the applications which are critical for the
information are indeed taking priority over any kind of less important traffic. It is also import to
compress the big data in the network. This can be done by upgrading the various software and the
processors.
The University can give their best had for the purpose of improving all the algorithms which have
the possibility of ferreting out along with organizing and grouping together the data sets which
are spread all across the network. This can be helping in saving of the precious bandwidth in the
network and the processing power of the network that is to be used by the university.
There should also exist certain defences against the junk traffic and this can include the
antiviruses, malware software, spam filters, firewalls and many more. It is very much important
to keep the network secure from any type of viruses or any other type of mal-intent programs.
Security
The following measures should be taken for increasing the security of the network
infrastructure designed for the first national university and is given below:
The security of the network is an important issue and due to increased amount of cyber
criminals along with the disgruntled employees and careless users might lead to bringing
down of the computer network and also might lead to compromise of the data.
The security of the network of the university is made up of different hardware, software,
policies and procedure. This elements of the security are mainly designed for the purpose
of defending the whole network against all the internal and external threats. Besides this
PROJECT ON NETWORK AND INFORMATION SECURITY
are to be educated as well. The users of the network would mainly include the students and the
employees of the university.
It should also be made sure that all the employees of the organization are equipped with proper
tools for the purpose of getting their work done in an efficient and effective way. The processors
are also to be prioritized in order to make sure that the applications which are critical for the
information are indeed taking priority over any kind of less important traffic. It is also import to
compress the big data in the network. This can be done by upgrading the various software and the
processors.
The University can give their best had for the purpose of improving all the algorithms which have
the possibility of ferreting out along with organizing and grouping together the data sets which
are spread all across the network. This can be helping in saving of the precious bandwidth in the
network and the processing power of the network that is to be used by the university.
There should also exist certain defences against the junk traffic and this can include the
antiviruses, malware software, spam filters, firewalls and many more. It is very much important
to keep the network secure from any type of viruses or any other type of mal-intent programs.
Security
The following measures should be taken for increasing the security of the network
infrastructure designed for the first national university and is given below:
The security of the network is an important issue and due to increased amount of cyber
criminals along with the disgruntled employees and careless users might lead to bringing
down of the computer network and also might lead to compromise of the data.
The security of the network of the university is made up of different hardware, software,
policies and procedure. This elements of the security are mainly designed for the purpose
of defending the whole network against all the internal and external threats. Besides this
12
PROJECT ON NETWORK AND INFORMATION SECURITY
the multiple layer of the hardware and the software are also responsible for preventing the
network form different type of threats and also to stop the spreading of the threats.
The most common threats to the network might include the malicious programs, zero-day
and zero-hour attacks, hacker attacks, DoS attack and data theft. The important ways in
which the security of the network used by the FNU can be ensured includes the use of
strong passwords, the update of the patches and the other elements of the network,
securing of the VPN, cleaning of the unwanted user accounts and managing of the user
access privileges.
The cyber criminals are mainly associated with the exploitation of the various
vulnerabilities which are present in the system, the software applications, the web
browsers and browser plug ins. This happens mainly when the patches are updated. The
computers attached to the network should always keep their system updated. Besides this
is should be made sure that the users of the network makes use of the strong password.
Strong passwords mainly means the passwords which are difficult to detect by anyone.
Data encryption as well as identity authentication is an important feature which is to be
included in the VPN. Presence of any type of open network connection can be vulnerable
and can be exploited by the hackers in order to sneak into the network of the university.
Besides this the data is very much vulnerable whenever it is travelling through the
internet.
It is important that the university reviews the documentation of the server and the other
VPN software. This is to be done in order to make sure that the strong protocols are used
for the purpose of encryption and authenticating techniques which are to be used in the
PROJECT ON NETWORK AND INFORMATION SECURITY
the multiple layer of the hardware and the software are also responsible for preventing the
network form different type of threats and also to stop the spreading of the threats.
The most common threats to the network might include the malicious programs, zero-day
and zero-hour attacks, hacker attacks, DoS attack and data theft. The important ways in
which the security of the network used by the FNU can be ensured includes the use of
strong passwords, the update of the patches and the other elements of the network,
securing of the VPN, cleaning of the unwanted user accounts and managing of the user
access privileges.
The cyber criminals are mainly associated with the exploitation of the various
vulnerabilities which are present in the system, the software applications, the web
browsers and browser plug ins. This happens mainly when the patches are updated. The
computers attached to the network should always keep their system updated. Besides this
is should be made sure that the users of the network makes use of the strong password.
Strong passwords mainly means the passwords which are difficult to detect by anyone.
Data encryption as well as identity authentication is an important feature which is to be
included in the VPN. Presence of any type of open network connection can be vulnerable
and can be exploited by the hackers in order to sneak into the network of the university.
Besides this the data is very much vulnerable whenever it is travelling through the
internet.
It is important that the university reviews the documentation of the server and the other
VPN software. This is to be done in order to make sure that the strong protocols are used
for the purpose of encryption and authenticating techniques which are to be used in the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
PROJECT ON NETWORK AND INFORMATION SECURITY
network. The Multi-factor authentication can be used which is one of the most secure
method of authenticating the identity.
Besides this the providing of inappropriate user-access privileges might be an important
security threat. This can be eliminated by managing the access of eth users to the critical
data which are on an ongoing basis and this must not be overlooked. Besides all this it is
also important to maintain a list of software which are authorized and this is to be done in
order to prevent the users from downloading any type of applications which are not
present in the list besides this the software inventory applications can also be used for the
purpose of tracking down the level of patches their versions and their types.
The written policies of the university affected should also be updated. Besides this
segregation of the critical data is to be done from the other data present in the network
and besides the segregation of the users according to the authentication that is used by
them. The vulnerability scanning tool should be used at least once in a week along with
penetration testing besides this the network traffic should be monitored in order to detect
any kind of unusual patterns of the activities and also the possible threats.
Manageability
The following are the list of the measures that should be taken for increasing the
manageability of the network.
New networks can adapt the manageability through various ways. The first one is
maintaining consistency of machine management facilitates designing and code reusing
for device integration and device application development. This can be issued at various
levels around various devices and same device types.
PROJECT ON NETWORK AND INFORMATION SECURITY
network. The Multi-factor authentication can be used which is one of the most secure
method of authenticating the identity.
Besides this the providing of inappropriate user-access privileges might be an important
security threat. This can be eliminated by managing the access of eth users to the critical
data which are on an ongoing basis and this must not be overlooked. Besides all this it is
also important to maintain a list of software which are authorized and this is to be done in
order to prevent the users from downloading any type of applications which are not
present in the list besides this the software inventory applications can also be used for the
purpose of tracking down the level of patches their versions and their types.
The written policies of the university affected should also be updated. Besides this
segregation of the critical data is to be done from the other data present in the network
and besides the segregation of the users according to the authentication that is used by
them. The vulnerability scanning tool should be used at least once in a week along with
penetration testing besides this the network traffic should be monitored in order to detect
any kind of unusual patterns of the activities and also the possible threats.
Manageability
The following are the list of the measures that should be taken for increasing the
manageability of the network.
New networks can adapt the manageability through various ways. The first one is
maintaining consistency of machine management facilitates designing and code reusing
for device integration and device application development. This can be issued at various
levels around various devices and same device types.
14
PROJECT ON NETWORK AND INFORMATION SECURITY
At every case, consistency indicates that the corresponding management has featured and
been instrumented at multiple places, behaving and working similarly. They there should
be adherence to various management standards like supporting MIBs. This promotes
consistency in management interfaces (Haseeb et al., 2017).
Here, the self-management pf particular functions have been reducing the necessities to
get managed. Further, introspection capabilities can be applicable here, that can be
slowing the applications to retrieve data regarding management capabilities. These data
comprise of meta-information that is concerned about data revisions and is helpful to
facilitate designing is data-driven management applications.
The threshold-crossing alerts can be used. It is useful for management applications to
avoid the necessities of implementing polling schemes and make that simpler for them to
scale. Further various human-management interfaces like CLI can be applied. It has been
facilitating the activities of network administrators. This is done through interacting
devices directly and not through management application (Cam-Winget, Popa & Hui,
2017).
Further various management policies can be supported allowing the network managers in
configuring some of the management policies. This can be done tuning multiple low-
level parameters. Lastly, comprehensive diagnostics capabilities have been enabling
network managers to quickly troubleshoot any network and devices.
Usability
The following are the list of measures that should be maintained for the increasing the
usability of the network and listed below:
PROJECT ON NETWORK AND INFORMATION SECURITY
At every case, consistency indicates that the corresponding management has featured and
been instrumented at multiple places, behaving and working similarly. They there should
be adherence to various management standards like supporting MIBs. This promotes
consistency in management interfaces (Haseeb et al., 2017).
Here, the self-management pf particular functions have been reducing the necessities to
get managed. Further, introspection capabilities can be applicable here, that can be
slowing the applications to retrieve data regarding management capabilities. These data
comprise of meta-information that is concerned about data revisions and is helpful to
facilitate designing is data-driven management applications.
The threshold-crossing alerts can be used. It is useful for management applications to
avoid the necessities of implementing polling schemes and make that simpler for them to
scale. Further various human-management interfaces like CLI can be applied. It has been
facilitating the activities of network administrators. This is done through interacting
devices directly and not through management application (Cam-Winget, Popa & Hui,
2017).
Further various management policies can be supported allowing the network managers in
configuring some of the management policies. This can be done tuning multiple low-
level parameters. Lastly, comprehensive diagnostics capabilities have been enabling
network managers to quickly troubleshoot any network and devices.
Usability
The following are the list of measures that should be maintained for the increasing the
usability of the network and listed below:
15
PROJECT ON NETWORK AND INFORMATION SECURITY
Usability mainly refers to the degree of ease by which the products like the software and
the web applications can be used for eth achieving the goals that are required in an
efficient as well as effective way. Usability is associated with accessing the various levels
of difficulty which are involved in using the various user interfaces.
Despite of quantifying the usability by making use of the indirect measures and so this
can be considered as a non-functional requirement. This is very much closely related to
the functionalities of the products. This is mainly associated with including the clarity of
the website and also the computer programs which are used in the network. A user
analyst would be responsible for conducting all this studies. And once the product is
deemed to have a good usability means that it is very much easy to learn and efficient and
satisfy all the uses.
The usability of the network to be used by the university includes three major principles
and this are putting an iterative focus upon the users as well as on the tasks. Designing in
an iterative way, and lastly the empirical measurement. The evaluation of the usability
can be done by applying several methods and this includes the cognitive modelling,
inspection, inquiry, prototyping and lastly testing.
The computational models are to be created for the purpose of estimating the time that is
to be taken by the peoples in order to perform a specific task. Inspection would be mainly
including the evaluation of the programs by different expert reviewers. The tasks
involved in this method would be associated with timing and recording. For this reason
this method is considered as a relatively quantitative in nature.
The inquiry method would be including the collection of the qualitative data from various
users and also from the analysis of the task which is associated with specifying the tasks
PROJECT ON NETWORK AND INFORMATION SECURITY
Usability mainly refers to the degree of ease by which the products like the software and
the web applications can be used for eth achieving the goals that are required in an
efficient as well as effective way. Usability is associated with accessing the various levels
of difficulty which are involved in using the various user interfaces.
Despite of quantifying the usability by making use of the indirect measures and so this
can be considered as a non-functional requirement. This is very much closely related to
the functionalities of the products. This is mainly associated with including the clarity of
the website and also the computer programs which are used in the network. A user
analyst would be responsible for conducting all this studies. And once the product is
deemed to have a good usability means that it is very much easy to learn and efficient and
satisfy all the uses.
The usability of the network to be used by the university includes three major principles
and this are putting an iterative focus upon the users as well as on the tasks. Designing in
an iterative way, and lastly the empirical measurement. The evaluation of the usability
can be done by applying several methods and this includes the cognitive modelling,
inspection, inquiry, prototyping and lastly testing.
The computational models are to be created for the purpose of estimating the time that is
to be taken by the peoples in order to perform a specific task. Inspection would be mainly
including the evaluation of the programs by different expert reviewers. The tasks
involved in this method would be associated with timing and recording. For this reason
this method is considered as a relatively quantitative in nature.
The inquiry method would be including the collection of the qualitative data from various
users and also from the analysis of the task which is associated with specifying the tasks
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16
PROJECT ON NETWORK AND INFORMATION SECURITY
of the user for the purpose of accomplishing and this is to be done for the purpose of
achieving the desired goals of the university.
The prototyping method would be associated with refining and validating the usability of
the users. Lastly the testing method would be associated with testing of different subjects
for the quantitative data.
Adaptability
The following steps should be followed for increasing the adaptability of the network and
are given below:
The first step regarding adapting the new network is the ability to act and read on signals. For
adjusting, the organizations should have their antennae kept tunes to various signs of change.
This must be from an external environment, through decoding them. This is helpful to quickly
reinvent and refine the business models and reshape that landscape of information of the current
industry.
As per adaptability is concerned, the business must possess the ability to experiment. The
traditional approaches have been time-consuming and costly. This might saddle the companies
with unreasonable complexities (Sinkkonen, Puhakka & Meriläinen, 2018). Moreover, the
research based on perceptions of consumers has been a remarkably poor predictor of various
successes.
It must be reminded that the real world is always a costly medium regarding experimentation and
various failed-marketing tests and the pilots must jeopardize those reputations and brand of the
company. Thus the businesses need to adopt strategies to manage, accommodate and encourage
the up-taking of emerging technologies.
The networks must adapt the ability to control complicated multi-company systems. The
experimentations and detection of signals have been making organisations think behind the
PROJECT ON NETWORK AND INFORMATION SECURITY
of the user for the purpose of accomplishing and this is to be done for the purpose of
achieving the desired goals of the university.
The prototyping method would be associated with refining and validating the usability of
the users. Lastly the testing method would be associated with testing of different subjects
for the quantitative data.
Adaptability
The following steps should be followed for increasing the adaptability of the network and
are given below:
The first step regarding adapting the new network is the ability to act and read on signals. For
adjusting, the organizations should have their antennae kept tunes to various signs of change.
This must be from an external environment, through decoding them. This is helpful to quickly
reinvent and refine the business models and reshape that landscape of information of the current
industry.
As per adaptability is concerned, the business must possess the ability to experiment. The
traditional approaches have been time-consuming and costly. This might saddle the companies
with unreasonable complexities (Sinkkonen, Puhakka & Meriläinen, 2018). Moreover, the
research based on perceptions of consumers has been a remarkably poor predictor of various
successes.
It must be reminded that the real world is always a costly medium regarding experimentation and
various failed-marketing tests and the pilots must jeopardize those reputations and brand of the
company. Thus the businesses need to adopt strategies to manage, accommodate and encourage
the up-taking of emerging technologies.
The networks must adapt the ability to control complicated multi-company systems. The
experimentations and detection of signals have been making organisations think behind the
17
PROJECT ON NETWORK AND INFORMATION SECURITY
boundaries. Then the companies must be able to mobilize. It must be kept in mind that adaptation
is “local” in nature. This takes place when anyone experiments first on a specific time and place.
This has been global and since the experiments have been succeeding it turns to be refined,
amplified, selected and communicated (Hu, Hu & Chen, 2015).
The network of the university requires developing the environments encouraging the flow of
knowledge, flexibility, sharing, risk-taking, autonomy and diversity over which adaptation has
been thriving. Unlike classical strategic thinking, the adaptability strategy must follow
organizations in various adaptive businesses.
Affordability
The following are the list of processes that should be implemented for increasing the
affordability of the network for the users connected with the university network framework.
The better and newer technologies have often been answering how business must
continue to do more with lesser efforts. The connected devices create better and faster
ways allowing mapping locations and scanning license plates regarding quick
background information (Khaturia, Belur & Karandikar, 2018).
It is also seen that technology has been juggling various devices and been dealing with
various maintenance and update, along with working across systems. They have not been
sharing data and thus the businesses can find themselves without any network connection
that is needed most.
Further, access to Internet has been vital both in social and economic dimensions. This is
helpful to contribute to GDP or “National Gross Domestic Products”. Further, it fuels
innovative and new industries. This also brings about social changes and connecting
communities and provides education and information promoting higher transparency
PROJECT ON NETWORK AND INFORMATION SECURITY
boundaries. Then the companies must be able to mobilize. It must be kept in mind that adaptation
is “local” in nature. This takes place when anyone experiments first on a specific time and place.
This has been global and since the experiments have been succeeding it turns to be refined,
amplified, selected and communicated (Hu, Hu & Chen, 2015).
The network of the university requires developing the environments encouraging the flow of
knowledge, flexibility, sharing, risk-taking, autonomy and diversity over which adaptation has
been thriving. Unlike classical strategic thinking, the adaptability strategy must follow
organizations in various adaptive businesses.
Affordability
The following are the list of processes that should be implemented for increasing the
affordability of the network for the users connected with the university network framework.
The better and newer technologies have often been answering how business must
continue to do more with lesser efforts. The connected devices create better and faster
ways allowing mapping locations and scanning license plates regarding quick
background information (Khaturia, Belur & Karandikar, 2018).
It is also seen that technology has been juggling various devices and been dealing with
various maintenance and update, along with working across systems. They have not been
sharing data and thus the businesses can find themselves without any network connection
that is needed most.
Further, access to Internet has been vital both in social and economic dimensions. This is
helpful to contribute to GDP or “National Gross Domestic Products”. Further, it fuels
innovative and new industries. This also brings about social changes and connecting
communities and provides education and information promoting higher transparency
18
PROJECT ON NETWORK AND INFORMATION SECURITY
(West, 2015). Nevertheless, affordability of networks worldwide has not even
throughout. This has improved the growth rate of various Internet users across the world
and slowed down profoundly in current years.
However, at the current era, public shares of safety have the similar commercial networks
used by citizens (Khaturia, Belur & Karandikar, 2018). Any remote location, damage of
storm and high level use by the general public has been found to be leaving ambulance
drives, public officers and firefighters devoid of any connection.
Existing Network
The existing network of the university has been provided below:
The current university network has been associated with supporting the wide area
network or the WAN operations by making use of a mesh topology. The mesh topology
consists of three layer VPLS or the Virtual Private LAN services point-to-point circuit.
This mesh is associated with ensuring the fact that there exist redundancy between the
Headquarters, Operations and the backup sites.
Besides this the regional as well as the metropolitan campus is also redundantly
connected to the major facilities which is associated with linking to the headquarters,
operations and the backups in an respective way and this is done by making use of the
Frame Relay permanent virtual circuits. In a similar way the two separate frame relay
Internet Service Provider are used for the purpose of redundant internet usage. This
includes one PVC via the main campus and the other PVC via the Backup site. Besides
this the external partners are generally connected to the university by making use of the
DSL.
PROJECT ON NETWORK AND INFORMATION SECURITY
(West, 2015). Nevertheless, affordability of networks worldwide has not even
throughout. This has improved the growth rate of various Internet users across the world
and slowed down profoundly in current years.
However, at the current era, public shares of safety have the similar commercial networks
used by citizens (Khaturia, Belur & Karandikar, 2018). Any remote location, damage of
storm and high level use by the general public has been found to be leaving ambulance
drives, public officers and firefighters devoid of any connection.
Existing Network
The existing network of the university has been provided below:
The current university network has been associated with supporting the wide area
network or the WAN operations by making use of a mesh topology. The mesh topology
consists of three layer VPLS or the Virtual Private LAN services point-to-point circuit.
This mesh is associated with ensuring the fact that there exist redundancy between the
Headquarters, Operations and the backup sites.
Besides this the regional as well as the metropolitan campus is also redundantly
connected to the major facilities which is associated with linking to the headquarters,
operations and the backups in an respective way and this is done by making use of the
Frame Relay permanent virtual circuits. In a similar way the two separate frame relay
Internet Service Provider are used for the purpose of redundant internet usage. This
includes one PVC via the main campus and the other PVC via the Backup site. Besides
this the external partners are generally connected to the university by making use of the
DSL.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19
PROJECT ON NETWORK AND INFORMATION SECURITY
The campus network of the University is supported by the 100Base-Tx switched Ethernet
LANs. Besides this they are also thinking about upgrading their system in order to use
more modern Switched Ethernets. The operational facilities are supported by the
100Base-TX Switched Ethernet LANs. The academic staffs are associated with
providing support to the data centres, networking, maintenance and the development
process of an application. The organizational structure of the backup facility is almost
similar to that of the operational facilities. There exists seven faculties and each faculties
have be supported by the campus backbone.
There exists high-end switch at each building of the university which are connected to the
high-end campus core switch which is present in the campus backbone. Besides this in
each building there exists 24-port Ethernet switch on each floor of the buildings which
are associated connecting the end user systems. All this floor switches are connected to
the high-end switches present in the building. The 100Base-TX switches which are Layer
2 switches present in the It infrastructure of the university has been associated with
running the IEEE 802.1D Spanning Tree Protocol. All devices in the university is a part
of the same broadcast domain and along with this all this devices are part of the
192.168.0.0 internal network. The DHCP is associated with addressing the end-user
hosts.
There also exists a windows server which is a cluster and is located in the operational
facility and is associated with acting as the DHCP server. The windows-based network
management software packages are mainly used for the purpose of monitoring the
different switches which are mainly associated with the usage of the SNMP and the
PROJECT ON NETWORK AND INFORMATION SECURITY
The campus network of the University is supported by the 100Base-Tx switched Ethernet
LANs. Besides this they are also thinking about upgrading their system in order to use
more modern Switched Ethernets. The operational facilities are supported by the
100Base-TX Switched Ethernet LANs. The academic staffs are associated with
providing support to the data centres, networking, maintenance and the development
process of an application. The organizational structure of the backup facility is almost
similar to that of the operational facilities. There exists seven faculties and each faculties
have be supported by the campus backbone.
There exists high-end switch at each building of the university which are connected to the
high-end campus core switch which is present in the campus backbone. Besides this in
each building there exists 24-port Ethernet switch on each floor of the buildings which
are associated connecting the end user systems. All this floor switches are connected to
the high-end switches present in the building. The 100Base-TX switches which are Layer
2 switches present in the It infrastructure of the university has been associated with
running the IEEE 802.1D Spanning Tree Protocol. All devices in the university is a part
of the same broadcast domain and along with this all this devices are part of the
192.168.0.0 internal network. The DHCP is associated with addressing the end-user
hosts.
There also exists a windows server which is a cluster and is located in the operational
facility and is associated with acting as the DHCP server. The windows-based network
management software packages are mainly used for the purpose of monitoring the
different switches which are mainly associated with the usage of the SNMP and the
20
PROJECT ON NETWORK AND INFORMATION SECURITY
RMON. The software are associated with running on the server in the culture which are
located in the operational centres.
The emails of the university and the web servers are associated with the usage of the
public addresses which are generally assigned by the AARNET. The system is also
associated with providing a DNS server which is used by the university. All this public
servers are located in the operations facility. Besides this the Multiservice Platform
routers present in each of the campus of the university consists of default route to the
WAN and is not associated with running the routing protocol. The campus server are
associated with supporting the storage for local files and also the periodically transfer of
the data to the main data centre which are present at the Operations Facility.
Network Traffic Analysis
The university makes use of a packet switching network consists of Traffic Flow and this
nothing but a sequence of packets from different computer sources present in the university to a
certain destination and this might include the host, a multicast group or a broadcast domain.
There exists several problems in the traffic flow of the network that is used by the university.
The problems mainly includes the processing delay, queuing delay, transmission delay and
propagation delay. This can be better understood by understanding the various problems faced by
the university. The network has been facing problems related to the consistency, performance
and reliability. With the growth of number of students and along with the expansion of the
operations the problems are also increasing and the students as well as the faculty complaints are
also increasing. Due to network congestion the faculties as well as the academic staffs have been
associated with putting up complaints regarding various types of problems. The problems mainly
includes things like unable to submit the grades of the student in an efficient way or problems
PROJECT ON NETWORK AND INFORMATION SECURITY
RMON. The software are associated with running on the server in the culture which are
located in the operational centres.
The emails of the university and the web servers are associated with the usage of the
public addresses which are generally assigned by the AARNET. The system is also
associated with providing a DNS server which is used by the university. All this public
servers are located in the operations facility. Besides this the Multiservice Platform
routers present in each of the campus of the university consists of default route to the
WAN and is not associated with running the routing protocol. The campus server are
associated with supporting the storage for local files and also the periodically transfer of
the data to the main data centre which are present at the Operations Facility.
Network Traffic Analysis
The university makes use of a packet switching network consists of Traffic Flow and this
nothing but a sequence of packets from different computer sources present in the university to a
certain destination and this might include the host, a multicast group or a broadcast domain.
There exists several problems in the traffic flow of the network that is used by the university.
The problems mainly includes the processing delay, queuing delay, transmission delay and
propagation delay. This can be better understood by understanding the various problems faced by
the university. The network has been facing problems related to the consistency, performance
and reliability. With the growth of number of students and along with the expansion of the
operations the problems are also increasing and the students as well as the faculty complaints are
also increasing. Due to network congestion the faculties as well as the academic staffs have been
associated with putting up complaints regarding various types of problems. The problems mainly
includes things like unable to submit the grades of the student in an efficient way or problems
21
PROJECT ON NETWORK AND INFORMATION SECURITY
faced during communicating with the other colleagues of the university who are present in the
other campus of the university. Other than this problems due to the congestion in the flow of
traffic the research procedures of the faculties are also getting hampered and their daily tasks are
hampered along with this. Besides the problems faced by the faculties the students are also
associated with facing different problems. Due to several issues present in the network the
students are not able to submit their tasks online which are ultimately resulting in getting low
grades. The late submissions are very much responsible for eth low grades. This has happened
mainly due to the various increased number of users of the network. Processing delay mainly
happens due to the taking of longer time by the routers to process the packet header. When the
packets are processed the routers are associated with checking the bit-level errors in the packet
which has occurred while transmitting as well as during the determination of the next destination
of the packet. Propagation delay occurs because of the longer amount of time taken by the
signals sent from the end of the sender to the receiver.
Network Traffic Flow
Application Flow Users Bandwidth
Speed
Quality Of
Service(QOS)
Email Client/Server Staff 25Mbps 4-7 Sec
Web Page Client/Server Customers, Staff 60Mbps 7-10 Sec
HD Image Client/Server Customers, Staff 15Mbps 7-15 sec
Video streaming Client/Server Customers 65Mbps 10-15 sec to load
Data Backup Server/Server Staff 750Mbps Depends on the
PROJECT ON NETWORK AND INFORMATION SECURITY
faced during communicating with the other colleagues of the university who are present in the
other campus of the university. Other than this problems due to the congestion in the flow of
traffic the research procedures of the faculties are also getting hampered and their daily tasks are
hampered along with this. Besides the problems faced by the faculties the students are also
associated with facing different problems. Due to several issues present in the network the
students are not able to submit their tasks online which are ultimately resulting in getting low
grades. The late submissions are very much responsible for eth low grades. This has happened
mainly due to the various increased number of users of the network. Processing delay mainly
happens due to the taking of longer time by the routers to process the packet header. When the
packets are processed the routers are associated with checking the bit-level errors in the packet
which has occurred while transmitting as well as during the determination of the next destination
of the packet. Propagation delay occurs because of the longer amount of time taken by the
signals sent from the end of the sender to the receiver.
Network Traffic Flow
Application Flow Users Bandwidth
Speed
Quality Of
Service(QOS)
Email Client/Server Staff 25Mbps 4-7 Sec
Web Page Client/Server Customers, Staff 60Mbps 7-10 Sec
HD Image Client/Server Customers, Staff 15Mbps 7-15 sec
Video streaming Client/Server Customers 65Mbps 10-15 sec to load
Data Backup Server/Server Staff 750Mbps Depends on the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
22
PROJECT ON NETWORK AND INFORMATION SECURITY
size
Trade Offs
Technical Trade-Off Percentage
Scalability 20
Availability 20
Network Performance 10
Security 20
Manageability and Usability 5+5
Adaptability and Affordability 10+5
Characterizing the network infrastructure 5
Total: 100
Protocols and Quality of Service Requirements
The network that the university would be having multiple kind of traffics. All the
different kind of traffics present in the network of the university would be demanding different
type of treatments from the network.
Low throughput in the network of the university has mainly occurred due to the different
type of loads from the disparate users who are mainly associated using the same network
resources. Besides this the bit rate which is provided to a certain data stream are also too low for
PROJECT ON NETWORK AND INFORMATION SECURITY
size
Trade Offs
Technical Trade-Off Percentage
Scalability 20
Availability 20
Network Performance 10
Security 20
Manageability and Usability 5+5
Adaptability and Affordability 10+5
Characterizing the network infrastructure 5
Total: 100
Protocols and Quality of Service Requirements
The network that the university would be having multiple kind of traffics. All the
different kind of traffics present in the network of the university would be demanding different
type of treatments from the network.
Low throughput in the network of the university has mainly occurred due to the different
type of loads from the disparate users who are mainly associated using the same network
resources. Besides this the bit rate which is provided to a certain data stream are also too low for
23
PROJECT ON NETWORK AND INFORMATION SECURITY
the real-time multimedia services and this is for all the data streams which gets the same
scheduling priority. The dropped packets in this the routers present in the network of the
websites fail to deliver some of the packets in cases when the loads in the data is corrupted and
along with this the packets which has been arriving might be arriving when the buffers of the
routers are already full. Then the receiving application would be asking for this information
which are to be transmitted and this would be leading to severe delays in eth overall
transmissions. For this reason the faculties are facing a lot of problems during uploading of the
grades and the students are facing problems while submitting their assignments. In many
situations the packets that are being received might be corrupted for the errors in the bits and this
errors in the bits are mainly caused due to the noise and the interferences. This especially
happens in the wireless communication and the long copper wires. For this reason it becomes the
responsibility of the receiver that is the university to detect all this, just as if the packet was
dropped. Besides this the receiver also might ask for the information which needs to be
retransmitted. Latency, another major problem. The time required for the packets to reach its
destination might be very long and this mainly happens because this gets hold up in the long
queues or might be occurring due to taking of less direct routes in order to avoid the congestions
in the network. Latency is very much different from the throughput as the delay that might be
occurring can build up over the time even if the throughput that is existing is normal is nature.
The excessive latency is responsible for the rendering of the different works done by the users.
The packets mainly reaches the destination associated with different delay times. This delay of
the packets might varies according to their position in the queues of the routers. Besides this it is
also dependent on the path that exists between the sources and the destinations and this varying
of the position is totally unpredicted. This variation is known as the jitter and this can be
PROJECT ON NETWORK AND INFORMATION SECURITY
the real-time multimedia services and this is for all the data streams which gets the same
scheduling priority. The dropped packets in this the routers present in the network of the
websites fail to deliver some of the packets in cases when the loads in the data is corrupted and
along with this the packets which has been arriving might be arriving when the buffers of the
routers are already full. Then the receiving application would be asking for this information
which are to be transmitted and this would be leading to severe delays in eth overall
transmissions. For this reason the faculties are facing a lot of problems during uploading of the
grades and the students are facing problems while submitting their assignments. In many
situations the packets that are being received might be corrupted for the errors in the bits and this
errors in the bits are mainly caused due to the noise and the interferences. This especially
happens in the wireless communication and the long copper wires. For this reason it becomes the
responsibility of the receiver that is the university to detect all this, just as if the packet was
dropped. Besides this the receiver also might ask for the information which needs to be
retransmitted. Latency, another major problem. The time required for the packets to reach its
destination might be very long and this mainly happens because this gets hold up in the long
queues or might be occurring due to taking of less direct routes in order to avoid the congestions
in the network. Latency is very much different from the throughput as the delay that might be
occurring can build up over the time even if the throughput that is existing is normal is nature.
The excessive latency is responsible for the rendering of the different works done by the users.
The packets mainly reaches the destination associated with different delay times. This delay of
the packets might varies according to their position in the queues of the routers. Besides this it is
also dependent on the path that exists between the sources and the destinations and this varying
of the position is totally unpredicted. This variation is known as the jitter and this can be
24
PROJECT ON NETWORK AND INFORMATION SECURITY
seriously effecting the quality of the streaming data as well. Whenever the collection of the
related packages is routed through the network, then the different packets are associated with
taking of different paths, which ultimately results in the delay of the packets in different ways.
This initially results in the arriving of the packets in different orders than the order they were
having when they were sent. There is requirement of an additional special protocol which would
be responsible for the rearranging of the packets which are out of order to an ordered state
whenever the packet reaches the destination.
The QoS of the network can be obtained if a specific architecture is followed and the architecture
would be including the following:
The QoS identification and marking techniques in order to coordinate the QoS from the end-to-
end between the network elements.
QoS within the single network element
Lastly, the QoS policy, management, and the functions related to accounting in order to control
and administer all the end-to-end traffic that would be in the network of the university.
The QoS of the entire network mainly involves the capabilities in the end system software which
are running on the computers, like the OS of the user. For this case the end users are the faculties
and the students. The network which is associated with carrying the data which is being sent
back as well as forth from one of the end host to the another. It is essential for eth network of the
university to have the capability of supporting multiple kind of traffics over the single network
link. This is mainly due to the reason that the demands of the traffics regarding their treatment is
different.
PROJECT ON NETWORK AND INFORMATION SECURITY
seriously effecting the quality of the streaming data as well. Whenever the collection of the
related packages is routed through the network, then the different packets are associated with
taking of different paths, which ultimately results in the delay of the packets in different ways.
This initially results in the arriving of the packets in different orders than the order they were
having when they were sent. There is requirement of an additional special protocol which would
be responsible for the rearranging of the packets which are out of order to an ordered state
whenever the packet reaches the destination.
The QoS of the network can be obtained if a specific architecture is followed and the architecture
would be including the following:
The QoS identification and marking techniques in order to coordinate the QoS from the end-to-
end between the network elements.
QoS within the single network element
Lastly, the QoS policy, management, and the functions related to accounting in order to control
and administer all the end-to-end traffic that would be in the network of the university.
The QoS of the entire network mainly involves the capabilities in the end system software which
are running on the computers, like the OS of the user. For this case the end users are the faculties
and the students. The network which is associated with carrying the data which is being sent
back as well as forth from one of the end host to the another. It is essential for eth network of the
university to have the capability of supporting multiple kind of traffics over the single network
link. This is mainly due to the reason that the demands of the traffics regarding their treatment is
different.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
25
PROJECT ON NETWORK AND INFORMATION SECURITY
Logical Network Redesign
Network Topology Design –
Figure 1: Backup server network
PROJECT ON NETWORK AND INFORMATION SECURITY
Logical Network Redesign
Network Topology Design –
Figure 1: Backup server network
26
PROJECT ON NETWORK AND INFORMATION SECURITY
Figure 2: operation building network
Figure 3: main Campus Network
PROJECT ON NETWORK AND INFORMATION SECURITY
Figure 2: operation building network
Figure 3: main Campus Network
27
PROJECT ON NETWORK AND INFORMATION SECURITY
IP Addressing Scheme Design
IP address schema for the Accounts Department
Subnet
Name
Neede
d Size
Allocat
ed Size
Address Mas
k
Dec Mask Assignabl
e Range
Broadcast
Accounts
Departme
nt
15 30 192.168.4.
0
/27 255.255.255.2
24
192.168.4.
1 -
192.168.4.
30
192.168.4.
31
Server 2 2 192.168.4.
32
/30 255.255.255.2
52
192.168.4.
33 -
192.168.4.
34
192.168.4.
35
IP address schema for the Regional campus
Subnet
Name
Neede
d Size
Allocate
d Size
Address Mas
k
Dec Mask Assignable
Range
Broadcast
Buildin
g 1
Floor 1
150 254 192.168.0
.0
/24 255.255.255.0 192.168.0.1
-
192.168.0.2
54
192.168.0.2
55
Buildin 150 254 192.168.1 /24 255.255.255.0 192.168.1.1 192.168.1.2
PROJECT ON NETWORK AND INFORMATION SECURITY
IP Addressing Scheme Design
IP address schema for the Accounts Department
Subnet
Name
Neede
d Size
Allocat
ed Size
Address Mas
k
Dec Mask Assignabl
e Range
Broadcast
Accounts
Departme
nt
15 30 192.168.4.
0
/27 255.255.255.2
24
192.168.4.
1 -
192.168.4.
30
192.168.4.
31
Server 2 2 192.168.4.
32
/30 255.255.255.2
52
192.168.4.
33 -
192.168.4.
34
192.168.4.
35
IP address schema for the Regional campus
Subnet
Name
Neede
d Size
Allocate
d Size
Address Mas
k
Dec Mask Assignable
Range
Broadcast
Buildin
g 1
Floor 1
150 254 192.168.0
.0
/24 255.255.255.0 192.168.0.1
-
192.168.0.2
54
192.168.0.2
55
Buildin 150 254 192.168.1 /24 255.255.255.0 192.168.1.1 192.168.1.2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
28
PROJECT ON NETWORK AND INFORMATION SECURITY
g 1
Floor 2
.0 -
192.168.1.2
54
55
Buildin
g 1
Floor 3
150 254 192.168.2
.0
/24 255.255.255.0 192.168.2.1
-
192.168.2.2
54
192.168.2.2
55
Buildin
g 2
Floor 1
150 254 192.168.3
.0
/24 255.255.255.0 192.168.3.1
-
192.168.3.2
54
192.168.3.2
55
Buildin
g 2
Floor 2
150 254 192.168.4
.0
/24 255.255.255.0 192.168.4.1
-
192.168.4.2
54
192.168.4.2
55
Buildin
g 2
Floor 3
150 254 192.168.5
.0
/24 255.255.255.0 192.168.5.1
-
192.168.5.2
54
192.168.5.2
55
Server 10 14 192.168.6
.0
/28 255.255.255.2
40
192.168.6.1
-
192.168.6.1
192.168.6.1
5
PROJECT ON NETWORK AND INFORMATION SECURITY
g 1
Floor 2
.0 -
192.168.1.2
54
55
Buildin
g 1
Floor 3
150 254 192.168.2
.0
/24 255.255.255.0 192.168.2.1
-
192.168.2.2
54
192.168.2.2
55
Buildin
g 2
Floor 1
150 254 192.168.3
.0
/24 255.255.255.0 192.168.3.1
-
192.168.3.2
54
192.168.3.2
55
Buildin
g 2
Floor 2
150 254 192.168.4
.0
/24 255.255.255.0 192.168.4.1
-
192.168.4.2
54
192.168.4.2
55
Buildin
g 2
Floor 3
150 254 192.168.5
.0
/24 255.255.255.0 192.168.5.1
-
192.168.5.2
54
192.168.5.2
55
Server 10 14 192.168.6
.0
/28 255.255.255.2
40
192.168.6.1
-
192.168.6.1
192.168.6.1
5
29
PROJECT ON NETWORK AND INFORMATION SECURITY
4
IP address schema for the Metropolitan Campus
Subnet
Name
Neede
d Size
Allocate
d Size
Address Mas
k
Dec Mask Assignable
Range
Broadcast
Buildin
g 1
Floor 1
150 254 192.168.0
.0
/24 255.255.255.0 192.168.0.1
-
192.168.0.2
54
192.168.0.2
55
Buildin
g 1
Floor 2
150 254 192.168.1
.0
/24 255.255.255.0 192.168.1.1
-
192.168.1.2
54
192.168.1.2
55
Buildin
g 1
Floor 3
150 254 192.168.2
.0
/24 255.255.255.0 192.168.2.1
-
192.168.2.2
54
192.168.2.2
55
Buildin
g 2
Floor 1
150 254 192.168.3
.0
/24 255.255.255.0 192.168.3.1
-
192.168.3.2
54
192.168.3.2
55
PROJECT ON NETWORK AND INFORMATION SECURITY
4
IP address schema for the Metropolitan Campus
Subnet
Name
Neede
d Size
Allocate
d Size
Address Mas
k
Dec Mask Assignable
Range
Broadcast
Buildin
g 1
Floor 1
150 254 192.168.0
.0
/24 255.255.255.0 192.168.0.1
-
192.168.0.2
54
192.168.0.2
55
Buildin
g 1
Floor 2
150 254 192.168.1
.0
/24 255.255.255.0 192.168.1.1
-
192.168.1.2
54
192.168.1.2
55
Buildin
g 1
Floor 3
150 254 192.168.2
.0
/24 255.255.255.0 192.168.2.1
-
192.168.2.2
54
192.168.2.2
55
Buildin
g 2
Floor 1
150 254 192.168.3
.0
/24 255.255.255.0 192.168.3.1
-
192.168.3.2
54
192.168.3.2
55
30
PROJECT ON NETWORK AND INFORMATION SECURITY
Buildin
g 2
Floor 2
150 254 192.168.4
.0
/24 255.255.255.0 192.168.4.1
-
192.168.4.2
54
192.168.4.2
55
Buildin
g 2
Floor 3
150 254 192.168.5
.0
/24 255.255.255.0 192.168.5.1
-
192.168.5.2
54
192.168.5.2
55
Server 10 14 192.168.6
.0
/28 255.255.255.2
40
192.168.6.1
-
192.168.6.1
4
192.168.6.1
5
IP address schema for the Backup Department
Subn
et
Name
Neede
d Size
Allocate
d Size
Address Mas
k
Dec Mask Assignable
Range
Broadcast
Floor
1
50 62 192.168.0.0 /26 255.255.255.1
92
192.168.0.1
-
192.168.0.6
2
192.168.0.6
3
PROJECT ON NETWORK AND INFORMATION SECURITY
Buildin
g 2
Floor 2
150 254 192.168.4
.0
/24 255.255.255.0 192.168.4.1
-
192.168.4.2
54
192.168.4.2
55
Buildin
g 2
Floor 3
150 254 192.168.5
.0
/24 255.255.255.0 192.168.5.1
-
192.168.5.2
54
192.168.5.2
55
Server 10 14 192.168.6
.0
/28 255.255.255.2
40
192.168.6.1
-
192.168.6.1
4
192.168.6.1
5
IP address schema for the Backup Department
Subn
et
Name
Neede
d Size
Allocate
d Size
Address Mas
k
Dec Mask Assignable
Range
Broadcast
Floor
1
50 62 192.168.0.0 /26 255.255.255.1
92
192.168.0.1
-
192.168.0.6
2
192.168.0.6
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
31
PROJECT ON NETWORK AND INFORMATION SECURITY
Floor
2
50 62 192.168.0.6
4
/26 255.255.255.1
92
192.168.0.6
5 -
192.168.0.1
26
192.168.0.1
27
Serve
r farm
16 30 192.168.0.1
28
/27 255.255.255.2
24
192.168.0.1
29 -
192.168.0.1
58
192.168.0.1
59
IP address schema for the management Department
Subnet
Name
Neede
d Size
Allocate
d Size
Address Mas
k
Dec Mask Assignable
Range
Broadcast
Operati
on
building
150 254 192.168.0
.0
/24 255.255.255.0 192.168.0.1
-
192.168.0.2
54
192.168.0.2
55
Server
farm
16 30 192.168.1
.0
/27 255.255.255.2
24
192.168.1.1
-
192.168.1.3
0
192.168.1.3
Switching and Routing Protocols selection
PROJECT ON NETWORK AND INFORMATION SECURITY
Floor
2
50 62 192.168.0.6
4
/26 255.255.255.1
92
192.168.0.6
5 -
192.168.0.1
26
192.168.0.1
27
Serve
r farm
16 30 192.168.0.1
28
/27 255.255.255.2
24
192.168.0.1
29 -
192.168.0.1
58
192.168.0.1
59
IP address schema for the management Department
Subnet
Name
Neede
d Size
Allocate
d Size
Address Mas
k
Dec Mask Assignable
Range
Broadcast
Operati
on
building
150 254 192.168.0
.0
/24 255.255.255.0 192.168.0.1
-
192.168.0.2
54
192.168.0.2
55
Server
farm
16 30 192.168.1
.0
/27 255.255.255.2
24
192.168.1.1
-
192.168.1.3
0
192.168.1.3
Switching and Routing Protocols selection
32
PROJECT ON NETWORK AND INFORMATION SECURITY
Switching protocol
IEEE 802.1 for RSTP configuration and including rapid convergence for aggregation of multiple
tree from VLANs. The port fast command is used for the forwarding the data packets faster. The
uplink fast command is used for connecting two switches on the distribution layer and if the link
gest down the spanning tree protocol helps in creating a link with the other switch connected in
the network. The IEEE 802.1 Q is used for the creation of VLAN and dynamic trunk protocol is
applied for the negotiation of the VLAN tags.
Routing protocol
The OSPF protocol is used for creating a link between the different routers and send and receive
the data packets in the network via the shortest path. The routing protocol is used for avoiding
the loops in the router and increasing the scalability in the network. There are different other
routing protocol such as RIP, IS-IS and EIGRP that can be used for creating a routed protocol in
the network.
Network Management Strategies
There are different network management strategies that can be used for creating a complex
network solution and management of the growth of the organization. The implementation of the
intrusion detection system helps in monitoring the data flow in the network and manage the
network resources for controlling the network. The creation of a DMZ zone would also help in
controlling the data flow in the network and secure the servers from external access.
Physical Network Redesign
Selection of Technologies and Network Devices for each Campus (LANs)
PROJECT ON NETWORK AND INFORMATION SECURITY
Switching protocol
IEEE 802.1 for RSTP configuration and including rapid convergence for aggregation of multiple
tree from VLANs. The port fast command is used for the forwarding the data packets faster. The
uplink fast command is used for connecting two switches on the distribution layer and if the link
gest down the spanning tree protocol helps in creating a link with the other switch connected in
the network. The IEEE 802.1 Q is used for the creation of VLAN and dynamic trunk protocol is
applied for the negotiation of the VLAN tags.
Routing protocol
The OSPF protocol is used for creating a link between the different routers and send and receive
the data packets in the network via the shortest path. The routing protocol is used for avoiding
the loops in the router and increasing the scalability in the network. There are different other
routing protocol such as RIP, IS-IS and EIGRP that can be used for creating a routed protocol in
the network.
Network Management Strategies
There are different network management strategies that can be used for creating a complex
network solution and management of the growth of the organization. The implementation of the
intrusion detection system helps in monitoring the data flow in the network and manage the
network resources for controlling the network. The creation of a DMZ zone would also help in
controlling the data flow in the network and secure the servers from external access.
Physical Network Redesign
Selection of Technologies and Network Devices for each Campus (LANs)
33
PROJECT ON NETWORK AND INFORMATION SECURITY
LAN cabling
For choosing the cable the different cable types should be selected and analyzed that can be used
for interconnecting the network device installed in different location of the department. UTP
cable are the mostly used cables in the local area network and in this category cat 5, cat 5e and
cat 6 cables can be selected.
LAN Technologies
There are different LAN technologies such as Fast Ethernet, Gigabit Ethernet, etc. that can be
used for the development of the local area network solution. The Ethernet is defined as IEEE
802.3 standards and the main reason for the selection of Ethernet is it’s easy to application,
maintenance and the cost. It can also offer flexibility for the selection of the topology and
operated in the OSI layer.
Campus interconnecting Devices
There are many network interconnecting device that are required for connecting different
branches of the university and enable them communicate with each other. The main
interconnecting device are listed below:
Network interface cards
Repeaters
Bridge
Hub
Router
Switch
PROJECT ON NETWORK AND INFORMATION SECURITY
LAN cabling
For choosing the cable the different cable types should be selected and analyzed that can be used
for interconnecting the network device installed in different location of the department. UTP
cable are the mostly used cables in the local area network and in this category cat 5, cat 5e and
cat 6 cables can be selected.
LAN Technologies
There are different LAN technologies such as Fast Ethernet, Gigabit Ethernet, etc. that can be
used for the development of the local area network solution. The Ethernet is defined as IEEE
802.3 standards and the main reason for the selection of Ethernet is it’s easy to application,
maintenance and the cost. It can also offer flexibility for the selection of the topology and
operated in the OSI layer.
Campus interconnecting Devices
There are many network interconnecting device that are required for connecting different
branches of the university and enable them communicate with each other. The main
interconnecting device are listed below:
Network interface cards
Repeaters
Bridge
Hub
Router
Switch
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
34
PROJECT ON NETWORK AND INFORMATION SECURITY
NIC - This acts as the interface and are required for transmitting the data or receiving data. It
has a 48 bit MAC address that is used for uniquely identify the device and it works as a data
link layer communication.
Repeater – It is used for boosting the signal strength for the signals travelling longer than 100
meters. It can be used for expanding the network beyond the limitations and can be
connected with different types of media for achieving different data rates.
HUB – It allows to receive a signal on a port and retransmit on all the ports connected. The
hub can be used for a star topology network and increase the fault tolerance of the network.
Bridge – It can be used for connect more than one LAN and extend the network capacity.
Selection of Technologies and Devices Campus Wide (WANs)
Remote Access Technologies
There are different remote access technologies such as IPsec VPN, SSL VPN, Network
access control used for the establishment of a secure remote access network between the local
area network and the remote site. A Radius server can be installed in the network for the
management of the authentication and authorization of the remote users for connecting with the
organizational network. The servers needs to be associated with the firewall for increasing the
security and block the unauthorised users to access the core network resources. The creation of a
VPN server helps in creating an encrypted connection over the internet where there are many
malicious users present. With the implementation of the VPN network the remote users can
securely access the applications and the other resources of the University for Study Purpose. For
enhancing the safety of communication VPN tunnels are used for sending and receiving the data
PROJECT ON NETWORK AND INFORMATION SECURITY
NIC - This acts as the interface and are required for transmitting the data or receiving data. It
has a 48 bit MAC address that is used for uniquely identify the device and it works as a data
link layer communication.
Repeater – It is used for boosting the signal strength for the signals travelling longer than 100
meters. It can be used for expanding the network beyond the limitations and can be
connected with different types of media for achieving different data rates.
HUB – It allows to receive a signal on a port and retransmit on all the ports connected. The
hub can be used for a star topology network and increase the fault tolerance of the network.
Bridge – It can be used for connect more than one LAN and extend the network capacity.
Selection of Technologies and Devices Campus Wide (WANs)
Remote Access Technologies
There are different remote access technologies such as IPsec VPN, SSL VPN, Network
access control used for the establishment of a secure remote access network between the local
area network and the remote site. A Radius server can be installed in the network for the
management of the authentication and authorization of the remote users for connecting with the
organizational network. The servers needs to be associated with the firewall for increasing the
security and block the unauthorised users to access the core network resources. The creation of a
VPN server helps in creating an encrypted connection over the internet where there are many
malicious users present. With the implementation of the VPN network the remote users can
securely access the applications and the other resources of the University for Study Purpose. For
enhancing the safety of communication VPN tunnels are used for sending and receiving the data
35
PROJECT ON NETWORK AND INFORMATION SECURITY
packets in the network and the user must use some authentication mechanism to gain the access
of the tunnel.
Organization wide interconnecting Devices
For interconnecting the different branches of the organization different networking
hardware and network equipment should be used. The device helps in interconnecting with the
other branches and other location of the network and the device ranges from routers, gateways,
wireless access point, switches, and network bridges. For the development of the hybrid network
topology the layer 3 switch, multiplexer, ISDN terminal adapters and the network address
translator can also help in interconnecting the larger network.
WAN Technologies
The wide area network refers to coverage of a broad geographical location and it uses the lowest
level of the OSI model for communication. There are different technologies used by the wide
area network for communication such as Point to point links, circuit switching, packet switching,
WAN virtual circuits, WAN dial up services, etc. thee point to point look is used for the
establishment of a connection path it uses a carrier path for getting the required amount of
bandwidth and it is more expensive than the frame relay or shared service. The circuit switch
technology is used as the normal telephone connection and the routers sends the data via a switch
network. For the ISDN circuit the ISDN device places a telephone call to the remote ISDN
circuit for authentication and sending and receiving the data packets. The packet switching is
used for sharing a common carrier ab resource in the network.
Physical Network Map
PROJECT ON NETWORK AND INFORMATION SECURITY
packets in the network and the user must use some authentication mechanism to gain the access
of the tunnel.
Organization wide interconnecting Devices
For interconnecting the different branches of the organization different networking
hardware and network equipment should be used. The device helps in interconnecting with the
other branches and other location of the network and the device ranges from routers, gateways,
wireless access point, switches, and network bridges. For the development of the hybrid network
topology the layer 3 switch, multiplexer, ISDN terminal adapters and the network address
translator can also help in interconnecting the larger network.
WAN Technologies
The wide area network refers to coverage of a broad geographical location and it uses the lowest
level of the OSI model for communication. There are different technologies used by the wide
area network for communication such as Point to point links, circuit switching, packet switching,
WAN virtual circuits, WAN dial up services, etc. thee point to point look is used for the
establishment of a connection path it uses a carrier path for getting the required amount of
bandwidth and it is more expensive than the frame relay or shared service. The circuit switch
technology is used as the normal telephone connection and the routers sends the data via a switch
network. For the ISDN circuit the ISDN device places a telephone call to the remote ISDN
circuit for authentication and sending and receiving the data packets. The packet switching is
used for sharing a common carrier ab resource in the network.
Physical Network Map
36
PROJECT ON NETWORK AND INFORMATION SECURITY
For the creation of the physical network map of the network Micro soft Visio is used and
demonstrated below:
Conclusion
The report that has been discussed above mainly discusses about the network structure
that FNU is having. First section of the report provides an overview of the FNU. In this section a
clear and concise description about the organization has been provided which also includes the
various business domains, the issues in the network and what are the actions that are to be taken
in order to address all the issues and this mainly includes the new recommended components for
the new network that is to be designed. The business goals and the technical goals has also been
provided in this report. The technical report has been aimed at supporting the various business
transactions and this mainly includes the scalability, availability, and performance of the
network, security of the network, manageability, usability, adaptability and affordability of the
networks. The existing network has also been analysed in this report. Where a brief description
regarding the current topology, physical infrastructure and the performance of the network has
PROJECT ON NETWORK AND INFORMATION SECURITY
For the creation of the physical network map of the network Micro soft Visio is used and
demonstrated below:
Conclusion
The report that has been discussed above mainly discusses about the network structure
that FNU is having. First section of the report provides an overview of the FNU. In this section a
clear and concise description about the organization has been provided which also includes the
various business domains, the issues in the network and what are the actions that are to be taken
in order to address all the issues and this mainly includes the new recommended components for
the new network that is to be designed. The business goals and the technical goals has also been
provided in this report. The technical report has been aimed at supporting the various business
transactions and this mainly includes the scalability, availability, and performance of the
network, security of the network, manageability, usability, adaptability and affordability of the
networks. The existing network has also been analysed in this report. Where a brief description
regarding the current topology, physical infrastructure and the performance of the network has
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
37
PROJECT ON NETWORK AND INFORMATION SECURITY
been provided. Besides this the network maps has also been provided. The issues in the network
infrastructure has also been discussed in this report. Followed by this the traffic in the network
has been analysed which includes the traffic flow, traffic load and the protocols and the QoS
requirements. Lastly the provides a logical and physical design of the new network. The logical
design includes the IP Addressing Scheme Design, Switching and Routing Protocols selection
and the Network Management Strategies.
PROJECT ON NETWORK AND INFORMATION SECURITY
been provided. Besides this the network maps has also been provided. The issues in the network
infrastructure has also been discussed in this report. Followed by this the traffic in the network
has been analysed which includes the traffic flow, traffic load and the protocols and the QoS
requirements. Lastly the provides a logical and physical design of the new network. The logical
design includes the IP Addressing Scheme Design, Switching and Routing Protocols selection
and the Network Management Strategies.
38
PROJECT ON NETWORK AND INFORMATION SECURITY
Chapter 2 - Network Security Plan
Introduction
The network security plan has been developed for the formation of the effective security
measures for the various security issues identified in the organization. The network security plan
would be deployed for ensuring that the wide area networks of the First National University
(FNU) are being deployed effectively. The FNU is a public institution for higher education. They
have considerably large campus operating in 10 metropolitan cities and 5 regional areas. Hence,
the effective communication is very important for the university. However, the deployment of
the wide area network connection implied had been facing the issue of complex ICT
infrastructure, large exhaustion of the resources, and the security issues. The implication of the
security functions would be helpful for the deployment of the effective network connection and
communication network. It would protect the network from the external infiltration and
information extraction. The security functions like encryption, authorization, firewall, and
IDS/IPS would be helpful for the easing the implication of the security functions for the FNU.
Scope
The following are the scopes identified for the development of the network security plan and
listed below:
The project is developed for improving the facilities of the network communication for
FNU and it would form the effective deployment of the operations favouring the security
implication in the university.
PROJECT ON NETWORK AND INFORMATION SECURITY
Chapter 2 - Network Security Plan
Introduction
The network security plan has been developed for the formation of the effective security
measures for the various security issues identified in the organization. The network security plan
would be deployed for ensuring that the wide area networks of the First National University
(FNU) are being deployed effectively. The FNU is a public institution for higher education. They
have considerably large campus operating in 10 metropolitan cities and 5 regional areas. Hence,
the effective communication is very important for the university. However, the deployment of
the wide area network connection implied had been facing the issue of complex ICT
infrastructure, large exhaustion of the resources, and the security issues. The implication of the
security functions would be helpful for the deployment of the effective network connection and
communication network. It would protect the network from the external infiltration and
information extraction. The security functions like encryption, authorization, firewall, and
IDS/IPS would be helpful for the easing the implication of the security functions for the FNU.
Scope
The following are the scopes identified for the development of the network security plan and
listed below:
The project is developed for improving the facilities of the network communication for
FNU and it would form the effective deployment of the operations favouring the security
implication in the university.
39
PROJECT ON NETWORK AND INFORMATION SECURITY
The security implication would be based on the use of the innovative technology and the
development of the functional activities so that the organization can align the network
redesign with the security plan developed.
The implication of the project activities would include the major systematic deployment
of the security policies, forming the network design with the help of design engineering,
using the policies for security implication, and successful implementation of the network
security.
Objectives
The following the objectives of the identification of the network security plan and given for the
project. It is developed for improving the facilities of the network communication for FNU and it
would form the effective deployment of the operations favoring the security implication in the
university. The objectives of the project are,
To improve the network connection and communication with the help of new network
design developed with design engineering
To analyses the security vulnerabilities of the network design and analyses the root
causes of the issues
To develop some policies that would help in easing the security for the network
connection
To form a network security implementation plan favorable with the requirements of the
FNU
To implement the security policies following the implementation plan developed for the
network
PROJECT ON NETWORK AND INFORMATION SECURITY
The security implication would be based on the use of the innovative technology and the
development of the functional activities so that the organization can align the network
redesign with the security plan developed.
The implication of the project activities would include the major systematic deployment
of the security policies, forming the network design with the help of design engineering,
using the policies for security implication, and successful implementation of the network
security.
Objectives
The following the objectives of the identification of the network security plan and given for the
project. It is developed for improving the facilities of the network communication for FNU and it
would form the effective deployment of the operations favoring the security implication in the
university. The objectives of the project are,
To improve the network connection and communication with the help of new network
design developed with design engineering
To analyses the security vulnerabilities of the network design and analyses the root
causes of the issues
To develop some policies that would help in easing the security for the network
connection
To form a network security implementation plan favorable with the requirements of the
FNU
To implement the security policies following the implementation plan developed for the
network
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
40
PROJECT ON NETWORK AND INFORMATION SECURITY
Assumptions
The project is developed for improving the facilities of the network communication for FNU and
it would form the effective deployment of the operations favouring the security implication in the
university. However, the network connection design would involve a number of factors like,
Design Assumptions: The development of the network design would include a number of
assumptions related to the implication of the effective implementation of the functions such as
network communication working principle, number of routers/switches required, and area
covered by the routers.
Security Assumptions: The implementation of the security functions would be based on the
assumptions that no physical contact with the devices would be possible for any unauthorised
users, security plan would be feasible for the implication, network design would sustain the
network security tools, and no external disturbances would be present in the network
communication.
Risk Analysis
The risk acting on the network is analysed on the different factors such as the assets of the
university network, its impact on the physical and the non-physical assets. The following table is
created for the identification of the risk, threats, challenges and vulnerabilities acting on the
assets of the University for the Preparation of the risk mitigation plan and secure the network
from external agents.
Asset Risk Threats
identification
Challenges Vulnerabilities
PROJECT ON NETWORK AND INFORMATION SECURITY
Assumptions
The project is developed for improving the facilities of the network communication for FNU and
it would form the effective deployment of the operations favouring the security implication in the
university. However, the network connection design would involve a number of factors like,
Design Assumptions: The development of the network design would include a number of
assumptions related to the implication of the effective implementation of the functions such as
network communication working principle, number of routers/switches required, and area
covered by the routers.
Security Assumptions: The implementation of the security functions would be based on the
assumptions that no physical contact with the devices would be possible for any unauthorised
users, security plan would be feasible for the implication, network design would sustain the
network security tools, and no external disturbances would be present in the network
communication.
Risk Analysis
The risk acting on the network is analysed on the different factors such as the assets of the
university network, its impact on the physical and the non-physical assets. The following table is
created for the identification of the risk, threats, challenges and vulnerabilities acting on the
assets of the University for the Preparation of the risk mitigation plan and secure the network
from external agents.
Asset Risk Threats
identification
Challenges Vulnerabilities
41
PROJECT ON NETWORK AND INFORMATION SECURITY
Physical Assets
consists of the
different network
hardware device
used for the
different areas of
the network such
as dual monitors
staff 2000 PCs,
headsets,
webcams, 20
networked Laser
Printers, 50
computer labs
with 1200
Desktop PCs and
50 printers, VoIP
video phones.
The assets of the
regional and the
metropolitan
campuses are the
Desktop 250
The risk is
divided into
individual asset
risk that is used
for deploying
the different
activity. The
various risk
factors would
be analysed
based on the
implication of
the effective
development of
the network
design and
using network
monitoring
tools for
forming the
major glitches
in the network.
The probable
The threats in
network
connection can
result in
forming the
issues in the
deployment of
the network
from external
factors. The
threats in
network can be
divided into
four variants
namely external
threat, internal
threat,
structured
threat, and
unstructured
threat. The
unstructured
threats to the
The challenges of
the network are
the various issues
that would be
generated for the
deployment of
the network
connection. The
implementation
had been facing
the issue of
complex ICT
infrastructure,
large exhaustion
of the resources,
and the security
issues. The
probable risk
factors for the
network
connection
deployment at
FNU are
The
vulnerabilities in
the network
connection can
be identified as
the specific ‘soft
spots’ or internal
weaknesses that
can result in the
occurrence of the
network risk
occurrence.
There are many
reasons due to
which the
network issues
can be raised and
it includes the
probable factors
of the design or
implementation
errors of FNU.
The technological
PROJECT ON NETWORK AND INFORMATION SECURITY
Physical Assets
consists of the
different network
hardware device
used for the
different areas of
the network such
as dual monitors
staff 2000 PCs,
headsets,
webcams, 20
networked Laser
Printers, 50
computer labs
with 1200
Desktop PCs and
50 printers, VoIP
video phones.
The assets of the
regional and the
metropolitan
campuses are the
Desktop 250
The risk is
divided into
individual asset
risk that is used
for deploying
the different
activity. The
various risk
factors would
be analysed
based on the
implication of
the effective
development of
the network
design and
using network
monitoring
tools for
forming the
major glitches
in the network.
The probable
The threats in
network
connection can
result in
forming the
issues in the
deployment of
the network
from external
factors. The
threats in
network can be
divided into
four variants
namely external
threat, internal
threat,
structured
threat, and
unstructured
threat. The
unstructured
threats to the
The challenges of
the network are
the various issues
that would be
generated for the
deployment of
the network
connection. The
implementation
had been facing
the issue of
complex ICT
infrastructure,
large exhaustion
of the resources,
and the security
issues. The
probable risk
factors for the
network
connection
deployment at
FNU are
The
vulnerabilities in
the network
connection can
be identified as
the specific ‘soft
spots’ or internal
weaknesses that
can result in the
occurrence of the
network risk
occurrence.
There are many
reasons due to
which the
network issues
can be raised and
it includes the
probable factors
of the design or
implementation
errors of FNU.
The technological
42
PROJECT ON NETWORK AND INFORMATION SECURITY
PCs, 4
networked Laser
Printers, 10
computer labs
with 240 PCs
and 10 printers.
The Operation
site and backup
has desktop 250
PCs, 4
networked Laser
Printers, 10
computer labs
with 240 PCs
and 10 printers
risk factors for
the network
connection
deployment at
FNU are
exposure of the
key university
applications and
services to
external
individuals due
to the cloud
deployment,
inappropriate
access and use
of resources,
unauthorized
and malicious
internal and
external
network attacks,
and network
redundancy. All
network would
include the
inexperienced
individuals
using password
crackers and
shell scripts.
These two can
be used for
hacking into the
easily
decrypted
password
protection and
extract
information.
The structured
threats involve
the inclusion of
the threat of
exploitation of
the scripts and
codes forming
exposure of the
key university
applications and
services to
external
individuals due to
the cloud
deployment,
inappropriate
access and use of
resources,
unauthorised and
malicious internal
and external
network attacks,
and network
redundancy. All
these issues
would result in
forming the
major problems
for the
implementation
vulnerabilities
that might impact
the network
development
security functions
are operating
system
weaknesses,
TCP/IP protocol
weaknesses, and
network
equipment
weaknesses. The
configuration that
might impact the
network
development
security functions
are use of easy
passwords that
can be
deciphered
easily, Unsecured
PROJECT ON NETWORK AND INFORMATION SECURITY
PCs, 4
networked Laser
Printers, 10
computer labs
with 240 PCs
and 10 printers.
The Operation
site and backup
has desktop 250
PCs, 4
networked Laser
Printers, 10
computer labs
with 240 PCs
and 10 printers
risk factors for
the network
connection
deployment at
FNU are
exposure of the
key university
applications and
services to
external
individuals due
to the cloud
deployment,
inappropriate
access and use
of resources,
unauthorized
and malicious
internal and
external
network attacks,
and network
redundancy. All
network would
include the
inexperienced
individuals
using password
crackers and
shell scripts.
These two can
be used for
hacking into the
easily
decrypted
password
protection and
extract
information.
The structured
threats involve
the inclusion of
the threat of
exploitation of
the scripts and
codes forming
exposure of the
key university
applications and
services to
external
individuals due to
the cloud
deployment,
inappropriate
access and use of
resources,
unauthorised and
malicious internal
and external
network attacks,
and network
redundancy. All
these issues
would result in
forming the
major problems
for the
implementation
vulnerabilities
that might impact
the network
development
security functions
are operating
system
weaknesses,
TCP/IP protocol
weaknesses, and
network
equipment
weaknesses. The
configuration that
might impact the
network
development
security functions
are use of easy
passwords that
can be
deciphered
easily, Unsecured
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
43
PROJECT ON NETWORK AND INFORMATION SECURITY
these issues
would result in
forming the
major problems
for the
implementation
of the network
connection for
the FNU. The
issues would
result in
forming the
direct and
indirect impact
on the physical
and nonphysical
assets of FNU.
The risk factor
would form the
issues in
management of
the
communication
the major
influence in the
development of
the activities.
The advanced
hackers and
cyber criminals
would include
the use of
advanced
hacking
methods for
forming the
major influence
in the
application
development.
The external
attacks would
result in
making the
system unable
to work and
of the network
connection for
the FNU. The
major challenges
of the project are
Password attacks,
Trust
exploitation, Port
redirection, Man-
in-the-middle
attacks, Social
engineering, and
Phishing.
user accounts,
unsecured default
settings, and
misconfigured
internet services.
The security
policy
weaknesses that
might impact the
network
development
security functions
are lack of
security policy,
lack of
continuity,
politics, and lack
of logical access
controls. These
are the major
vulnerabilities
classification and
vulnerabilities
PROJECT ON NETWORK AND INFORMATION SECURITY
these issues
would result in
forming the
major problems
for the
implementation
of the network
connection for
the FNU. The
issues would
result in
forming the
direct and
indirect impact
on the physical
and nonphysical
assets of FNU.
The risk factor
would form the
issues in
management of
the
communication
the major
influence in the
development of
the activities.
The advanced
hackers and
cyber criminals
would include
the use of
advanced
hacking
methods for
forming the
major influence
in the
application
development.
The external
attacks would
result in
making the
system unable
to work and
of the network
connection for
the FNU. The
major challenges
of the project are
Password attacks,
Trust
exploitation, Port
redirection, Man-
in-the-middle
attacks, Social
engineering, and
Phishing.
user accounts,
unsecured default
settings, and
misconfigured
internet services.
The security
policy
weaknesses that
might impact the
network
development
security functions
are lack of
security policy,
lack of
continuity,
politics, and lack
of logical access
controls. These
are the major
vulnerabilities
classification and
vulnerabilities
44
PROJECT ON NETWORK AND INFORMATION SECURITY
for the FNU
and it would
result in
forming the
major issues for
the
management of
the various
locations on a
single network
connection.
process the
query. The
attacks not only
make the
network slow
and sluggish,
but it also
forms the issues
of data
interception
and forgery.
Anyone would
be able to
change the
existing data
forming the
issues in the
alignment of
the operations
for FNU. The
DDoS attacks is
an example for
the attack on
that can form the
impact on the
development of
the network
connection for
the FNU. The
possibility of
unauthorised and
malicious internal
and external
network attacks
is another major
factor that would
form the issue in
the development
of the effective
network.
PROJECT ON NETWORK AND INFORMATION SECURITY
for the FNU
and it would
result in
forming the
major issues for
the
management of
the various
locations on a
single network
connection.
process the
query. The
attacks not only
make the
network slow
and sluggish,
but it also
forms the issues
of data
interception
and forgery.
Anyone would
be able to
change the
existing data
forming the
issues in the
alignment of
the operations
for FNU. The
DDoS attacks is
an example for
the attack on
that can form the
impact on the
development of
the network
connection for
the FNU. The
possibility of
unauthorised and
malicious internal
and external
network attacks
is another major
factor that would
form the issue in
the development
of the effective
network.
45
PROJECT ON NETWORK AND INFORMATION SECURITY
the network
that would
result in
harming the
operations of
the activities.
The internal
attacks are the
person specific
attacks caused
by the person
working in the
network
gaining the
authentication.
The individuals
might extract
the information
from the
network by
gaining the
access to the
network and
PROJECT ON NETWORK AND INFORMATION SECURITY
the network
that would
result in
harming the
operations of
the activities.
The internal
attacks are the
person specific
attacks caused
by the person
working in the
network
gaining the
authentication.
The individuals
might extract
the information
from the
network by
gaining the
access to the
network and
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
46
PROJECT ON NETWORK AND INFORMATION SECURITY
use it for
personal use.
The non -
physical assets of
the First national
university are
500 Windows 7
operating system,
one network
attachment
storage for local
storage, and
100Base-TX
Switched
Ethernet is
present at the
each of the
Metro and
Regional
campuses. For
the headquarter
1200 Windows
10 operating
For
summarizing
the risk the
probable risks
of the network
implementation
are exposure of
the key
university
applications and
services to
external
individuals due
to the cloud
deployment,
inappropriate
access and use
of resources,
unauthorised
and malicious
internal and
PROJECT ON NETWORK AND INFORMATION SECURITY
use it for
personal use.
The non -
physical assets of
the First national
university are
500 Windows 7
operating system,
one network
attachment
storage for local
storage, and
100Base-TX
Switched
Ethernet is
present at the
each of the
Metro and
Regional
campuses. For
the headquarter
1200 Windows
10 operating
For
summarizing
the risk the
probable risks
of the network
implementation
are exposure of
the key
university
applications and
services to
external
individuals due
to the cloud
deployment,
inappropriate
access and use
of resources,
unauthorised
and malicious
internal and
47
PROJECT ON NETWORK AND INFORMATION SECURITY
system, one
network
attachment
storage (NAS)
for local storage,
and 100Base-TX
Switched
Ethernet. For the
operation site
500 Combination
of Windows and
Linux servers as
Operating
systems along
with tools like
file, web, mail,
DHCP, DNS,
Authentication,
Blackboard,
Domain
Controllers,
Database, SAN,
Load Balancing
external
network attacks,
and network
redundancy.
The migration
of the key
applications and
operations
would result in
making the data
and information
available on the
cloud platform
that can be
accessed from
any location
resulting in
possibility of
data misuse and
modification.
The possibility
of unauthorised
and malicious
PROJECT ON NETWORK AND INFORMATION SECURITY
system, one
network
attachment
storage (NAS)
for local storage,
and 100Base-TX
Switched
Ethernet. For the
operation site
500 Combination
of Windows and
Linux servers as
Operating
systems along
with tools like
file, web, mail,
DHCP, DNS,
Authentication,
Blackboard,
Domain
Controllers,
Database, SAN,
Load Balancing
external
network attacks,
and network
redundancy.
The migration
of the key
applications and
operations
would result in
making the data
and information
available on the
cloud platform
that can be
accessed from
any location
resulting in
possibility of
data misuse and
modification.
The possibility
of unauthorised
and malicious
48
PROJECT ON NETWORK AND INFORMATION SECURITY
and video
streaming
servers.
internal and
external
network attacks
is another major
factor that
would form the
issue in the
development of
the effective
network. The
attacks would
result in making
the system
unable to work
and process the
query. The
attacks not only
make the
network slow
and sluggish,
but it also forms
the issues of
data
PROJECT ON NETWORK AND INFORMATION SECURITY
and video
streaming
servers.
internal and
external
network attacks
is another major
factor that
would form the
issue in the
development of
the effective
network. The
attacks would
result in making
the system
unable to work
and process the
query. The
attacks not only
make the
network slow
and sluggish,
but it also forms
the issues of
data
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
49
PROJECT ON NETWORK AND INFORMATION SECURITY
interception and
forgery.
Anyone would
be able to
change the
existing data
forming the
issues in the
alignment of the
operations for
FNU. The
DDoS attacks is
an example for
the attack on
the network that
would result in
harming the
operations of
the activities.
Network
redundancy is
related to the
traffic issues in
PROJECT ON NETWORK AND INFORMATION SECURITY
interception and
forgery.
Anyone would
be able to
change the
existing data
forming the
issues in the
alignment of the
operations for
FNU. The
DDoS attacks is
an example for
the attack on
the network that
would result in
harming the
operations of
the activities.
Network
redundancy is
related to the
traffic issues in
50
PROJECT ON NETWORK AND INFORMATION SECURITY
the network that
can be caused
from deliberate
and accidental
reasons.
RACI Matrix
N
o.
Ra
nk
Risk Descripti
on
Catego
ry
Root
Cause
Trigger
s
Poten
tial
Respo
nses
Risk
Owner
Proba
bility
Imp
act
Status
R
21
1 Unavail
ability
of
Technic
al
Experts
The
specialize
d
software’
s and
hardware
’s may
not be
accessibl
e amid
the
execution
of the
project;
Employ
ee risk
The
technic
al
experts
may be
unavail
able
due to
illness
or any
emerge
ncy
conditio
Extra
time
should
be
reserved
for the
complet
ion of
the
develop
ment
phase of
the
project
Huma
n
Resou
rce
Mana
ger
Develo
pment
team
Low Hig
h
More
than
one
technica
l
experts
are
availabl
e for the
develop
ment of
the
project
PROJECT ON NETWORK AND INFORMATION SECURITY
the network that
can be caused
from deliberate
and accidental
reasons.
RACI Matrix
N
o.
Ra
nk
Risk Descripti
on
Catego
ry
Root
Cause
Trigger
s
Poten
tial
Respo
nses
Risk
Owner
Proba
bility
Imp
act
Status
R
21
1 Unavail
ability
of
Technic
al
Experts
The
specialize
d
software’
s and
hardware
’s may
not be
accessibl
e amid
the
execution
of the
project;
Employ
ee risk
The
technic
al
experts
may be
unavail
able
due to
illness
or any
emerge
ncy
conditio
Extra
time
should
be
reserved
for the
complet
ion of
the
develop
ment
phase of
the
project
Huma
n
Resou
rce
Mana
ger
Develo
pment
team
Low Hig
h
More
than
one
technica
l
experts
are
availabl
e for the
develop
ment of
the
project
51
PROJECT ON NETWORK AND INFORMATION SECURITY
specialize
d
technicia
ns
likewise
may not
be
accessibl
e at the
ideal time
amid the
project
n. such
that the
emerge
ncy
conditio
n scan
be
handled
easily
R
44
2 Imprope
r
Applicat
ion of
the
Project
Plan
Notwithst
anding all
strategies
, the
organizati
on may
neglect to
actualize
everythin
g as per
plan
legitimate
ly
bringing
about
disappoin
Project
Risk
Wrong
analysis
of the
require
ment
can
cause
improp
er
applicat
ion of
the
project
plan
The
project
manage
r should
monitor
the
progress
of the
develop
ment
and
align
the
develop
ment
process
Projec
t
mana
ger
Compa
ny
Mediu
m
Hig
h
The
project
plan is
created
and it
needs to
be
followe
d for
the
proper
develop
ment of
the
project
PROJECT ON NETWORK AND INFORMATION SECURITY
specialize
d
technicia
ns
likewise
may not
be
accessibl
e at the
ideal time
amid the
project
n. such
that the
emerge
ncy
conditio
n scan
be
handled
easily
R
44
2 Imprope
r
Applicat
ion of
the
Project
Plan
Notwithst
anding all
strategies
, the
organizati
on may
neglect to
actualize
everythin
g as per
plan
legitimate
ly
bringing
about
disappoin
Project
Risk
Wrong
analysis
of the
require
ment
can
cause
improp
er
applicat
ion of
the
project
plan
The
project
manage
r should
monitor
the
progress
of the
develop
ment
and
align
the
develop
ment
process
Projec
t
mana
ger
Compa
ny
Mediu
m
Hig
h
The
project
plan is
created
and it
needs to
be
followe
d for
the
proper
develop
ment of
the
project
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
52
PROJECT ON NETWORK AND INFORMATION SECURITY
tment of
project
on an
entirety
(Burke,
2013)
with the
project
plan
R
71
3 Unavail
ability
of the
system
device
The
selected
device
should
work
with the
recent
technolog
y and
must be
available
in the
market
such that
the faulty
device
can be
replaced
Technic
al Risk
The
selectio
n of
obsolet
e
technol
ogy and
device
of old
model
can
cause
unavail
ability
of the
device
and
they
may not
be
replace
d with
The
new
deice
availabl
e in the
market
may not
be
compati
ble with
the
server
used in
the
organiz
ation
and thus
recently
technol
ogy
must be
chosen
Techn
ical
Exper
t
Project
Team
Mediu
m
Hig
h
An
analysis
on the
market
is done
and the
recent
technol
ogy is
chosen
for
implem
enting it
in the
project
PROJECT ON NETWORK AND INFORMATION SECURITY
tment of
project
on an
entirety
(Burke,
2013)
with the
project
plan
R
71
3 Unavail
ability
of the
system
device
The
selected
device
should
work
with the
recent
technolog
y and
must be
available
in the
market
such that
the faulty
device
can be
replaced
Technic
al Risk
The
selectio
n of
obsolet
e
technol
ogy and
device
of old
model
can
cause
unavail
ability
of the
device
and
they
may not
be
replace
d with
The
new
deice
availabl
e in the
market
may not
be
compati
ble with
the
server
used in
the
organiz
ation
and thus
recently
technol
ogy
must be
chosen
Techn
ical
Exper
t
Project
Team
Mediu
m
Hig
h
An
analysis
on the
market
is done
and the
recent
technol
ogy is
chosen
for
implem
enting it
in the
project
53
PROJECT ON NETWORK AND INFORMATION SECURITY
the
same
device
for the
develop
ment of
the
project.
R
3
4 Use of
cloud
service
for
storing
data
The
cloud
service
platform
may be
chosen
for
storing
the
organizati
onal
records
and data
and
increase
the
efficiency
of the
system
(Marche
wka,
2014)
Develo
pment
team
Storage
of data
in the
cloud
platfor
m
makes
the data
less
secure
and the
data can
be
accesse
d by the
hacker
for
illegal
use
The
data
stored
in the
cloud
should
be
encrypt
ed and
authenti
cation
of the
data
should
be kept
limited
Projec
t
Mana
ger
Organiz
ation
Low Low The
cloud
platfor
m is
chosen
for
backing
up of
data
residing
in the
local
databas
e of the
system
and
they are
needed
to be
secured
for any
unautho
rised
PROJECT ON NETWORK AND INFORMATION SECURITY
the
same
device
for the
develop
ment of
the
project.
R
3
4 Use of
cloud
service
for
storing
data
The
cloud
service
platform
may be
chosen
for
storing
the
organizati
onal
records
and data
and
increase
the
efficiency
of the
system
(Marche
wka,
2014)
Develo
pment
team
Storage
of data
in the
cloud
platfor
m
makes
the data
less
secure
and the
data can
be
accesse
d by the
hacker
for
illegal
use
The
data
stored
in the
cloud
should
be
encrypt
ed and
authenti
cation
of the
data
should
be kept
limited
Projec
t
Mana
ger
Organiz
ation
Low Low The
cloud
platfor
m is
chosen
for
backing
up of
data
residing
in the
local
databas
e of the
system
and
they are
needed
to be
secured
for any
unautho
rised
54
PROJECT ON NETWORK AND INFORMATION SECURITY
access
Security Policies
Acceptable Use Policies
Email and Communications Policy
The first national university network requirement and the users using the network are
analyzed for the development of the email and the communication policy. All the new request of
the connection should be done between the third party and the organization which is taken into
consideration and both the parties should be signing the aspect which is related to the third party
application. The agreement should be signed by the president of the organization or the sponsor
organization and the representative of the third party and they both should take into consideration
the different aspects which are related to the concept.
Internet and Network Access Policy
The students and the staffs should be grouped by editing the active directory and the group
of users for maintaining the security aspect which can be included into the policy is that if the
network is directly secured by the VPN then no one would be able to access the data due to the
security aspect which are involved into its internal working. The concept of the adhering to the
policy of the IT should be taken into consideration even though any of the employee are involved
into the working of the organization though not located at the premises of the organization.
Workstation Policy
PROJECT ON NETWORK AND INFORMATION SECURITY
access
Security Policies
Acceptable Use Policies
Email and Communications Policy
The first national university network requirement and the users using the network are
analyzed for the development of the email and the communication policy. All the new request of
the connection should be done between the third party and the organization which is taken into
consideration and both the parties should be signing the aspect which is related to the third party
application. The agreement should be signed by the president of the organization or the sponsor
organization and the representative of the third party and they both should take into consideration
the different aspects which are related to the concept.
Internet and Network Access Policy
The students and the staffs should be grouped by editing the active directory and the group
of users for maintaining the security aspect which can be included into the policy is that if the
network is directly secured by the VPN then no one would be able to access the data due to the
security aspect which are involved into its internal working. The concept of the adhering to the
policy of the IT should be taken into consideration even though any of the employee are involved
into the working of the organization though not located at the premises of the organization.
Workstation Policy
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
55
PROJECT ON NETWORK AND INFORMATION SECURITY
The current policy of the workstation deployed in different areas of the university should be
identified for the consideration of the aspect which is related to the scheduling of the team
meeting or the development which is related to the departmental policies. The workstation policy
mainly include the sector of the functionality of the overall organization.
Wireless and BYOD Policy
The BYOD policy should be created for enabling the student to connect their wireless device
with the university network following the rules and regulation of the university. The wireless
access point should be secured with the application of encryption algorithm such as WPA 2 PSK.
The password policy should be applied in the access point such that the unauthorized users does
not have access of the wireless network.
Network Security Policies
Antivirus Policy
The policy can be considered as an internal IT policy which directly defines the anti-virus policy
which is placed on every computer which mainly include how often the scan of the virus is done,
what program will be used in the sector of the detection, remove of the malware program and
prevention. The concept can be directly related to the aspect of what program would be block at
the server and what type of anti-virus program would be run on the server of the mail. It can be
stated that it can also be used to get a clear idea of the concept of what anti-virus program will be
accessible and run on the server of the mail. The main activity which play a very vital role is the
check of the files and what files would be accessed and what are the ways by which the
prevention of the spread of the malware. The organisation in the concept of the anti-virus would
PROJECT ON NETWORK AND INFORMATION SECURITY
The current policy of the workstation deployed in different areas of the university should be
identified for the consideration of the aspect which is related to the scheduling of the team
meeting or the development which is related to the departmental policies. The workstation policy
mainly include the sector of the functionality of the overall organization.
Wireless and BYOD Policy
The BYOD policy should be created for enabling the student to connect their wireless device
with the university network following the rules and regulation of the university. The wireless
access point should be secured with the application of encryption algorithm such as WPA 2 PSK.
The password policy should be applied in the access point such that the unauthorized users does
not have access of the wireless network.
Network Security Policies
Antivirus Policy
The policy can be considered as an internal IT policy which directly defines the anti-virus policy
which is placed on every computer which mainly include how often the scan of the virus is done,
what program will be used in the sector of the detection, remove of the malware program and
prevention. The concept can be directly related to the aspect of what program would be block at
the server and what type of anti-virus program would be run on the server of the mail. It can be
stated that it can also be used to get a clear idea of the concept of what anti-virus program will be
accessible and run on the server of the mail. The main activity which play a very vital role is the
check of the files and what files would be accessed and what are the ways by which the
prevention of the spread of the malware. The organisation in the concept of the anti-virus would
56
PROJECT ON NETWORK AND INFORMATION SECURITY
be using a particular anti-virus and the minimum requirement related to the anti-virus are stated
below:
The library definition of the antivirus should be updated at least ones per day.
The product which is related to the antivirus should be operated in a real time manner on
all the client server and client system.
The concept which should be applied to the aspect is the real time protection.
The scan which is related to the antivirus should be done ones per week and the main
consideration which is taken into consideration would be based on the aspect of the
server and the workstation.
DMZ Policy
The main policy which is related to the DMZ can be stated as following:
The equipment must be documented in the corporation enterprise wide management
system. At a minimum the following aspects should be taken into consideration. The
main point of emphases would be on the sector of location and host contacts, operating
system and hardware version, main function and the relating to it the application and the
password which is related to the privileged group of people.
The interface which is related to the network should have an appropriate Domain Name
server (DNS).
The groups of the password should be maintained using the concept of the corporate wide
password process of management system.
PROJECT ON NETWORK AND INFORMATION SECURITY
be using a particular anti-virus and the minimum requirement related to the anti-virus are stated
below:
The library definition of the antivirus should be updated at least ones per day.
The product which is related to the antivirus should be operated in a real time manner on
all the client server and client system.
The concept which should be applied to the aspect is the real time protection.
The scan which is related to the antivirus should be done ones per week and the main
consideration which is taken into consideration would be based on the aspect of the
server and the workstation.
DMZ Policy
The main policy which is related to the DMZ can be stated as following:
The equipment must be documented in the corporation enterprise wide management
system. At a minimum the following aspects should be taken into consideration. The
main point of emphases would be on the sector of location and host contacts, operating
system and hardware version, main function and the relating to it the application and the
password which is related to the privileged group of people.
The interface which is related to the network should have an appropriate Domain Name
server (DNS).
The groups of the password should be maintained using the concept of the corporate wide
password process of management system.
57
PROJECT ON NETWORK AND INFORMATION SECURITY
The changes which is related to the aspect of the equipment and the deployment may be
related to the new equipment and must follow a change management procedures and
processes and the aspect of the corporate governess.
Extranet Policy
All the new connectivity which is related to the extranet should be passed through a security
review which is related with the information security department. The main aspect which is
related to the reviewing is mainly to ensure that the matching of the requirement of the best way
or approach of the policy is done. On the other hand another concept which should be taken into
consideration is the least access method should be followed.
VPN and Remote Access (Work-at-home) Security Policy
The main aspect which is related to the remote access and the VPN that should be taken into
consideration is the concept which is related to the connection of the VPN to the corporate
network which can be considered to be very much cheap as related to the concept of the
computing. On the other hand if the consideration of the electrical cost and the subscription of
the VPN it can be stated that it is very much cost friendly approach.
Most of the organisation tend to allocate the aspects which are related to the resource allocation
of the BYOD. The organisation has directly implemented and developed the BYOD procedures,
however it can be stated it is very much lacking the aspect which is related to the support of the
BYOD and the organisation own device was not implemented and this majorly resulted in the
aspect of the creation of a negative approach for the point of view of the user. These type of
organisation do not include adequate resources which are related to the BYOD. The main policy
which can be stated here is explained below:
PROJECT ON NETWORK AND INFORMATION SECURITY
The changes which is related to the aspect of the equipment and the deployment may be
related to the new equipment and must follow a change management procedures and
processes and the aspect of the corporate governess.
Extranet Policy
All the new connectivity which is related to the extranet should be passed through a security
review which is related with the information security department. The main aspect which is
related to the reviewing is mainly to ensure that the matching of the requirement of the best way
or approach of the policy is done. On the other hand another concept which should be taken into
consideration is the least access method should be followed.
VPN and Remote Access (Work-at-home) Security Policy
The main aspect which is related to the remote access and the VPN that should be taken into
consideration is the concept which is related to the connection of the VPN to the corporate
network which can be considered to be very much cheap as related to the concept of the
computing. On the other hand if the consideration of the electrical cost and the subscription of
the VPN it can be stated that it is very much cost friendly approach.
Most of the organisation tend to allocate the aspects which are related to the resource allocation
of the BYOD. The organisation has directly implemented and developed the BYOD procedures,
however it can be stated it is very much lacking the aspect which is related to the support of the
BYOD and the organisation own device was not implemented and this majorly resulted in the
aspect of the creation of a negative approach for the point of view of the user. These type of
organisation do not include adequate resources which are related to the BYOD. The main policy
which can be stated here is explained below:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
58
PROJECT ON NETWORK AND INFORMATION SECURITY
The organisation and the BYOD employee can directly share the responsibility which is
related to the privacy and the security of the information.
The effect of the policy would not be effecting the area of the ownership of the
organisation of the corporate information which is related to the BYOD.
All the devices which are related to the BYOD should have a screen lock attached to it
which would be enhancing the security which is related to the data which is stored in the
device.
The antivirus software should be installed properly and the scan of the virus should be
done periodically which would be affecting the security of the data and directly would be
keeping the data secured.
Firewall Policy
The main aspect which can be stated in context of the firewall policy is that the implementation
and the planning of the architecture, software and the policies and other components which can
be deployed. It can be stated here that the policy which are related to the firewall cannot be
considered to stagnant, this is due to the factor that as most of the different threats factors are
changing and according to the threats the policy would be changing. The concept of the alert and
logs should be taken into consideration in order to identify the different factors of the threat. This
concept can be considered one of the most vital factors which can be included into the concept of
the security policy which is related to the firewall.
Intrusion Detection Policy
The policy which can be included into the aspect of the intrusion detection policy are stated
below:
PROJECT ON NETWORK AND INFORMATION SECURITY
The organisation and the BYOD employee can directly share the responsibility which is
related to the privacy and the security of the information.
The effect of the policy would not be effecting the area of the ownership of the
organisation of the corporate information which is related to the BYOD.
All the devices which are related to the BYOD should have a screen lock attached to it
which would be enhancing the security which is related to the data which is stored in the
device.
The antivirus software should be installed properly and the scan of the virus should be
done periodically which would be affecting the security of the data and directly would be
keeping the data secured.
Firewall Policy
The main aspect which can be stated in context of the firewall policy is that the implementation
and the planning of the architecture, software and the policies and other components which can
be deployed. It can be stated here that the policy which are related to the firewall cannot be
considered to stagnant, this is due to the factor that as most of the different threats factors are
changing and according to the threats the policy would be changing. The concept of the alert and
logs should be taken into consideration in order to identify the different factors of the threat. This
concept can be considered one of the most vital factors which can be included into the concept of
the security policy which is related to the firewall.
Intrusion Detection Policy
The policy which can be included into the aspect of the intrusion detection policy are stated
below:
59
PROJECT ON NETWORK AND INFORMATION SECURITY
The detection and the prevention which is related to the data which are considered very
much confidential for the working of the organization.
Prevention of the integrity which is related to the organizational data which is stored in
the network.
Keeping the network resources and the host available for the authorized users.
Vulnerability Scanning Policy
In the concept of the vulnerability which is related to the scanning can be divided into few
sector for example the aspect which is related to the false positive. The main policy which can be
related to the false positive is that the identification would be done on the basis of the emails or
the corporate ticketing system with the staff of the security. The risk which is related to the
acceptable can be considered to be one of the most important sector which is related to the
solution of the improvement.
Internet Policy
The internet policy can be directly be related to the aspect of the access of the features which are
related to the internet. In most of the times the access to the feature are made which directly
affect the functionality of the organization. On the other hand it can be stated that the security of
the organization can also be compromised in this way by means of using unethical means to
achieve the desired standard of working.
IP Address and Documentation Management Policy
The documentation policy that should be taken into consideration manly deals with the data of
the organization and the access of the data which play a dominating role which are directly
PROJECT ON NETWORK AND INFORMATION SECURITY
The detection and the prevention which is related to the data which are considered very
much confidential for the working of the organization.
Prevention of the integrity which is related to the organizational data which is stored in
the network.
Keeping the network resources and the host available for the authorized users.
Vulnerability Scanning Policy
In the concept of the vulnerability which is related to the scanning can be divided into few
sector for example the aspect which is related to the false positive. The main policy which can be
related to the false positive is that the identification would be done on the basis of the emails or
the corporate ticketing system with the staff of the security. The risk which is related to the
acceptable can be considered to be one of the most important sector which is related to the
solution of the improvement.
Internet Policy
The internet policy can be directly be related to the aspect of the access of the features which are
related to the internet. In most of the times the access to the feature are made which directly
affect the functionality of the organization. On the other hand it can be stated that the security of
the organization can also be compromised in this way by means of using unethical means to
achieve the desired standard of working.
IP Address and Documentation Management Policy
The documentation policy that should be taken into consideration manly deals with the data of
the organization and the access of the data which play a dominating role which are directly
60
PROJECT ON NETWORK AND INFORMATION SECURITY
related to the working of the organization. The documentation of the organization can be
considered one of the most vital aspect as it can involve the security of the organization.
Physical Security Policies
External Protection
The external protection policies are stated below:
The access to the server of the organization should be always restricted to the authorized
person of the organization only.
Any type of equipment which is logged in and the removed should be kept in record
which would be helping to identify the different aspects of the security.
The access should be system of the organization should involve a security check.
Internal Protection
The internal protection can be considered as the policies which are included within the
organization basically for the employee. The main factors which can be taken into consideration
are the following aspects.
The organization should be aware if the different types of activity which is performed in
and around the organization.
Keeping the computer system safe from any type of illegal activity can be considered as
one of the important policy of the organization.
The policy are directly related to the aspect of the security of the information which are
disposed in accordance to the equipment and the media disposal policy.
Personnel Policies
Visitors Policy
PROJECT ON NETWORK AND INFORMATION SECURITY
related to the working of the organization. The documentation of the organization can be
considered one of the most vital aspect as it can involve the security of the organization.
Physical Security Policies
External Protection
The external protection policies are stated below:
The access to the server of the organization should be always restricted to the authorized
person of the organization only.
Any type of equipment which is logged in and the removed should be kept in record
which would be helping to identify the different aspects of the security.
The access should be system of the organization should involve a security check.
Internal Protection
The internal protection can be considered as the policies which are included within the
organization basically for the employee. The main factors which can be taken into consideration
are the following aspects.
The organization should be aware if the different types of activity which is performed in
and around the organization.
Keeping the computer system safe from any type of illegal activity can be considered as
one of the important policy of the organization.
The policy are directly related to the aspect of the security of the information which are
disposed in accordance to the equipment and the media disposal policy.
Personnel Policies
Visitors Policy
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
61
PROJECT ON NETWORK AND INFORMATION SECURITY
The visitor policy can be directed related to the aspect which is related to the access of the
system of the organization which has stored data. If these data are accessed by any third person it
can lead to some sort of serious problem for the user. There should be different policies which
should be attached to the aspect which would be security the data of the organization.
Employee Hiring and Termination Policy
The hiring of the organization would be based on the aspect of the education and the sector
which would be directly helping the organization. If any of the employee indulge into different
types of unethical aspects into the working there should be different types of policy which would
be stated.
User training Policy
Training of the person should be involving policy so that the people who are engaged into the
concept have the better of the concept and the latest technology which is related to the aspect.
Data Policies
Information Classification and Sensitivity Policy
The sensitive information should be maintained in an encrypted form so that any third person
would not be able to access the data.
Encryption Policy
The data of the organization should be encrypted which would be directly affect the security of
the data. This means that the data would not go into the position of any other person.
Backup Policy
PROJECT ON NETWORK AND INFORMATION SECURITY
The visitor policy can be directed related to the aspect which is related to the access of the
system of the organization which has stored data. If these data are accessed by any third person it
can lead to some sort of serious problem for the user. There should be different policies which
should be attached to the aspect which would be security the data of the organization.
Employee Hiring and Termination Policy
The hiring of the organization would be based on the aspect of the education and the sector
which would be directly helping the organization. If any of the employee indulge into different
types of unethical aspects into the working there should be different types of policy which would
be stated.
User training Policy
Training of the person should be involving policy so that the people who are engaged into the
concept have the better of the concept and the latest technology which is related to the aspect.
Data Policies
Information Classification and Sensitivity Policy
The sensitive information should be maintained in an encrypted form so that any third person
would not be able to access the data.
Encryption Policy
The data of the organization should be encrypted which would be directly affect the security of
the data. This means that the data would not go into the position of any other person.
Backup Policy
62
PROJECT ON NETWORK AND INFORMATION SECURITY
Data backup can be considered very much important die to the fact that of there is any type of
error in the data or loss of the data the backup would be beneficial.
Password Management and Complexity Policy
Password should be incorporated in a way of securing the data of the organization and most of
the system should be allowed to be accessed only by the authorized user.
System and Hardware Policies
Hardware Lifecycle and Disposal Policy
The hardware of the system of the organization should be updated on a daily basis which would
be stating the sector of the efficiency which is related to efficiency in the sector of working with
the technology.
Workstation Policy
The workstation of the organization should involve high end security of the data
The access should be in a proper way which would be incorporating a system of belong
less and responsibly of the organization.
Switch and Router Policy
The router should be activity and the legacy of the system should be maintained.
The switches should be updated and it should involve a concept of speed in the access.
Server Security Policy
The server should be kept well maintained,
The maintenance should be done so that the performance of the server is maintained well.
Logging Policy
PROJECT ON NETWORK AND INFORMATION SECURITY
Data backup can be considered very much important die to the fact that of there is any type of
error in the data or loss of the data the backup would be beneficial.
Password Management and Complexity Policy
Password should be incorporated in a way of securing the data of the organization and most of
the system should be allowed to be accessed only by the authorized user.
System and Hardware Policies
Hardware Lifecycle and Disposal Policy
The hardware of the system of the organization should be updated on a daily basis which would
be stating the sector of the efficiency which is related to efficiency in the sector of working with
the technology.
Workstation Policy
The workstation of the organization should involve high end security of the data
The access should be in a proper way which would be incorporating a system of belong
less and responsibly of the organization.
Switch and Router Policy
The router should be activity and the legacy of the system should be maintained.
The switches should be updated and it should involve a concept of speed in the access.
Server Security Policy
The server should be kept well maintained,
The maintenance should be done so that the performance of the server is maintained well.
Logging Policy
63
PROJECT ON NETWORK AND INFORMATION SECURITY
Logging should be done from the end of the authorized user only taking into consideration a
username of password. This would be directly securing the system.
Disaster Recovery and Business Continuity
Business Impact Analysis - By understanding potential risks to the business of the organization
and finding ways to minimize their impacts, the system will help the business of the organization
to recover quickly if an incident occurs.
For maintaining the continuity with the current business the analysis of the impact can help in
preparation of a risk mitigation strategy for the development of the network security plan.
Insurance Consideration - Efficient insurance considerations are to be done so that the company
already has a ready-made policy in place so that organization can get the back up in case there is
fault in the system of the organization. The financial is being taken into consideration here.
Insuring the high end network device and the servers can help in management of the university
network and response against any emergency situation without facing severe issues.
Incident Response Team - The incident response team is assembled so that they can the Take
actions during the incidents such as the incident response process, suitable for presenting in
court. This is a basic procedure that any competent incident response team is proficient in.
The formation of the incident response team can help in reporting an illegal attempt made by an
user in the network and secure the resources of the organization.
Physical Safeguards - These are the physical procedures that would be involving the procedures
and the policies that would be used for the protection of a covered entity's electronic information
PROJECT ON NETWORK AND INFORMATION SECURITY
Logging should be done from the end of the authorized user only taking into consideration a
username of password. This would be directly securing the system.
Disaster Recovery and Business Continuity
Business Impact Analysis - By understanding potential risks to the business of the organization
and finding ways to minimize their impacts, the system will help the business of the organization
to recover quickly if an incident occurs.
For maintaining the continuity with the current business the analysis of the impact can help in
preparation of a risk mitigation strategy for the development of the network security plan.
Insurance Consideration - Efficient insurance considerations are to be done so that the company
already has a ready-made policy in place so that organization can get the back up in case there is
fault in the system of the organization. The financial is being taken into consideration here.
Insuring the high end network device and the servers can help in management of the university
network and response against any emergency situation without facing severe issues.
Incident Response Team - The incident response team is assembled so that they can the Take
actions during the incidents such as the incident response process, suitable for presenting in
court. This is a basic procedure that any competent incident response team is proficient in.
The formation of the incident response team can help in reporting an illegal attempt made by an
user in the network and secure the resources of the organization.
Physical Safeguards - These are the physical procedures that would be involving the procedures
and the policies that would be used for the protection of a covered entity's electronic information
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
64
PROJECT ON NETWORK AND INFORMATION SECURITY
systems. This also involves the safeguarding of the buildings and the physical equipment of the
organization.
The application of physical safeguards can help in protecting the network component and restrict
the physical access of the servers for illegal access.
Prepared Items - The prepared items would be measure that are prepared by the organization for
safeguarding their properties and business from the external agents.
The measurement of the security measure is essential for the maintaining a business continuity
plan taking important decision for the development of the network framework.
Incident Response Procedures - The incident response procedures outlines the activities that
will take place in an incident. Decisions made before an incident are far superior to those made
in the heat of the moment when the stress is on. Procedures can be thought through and properly
vetted, and this leads to more robust decision making, more effective incident response, less
company and customer loss due to the incident, and less stress overall.
The management of the incident response helps in improvement of the business continuity and
taking an effective decision for handling the emergency condition in the network.
Restoration Procedures - The restoration procedure would be following the backup procedure as
this would help the organization to restore the state of the business before they were hit by the
disaster.
The restoration procedure followed for a loss of data from the servers should be identified for
maintaining the consistency of data in the servers.
PROJECT ON NETWORK AND INFORMATION SECURITY
systems. This also involves the safeguarding of the buildings and the physical equipment of the
organization.
The application of physical safeguards can help in protecting the network component and restrict
the physical access of the servers for illegal access.
Prepared Items - The prepared items would be measure that are prepared by the organization for
safeguarding their properties and business from the external agents.
The measurement of the security measure is essential for the maintaining a business continuity
plan taking important decision for the development of the network framework.
Incident Response Procedures - The incident response procedures outlines the activities that
will take place in an incident. Decisions made before an incident are far superior to those made
in the heat of the moment when the stress is on. Procedures can be thought through and properly
vetted, and this leads to more robust decision making, more effective incident response, less
company and customer loss due to the incident, and less stress overall.
The management of the incident response helps in improvement of the business continuity and
taking an effective decision for handling the emergency condition in the network.
Restoration Procedures - The restoration procedure would be following the backup procedure as
this would help the organization to restore the state of the business before they were hit by the
disaster.
The restoration procedure followed for a loss of data from the servers should be identified for
maintaining the consistency of data in the servers.
65
PROJECT ON NETWORK AND INFORMATION SECURITY
Forensics Considerations - The forensic methods can be applied by the organization for the
possible mitigation of the risks from the disasters faced by them.
An analysis should be done for the identification of the errors in the system and mitigate it for
the development of a successful network framework for the organization.
Maintaining the Plan - It is very important the organization follows the plan that is developed
by them and work in accordance with the plan.
A network maintenance plan should be used for maintaining the network solution and help in
mitigation of the risk associated with the development of the network.
Security Strategies and Recommended Controls
Security Strategies
The main security strategy which should be incorporated is in the sector of the security of the
data. The access permission should be one of the most important factors which can be included
into the concept of the security strategy. Most of the organization implement the strategy so that
the data of the user are kept very much secured. The security strategy are manly incorporated
taking into consideration the aspects which are related to the issue and the threats which are
majorly play a vital role in the sector of the normal functionality of the organization. There can
be different types of security strategy like the access permission, back up, linking of the data to
the network, identification of the propose strategy which would be directly allows the aspect
which is related directly to the security of the data.
Specific recomended Controls to mitigate the risks uncovered.
PROJECT ON NETWORK AND INFORMATION SECURITY
Forensics Considerations - The forensic methods can be applied by the organization for the
possible mitigation of the risks from the disasters faced by them.
An analysis should be done for the identification of the errors in the system and mitigate it for
the development of a successful network framework for the organization.
Maintaining the Plan - It is very important the organization follows the plan that is developed
by them and work in accordance with the plan.
A network maintenance plan should be used for maintaining the network solution and help in
mitigation of the risk associated with the development of the network.
Security Strategies and Recommended Controls
Security Strategies
The main security strategy which should be incorporated is in the sector of the security of the
data. The access permission should be one of the most important factors which can be included
into the concept of the security strategy. Most of the organization implement the strategy so that
the data of the user are kept very much secured. The security strategy are manly incorporated
taking into consideration the aspects which are related to the issue and the threats which are
majorly play a vital role in the sector of the normal functionality of the organization. There can
be different types of security strategy like the access permission, back up, linking of the data to
the network, identification of the propose strategy which would be directly allows the aspect
which is related directly to the security of the data.
Specific recomended Controls to mitigate the risks uncovered.
66
PROJECT ON NETWORK AND INFORMATION SECURITY
The risk factors should be identified properly so that it directly do not possess any type of risk
factors into the working of the organization. The main factor which should be taken into
consideration is that there should be always a backup which would be directly be not connected
to the working of the organization. Focus should be to identify the risk factors before they can
possess any type of risk to the organization. Taking into consideration the aspect which is
related to the mitigation of the risk it can be stated that the policy should be focusing on the
aspect of the data and how different types of approach can be implemented into the working of
the organization so that the data would be secured.
Residual Risks
The residual risk factors for the network project are password attacks, trust exploitation, port
redirection, man-in-the-middle attacks, and social engineering attack. These are the risk factors
that might not be removed from the security policy and it would form the impact on the network
connection.
Ref No. Description Severity Probability Mitigation
Strategies
Residual
Plan
#9540021 Password
Attacks
Major Likely Reduce Biometric
Passwords
should be
used
#9540022 Trust
Exploitation
Moderate Possible Transfer Care should
be taken
before
PROJECT ON NETWORK AND INFORMATION SECURITY
The risk factors should be identified properly so that it directly do not possess any type of risk
factors into the working of the organization. The main factor which should be taken into
consideration is that there should be always a backup which would be directly be not connected
to the working of the organization. Focus should be to identify the risk factors before they can
possess any type of risk to the organization. Taking into consideration the aspect which is
related to the mitigation of the risk it can be stated that the policy should be focusing on the
aspect of the data and how different types of approach can be implemented into the working of
the organization so that the data would be secured.
Residual Risks
The residual risk factors for the network project are password attacks, trust exploitation, port
redirection, man-in-the-middle attacks, and social engineering attack. These are the risk factors
that might not be removed from the security policy and it would form the impact on the network
connection.
Ref No. Description Severity Probability Mitigation
Strategies
Residual
Plan
#9540021 Password
Attacks
Major Likely Reduce Biometric
Passwords
should be
used
#9540022 Trust
Exploitation
Moderate Possible Transfer Care should
be taken
before
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
67
PROJECT ON NETWORK AND INFORMATION SECURITY
sensitive data
is passed
#9540023 Port
Redirection
Minor Unlikely Accept Hardware
testing
should be
used
#9540024 Man-In-The-
Middle
Attacks
Moderate Likely Avoid Security
protection
must be
implemented
#9540025 Social
Engineering
Attack
Minor Rare Exploit Should be
used for
system
benefits
Severity
Probability
Negligible Minor Moderate Major Extreme
Rare Social
Engineering
Attack
PROJECT ON NETWORK AND INFORMATION SECURITY
sensitive data
is passed
#9540023 Port
Redirection
Minor Unlikely Accept Hardware
testing
should be
used
#9540024 Man-In-The-
Middle
Attacks
Moderate Likely Avoid Security
protection
must be
implemented
#9540025 Social
Engineering
Attack
Minor Rare Exploit Should be
used for
system
benefits
Severity
Probability
Negligible Minor Moderate Major Extreme
Rare Social
Engineering
Attack
68
PROJECT ON NETWORK AND INFORMATION SECURITY
Unlikely Port
Redirection
Possible Trust
Exploitation
Likely Man-In-
The-Middle
Attacks
Password
Attacks
Almost
Certain
Resources
The network development project for FNU would involve the use of a number of human and
material resources. These resources would be integrated in a single platform for the development
of the final network connection. The network designer, network administrator, network engineer,
database developer, cloud vendor, planner, budgeter, project manager, tester, and contractor
would be the human resources required for the project. The material resources (tangible and
virtual) for the project are compuetr system, network development platform, testing tools,
routers/switches, ethernet card, design platform, user interfaces, and cables.
Conclusion
From the above report it can be concluded that with the development of the report on network
security policy the organization gain different benefits. The different security policy that can be
PROJECT ON NETWORK AND INFORMATION SECURITY
Unlikely Port
Redirection
Possible Trust
Exploitation
Likely Man-In-
The-Middle
Attacks
Password
Attacks
Almost
Certain
Resources
The network development project for FNU would involve the use of a number of human and
material resources. These resources would be integrated in a single platform for the development
of the final network connection. The network designer, network administrator, network engineer,
database developer, cloud vendor, planner, budgeter, project manager, tester, and contractor
would be the human resources required for the project. The material resources (tangible and
virtual) for the project are compuetr system, network development platform, testing tools,
routers/switches, ethernet card, design platform, user interfaces, and cables.
Conclusion
From the above report it can be concluded that with the development of the report on network
security policy the organization gain different benefits. The different security policy that can be
69
PROJECT ON NETWORK AND INFORMATION SECURITY
applied in the network for securing the resources should be identified and applied for the
development of the secure network solution. There are different strategy used for the
development of the network security strategy and secure the organizational network. The risk
associated with the development of the network solution are analysed for the development of the
risk mitigation plan and application in the network for removal of the different risk acting on the
network.
PROJECT ON NETWORK AND INFORMATION SECURITY
applied in the network for securing the resources should be identified and applied for the
development of the secure network solution. There are different strategy used for the
development of the network security strategy and secure the organizational network. The risk
associated with the development of the network solution are analysed for the development of the
risk mitigation plan and application in the network for removal of the different risk acting on the
network.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
70
PROJECT ON NETWORK AND INFORMATION SECURITY
Chapter 3 – Technology Implementation of Security Controls
Overview
The report is prepared for First National University (FNU) for connecting all the branch
offices and the remote location. The campus University network is prepared for the organization
with implementation of the security techniques. A strategy should be selected for the
implementation of the security technology and apply it in the current network of the organization
to secure the sensitive organizational information. The access control mechanism is applied in
the network for restricting the unauthorized users to access the core network resources of the
organization. The access control can be based on different types such as discretion power of the
users, security policy, privilege allowed to the user, etc. The report is prepared for facilitating the
development of the comprehensive network security plan for supporting the cost effective and
risk based security program. The security can be divided into personnel security, physical
security and the cyber security. The current infrastructure of the organization should also needs
to be protected with the implementation of the associated policies and reduce the vulnerability
risk acting on the current network. The limitation of the network resources and security controls
can increase the risk of the network and thus a decision should be taken for the application of the
security control. The areas of security control and the challenges for the implementation of the
control should be identified for the development of the network security control. There are
several benefits that can be obtained with the implementation of the security control and it
should be obtained for reducing the errors in the network.
PROJECT ON NETWORK AND INFORMATION SECURITY
Chapter 3 – Technology Implementation of Security Controls
Overview
The report is prepared for First National University (FNU) for connecting all the branch
offices and the remote location. The campus University network is prepared for the organization
with implementation of the security techniques. A strategy should be selected for the
implementation of the security technology and apply it in the current network of the organization
to secure the sensitive organizational information. The access control mechanism is applied in
the network for restricting the unauthorized users to access the core network resources of the
organization. The access control can be based on different types such as discretion power of the
users, security policy, privilege allowed to the user, etc. The report is prepared for facilitating the
development of the comprehensive network security plan for supporting the cost effective and
risk based security program. The security can be divided into personnel security, physical
security and the cyber security. The current infrastructure of the organization should also needs
to be protected with the implementation of the associated policies and reduce the vulnerability
risk acting on the current network. The limitation of the network resources and security controls
can increase the risk of the network and thus a decision should be taken for the application of the
security control. The areas of security control and the challenges for the implementation of the
control should be identified for the development of the network security control. There are
several benefits that can be obtained with the implementation of the security control and it
should be obtained for reducing the errors in the network.
71
PROJECT ON NETWORK AND INFORMATION SECURITY
Network Security – Access Control
Overview
For the improvement of the security of the network a research is made on the different network
security measures that can be implemented in the current system for the improvement of the
security of the network. Firewall must be installed at the gateway of the university network for
controlling the access of the servers installed in the server farm and the request of the unknown
users should be blocked such that they does not have the access of the files residing in the
servers.
Objective of Control
The application of network boundary control can help in reducing the security of the
network and it can be achieved with the installation of multiple firewall units in the different
location of the network. An intrusion detection system can also be used for the identification of
the unauthorized users accessing the network resources and defend against them. The firewall
restricts the access of the network for the unauthorized devices to secure the network.
Resources Used
The main resources used for the implementation of the access control are Firewall,
RADIUS server, RADIUS client, Router and security protocol. The hardware and the software
requirement of the RADIUS server are given below:
Hardware Requirement
RAM 4 Gb
CPU – 2 or more core
PROJECT ON NETWORK AND INFORMATION SECURITY
Network Security – Access Control
Overview
For the improvement of the security of the network a research is made on the different network
security measures that can be implemented in the current system for the improvement of the
security of the network. Firewall must be installed at the gateway of the university network for
controlling the access of the servers installed in the server farm and the request of the unknown
users should be blocked such that they does not have the access of the files residing in the
servers.
Objective of Control
The application of network boundary control can help in reducing the security of the
network and it can be achieved with the installation of multiple firewall units in the different
location of the network. An intrusion detection system can also be used for the identification of
the unauthorized users accessing the network resources and defend against them. The firewall
restricts the access of the network for the unauthorized devices to secure the network.
Resources Used
The main resources used for the implementation of the access control are Firewall,
RADIUS server, RADIUS client, Router and security protocol. The hardware and the software
requirement of the RADIUS server are given below:
Hardware Requirement
RAM 4 Gb
CPU – 2 or more core
72
PROJECT ON NETWORK AND INFORMATION SECURITY
Wi Fi hardware with WPA support
Software requirement
Windows Server 2012 R2
Server certificate
Developing the control
The network devices should be configured with the implementation of the access list and it
should be able to provide a definition of the IP address, hostname that needs to be authorized for
accessing the network devices. The access control list is used for protecting the user from any
type of access that can be unauthorized. It can act as a defense and work with different rules for
the using different access protocol and protect the network resources. There are different types of
firewalls that can be used for controlling the data packets entering or leaving the network. It can
act as a network boundary and should consist of the different configuration for network security
achievement depending on the following reason:
Securing the internal network and the hosts for implementation of the security plan
To protect the network from internet because it is a dangerous place for different types of
malicious users for getting the access of the internal network.
To protect the network from denial of service attacks and the network resources
To restrict the internal data from illegal access or modification from the outside users.
The application of the packet filtering rules, application level gateway and circuit level gateway
can help in increasing the security of the network.
PROJECT ON NETWORK AND INFORMATION SECURITY
Wi Fi hardware with WPA support
Software requirement
Windows Server 2012 R2
Server certificate
Developing the control
The network devices should be configured with the implementation of the access list and it
should be able to provide a definition of the IP address, hostname that needs to be authorized for
accessing the network devices. The access control list is used for protecting the user from any
type of access that can be unauthorized. It can act as a defense and work with different rules for
the using different access protocol and protect the network resources. There are different types of
firewalls that can be used for controlling the data packets entering or leaving the network. It can
act as a network boundary and should consist of the different configuration for network security
achievement depending on the following reason:
Securing the internal network and the hosts for implementation of the security plan
To protect the network from internet because it is a dangerous place for different types of
malicious users for getting the access of the internal network.
To protect the network from denial of service attacks and the network resources
To restrict the internal data from illegal access or modification from the outside users.
The application of the packet filtering rules, application level gateway and circuit level gateway
can help in increasing the security of the network.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
73
PROJECT ON NETWORK AND INFORMATION SECURITY
Description of the System
The following are the three categories that can be used for mixing the abilities and place
them in different network location for increasing the security of the network. For the deployment
of the packet filtering firewall it should be connected with the router and the connected with the
internal network. An inspection is made on the firewall to allow the data packets to reach the
internal network.
The packet filtering firewall id used for blocking or accessing data packets based on
protocol, IP addresses, source, port number of the destination, etc. The decision to allow or block
the data packet should be based on the type of ICMP message, ACK bits and the TCP SYN.
The following are the two sections of the packet filtering rules such as;
Criteria of selection – It is used for matching a pattern or the condition for taking an
appropriate decision.
Action field – The action needed to be taken is specified for meeting the criteria of
selection. The action can be blocking or allowing the packet across the firewall.
The application of packet filtering is done with the configuration of the access control
list. The traffic enters the interface of the firewall and the access control list is applied for each of
the packet to find the matching criteria and permits or denies the data packets.
PROJECT ON NETWORK AND INFORMATION SECURITY
Description of the System
The following are the three categories that can be used for mixing the abilities and place
them in different network location for increasing the security of the network. For the deployment
of the packet filtering firewall it should be connected with the router and the connected with the
internal network. An inspection is made on the firewall to allow the data packets to reach the
internal network.
The packet filtering firewall id used for blocking or accessing data packets based on
protocol, IP addresses, source, port number of the destination, etc. The decision to allow or block
the data packet should be based on the type of ICMP message, ACK bits and the TCP SYN.
The following are the two sections of the packet filtering rules such as;
Criteria of selection – It is used for matching a pattern or the condition for taking an
appropriate decision.
Action field – The action needed to be taken is specified for meeting the criteria of
selection. The action can be blocking or allowing the packet across the firewall.
The application of packet filtering is done with the configuration of the access control
list. The traffic enters the interface of the firewall and the access control list is applied for each of
the packet to find the matching criteria and permits or denies the data packets.
74
PROJECT ON NETWORK AND INFORMATION SECURITY
Block Diagram
From the above diagram it has been found that the firewall is installed between the inside and the
outside network. The stateless packet filtering firewall is shown in the figure and the main
component for the demonstration are the peer to peer client and the peer to peer client.
The logical diagram are created including the other network devices that are required for the
development of the secured network. The devices used for the creation of the logical diagram are
listed below:
1. Cisco 2811 router
2. Radius Client User
3. RADIUS Server
PROJECT ON NETWORK AND INFORMATION SECURITY
Block Diagram
From the above diagram it has been found that the firewall is installed between the inside and the
outside network. The stateless packet filtering firewall is shown in the figure and the main
component for the demonstration are the peer to peer client and the peer to peer client.
The logical diagram are created including the other network devices that are required for the
development of the secured network. The devices used for the creation of the logical diagram are
listed below:
1. Cisco 2811 router
2. Radius Client User
3. RADIUS Server
75
PROJECT ON NETWORK AND INFORMATION SECURITY
4. Database
Configuration of the system
For the configuration of the system the devices should be connected with each other following a
proper cabling plan. The interfaces of the devices should be configured with an IP address
according to the IP addressing scheme. For the configuration of the firewall a single computer of
a firewall device can be used and the network scenario should be analysed for the following task:
1. Configuring the access list
2. Configuring the inspection rules
3. Application of access list and the inspection rules on the interface.
For the configuration of the access list the following commands should be used
Router(config)# access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255
Router(config)#
PROJECT ON NETWORK AND INFORMATION SECURITY
4. Database
Configuration of the system
For the configuration of the system the devices should be connected with each other following a
proper cabling plan. The interfaces of the devices should be configured with an IP address
according to the IP addressing scheme. For the configuration of the firewall a single computer of
a firewall device can be used and the network scenario should be analysed for the following task:
1. Configuring the access list
2. Configuring the inspection rules
3. Application of access list and the inspection rules on the interface.
For the configuration of the access list the following commands should be used
Router(config)# access-list 105 permit ip 10.1.1.0 0.0.0.255 192.168.0.0 0.0.255.255
Router(config)#
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
76
PROJECT ON NETWORK AND INFORMATION SECURITY
For the inspection of the firewall rules the following command should be used
Router(config)# ip inspect name firewall tcp
Router(config)#
For the application of the access list and the rules of inspection of the network interface the
following command should be used
Router(config)# interface fastethernet 0
Router(config-if)#
Router(config-if)# ip access-group 103 in
Router(config-if)#
Router(config-if)# exit
Router(config)#
Test Plan Design
For designing the test plan the firewall rules should be inspected and it should be
compared with the functionality of the system. A remote connection should be established with
the network for testing the firewall rules and the interfaces should be checked for the application
of the firewall rules. For designing the test plan a test case should be defined for each of the steps
and implemented in the test plan.
PROJECT ON NETWORK AND INFORMATION SECURITY
For the inspection of the firewall rules the following command should be used
Router(config)# ip inspect name firewall tcp
Router(config)#
For the application of the access list and the rules of inspection of the network interface the
following command should be used
Router(config)# interface fastethernet 0
Router(config-if)#
Router(config-if)# ip access-group 103 in
Router(config-if)#
Router(config-if)# exit
Router(config)#
Test Plan Design
For designing the test plan the firewall rules should be inspected and it should be
compared with the functionality of the system. A remote connection should be established with
the network for testing the firewall rules and the interfaces should be checked for the application
of the firewall rules. For designing the test plan a test case should be defined for each of the steps
and implemented in the test plan.
77
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Implementation
For the implementation of the test plan a test plan schedule and the test case designed
should be used. A remote host should be set up with an unknown IP address for connecting with
the branches and a connection should be established for the implementation of the test plan.
Test Results and Analysis
Once you have completed your tests, then proceed to analyse the results. Verify that the results
are in accordance with the expectations. In case of any discrepancy, proceed to readjust the
system accordingly. Run the test again and check for inconsistencies.
Network Security – DMZ Zone
Objective of Control
The main objective of the implementation of the network security is to create a
demilitarized zone and install the servers in that zone for preventing the access of the staffs and
the local users. It creates an additional security layer on the network and restricting the local
node to access the elements installed in the demilitarized zone. The hosts that are vulnerable to
different types of attacks are installed in the DMZ zone and protecting the rest of the network
from the attacks.
Resources Used
DMZ can be configured on the Linksys router and for the creation of the DMZ zone it
needs to be configured according to the DMZ firewall rules. The other resources required for the
DMZ zone are firewall, Servers, etc.
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Implementation
For the implementation of the test plan a test plan schedule and the test case designed
should be used. A remote host should be set up with an unknown IP address for connecting with
the branches and a connection should be established for the implementation of the test plan.
Test Results and Analysis
Once you have completed your tests, then proceed to analyse the results. Verify that the results
are in accordance with the expectations. In case of any discrepancy, proceed to readjust the
system accordingly. Run the test again and check for inconsistencies.
Network Security – DMZ Zone
Objective of Control
The main objective of the implementation of the network security is to create a
demilitarized zone and install the servers in that zone for preventing the access of the staffs and
the local users. It creates an additional security layer on the network and restricting the local
node to access the elements installed in the demilitarized zone. The hosts that are vulnerable to
different types of attacks are installed in the DMZ zone and protecting the rest of the network
from the attacks.
Resources Used
DMZ can be configured on the Linksys router and for the creation of the DMZ zone it
needs to be configured according to the DMZ firewall rules. The other resources required for the
DMZ zone are firewall, Servers, etc.
78
PROJECT ON NETWORK AND INFORMATION SECURITY
Developing the control
For the development of the DMZ zone and configuring the email server to remain in the
DMZ the associated email and the database should be stored on the primary server. The
information should be accessed from the email server placed inside the DMZ network and
available to the external users. The primary responsibility of the email server is to pass the
incoming and the outgoing emails between the servers and the internet. The web server handles
the communication of the internal database residing in the database server and it may also
contain sensitive information of the organization. Thus the database servers should be connected
via a firewall for maintaining secured communication and maintaining the overall security of the
organizational network. The installation of proxy servers in the DMZ zone can also help in
meeting the legal rules and standards.
Description of the System
For the development of the system there are different methodology that can be used for
development of the network infrastructure. The two commonly used methodology are the using
single firewall or using two firewall. The single firewall is also called three legged model and
here a single firewall with three network interfaces are used for the development of the DMZ
architecture. In the dual firewall DMZ model two firewall are used and one acts as the front end
and the other acts the back end.
Configuration of the system
For the configuration of the system the external network should be connected with the
first interface of the network. The internal network is then connected with the second interface of
the network and a network DMZ zone is created on the third interface of the network. It is used
for handling the traffic on the DMZ and the internal network. Different colour codes are used
PROJECT ON NETWORK AND INFORMATION SECURITY
Developing the control
For the development of the DMZ zone and configuring the email server to remain in the
DMZ the associated email and the database should be stored on the primary server. The
information should be accessed from the email server placed inside the DMZ network and
available to the external users. The primary responsibility of the email server is to pass the
incoming and the outgoing emails between the servers and the internet. The web server handles
the communication of the internal database residing in the database server and it may also
contain sensitive information of the organization. Thus the database servers should be connected
via a firewall for maintaining secured communication and maintaining the overall security of the
organizational network. The installation of proxy servers in the DMZ zone can also help in
meeting the legal rules and standards.
Description of the System
For the development of the system there are different methodology that can be used for
development of the network infrastructure. The two commonly used methodology are the using
single firewall or using two firewall. The single firewall is also called three legged model and
here a single firewall with three network interfaces are used for the development of the DMZ
architecture. In the dual firewall DMZ model two firewall are used and one acts as the front end
and the other acts the back end.
Configuration of the system
For the configuration of the system the external network should be connected with the
first interface of the network. The internal network is then connected with the second interface of
the network and a network DMZ zone is created on the third interface of the network. It is used
for handling the traffic on the DMZ and the internal network. Different colour codes are used
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
79
PROJECT ON NETWORK AND INFORMATION SECURITY
indication of the network traffic on the different network interfaces. For increasing the security
of the organizational network the DMZ zone can be more secured with the implementation of
two firewalls. The firewall installed in the front end is used for allowing the data traffic to pass
using the DMZ. The back end firewall is used for the setting up the traffic to pass through the
DMZ to the internal network.
Test Plan Design
If a network configuration is made and there is an error in the configuration of the
firewall using the same configuration in the second firewall can cause the similar error. Thus
firewalls of different brands should be used at the entry and the exit point such that the
configuration mistakes must be kept lower. A penetration testing should be made on the network
for the identification of the security needs of the network and resolve the errors found in the
current system of the organization. The host must be connected with the DMZ network and the
open ports should be analysed for blocking them from external access. A false security sense
should help in configuration of the DMZ and applied for creating a straight forward methodology
for forwarding the data packets in different ports on the NAT device.
Test Plan Implementation
For the implementation of the test plan the network should be configured and the firewall
devices should be installed in the network. There are different network monitoring tools that
should be used for the identification of the vulnerabilities in the network and testing the network.
Test Results and Analysis
After the analysis of the test result it has been found that the network can be secured form
the external agents and the vulnerability of the system should be eliminated for the development
of the network solution.
PROJECT ON NETWORK AND INFORMATION SECURITY
indication of the network traffic on the different network interfaces. For increasing the security
of the organizational network the DMZ zone can be more secured with the implementation of
two firewalls. The firewall installed in the front end is used for allowing the data traffic to pass
using the DMZ. The back end firewall is used for the setting up the traffic to pass through the
DMZ to the internal network.
Test Plan Design
If a network configuration is made and there is an error in the configuration of the
firewall using the same configuration in the second firewall can cause the similar error. Thus
firewalls of different brands should be used at the entry and the exit point such that the
configuration mistakes must be kept lower. A penetration testing should be made on the network
for the identification of the security needs of the network and resolve the errors found in the
current system of the organization. The host must be connected with the DMZ network and the
open ports should be analysed for blocking them from external access. A false security sense
should help in configuration of the DMZ and applied for creating a straight forward methodology
for forwarding the data packets in different ports on the NAT device.
Test Plan Implementation
For the implementation of the test plan the network should be configured and the firewall
devices should be installed in the network. There are different network monitoring tools that
should be used for the identification of the vulnerabilities in the network and testing the network.
Test Results and Analysis
After the analysis of the test result it has been found that the network can be secured form
the external agents and the vulnerability of the system should be eliminated for the development
of the network solution.
80
PROJECT ON NETWORK AND INFORMATION SECURITY
Network Security – RADIUS Server
Objective of Control
The implementation of thee RADIUS server helps in management of the users connected
in the network and enforces an authentication and authorization mechanism for securing the
network resources connected in the network. It also helps in management off the enterprise
network such as the wireless network and the internal network for the management of the
integrated email service.
Resources Used
The main resource that is need for running the radius is a computer which would be having all
the important system requirements according the radius server which has been chosen.
Developing the control
The use of the RADIUS authentication on the device is mainly used for the purpose of
configuring the information about one or more RADIUS servers present on the network and this
is done by including the radius-server statement ate the hierarchy level for all of the RADIUS
servers. And due to the fact that remote authentication is configured on a multiple number of
devices the common configuration is done at the interior section of the configuration group. This
also includes the adding of the IPv4 and IPv6 server address, followed by including of strong
passwords. In case if it is necessary then the ports can be specified on which the the RADIUS
server can be contacted. By default it is generally the port number 1812. After this the order is to
be specified in which the system would be trying to authenticate itself.
PROJECT ON NETWORK AND INFORMATION SECURITY
Network Security – RADIUS Server
Objective of Control
The implementation of thee RADIUS server helps in management of the users connected
in the network and enforces an authentication and authorization mechanism for securing the
network resources connected in the network. It also helps in management off the enterprise
network such as the wireless network and the internal network for the management of the
integrated email service.
Resources Used
The main resource that is need for running the radius is a computer which would be having all
the important system requirements according the radius server which has been chosen.
Developing the control
The use of the RADIUS authentication on the device is mainly used for the purpose of
configuring the information about one or more RADIUS servers present on the network and this
is done by including the radius-server statement ate the hierarchy level for all of the RADIUS
servers. And due to the fact that remote authentication is configured on a multiple number of
devices the common configuration is done at the interior section of the configuration group. This
also includes the adding of the IPv4 and IPv6 server address, followed by including of strong
passwords. In case if it is necessary then the ports can be specified on which the the RADIUS
server can be contacted. By default it is generally the port number 1812. After this the order is to
be specified in which the system would be trying to authenticate itself.
81
PROJECT ON NETWORK AND INFORMATION SECURITY
Description of the System
RADIUS or the Remote Authentication Dial-In User Service is a client or server protocol
and software which is associated with enabling the various remote access servers in order to
communicate with the central software for eth purpose of authenticating the dial-in users
followed by authorizing their access to the system requested by the user. This system also helps
the organizations to maintain a record of the users in a central database which is shared by all the
remote servers. This system is also associated with providing a better security which helps the
organizations in setting up policies which are applied on the single administered network point.
This central database also helps a lot in easy tracking of the usage for billing and also to keep a
track of the network statistics.
Configuration of the system:
The quick configuration for CLI can be done copying various commands and then pasting them
to a text file. Then the line breaks must be removed and the details needed to match the network
configuration must be changed. The GUI Step-by-Step processes include configuring of
RADIUS Server for various system authentications. As per the results are considered, from the
configuration mode the configuration can be confirmed through entering the needed commands.
As the output fails display the needed configuration, the instructions for configuration can be
repeated here for correcting it.
Test Plan Design:
It must include the document describing the schedules, resources, approaches and scopes
of various needed test activities, Further it is able to the features needed to be tested, testing
activities, who must perform every task, the degree of govern tester independence, environment
of test and techniques of test design.
PROJECT ON NETWORK AND INFORMATION SECURITY
Description of the System
RADIUS or the Remote Authentication Dial-In User Service is a client or server protocol
and software which is associated with enabling the various remote access servers in order to
communicate with the central software for eth purpose of authenticating the dial-in users
followed by authorizing their access to the system requested by the user. This system also helps
the organizations to maintain a record of the users in a central database which is shared by all the
remote servers. This system is also associated with providing a better security which helps the
organizations in setting up policies which are applied on the single administered network point.
This central database also helps a lot in easy tracking of the usage for billing and also to keep a
track of the network statistics.
Configuration of the system:
The quick configuration for CLI can be done copying various commands and then pasting them
to a text file. Then the line breaks must be removed and the details needed to match the network
configuration must be changed. The GUI Step-by-Step processes include configuring of
RADIUS Server for various system authentications. As per the results are considered, from the
configuration mode the configuration can be confirmed through entering the needed commands.
As the output fails display the needed configuration, the instructions for configuration can be
repeated here for correcting it.
Test Plan Design:
It must include the document describing the schedules, resources, approaches and scopes
of various needed test activities, Further it is able to the features needed to be tested, testing
activities, who must perform every task, the degree of govern tester independence, environment
of test and techniques of test design.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
82
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Implementation
For this various inputs can be considered. The first one is the employee and the project
deadline. In the working days, the resource availabilities and project deadlines there are many
factors that are affected to that schedule. Next there is project estimation. On the basis of that
estimation, the test managers understand how it has been taking to finish the desired project. This
helps in making the proper project schedule. Moreover, understanding of the project risk helps
the test managers to incorporate sufficient extra to the schedule of the project in dealing with
various risks.
Test Results and Analysis
After the analysis of the test result it has been found that the network can be secured form
the external agents and the vulnerability of the system should be eliminated for the development
of the network solution.
Network Security – IPS
Objective of Control
The security tools can be used for the analysis of the path of intrusion and perform a penetration
testing on the network for securing the entry and the exit points. In the above report the steps that
should be followed for the deployment of the Snort and the Honey pots are discussed that would
help the network development team to secure the network from external agents. The snort can be
used for the intrusion detection and installed in different location of the network for capturing the
data packets and secure the sensitive organizational information. The deployment of the honey
pots helps to create a trap in the network and distract the attacker to access the original resources
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Implementation
For this various inputs can be considered. The first one is the employee and the project
deadline. In the working days, the resource availabilities and project deadlines there are many
factors that are affected to that schedule. Next there is project estimation. On the basis of that
estimation, the test managers understand how it has been taking to finish the desired project. This
helps in making the proper project schedule. Moreover, understanding of the project risk helps
the test managers to incorporate sufficient extra to the schedule of the project in dealing with
various risks.
Test Results and Analysis
After the analysis of the test result it has been found that the network can be secured form
the external agents and the vulnerability of the system should be eliminated for the development
of the network solution.
Network Security – IPS
Objective of Control
The security tools can be used for the analysis of the path of intrusion and perform a penetration
testing on the network for securing the entry and the exit points. In the above report the steps that
should be followed for the deployment of the Snort and the Honey pots are discussed that would
help the network development team to secure the network from external agents. The snort can be
used for the intrusion detection and installed in different location of the network for capturing the
data packets and secure the sensitive organizational information. The deployment of the honey
pots helps to create a trap in the network and distract the attacker to access the original resources
83
PROJECT ON NETWORK AND INFORMATION SECURITY
of the organization. The vulnerabilities of the system can be eliminated by performing the
penetration technique and the sensitive organizational information can be kept secured.
Resources Used:
The attacker can use different methodology for accessing the network such as SQL injection,
buffer overrun, remote code execution and authentication bypass. For the mitigation of the risk
the installation of the third party software should be avoided and all the applications should be
kept up to dated and patched for reduction of the risk associated with the network.
Developing the control
For researching on the vulnerability of the network a research should be done on the different
penetration testing tools and the for the selection of the tool a study is made on the weak points
on the network and the security mechanism that should be followed for securing the network
from external threats. The different points that can cause the vulnerability are analysed and the
main concentration is given in the application program that can have a negative impact on the
network security. The flaws in the programming code should analysed and the installation of
third party software should be avoided for reducing the risk of malware and open new port in the
network causing the attack to intrude into the network. The presence of rootkit can also help in
increase the vulnerability of the system and protect the network from data loss and data theft.
Description of the System:
The honeypots are used in the network for creating a trap on the network and viewing the
logging activity of the user that can be used for in sighting different levels and types of threats.
Research honey pots are used for analysis of the clos activity of the intruders and learn the
protection that should be applied for the protection of the data. The data that are placed in the
PROJECT ON NETWORK AND INFORMATION SECURITY
of the organization. The vulnerabilities of the system can be eliminated by performing the
penetration technique and the sensitive organizational information can be kept secured.
Resources Used:
The attacker can use different methodology for accessing the network such as SQL injection,
buffer overrun, remote code execution and authentication bypass. For the mitigation of the risk
the installation of the third party software should be avoided and all the applications should be
kept up to dated and patched for reduction of the risk associated with the network.
Developing the control
For researching on the vulnerability of the network a research should be done on the different
penetration testing tools and the for the selection of the tool a study is made on the weak points
on the network and the security mechanism that should be followed for securing the network
from external threats. The different points that can cause the vulnerability are analysed and the
main concentration is given in the application program that can have a negative impact on the
network security. The flaws in the programming code should analysed and the installation of
third party software should be avoided for reducing the risk of malware and open new port in the
network causing the attack to intrude into the network. The presence of rootkit can also help in
increase the vulnerability of the system and protect the network from data loss and data theft.
Description of the System:
The honeypots are used in the network for creating a trap on the network and viewing the
logging activity of the user that can be used for in sighting different levels and types of threats.
Research honey pots are used for analysis of the clos activity of the intruders and learn the
protection that should be applied for the protection of the data. The data that are placed in the
84
PROJECT ON NETWORK AND INFORMATION SECURITY
honeypots should have unique identifying properties such that it can be used by the analyst to
track the stolen data and identify the connection between the attacker and the participants in the
penetration technique. Virtual machines are used for hosting the honeypots and protecting the
main server from unauthorized access.
Configuration of the system:
Stage 1: We have to download pentbox for setting the nectar pot in kali linux and it yell be
introduced into the framework from the terminal.
Stage 2: compact disc pent box 1.8/is utilized for going into the pent box index and ./pentbox.rb
summon is utilized for running the pent box device.
Stage 3: The second alternative system instrument is chosen and took after by 3 choice which is
for the honeypots.
PROJECT ON NETWORK AND INFORMATION SECURITY
honeypots should have unique identifying properties such that it can be used by the analyst to
track the stolen data and identify the connection between the attacker and the participants in the
penetration technique. Virtual machines are used for hosting the honeypots and protecting the
main server from unauthorized access.
Configuration of the system:
Stage 1: We have to download pentbox for setting the nectar pot in kali linux and it yell be
introduced into the framework from the terminal.
Stage 2: compact disc pent box 1.8/is utilized for going into the pent box index and ./pentbox.rb
summon is utilized for running the pent box device.
Stage 3: The second alternative system instrument is chosen and took after by 3 choice which is
for the honeypots.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
85
PROJECT ON NETWORK AND INFORMATION SECURITY
Stage 4: On determination of the honeypot alternative two choices are incited i.e. quick auto
design or manual arrangement.
Stage 5: The auto design alternative is chosen and it enacts the nectar pot on port 80. For manual
arrangement distinctive port address can be set and false messages can be embedded to
misinform the assailant and alternatives for sparing the log records is designed.
PROJECT ON NETWORK AND INFORMATION SECURITY
Stage 4: On determination of the honeypot alternative two choices are incited i.e. quick auto
design or manual arrangement.
Stage 5: The auto design alternative is chosen and it enacts the nectar pot on port 80. For manual
arrangement distinctive port address can be set and false messages can be embedded to
misinform the assailant and alternatives for sparing the log records is designed.
86
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Design:
The infiltration procedures is utilized for breaking down the security vulnerabilities after the
assessment of the system or the frameworks with the execution of malignant strategy. The
entrance procedure abuses the present shortcoming and mistakes in the setup codes and the
primary motivation behind the infiltration systems is to secure the authoritative information from
the unapproved clients. On the fruitful distinguishing proof of the defenselessness it is utilized by
the analyzer for getting to the sensitive data of the association.
Test Plan Implementation
Social Engineering test – It is utilized for the abuse of the individual information, passwords and
delicate authoritative data. It can be caused because of human blunders. Security approach and
norms ought to be utilized for maintaining a strategic distance from this kind of powerlessness
and conduction of security reviews helps in evacuation of the imperfections.
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Design:
The infiltration procedures is utilized for breaking down the security vulnerabilities after the
assessment of the system or the frameworks with the execution of malignant strategy. The
entrance procedure abuses the present shortcoming and mistakes in the setup codes and the
primary motivation behind the infiltration systems is to secure the authoritative information from
the unapproved clients. On the fruitful distinguishing proof of the defenselessness it is utilized by
the analyzer for getting to the sensitive data of the association.
Test Plan Implementation
Social Engineering test – It is utilized for the abuse of the individual information, passwords and
delicate authoritative data. It can be caused because of human blunders. Security approach and
norms ought to be utilized for maintaining a strategic distance from this kind of powerlessness
and conduction of security reviews helps in evacuation of the imperfections.
87
PROJECT ON NETWORK AND INFORMATION SECURITY
Web application test – Software technique is utilized for the presentation of the security dangers
and the web applications, programming programs introduced in the focused on framework are
abused for investigation of the imperfections.
Physical entrance test – It is utilized for the use of touchy information assurance by testing all
the system gadgets for any probability of break and the testing isn't important as the product
testing.
Network benefit test – The open ports in the system are distinguished utilizing distinctive system
investigation instrument and the system gadgets are reconfigured for relief of the hazard.
Client side test – the customer side programming applications are dissected for the abuse of the
vulnerabilities.
Wireless security test – The interlopers can meddle in the system through the unsecured remote
access focuses and accordingly some security calculations ought to be connected for limiting the
unapproved clients to interface with the hierarchical system.
There are different penetration testing tool that can be installed or deployed in the system for
analysing the vulnerability of the system and the success of the test depends on the selection of
the best possible tool after analysis of the network infrastructure. Currently snort and Honey pots
are used for performing the test and it is selected depending on the following criteria:
Ease of organization, arrangement and ease of use of the instrument.
The device must be utilized for filtering the framework effortlessly.
The defenselessness can be sorted by their seriousness and it ought to be checked
consequently.
PROJECT ON NETWORK AND INFORMATION SECURITY
Web application test – Software technique is utilized for the presentation of the security dangers
and the web applications, programming programs introduced in the focused on framework are
abused for investigation of the imperfections.
Physical entrance test – It is utilized for the use of touchy information assurance by testing all
the system gadgets for any probability of break and the testing isn't important as the product
testing.
Network benefit test – The open ports in the system are distinguished utilizing distinctive system
investigation instrument and the system gadgets are reconfigured for relief of the hazard.
Client side test – the customer side programming applications are dissected for the abuse of the
vulnerabilities.
Wireless security test – The interlopers can meddle in the system through the unsecured remote
access focuses and accordingly some security calculations ought to be connected for limiting the
unapproved clients to interface with the hierarchical system.
There are different penetration testing tool that can be installed or deployed in the system for
analysing the vulnerability of the system and the success of the test depends on the selection of
the best possible tool after analysis of the network infrastructure. Currently snort and Honey pots
are used for performing the test and it is selected depending on the following criteria:
Ease of organization, arrangement and ease of use of the instrument.
The device must be utilized for filtering the framework effortlessly.
The defenselessness can be sorted by their seriousness and it ought to be checked
consequently.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
88
PROJECT ON NETWORK AND INFORMATION SECURITY
It ought to have the capacity to re confirm the past defenselessness found in the
framework
It ought to have the capacity to make logs and reports
Network Security – IDS
Objective of Control
The IDS or Intrusion detection system has been monitoring traffics of networks for various
suspicious activities and issuing alerts as those types of activities are found. This happens as
autonomy detection and reporting turns out to be the main function and few of the intrusion
detection systems become capable to undertake actions as any anomalous or malicious traffic
gets detected. This includes the blocking of traffic that is set from various suspicious IP
addresses.
Resources Used:
Though a wide range of methodologies and tools are there, the various widespread fundamentals
to every security configurations of enterprise networks are the intrusion prevention or detection
system and firewall. The firewalls has been controlling departing and incoming traffic on the
basis of policies and rules and acting as the wall lying between un-trusted and secure networks.
Under those secure networks, the IDPS or IDS has discovered suspicious acts fro and to hosts
and under the traffic. This has been able to undertake proactive measures for block and log
attacks. The implementation of SNORT, Honeypots and other software identification of the flow
of the network traffic can help in identification of the vulnerability of the network.
PROJECT ON NETWORK AND INFORMATION SECURITY
It ought to have the capacity to re confirm the past defenselessness found in the
framework
It ought to have the capacity to make logs and reports
Network Security – IDS
Objective of Control
The IDS or Intrusion detection system has been monitoring traffics of networks for various
suspicious activities and issuing alerts as those types of activities are found. This happens as
autonomy detection and reporting turns out to be the main function and few of the intrusion
detection systems become capable to undertake actions as any anomalous or malicious traffic
gets detected. This includes the blocking of traffic that is set from various suspicious IP
addresses.
Resources Used:
Though a wide range of methodologies and tools are there, the various widespread fundamentals
to every security configurations of enterprise networks are the intrusion prevention or detection
system and firewall. The firewalls has been controlling departing and incoming traffic on the
basis of policies and rules and acting as the wall lying between un-trusted and secure networks.
Under those secure networks, the IDPS or IDS has discovered suspicious acts fro and to hosts
and under the traffic. This has been able to undertake proactive measures for block and log
attacks. The implementation of SNORT, Honeypots and other software identification of the flow
of the network traffic can help in identification of the vulnerability of the network.
89
PROJECT ON NETWORK AND INFORMATION SECURITY
Developing the control
The IDS project must be planned and decided on what type of IDS has been needed to be made.
It is to be determined whether it is an anomaly-based IDS or a signature based one. They need to
focus on various host-based detection systems of intrusions and network-based IDS. Further,
they require focusing on various alert correlation systems and implementation of higher-order
IDS. Lastly, it is to be decided that IDS architecture has been including how they are able to
define the detection engine. Finally they require deciding IDS architectures including how they
can define the detection engine. For example, it is to be found out whether this has been anomaly
based or signature based.
Description of the System:
The selection of the snort tool helps in performing the penetration and it can be deployed in
different location for finding the data flow in the network and analysis of the data traffic. It can
be used for both positive and negative used such as the attacker can use it for getting the
visibility of the current network and find the path to intrude into the network. It can also help in
securing the network by getting the details of the unwanted request coming from external
network and configure the firewall to restrict the traffic. The snort can be installed in the firewall
and in that case the firewall should be installed in the DMZ zone and it should be used for
matching the data collected from the external sensor for securing the network. The requirement
for matching the sensor is that the switch installed in the network should be configured with port
mirroring configuration. The firewall rules must be validated and fixed after performing an
exploitation on the current network. It can also be used for securing the servers by installing the
Snort on the server and help in creation of the lightweight IDS (intrusion detection system). The
snort sensors can be installed in different location of the network and it can be used for analysing
PROJECT ON NETWORK AND INFORMATION SECURITY
Developing the control
The IDS project must be planned and decided on what type of IDS has been needed to be made.
It is to be determined whether it is an anomaly-based IDS or a signature based one. They need to
focus on various host-based detection systems of intrusions and network-based IDS. Further,
they require focusing on various alert correlation systems and implementation of higher-order
IDS. Lastly, it is to be decided that IDS architecture has been including how they are able to
define the detection engine. Finally they require deciding IDS architectures including how they
can define the detection engine. For example, it is to be found out whether this has been anomaly
based or signature based.
Description of the System:
The selection of the snort tool helps in performing the penetration and it can be deployed in
different location for finding the data flow in the network and analysis of the data traffic. It can
be used for both positive and negative used such as the attacker can use it for getting the
visibility of the current network and find the path to intrude into the network. It can also help in
securing the network by getting the details of the unwanted request coming from external
network and configure the firewall to restrict the traffic. The snort can be installed in the firewall
and in that case the firewall should be installed in the DMZ zone and it should be used for
matching the data collected from the external sensor for securing the network. The requirement
for matching the sensor is that the switch installed in the network should be configured with port
mirroring configuration. The firewall rules must be validated and fixed after performing an
exploitation on the current network. It can also be used for securing the servers by installing the
Snort on the server and help in creation of the lightweight IDS (intrusion detection system). The
snort sensors can be installed in different location of the network and it can be used for analysing
90
PROJECT ON NETWORK AND INFORMATION SECURITY
the current activity of the network. The first one is the NIDS or Network Intrusion Detection
system. Analysis is done here for traffic over the entire subnet and makes that matched to traffic
passing by attacks that are known already under library of known attacks. The next one is the
network node intrusion detection systems. It has been same as NIDS. However, the traffic has
been monitored over a single host and never over an entire subnet. The next one is host intrusion
detection system or HIDS. It has taken picture of the complete system of the file set and been
compared to the past scenario. Whenever there is any notable difference like missing files, it
alerts administrators.
Configuration of the system:
Businesses have been specifying what the IDS has been needed to do as it detects any
break-in attempt. Additionally, it is able to log the activities send alerts to pager or consoles and
send commands to various routers and firewalls. Here the common action has been to log the
event. In doing so forensic data to analyses successful exploits and updating of firewalls can be
done. The following screen shot is attached for the snort configuration used for the detecting the
intrusion in the network.
PROJECT ON NETWORK AND INFORMATION SECURITY
the current activity of the network. The first one is the NIDS or Network Intrusion Detection
system. Analysis is done here for traffic over the entire subnet and makes that matched to traffic
passing by attacks that are known already under library of known attacks. The next one is the
network node intrusion detection systems. It has been same as NIDS. However, the traffic has
been monitored over a single host and never over an entire subnet. The next one is host intrusion
detection system or HIDS. It has taken picture of the complete system of the file set and been
compared to the past scenario. Whenever there is any notable difference like missing files, it
alerts administrators.
Configuration of the system:
Businesses have been specifying what the IDS has been needed to do as it detects any
break-in attempt. Additionally, it is able to log the activities send alerts to pager or consoles and
send commands to various routers and firewalls. Here the common action has been to log the
event. In doing so forensic data to analyses successful exploits and updating of firewalls can be
done. The following screen shot is attached for the snort configuration used for the detecting the
intrusion in the network.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
91
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Design:
The first step is the single intruder single terminal where the category is launched by
single intruder from any single terminal service or logical equivalent. The next one is single
intruder multiple terminal. Here it comprises of intrusion scenarios under which the intruder uses
various windows over the computer to carry our many intrusions. The category has been
covering scenarios where various intruders have been taking part in various intrusions at the
same time.
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Design:
The first step is the single intruder single terminal where the category is launched by
single intruder from any single terminal service or logical equivalent. The next one is single
intruder multiple terminal. Here it comprises of intrusion scenarios under which the intruder uses
various windows over the computer to carry our many intrusions. The category has been
covering scenarios where various intruders have been taking part in various intrusions at the
same time.
92
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Implementation
Implementations must focus on various signature based and different anomaly based
network IDS. It is an approach to detect the known protocols based detections or the anomaly
detections. This can be done my adapting conformance testing methods that can be tested
effectively investigate the properness of implementation. The snort rules are added according to
the network policy for performing a penetration testing on the network and improve the network
performance.
PROJECT ON NETWORK AND INFORMATION SECURITY
Test Plan Implementation
Implementations must focus on various signature based and different anomaly based
network IDS. It is an approach to detect the known protocols based detections or the anomaly
detections. This can be done my adapting conformance testing methods that can be tested
effectively investigate the properness of implementation. The snort rules are added according to
the network policy for performing a penetration testing on the network and improve the network
performance.
93
PROJECT ON NETWORK AND INFORMATION SECURITY
Backup and Recovery Technology
For the implementation of the backup and recovery technology in the organization the
vulnerability of the current network should be analyzed and a site survey should be made.
The University network can be vulnerable to the physical intrusion and the access of the
workstation for all of the users should not be allowed. This is because the user may
access the sensitive organizational information and misuse for illegal use.
Login ID and password must be set for the users and antivirus programs must be installed
in the workstations for protecting the network resources.
Firewalls should be installed for protecting the network from external intrusion and the
hackers should not be able to access the resources of the network. Centralized backing up
of the information in the network helps in increasing the secure of the network.
PROJECT ON NETWORK AND INFORMATION SECURITY
Backup and Recovery Technology
For the implementation of the backup and recovery technology in the organization the
vulnerability of the current network should be analyzed and a site survey should be made.
The University network can be vulnerable to the physical intrusion and the access of the
workstation for all of the users should not be allowed. This is because the user may
access the sensitive organizational information and misuse for illegal use.
Login ID and password must be set for the users and antivirus programs must be installed
in the workstations for protecting the network resources.
Firewalls should be installed for protecting the network from external intrusion and the
hackers should not be able to access the resources of the network. Centralized backing up
of the information in the network helps in increasing the secure of the network.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
94
PROJECT ON NETWORK AND INFORMATION SECURITY
The backup servers must be installed in remote location for securely uploading the data
of the University for increasing the security.
The servers should be virtualized and uploaded in the cloud servers such that it can be
accessed from remote location.
The creation of the security policy documentation and configuring the firewall helps
reducing the security issues and increases the flexibility of the network.
The firewalls should be configured with the access control list and implemented on the
interface of the routers such that the unknown data packets are dropped. The following firewall
rules are used for increasing the security and given below:
Protocol Source IP Destination IP Action Port Description
IP ANY 192.168.1.6 ALLOW 80 The access of
the web server
is allowed for
all the hosts
connected in
the network
IP ANY 192.168.1.6 ALLOW 53 For the port 53
all the network
are allowed to
use the web
server
UDP ANY 192.168.1.11 ALLOW 443 For the UDP
connections all
PROJECT ON NETWORK AND INFORMATION SECURITY
The backup servers must be installed in remote location for securely uploading the data
of the University for increasing the security.
The servers should be virtualized and uploaded in the cloud servers such that it can be
accessed from remote location.
The creation of the security policy documentation and configuring the firewall helps
reducing the security issues and increases the flexibility of the network.
The firewalls should be configured with the access control list and implemented on the
interface of the routers such that the unknown data packets are dropped. The following firewall
rules are used for increasing the security and given below:
Protocol Source IP Destination IP Action Port Description
IP ANY 192.168.1.6 ALLOW 80 The access of
the web server
is allowed for
all the hosts
connected in
the network
IP ANY 192.168.1.6 ALLOW 53 For the port 53
all the network
are allowed to
use the web
server
UDP ANY 192.168.1.11 ALLOW 443 For the UDP
connections all
95
PROJECT ON NETWORK AND INFORMATION SECURITY
the users with
IP address are
allowed to
connect with
the email
servers.
TCP ANY ANY DENY 443 All the TCP
connection for
the port 443 is
blocked in the
network.
IP ANY ANY DENY 53 All the IP s are
denied to
access the port
53 on the
network.
The file servers should be configured on a virtual machine for the management of the files and
shown in the following screenshots. It is also needed to be connected with the other servers for
management of the information and enabling it to share with users.
PROJECT ON NETWORK AND INFORMATION SECURITY
the users with
IP address are
allowed to
connect with
the email
servers.
TCP ANY ANY DENY 443 All the TCP
connection for
the port 443 is
blocked in the
network.
IP ANY ANY DENY 53 All the IP s are
denied to
access the port
53 on the
network.
The file servers should be configured on a virtual machine for the management of the files and
shown in the following screenshots. It is also needed to be connected with the other servers for
management of the information and enabling it to share with users.
96
PROJECT ON NETWORK AND INFORMATION SECURITY
PROJECT ON NETWORK AND INFORMATION SECURITY
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
97
PROJECT ON NETWORK AND INFORMATION SECURITY
Penetration testing
Network Scanning
Scanning Server
TCP SYN scan
Sudo nmap –sS scanme.namp.org
PROJECT ON NETWORK AND INFORMATION SECURITY
Penetration testing
Network Scanning
Scanning Server
TCP SYN scan
Sudo nmap –sS scanme.namp.org
98
PROJECT ON NETWORK AND INFORMATION SECURITY
Detection of OS and its version
Quick scan
Single Port Scan
Port Range Scanning
PROJECT ON NETWORK AND INFORMATION SECURITY
Detection of OS and its version
Quick scan
Single Port Scan
Port Range Scanning
99
PROJECT ON NETWORK AND INFORMATION SECURITY
Port Scan
The above procedure are given for testing the vulnerability of the network using NMap. It
is used for analyzing the open ports of the network and use it for intruding into the current
network of the University.
Conclusion
From the above report it can be concluded that with the implementation of the firewall
policy and the RADIUS server the network can be secured from the illegal users to access the
core network resources. The install location of the firewall should be selected depending upon
the needs of the organization. A demilitarized zone should be created for the core network
servers such that it cannot be accesses physically and a log should be maintained regarding the
access of the network. An intrusion detection system can be used for monitoring the flow of data
traffic in the network and it can be combined with the intrusion prevention system for mitigating
the risk of cyber threats and providing a dynamic security solution for the organization.
PROJECT ON NETWORK AND INFORMATION SECURITY
Port Scan
The above procedure are given for testing the vulnerability of the network using NMap. It
is used for analyzing the open ports of the network and use it for intruding into the current
network of the University.
Conclusion
From the above report it can be concluded that with the implementation of the firewall
policy and the RADIUS server the network can be secured from the illegal users to access the
core network resources. The install location of the firewall should be selected depending upon
the needs of the organization. A demilitarized zone should be created for the core network
servers such that it cannot be accesses physically and a log should be maintained regarding the
access of the network. An intrusion detection system can be used for monitoring the flow of data
traffic in the network and it can be combined with the intrusion prevention system for mitigating
the risk of cyber threats and providing a dynamic security solution for the organization.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
100
PROJECT ON NETWORK AND INFORMATION SECURITY
Bibliography
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Cam-Winget, N., Popa, D., & Hui, J. (2017). Applicability Statement for the Routing Protocol
for Low-Power and Lossy Networks (RPL) in Advanced Metering Infrastructure (AMI)
Networks.
Da Xu, L., He, W., & Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions
on industrial informatics, 10(4), 2233-2243.
Faynberg, I., & Goeringer, S. (2017). NFV Security: Emerging Technologies and Standards.
In Guide to Security in SDN and NFV (pp. 33-73). Springer, Cham.
Granjal, J., Monteiro, E., & Silva, J. S. (2015). Security in the integration of low-power Wireless
Sensor Networks with the Internet: A survey. Ad Hoc Networks, 24, 264-287.
Haseeb, S., Hashim, A. H. A., Khalifa, O. O., & Ismail, A. F. (2017, November). Network
Function Virtualization (NFV) based architecture to address connectivity, interoperability
and manageability challenges in Internet of Things (IoT). In IOP Conference Series:
Materials Science and Engineering (Vol. 260, No. 1, p. 012033). IOP Publishing.
Hu, R., Hu, W., & Chen, Z. (2015, November). Research of smart grid cyber architecture and
standards deployment with high adaptability for Security Monitoring. In Sustainable
Mobility Applications, Renewables and Technology (SMART), 2015 International
Conference on (pp. 1-6). IEEE.
PROJECT ON NETWORK AND INFORMATION SECURITY
Bibliography
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security
problem. arXiv preprint arXiv:1609.01107.
Cam-Winget, N., Popa, D., & Hui, J. (2017). Applicability Statement for the Routing Protocol
for Low-Power and Lossy Networks (RPL) in Advanced Metering Infrastructure (AMI)
Networks.
Da Xu, L., He, W., & Li, S. (2014). Internet of things in industries: A survey. IEEE Transactions
on industrial informatics, 10(4), 2233-2243.
Faynberg, I., & Goeringer, S. (2017). NFV Security: Emerging Technologies and Standards.
In Guide to Security in SDN and NFV (pp. 33-73). Springer, Cham.
Granjal, J., Monteiro, E., & Silva, J. S. (2015). Security in the integration of low-power Wireless
Sensor Networks with the Internet: A survey. Ad Hoc Networks, 24, 264-287.
Haseeb, S., Hashim, A. H. A., Khalifa, O. O., & Ismail, A. F. (2017, November). Network
Function Virtualization (NFV) based architecture to address connectivity, interoperability
and manageability challenges in Internet of Things (IoT). In IOP Conference Series:
Materials Science and Engineering (Vol. 260, No. 1, p. 012033). IOP Publishing.
Hu, R., Hu, W., & Chen, Z. (2015, November). Research of smart grid cyber architecture and
standards deployment with high adaptability for Security Monitoring. In Sustainable
Mobility Applications, Renewables and Technology (SMART), 2015 International
Conference on (pp. 1-6). IEEE.
101
PROJECT ON NETWORK AND INFORMATION SECURITY
Ibrahim, A. S., Hamlyn-Harris, J., & Grundy, J. (2016). Emerging security challenges of cloud
virtual infrastructure. arXiv preprint arXiv:1612.09059.
Khaturia, M., Belur, S. B., & Karandikar, A. (2018). TV White Space Technology for Affordable
Internet Connectivity. In TV White Space Communications and Networks (pp. 83-96).
Kizza, J. M. (2017). Guide to computer network security. Springer.
Li, S., Da Xu, L., & Zhao, S. (2015). The internet of things: a survey. Information Systems
Frontiers, 17(2), 243-259.
Li, S., Tryfonas, T., & Li, H. (2016). The Internet of Things: a security point of view. Internet
Research, 26(2), 337-359.
Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., & Zhao, W. (2017). A survey on internet of
things: Architecture, enabling technologies, security and privacy, and applications. IEEE
Internet of Things Journal, 4(5), 1125-1142.
Loo, J., Mauri, J. L., & Ortiz, J. H. (Eds.). (2016). Mobile ad hoc networks: current status and
future trends. CRC Press.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a
public world. Pearson Education India.
Sinkkonen, H. M., Puhakka, H., & Meriläinen, M. (2018). Adolescents’ internet use in relation to
self-esteem and adaptability in career decision-making. British Journal of Guidance &
Counselling, 1-14.
PROJECT ON NETWORK AND INFORMATION SECURITY
Ibrahim, A. S., Hamlyn-Harris, J., & Grundy, J. (2016). Emerging security challenges of cloud
virtual infrastructure. arXiv preprint arXiv:1612.09059.
Khaturia, M., Belur, S. B., & Karandikar, A. (2018). TV White Space Technology for Affordable
Internet Connectivity. In TV White Space Communications and Networks (pp. 83-96).
Kizza, J. M. (2017). Guide to computer network security. Springer.
Li, S., Da Xu, L., & Zhao, S. (2015). The internet of things: a survey. Information Systems
Frontiers, 17(2), 243-259.
Li, S., Tryfonas, T., & Li, H. (2016). The Internet of Things: a security point of view. Internet
Research, 26(2), 337-359.
Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., & Zhao, W. (2017). A survey on internet of
things: Architecture, enabling technologies, security and privacy, and applications. IEEE
Internet of Things Journal, 4(5), 1125-1142.
Loo, J., Mauri, J. L., & Ortiz, J. H. (Eds.). (2016). Mobile ad hoc networks: current status and
future trends. CRC Press.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a
public world. Pearson Education India.
Sinkkonen, H. M., Puhakka, H., & Meriläinen, M. (2018). Adolescents’ internet use in relation to
self-esteem and adaptability in career decision-making. British Journal of Guidance &
Counselling, 1-14.
102
PROJECT ON NETWORK AND INFORMATION SECURITY
West, D. M. (2015). Digital divide: Improving Internet access in the developing world through
affordable services and diverse content. Brookings Institution.
Yang, N., Wang, L., Geraci, G., Elkashlan, M., Yuan, J., & Di Renzo, M. (2015). Safeguarding
5G wireless communication networks using physical layer security. IEEE
Communications Magazine, 53(4), 20-27.
Zaalouk, A., Khondoker, R., Marx, R., & Bayarou, K. (2014, May). Orchsec: An orchestrator-
based architecture for enhancing network-security using network monitoring and sdn
control functions. In Network Operations and Management Symposium (NOMS), 2014
IEEE (pp. 1-9). IEEE.
Zhou, L., Wu, D., Zheng, B., & Guizani, M. (2014). Joint physical-application layer security for
wireless multimedia delivery. IEEE Communications Magazine, 52(3), 66-72.
PROJECT ON NETWORK AND INFORMATION SECURITY
West, D. M. (2015). Digital divide: Improving Internet access in the developing world through
affordable services and diverse content. Brookings Institution.
Yang, N., Wang, L., Geraci, G., Elkashlan, M., Yuan, J., & Di Renzo, M. (2015). Safeguarding
5G wireless communication networks using physical layer security. IEEE
Communications Magazine, 53(4), 20-27.
Zaalouk, A., Khondoker, R., Marx, R., & Bayarou, K. (2014, May). Orchsec: An orchestrator-
based architecture for enhancing network-security using network monitoring and sdn
control functions. In Network Operations and Management Symposium (NOMS), 2014
IEEE (pp. 1-9). IEEE.
Zhou, L., Wu, D., Zheng, B., & Guizani, M. (2014). Joint physical-application layer security for
wireless multimedia delivery. IEEE Communications Magazine, 52(3), 66-72.
1 out of 103
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.