Question-   Network Design Assignment

Solution-

Device assigned: Netgear (R7000-100PAS) Nighthawk AC1900

Assumptions

  • Since it mentioned as a small size organization the number of employees would be roughly from 10 to 50.
  • Since it mentioned as internal users to access the network wirelessly it can be considered as assessing work-related things such as FTP, email.
  • It is assumed that threat assessment has been conducted after the implementation of suggested security configurations.

Services already in space

  • Small size organization
  • DHCP service using a local ISP
  • IP range192.168.10.0/24
  • For internal users

 

Network Design

Screenshot 1 Current network design assumption

If the above network diagram is currently in a place where the ISP connected through the wired router to provide DHCP. Then the router connected to switch to provide access to the devices in the network using wired technology.

Implementation

Implementation of wireless networking starts with placement of the wireless router as stated in the assumption currently the organization uses wired where all the devices connected to the switch. So for that, the proposed design would be the following,

Screenshot 2  Proposed design

By following the above proposal, the wireless router Netgear (R7000-100PAS) Nighthawk AC1900 will be connected to the switch then the devices can be connected to the wireless router.

General settings

General settings such as SSID names, wireless passwords, router login credentials can be configured by connecting through the wireless router through connecting computer/laptop to the router using LAN cable or connecting wirelessly using WPS button. The detailed process as follows(Bob, 2016)

1. Once connected either through wired/wireless in browser typehttp://www.routerlogin.netto go to router’s login page where we can setup the wireless network SSID, passphrase, etc..

2. The default username name here is admin and the passphrase the is the one the user entered while connecting to the wireless.

3. In Basic Homepageselect wireless

Figure 1  Basic Configuration ShopKeep. (2016)

Figure 2 Basic Configuration ShopKeep. (2016) cont..

4. After that select the Name, type of security (WPA2-PSK, WPA/WPA2 Enterprise), and Password. (For the scenario given I suggest to use WPA2-PSK.

Figure 3 Basic configuration ShopKeep. (2016) cont...

5. Then select applyto save the settings.

Security configuration

The router assigned here is has several security options but when considering the given scenario, the appropriate configuration would be using MAC filtering. Because it stated that the extension of the wireless network provide access to the internal users.

MAC filtering

So, in order to do the MAC filter configuration, the process is,

1. Connect to the router either from Mobile or computer

2. In browser, enter the URLhttp://www.routerlogin.netthen a login Windows will appear. Enter the login credentials.

3. choose ADVANCED > Security > Access Control. Then an Access Control page appears.

4. Choose the Turn on Access Control check box

(User must choose this check box before specifying an access rule and can use Allow or Block options. If the check box is not selected even the blocked devices can connect to the network)

Figure 4 Advanced settings ShopKeep. (2016)

5. After that the user must choose the following option,

  • Block all new devices from connecting

Using this setting the user should enter the new device’s MAC address for both Ethernet connection and Wireless connection in the allowed list.

6. Once it completed click the applyand the changes take effect.

DoS protection

 

Another advanced security features available in the given Wireless router is Dos Protection. Enabling this option would be advisable for the organisation. This feature prevents the LAN network from DoS attacks such as using Syn flood, Smurf Attack, Ping of Death,etc..

To enable this option user should login to their router configuration page in their browser then have to select this option under ADVANCED > Setup > WAN Setupthen click the checkbox Disable Port Scan and DoS Protectionthen click Applybutton to save the configuration.

Figure 5 Advanced settings SamLabrador. (2017) cont...

Threat Assessment

Top threats

There are several types of attacks that can cause severe damage in QoS in a wireless network. For the given scenario and requirement, the considerable top threats are DoS attack, and outdated firmware.

 

DoS Attack

The primary threat that the organisations would possibly encounter while extending the wireless network is DoS attacks(Geier, 2003).This attack can be conducted using the technique Packet-based brute force DoS. Where the intruder sends huge volume of packets to the server and cause it to go down. According to research (CALYPTIX, 2017) 35% of attacks on network are DoS and Brute force attack. Wireless DoS attacks (Compton, 2008) can be done in any layer for instances hacker can create strong electromagnetic ways that can collide and affects the wireless routers signal/performance strength and so on.

 

Outdated Firmware

Same as any other softwares, router’s firmware also should be updated regularly. Router’s firmware (Techopedia, n.d.) is basically a pre-installed software that’s responsible for network protocol, security mechanism. In other words, it’s like operating system of the router. As like usual softwares the manufactures of the routers also release the updates for the router firmware. Purpose of updating the firmware is to increase the performance of the product and as well as to prevent from new security vulnerabilities.

There are several updates released by the assigned manufacture can be found online (MITRE, 2017).

 

 

 

Mitigation

DoS

When considering mitigation for the DoS different strategy can be applied in different layer for example, for physical layer placement of wireless router will be a recommended strategy (Compton, 2008). Placing the router in proper height will prevent hackers from reaching it easily. 

To prevent DoS in further layers it’s advisable to enable DoS prevention mode in the router. Not all the router models have this feature.

For the given model the DoS prevention option can be enabled which is a vital mitigation strategy that can be applied here. To option can be found under ADVANCED > Setup > WAN Setupthen click the checkbox Disable Port Scan and DoS Protectionthen click Applybutton to save the configuration.

Firmware update

In general, there are 2 ways to update the firmware. One is by configuring auto update and second one is manually search for the update and applies it. These 2 options can be found in all the routers.  Updating the firmware in regular basis is a recommended mitigation strategy for this threat.

For the assigned router firmware updating can be performed only by manually.

In the assigned model user can either manually check for the update in router’s menu or download from internet and upload it. The settings can be found under ADVANCE->Administration->Router update

Our happy customers

They are fast in responding to homework questions. they have the best technical writers. Thanks for helping me with my programming doubts.

studentDyana
5  stars image

I contact to disklib for homework, they help me out, despite there was some technical issue they gone through extra mile for me and provide me good quality work in first priority. 100% recommended.

studying on laptopAsif Waheed
5  stars image

Desklib's study resources are best & unique. Their study database is easy to access and easy to use.
100 % recommended.

library and studentsMike Taylor
5  stars image