Network System Security Recommendations After Vulnerability Assessment

Verified

Added on 2019/09/26

AI Summary

This report provides a comprehensive set of network security recommendations based on a vulnerability assessment. It addresses critical areas such as patch management, emphasizing the importance of a planned and standardized approach to ensure successful deployment across various operating systems and network devices, including routers, firewalls, and wireless systems. The report also highlights the significance of secure firewall configurations, advocating for blocking all external traffic by default and implementing specific rules to allow only necessary services. Furthermore, it emphasizes the need to block USB access to prevent data leakage and malware infiltration, as well as enforcing strong password policies and regularly changing them. Recommendations also include securing wireless networks by upgrading to WPA2/PSK, implementing 802.1X authentication, and addressing rogue access points. The report stresses the importance of updating IPS signatures, encrypting data over public and MPLS networks, and implementing SNMP and SYSLOG for effective network management. Finally, it suggests hardening the Layer 2 switching network through port security and authentication.

Network Security Assessment
Part – 2
Network System Security and Recommendations

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Network System Security Recommendations
After having a complete vulnerability assessment in the Part – 1 section in this part will be
consisting of recommendations keeping in mind the flaws and network vulnerabilities addressed
in the security assessment report submitted in Part-1. We will be taking each security issue one
by one and will be recommending the measures needed to overcome the security issue.
Patch Management.
Patch management is a very complex and critical process, thus recommend following the steps
and actions to ensure proper and successful deployment of the patches to the systems as well as
devices on the network. The patch management is time consuming process so it is to be done in a
planned manner. This will also depend on the organization's network infra, OS requirements and
overall security posture. Firstly we need to develop an inventory of all production systems; this
should include OS types, IP addresses, physical location, connections and function. Then we
need to devise a plan for standardizing production systems and make sure that all the systems are
of the same version of OS or software. The list should also include the network devices like
routers, firewalls, IPS IPD and Wireless systems as well as their configurations. Compare
reported vulnerabilities against your inventory and control list and download and get the latest
update or patches of the systems. The risk should be classified and the vulnerabilities of the
outdated systems should be assessed in the environment and also the likelihood of the attacks.
Then we should move forward by applying the patches. So now you have an updated inventory
of systems, a list of controls, a system for collecting and analyzing vulnerability alerts and a risk

classification system. After determining the patches we need to install. The deployment of the
patches and updates should be done without disrupting uptime or production.
Misconfigured Firewall Rules and Policies
When configuring or modifying a firewall configuration, it is very important to consider and
evaluate the potential security risks to avoid future security issues. Security is a relatively
complex for deployments and varies from case to case. But these points should be kept in mind
to ensure proper deployments of the firewall rules so that the rules are not allowing any
malicious traffic or leave any option for that. All the traffic from outside the network or from the
internet should be blocked and only the traffic important and which is needed to be passes should
be configured explicitly for the known services. This is an excellent strategy to prevent the
possibility of security breach because of misconfigurations. We can achieve certain behavior by
configuring the last rule in the access control list applied to the interfaces to deny all traffic after
permitting explicitly the other traffic. This can be done explicitly or implicitly, depending on the
scenario and requirement. The rules configured should be as specific as possible this should be
kept in mind while configuring the rules as this prevent from leaving any service which is not
used by the network to be opened for access from outside by mistake. These parameters should
be kept in mind while configuring the firewall rules.
 Source Address
 Destination Address
 IP Protocol
 Port/Service

The firewall rules must be check in certain timed intervals or scheduled maintainance sessions
for outdated rules which are not in use currently which may cause a breach. This can be done by
viewing the HIT Counts on the access rules in the firewall and if the rules are not in use must be
disabled or removed.
Open USB access on ports.
USB drives must be blocked for the users to prevent unauthorized leak or loss of information to
from the companies network to outside this can also lead to infect the system with virus and
malicious tools can be deployed via USB into the environment this can be taken care by blocking
the USB access to the users in the network by applying policies by a windows server where
possible of by the disabling the USB ports from the BIOS of the motherboard for better
protection. This will help in elimination of any external threat by any rogue insider trying to
install or infect inside system with malicious software of viruses.
Weak or default passwords
The vulnerability assessment report reveals that some of the devices in the network or some of
the systems are configured properly according to the password policy of the organization. This is
a serious issue as the some of the devices and systems found were configured with default
password which is very easy to get and can be used to login to the device and gain access to the
systems configuration to manipulate the configs and policies to the need of the intruder and can
be of real harm, even the network can be taken down by shutting down the device. Also found

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

that that some devices and systems are configured with easy and common password and were not
changed after final configurations. To ensure the password policy is implemented properly that
we must sweep the systems for weak and default passwords and should be changed with
immediate effect to ensure security. The passwords must not be shared with any of the employee
and must be changed at regular intervals to avoid breach.
Insecure wireless Network
According to the report the wireless network has some vulnerabilities and issues which should be
considered to reconfigure and correct to avoid network break in or breach through the wireless
network this includes the wireless controllers and routers should remove the WEP configuration
and should be shifted to the WPA2 and PSK keys to ensure encryption of data and wireless
security this also helps us harden the wireless network which is very prone to be attacked as it
can be accessed remotely. The wireless network should also be configured with 802.1X
authentications and vlan assignments for the user specific functions and policies. The Wireless
network should also be prepared and configured to prevent access to the rogue access points and
to ignore any requests from them as these rogue access points are considered security threats.
The controllers should be configured to notify if any rogue AP with the same name and SSID is
available this should be eliminated with immediate effect.
IPS Signatures Update and Tune
The IPS in the network is not configured properly for detection as the signatures need to be
updated to detect and prevent that latest security threats and attacks on the network. And the

assessment reveals that some of the important signatures should be made active as the are
considered severe and can cause network to cause failure in case of attack. The signature must be
turned to active state and should also be configured to take necessary action keeping in mind the
severity of the signature and nature of the attack. The IPS shoulh also be configured for false
positives as it may disrupt important communications by blocking the host IP addresses.
Insecure DATA flow over Public and MPLS network
This needs to be taken tare by protecting the data over insure network like MPLS and Public
Internet by encryption and hashing using IPSEC VPN. This needs to be done by establishing a
VPN connection between remote sites. This should be done with a higher level of encryption like
AES and the hashing it with SHA algorithms this will protect the data from site to site. For the
remote users and remote computers using the Internet to connect to the office they should be
using remote access VPN for connecting to the internal network of the company and also for
remote access the users should use SSH for CLI sessions, for browsing the company servers they
should be configured with HTTPS instead of HTTP as HTTPS is secured using SSL the File
transfer should also be configured with SFTP to provide secure transfer of important data and
file from the company servers. These steps will ensure secure delivery of data over the network
and data and information loss can prevented.

Installation of SNMP and SYSLOG for Logs and Network Management.
The network should be equipped with a fully operational SNMP and SYSLOG environment to
provide a real-time data and logs for the devices and warnings associated with the network on a
single platform without logging into single devices one at a time. This will drastically reduce
incident response time and will allow the administrators to identify the cause and location of the
breach in relatively less time. As this a critical part of an enterprise network which has been
missing and should be considered to implement as soon as possible.
Hardening Layer 2 Switching network
The switches at the access layer should be configured for port security by binding the mac
addresses of the devices connected to the network and should also be configured for
authentications using 802.1x auth. Which USERNAME and PASSWORD of the user for logging
in to gain the access to the network. Authentications should also be enabled on the Wireless
network by connecting it to the radius server of the organization for the user based authentication
of the systems.

1 out of 7

Network System Security Recommendations After Vulnerability Assessment

Paraphrase This Document

Paraphrase This Document

Related Documents

CSI3207/CSI5212 - Network Security: Enhancing Lucent Pharma's Posture

CSI3207/CSI5212: Enhancing Network Security for Lucent Pharma

CSI3207/CSI5212 Network Security Fundamentals: Network Segregation

ICTNWK509: Design and Implement a Security Perimeter for ICT Networks

COCS71152 - Practical Guide to Securing Kali Linux with IPtables

IT Security Assessment Report for IT Security Specialist Training

+13062052269

info@desklib.com

Network System Security Recommendations After Vulnerability Assessment

Paraphrase This Document

⊘ This is a preview!⊘

Paraphrase This Document

⊘ This is a preview!⊘

Related Documents

CSI3207/CSI5212 - Network Security: Enhancing Lucent Pharma's Posture

CSI3207/CSI5212: Enhancing Network Security for Lucent Pharma

CSI3207/CSI5212 Network Security Fundamentals: Network Segregation

ICTNWK509: Design and Implement a Security Perimeter for ICT Networks

COCS71152 - Practical Guide to Securing Kali Linux with IPtables

IT Security Assessment Report for IT Security Specialist Training

+13062052269

info@desklib.com