Analysis of Network Security Threats and Solutions

Verified

Added on 2025/05/12

AI Summary

Desklib provides solved assignments and past papers to help students succeed.

Network Security
Student name:
Student id:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
LO1............................................................................................................................................3
1.1 Evaluate current system’s network security.................................................................3
1.2 Discuss the potential impact of the proposed network design.....................................3
1.3 Discuss the current and common threats to network security and their impact on
network security.................................................................................................................4
LO2............................................................................................................................................7
2.1 Discuss various network security design considerations.............................................7
2.2 Discuss how network security solution can be designed and evaluated......................7
2.3 Discuss the methods used to design the new network security solution......................7
2.4 Produce a specification of the technologies to be used in the design..........................9
2.5 Define network security policy....................................................................................9
LO3..........................................................................................................................................10
3.1 Discuss the network security implementation considerations...................................10
.2 Discuss how the network security implementation follows from the network security
design...............................................................................................................................11
LO4..........................................................................................................................................22
4.1 Describe how to manage the network security solution........................................22
4.2 Describe how to analyze network security policies and practices.............................22
4.3 Describe how to recommend potential change management.....................................23
Reference:................................................................................................................................25
List of figures
Figure 1: Network topology.....................................................................................................12
Figure 2: Static route ISP and EDGE router............................................................................13
Figure 3: DHCP server configuration......................................................................................14
Figure 4 TFTP backup server...................................................................................................15
Figure 5 Routing to other devices............................................................................................16
Figure 6 Web server.................................................................................................................17
Figure 7 wireless device...........................................................................................................18
Figure 8 Frame Relay...............................................................................................................19
Figure 9 PC IP address using DHCP.......................................................................................20
1

Figure 10: NTP protocol configuration....................................................................................20
Figure 11 Cisco Firewall..........................................................................................................21
Figure 12 DNS server..............................................................................................................22
2

LO1
1.1 Evaluate current system’s network security
The company’s current LAN can be secured in the following ways:
• Encrypt the entire network: The company MCW can secure their network by encrypting
the entire network. It can be possible by using IPsec and for this, we will use layer 2 instead
of layer 3 for overcoming overhead and latency.
• Use a VPN for the purpose of encrypting servers: MCW can secure our network traffic by
using this methodology.
• Use 802.1X for authentication purpose: Wired section of the network can be secured by
implementing encryption and authentication which is complex for involving.
• Implement VLAN’s for segregating traffic: MCW can separate the network traffic by
implementing VLAN on them.
• Implement MAC address filtering: MAC address filtering can be considered as the first
layer of security for preventing it from hackers.
• Secure the network physically: It’s a very crucial task to manage the network security
physically or manually. Physical security is very much secure as hackers can’t access it
easily.
• Keep the network up-to-date: It is necessary to keep all network system up to date.
• Perform mapping as well as auditing: There should be clarification on the network’s
infrastructure of the company MCW. Sometimes there can be vulnerabilities that may find
during auditing and mapping. To overcome this issue, MCW needs to increase its reliability
as well as performance.
1.2 Discuss the potential impact of the proposed network design
The potential impact of proposed network design on the company MCW can be:
• Analyze the impact of infrastructure design: By using this MCW can move their
infrastructure from one place to another place. If the infrastructure of the MCW renewals
then it will save the money too. Productivity as well increased cost can be significant.
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

• Applications: MCW needs to analyze what infrastructure is going to be needed. The
applications are assigned as per priority. Then it also needs to decide which application will
be critical for the growth of MCW and which is not.
• Network infrastructure, their hosts and protocols: There are various individual
components of the computer which occurs the network. Several devices can be connected
with each other. The network infrastructure consists of different levels like allowing data
which will travel from one resource to another.
• Hardware: If the hardware is not placed in the network infrastructure then it will be
completely useless. There is a need to keep all the information regarding the hardware
configuration.
• Rollouts and upgrades: The different network is having different requirements. Upgrades
occur automatically and at that time only some bad impact can be faced by infrastructure
(Menon 2014).
1.3 Discuss the current and common threats to network security and their impact
on network security
Impact of current and common threats to network security:
• Employee theft: Employee theft steals sensitive information for their personal benefit. To
overcome employee theft, company MCW can take some security measures in which we will
use biometric identification for identifying individuals.
• Weak access control: In this, the system will perform AAA ie. Authentication,
authorization, accounting for processing security models. MCW can take some security
measures like we can keep strong passwords with all special characters and length
requirement fulfilled.
• Privilege abuse: Some employees who have all access to infrastructure so they
sometimes start abusing and blackmailing the leader for the sake of money and reputation.
Security measures implemented to overcome this is to perform background checks before
giving access to privileged individuals too.
Current and common threats to network security are:
• System threats: This threat will harm the physical infrastructure and hardware devices.
4

• Equipment failure: Equipment failure is a threat in which the equipment is not able to
perform any task for any reason. All hardware system stops working. security measure we
can take to overcome this is to check and maintain the hardware equipment on a regular
basis.
• Power fluctuation: under this threat the electronic devices faces power failure. Security
measures we can take to overcome this is to do proper wiring of wired devices we can also
install a surge protector to prevent this.
• Malicious threats: Malicious threat consists of a computer virus, they also consist of
spyware and worms. This code will particularly harm or ruin any sensitive pieces of
information. The company MCW can take some security measures to overcome this as they
can regularly update and install antivirus software onto the system to prevent it from
malicious users. That antivirus will be able to scan all the junk mails as well as all
downloaded files from unprotected websites.
• DOS attack: Denial of service attack is an attack which creates traffic when users tend to
access it, it becomes unavailable for the users. To overcome these issues, MCW can
configure the firewall on our windows machine, and also use brute force defense for over-
provisioning.
• Eavesdropping: Eavesdropping is an external threat which refers to unauthorized keeping
eye on other individual’s sensitive communication. It can be done by emails, messages,
telephone system and other internet services. MCW can take security measures like using
data encryption method while doing conversation.
• Data breaches: A data breach is an external threat in which the sensitive data or
information can be stolen from unauthorized users for getting a personal benefit. Data
breaches occur in a small organization as intellectual property. Security measures are taken to
overcome this is encrypting all sensitive pieces of information before it gets disposed of
somewhere. Give all access to limited staffs only instead of everyone.
• Phishing: Phishing is an external threat process in which the company will gain access to
some sensitive information like credit/debit card information, secure passwords. Security
measures taken to overcome this issue is to always keep digital certificates up to date so that
only legitimate users will get access to it. Users should be aware of the factors that which is
safe for them and which is not.
5

• D-DOS attack: Under this attack, the intruder creates a lot of traffic over the network by
using numerous resources and the services becomes inaccessible for everyone. It mainly
targets the confidential data of the organization. MCW can overcome this by configuring the
firewall on windows as well as servers. They can use sniffing methodology for overcoming
the huge packet traffic (Evrard 2016).
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

LO2
2.1 Discuss various network security design considerations
Local Area Network (LAN) is the oldest and the development of new Design is based on the
connectivity of Wide area network to Local area network with secure way. The following
way to connect and working of connectivity in between LAN and WAN.
1. Local area network can be connected using Ethernet Cable which is connecting to Wide
area network Internet Service provider which start the communication to the larger network
using Sea cables to transferring packets.
2. Local area network with Wireless connection to NATing function to enable single Public
IP connections.
Network security is basically a mixture of three terminologies called confidentiality,
Integrity, and availability. For example, mobile computer world LTD (MCW) is a medium-
size business organization which needs to grow the business and as old topology, only
communication is working in Local area network so there is no scope of outside
Cybersecurity attacks but after connectivity with WAN, there can be chances of losing data
due to security loopholes.
2.2 Discuss how network security solution can be designed and evaluated
 Confidentiality: confidentiality preventing the unauthorized access to data and ensure the
data is not compromised in between source and destination. There are multiple ways of
prevention like Ciphertext and encryption using high-level algorithm using the public and
private key.
 Integrity: integrity basically is no modification of data in between sender and receiver.
This kind of attack called Men in the middle attack.
 Availability: available for all the time and always accessible by the user who stores the
data.
2.3 Discuss the methods used to design the new network security solution
WAN network communication is over the miles and in between millions of LAN networks.
In company MCW, a local area network is already deployed and implemented in the
7

production. These are the following major methods to implemented the Communication over
WAN for LAN and securing the communication.
1. Switching methods:
 Packet switching method: In this method, LAN transmit the messages to a WAN
communication network where the packet is broken down into a small piece of packets.
Every packet is assigned with their source and destination for the production
communication.
 Circuit switching: Circuit switching is the simplest method of WAN connection which
requires the dedicated connection to the network of sender and receiver. When the
channel is transmitting the data only the connection is activated for that time only. After
that connection is closed then again communication then have to create new connections
(Shinde & Awasthi 2015).
2. Communication protocols:
 High-level data link control (HDLC): This a data link layer protocol for the Wide area
network. HDLC uses encapsulation for the Cisco router to connect with serial connection
called leased lines.
 Point-to-Point protocol: Establishing the connection between Cisco and non-Cisco
routers to connecting point to point connections. CHAP and PAP are the connection
between the major parts of PPP.
 Integrated services digital +network (ISDN): This enables telephonic communication
with network devices. This is also known as end-to-end digital technology. This
transmitting the data, voice over IP.
3. WLAN network security protocols:
 Wired Equivalent Privacy (WEP): WEP is an encryption method for Wired devices
and connecting to WLAN. This technology encrypts the key so that the receiver is only
authenticated to functional access.
 WPA/ WPA2: This is the next and extended version of Wired equivalent privacy
protocol. They introduce a Temporal Key integrity protocol (TKIP). they mention every
time RC4 encryption method.
8

 Hashing methods: Generating random unreadable digits for the key and confirming it to
another end. MD5 and SHA are the most known and usable algorithms for hashing
method.
 Wireless intrusion prevention systems / Intrusion Detection system: This type of
communication establishes using Radio Frequency (RF) levels. This scanning method
detects the functional working and threat detection to resolve the data methodologies.
2.4 Produce a specification of the technologies to be used in the design.
The following selected technologies for product development are:
 Switching method is packet switching which most used and having a safe
communication record.
 Point-to-point protocol for the ensure to not wasting non-Cisco devices.
 Wired Equivalent Privacy (WEP) and Wireless intrusion prevention system both
according to requirement and functions.
2.5 Define a network security policy
According to risks level and previous example of security attacks we tried to lessen the
security loopholes from protecting to Cyber Attacks. There are following policies for actual
network security environment.
1. The company MSW must sign an agreement for non-disclosing to its employees for the
organization.
2. Security loopholes resolutions and creating a network security team to ensuring that there
is no data leakage.
3. Access control list for the packet transferring and establish the firewall for the data
protection.
4. Services and ports must be closed if is there any attack possibility.
5. Monitoring system for each device and applying the restriction to TOR and many attacking
countries.
6. Restricted to use internet access to limited websites and blocking high-level data using
devices automatically.
9

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7. Creating new VPN policies for the network design and channels for other locations and
special clients to access the network.
8. Created remote connection policy and wireless connection policies for the production.
LO3
3.1 Discuss the network security implementation considerations
We have designed as secure as we can for the MCW network. Implement a network
monitoring system, as well as LAN, improved from the previous network design. There are
following network security implantation we designed for enhancing our network.
1. Network Security Policy: To monitoring of network we have design computer and laptop
to limited access.
2. Device security: Implemented limitation and created users so not providing Admin access
to any system that means no one can change the policies. Signing the agreement called NDA
(Layton 2016).
3. Internet access: Blocking malicious websites and not accessing the non-authenticate URL.
4. Virtual Private network for Communication with Clients and other locations. Every
connection from outside the LAN is to connected to Secured VPN so that there will no loops
or breach of data.
5. Firewall: Cisco firewall has been implemented for the connection and blocks all the no
used ports for the most secure network.
6. Wireless LAN policy as well as remote network policies\
7. Hiding the SSID and after that blocking the host for attempting wrong ID and password for
many times.
8. MAC binding in the local area network to erase the communication network connections.
9. Setup of a proxy server for the network design.
10. Backup TFTP server for backup of all devices on different location.
10

11. PAT/ NAT overload for the Private to public communications.
12. Static routing between ISP and Edge Router to protecting the traffic.
NTP server and HTTP server for the communication (Perlman, Kaufman & Speciner 2016).
13. DHCP and DNS configuration for the network IP distribution.
.2 Discuss how the network security implementation follows from the network
security design.
There are many functions that are implemented in the design for securing the network. ISP
Router for the company MSW.
1. EDGE Routers.
2. Multilayer Switches for every office.
3. DHCP and DNS server for IP distribution.
4. NTP for configuring network timings.
5. Web server for website access.
6. TFTP (Trivial file transfer protocol) for backup of network devices.
7. Switches for internal communications.
8. VPN and Firewall to securing the communication.
9. IP phones for internal and external communication.
10. VLSM and FLSM concepts for IP distribution.
11. Monitoring system.
11