|
It would be initially important to consider that the type of LAN
being developed for organization XYZ will be a wireless LAN. The first
step to take, therefore, would be to ensure that that the default
network name [SSID] is changed. This is since the default SSID of most
commonly available hardware tend to typically be well known to hackers.
In order to further ensure that would be hackers have no way of
discovering the particular SSID, moreover, it would essential to ensure
that the SSID doesn’t contain information that would be useful in
concern to unraveling the accurate name or location of the company. The
same should also be done in concern to the administrator’s password on
the router/AP, and for similar reasons; hackers know the default
passwords for all of the major brands of hardware.
Furthermore, since the organization has no need for wireless access
outside the perimeter of the building, each of the routers/AP (s) will
be placed within the workstation at the center of the operations floor.
This would be especially advantageous as a result of the fact that it
significantly minimizes the degree to which the [wireless] signals
radiate. Implementing media-access control [MAC], moreover, would be
the next step in consideration of developing a maximally secure LAN for
XYZ organization. This is since MAC enables the specification of which
wireless PC cards can access the network, subsequently ensuring that
all others are denied access. It would be conclusively relevant to
conduct a security check in as much as using software such as Network
Stumbler around the perimeter of the building so as to ascertain the
relevance of the data that a would be hacker would have access to.
This, in turn, would be followed by a revision of particular security
measures, such as the placement of the routers, in order to deal with
the particular security leaks (Ziff Davis Media, 2003).
Question 2: What security roles do the following play in a LAN/WAN
environment: Hub, Router, Gateway, Client Server, Workstation, VLAN,
LAN Media, Switch, Spread Spectrum, Modem, Multistation Access Unit,
Bridge. Be specific and brief in your discussion. If there is no role
played by any of these please state "NONE".
A Hub is an inexpensive device that is utilized within the
networking field in order to create a link or links between multiple
computers. Moreover, it is apparent when considering hubs require
external power and can be connected to other hubs and similar devices,
that hubs can pose a security threat. This is since the network (s)
they are enabling may be externally and physically hacked into. A
[network] gateway is basically a system, tangible or intangible, that
joins two networks together. It would be noteworthy to acknowledge that
while a network gateway can be implemented completely in software,
hardware or a combination of both; it also exists at the proverbial
edge of the network (s). Consequently, this renders it vulnerable to
hacking attempts, this being the result due to which such security
requirements as firewalls are installed by default in gateways.
Routers, on the other hand are similar to gateways with one exception.
They are exclusively physical devices that join multiple wired or
wireless networks together. Just like gateways, they exist on the
fringe of networks.
However, they have the ability to filter incoming as well as
outgoing traffic based on the IP addresses of senders and receivers,
thus making them relevant security factors. Switches are similar to
Hubs in regard to their physical properties but have a higher
intelligence capacity. This ensures them to inspect data packets as
they are received, determine the source and destination device of that
packet, and forward the packet appropriately. Furthermore,
acknowledging that wireless LAN adapters provide an interface between
the client network operating system (NOS) and the airwaves via an
antenna asserts the security relevance of Client servers. A bridge
device inspects and filters data traffic at a network boundary,
subsequently forwarding or discarding. The Workstation, VLAN, LAN
Media, Spread Spectrum, Modem and Multistation Access Units are
comparatively insignificant in concern to issues of LAN security
(Mitchell, 2004 & Wireless LAN, 2004).
Question 3: What is security Forensics? How can an organization
ensure that the personnel do not become part of the security problem?
Forensic is what people may call a legal term that can be used in a
court of law that is related to the application of knowledge to a legal
problem. To give the reader a proper idea of what Forensics’ is all
about the popular show C.S.I. (Crime Scene Investigator) where the
detectives use all sorts of ways to find out what happened at the scene
of a crime. The ways that they use astound the viewer; they use various
sciences that may include chemical, pathological and other ways to
determine the occurrence of the crime.
This term in the computer language is use d to describe the art in
which data is extracted or gathered in which an intrusion had occurred.
Organizations that keep logs and keep good security policies find that
this is much easier to accomplish. But with the right tools computer
forensics can be used to extract data from storage devices that are
damaged no matter how badly. To ensure that an organization’s personnel
do not become part of the security problem is to keep sensitive data
from reaching the hands of unauthorized personnel.
Question 4: List the hardware products available on the market that
support LAN security. Identify the software products required to
support the hardware you listed.
CRYPTO-Server 6.1:- a one-time password, token authentication system
that works better, implements easier, takes hassle and responsibility
away from the user and costs less. This device is compatible with all
operating systems (Network Security, 2004) AF2100:- AirFortress
Security Gateways provide the essential trusted relationship between
wireless devices, users and the secure network infrastructure. The
efficient, cost effective protection for the privacy and integrity of
your corporate applications and network resources is now a simple
plug-and-play option. (Fortress Technology, 2004)
Question 5: Identify the standard organizations and the standards
associated with LAN, MAN and WAN Security. There are a number of
standards organizations and standards associated with LAN, MAN and WAN
Security. These are explained below:
STANDARD ORGANIZATIONS IEEE: - The IEEE (Eye-triple-E) is a
non-profit, technical professional association of more than 360,000
individual members in approximately 175 countries. The full name is the
Institute of Electrical and Electronics Engineers, Inc., although the
organization is most popularly known and referred to by the letters
I-E-E-E.
ISO: - ISO (International Standard Organization) is a network of the
national standards institutes of 148 countries, on the basis of one
member per country, with a Central Secretariat in Geneva, Switzerland,
that coordinates the system.
There are many standards associated with LAN, MAN & WAN
security. These are there so that the industry on the whole can stay
standardized. These are all maintained and handled by large
organizations such as the ones mentioned above. These standards and
provide the software manufacturers specific they can comply with. The
question here arises why have these standards? Do these help in any
way? The answer is yes these standards give programmers who design
software’s which are to be used by the masses a specific to go with. If
there was no specific the end users would be looking for the different
manufacturers to see if they software is compatible with the current
hardware that they have. The software that is talked about here are
those software that interact with the hardware directly. Some e.g. of
these software’s are operating systems, disk utilities etc.
Since being specific is what the standards tell the manufacturers to
do, they comply by producing appropriate hardware for users. This
increases the level of security that can be provided. To cite an
example would be the common Network Interface Card (NIC) all these
cards by default have a unique serial number on them that is known as
the MAC address. These numbers represents the manufacturer and whom
does the NIC belong to. These are used for securing machines. An
explanation in simple words would be that if all humans had a number we
could assign which humans to do what and which humans could not do
something by programming the computer with the required details.
|
|
|
(0 vote)