Recent orders
Network security- defense in depth
Network security- defense in depth
Name:
Number:
Course:
Lecturer:
The re a number of technologies that are associated with network security defense. Firstly are those technologies that supports wireless sensor network where many features of sensor networks might aid in tackling the challenge of building network that is secure. The unique feature of sensor network might permit fresh defenses that do not actually exist in conventional network. Some of the wireless technologies for network security defense include SPINS, TINYSEC, and LEAP (Singh, Singh & Singh, 2011).
The security protocol for sensor network (SPINS) is a security building block that is optimized for resource limited environments and communication using wireless technology. SPIN consists of two safety building blocks namely sensor network encryption protocol (SNEP) and µTESLA. SNEP is a technology used to offer data confidentiality, data authentication as well as freshness of data. µTESLA offers authenticated broadcast for extremely resource limited surrounding. To attain confidentiality and message authentication code (MAC), SNET employs encryption process which also enables it to obtain two party authentication and data integrity. SNEP offers many benefits like low overhead in communication, semantic security which avoids eavesdroppers from inferring the message content from the encrypted message, protection replay, message freshness as well as data authentication. TESLA authenticates the original information packet using the technology of digital signature. It uses only symmetric mechanisms and discloses the key once per period (Singh, Singh & Singh, 2011).
The TinySec technology is a link layer security design for wireless network which offers the same services as SNEP. The services include message integrity, confidentiality protection of replay and authentication. It offers the fundamental security features of message authentication and integrity by means of MAC, confidentiality of message via encryption, semantic security via initialization vector as well as replay protection. TinySec also supports two distinct security alternatives namely TinySec-AE which is the authenticated encryption and TinySec auth which is authentication only. For the case of TinySec-AE, the cipher block chaining (CBC) mode is employed for data encryption payload where the packets are authenticated using MAC. In TinySec auth mode, the TinySec authenticates the whole packet using MAC although the data payload in not encrypted n this case (Singh, Singh & Singh, 2011).
The localized encryption and authentication protocol (LEAP) technology is a major administration protocol used for sensor networks. It is mainly constructed for the purpose of supporting in-network processing and safe communication across sensor networks. LEAP therefore offers the fundamental security services like confidentiality and authentication. Moreover, LEAP is to meet various security and performance needs that are significantly extra difficult to sensor networks. IT supports the setting up of four types of keys for every sensor node. The keys include individual key to be shared with the base station, cluster key to be shared by several adjacent nodes, group key to be shared by all nodes in the network and pairwise key to be shared with another sensor node. LEAP also supports source authentication with no prevention of in-network processing and passive involvement. IT limits the security effect of node compromise to the immediate neighborhood network of the concession node (Singh, Singh & Singh, 2011).
There are also other technologies such as supervisory control and data acquisition (SCADA), cyber forensics intrusion detection system SIEM among others. Cyber forensics is used as a reactive and post mortem after cyber attack has taken place purposely to try to find out who might have been responsible for the attack within the network. It is actually different from intrusion detection system (IDS) which is used to plan for detection of cyber criminals prior to the attack. SIEM on the other hand is a network data collector used for network traces. Its function is highly dependent on its configuration. The network security approaches can also be adopted from technologies such as those of conventional network, embedded systems or sensor networks (Dacer et al., 2014).
Another related technology is the simulation which involves moving target defense (MTD) which has been hypothesized as the possible game changer in cyber defense plus the defense of computer networks. In MTD, a group of objective analytical models have to exist for prediction of effectiveness of MTD systems to secure computer networks. These analytical models are useful both at design and runtime. The inputs are provided to the simulation model where a group of objective metrics are needed that captures particular information associated with the features of the system. The metrics captures a number of things which include the area that an attacker have to search for the purpose of determining the configuration of the system, the modifiable features of the system and what is to change in the system arrangement including how speedy the arrangement is changing. In this case, the metrics are also related to the effort needed by an attacker to attack the system (Zhuang et al., 2012).
Depending on the arrangement of the network to be defended, the analytical model have to capture the fundamental steps required to attack the system and to determine the efficiency of MTD system to defeat attacks trying to exploit both known and unknown vulnerabilities. The design of the MTD should be based on knowing the present situation which is captured in a group of runtime models. The runtime models permits the system to reason over the present state of the system and generate adaptations in order to confuse and reject possible attackers. The use of MTD is effective for especially enterprise computer networks (Zhuang et al., 2012).
There are also other related technologies like the network address space randomization which permits the use of similar network address space randomization (NASR) scheme in order to prevent worms. The dynamic network address translation (DYNAT) is another technology that is an information assurance program. The main goal is to inhibit the ability of the attacker from mapping the network, thereby making network attack extra difficult. This technique makes it appear as though the network addresses and port numbers used by computers of the network changed dynamically via dynamic network translation (DYNAT). This disguises the host identity information in the transfer control protocol (TCP)/ internet protocol (IP) packets (Zhuang et al., 2012).
The datagram technology, also known as packets is also a way of protecting information that travels across the network. In this case information travels in form of packets that are formatted in particular ways. The packets contain the header information as well as the source and destination addresses. Only the receiver device/computer of the information packets is able to recognize the destination address attached to the message.
The technology of cloud computing and big data also helps in network security and the data that travels across it. The cloud service providers are normally responsible for ensuring that the customer/ client network and systems are free from cyber attacks such as hackers. They do this by setting user privileges at different levels for their customers. By so doing, the cloud service providers play an important role in network security defense for various company clients (Harrington, 2014).
The evaluation of network security can also be done by the help Markov game Model (MGM) which is a technique suitable for improving the awareness of the network security. The Markov model gains a normal data assets vulnerabilities and risks through fusing a number of system security data gathered by multi sensors. It analyzes the propagation rule of every threat and builds a threat propagation network. The use of Game theory to analyze the behavior of threat, users and administrators it sets up Markov Game Model. The MGM can thus evaluate system security in a dynamic way and offer the most excellent reinforcement schema for the administrator. The MGM technique is suitable for real network environment with precise and efficient assessment result in terms of the prevailing network security conditions (ZHANG et al., 2011).
References
Singh, S. K., Singh, M. P., & Singh, D. K. (2011). A survey on network security and attack defense mechanism for wireless sensor networks. Int. J. Comput. Trends Tech, 5-6.
Dacer, M. C., Kargl, F., König, H., & Valdes, A. (2014). Network Attack Detection and Defense: Securing Industrial Control Systems for Critical Infrastructures (Dagstuhl Seminar 14292).
Zhuang, R., Zhang, S., DeLoach, S. A., Ou, X., &Singhal, A. (2012, June). Simulation-based approaches to studying effectiveness of moving-target network defense. In National Symposium on Moving Target Research.
Harrington, S. L. (2014). Cyber Security Active Defense: Playing with Fire or Sound Risk Management? Rich. JL & Tech., 20, 12-13.
ZHANG, Y., Tan, X. B., Cui, X. L., & XI, H. S. (2011).Network security situation awareness approach based on Markov Game model [J].Journal of Software, 3, 009.
Data Communication and Networking
Data Communication and Networking
Author
Institution
Introduction
Anderson & Reilly Law Firm wishes to upgrade its data communication and network systems from a legacy platform to a web-based operating system. It is, therefore, seeking a bidder who will oversee the entire process so as to ensure seamless operationalization of the new system with little or no data loss. This is the statement of work for the Request for Proposal.
Statement of Work
Project Scope
This project requires the bidders to oversee the full implementation of the web-based platform right from the purchase of hardware and software required for the transition to the setting up, data transfer and full operationalization of the new system.
During the implementation process, the successful bidder will collaborate with the law firm’s IT department so as to come up with the most appropriate software applications at the best price possible. Considering that most employees are used to the legacy system, the successful bidder will be required to undertake the training of the employees, as well as full orientation to ensure that they are properly conversant with the system (Schwalbe, 2010). On the same note, it is the duty of the successful bidder to undertake the data transfer from the legacy system to the web-based system, as well as safe archiving and storage of data with no loss of data. This transition should be done with minimum disruptions to the operations of the law firm.
Period of performance
The project will be carried out for not more than two months from 30th June to 31st August 2013. This period is divided into different phases that will guide the project right from the beginning to the end, with the specific tasks to be carried within that time. The management board should be notified at the last day of every phase as to the progress made.
Project Timeline:
June 30th to July 10th- PROJECT INITIATION PHASE- the winning bidder will work in collaboration with the IT department in the law firm to determine the specific needs with regards to hardware and software applications needed to carry out the upgrade. Measurements will be carried out to determine the length of cables required, alongside evaluations to determine the items needed (Schwalbe, 2010). The law firm’s management board will be notified after two weeks about the entire list of hardware and software.
July 16th – July 31st MARKET RESEARCH- All items needed for the migration will be identified and bought within this period. These include 23 computers, routers, switches, network adapters, network software, legal management software, cable connectors, power supply and the identified network mediums. The winning bidder will carry out comprehensive market research to determine the most appropriate hardware and software while being mindful of the cost, both in the long-term and the short-term. Every software and hardware required should be purchased by the end of this phase.
August 1st – August 15th – Installation and setting up of the Local Area Networks and full operationalization of the new computers. In addition, the contractor will undertake the backing up of the system and archiving the data stored. A temporary legacy system will be set up to prevent disruption of operations.
August 16th – August 20th – setting up of the web-based platform and filling the necessary data of the law firm. The system will be tested and troubleshooting capabilities evaluated.
August 21st –August 25th – Training of the employees of Anderson and Reilley Advocates law firm on the functioning of the web-based system.
August 26th – August 31st- The contractor will undertake full internalization of the platform and the full archiving of the legacy system leaving the web-based platform as the only one in operation.
Project manager: Dr. Rilley Barnie.
Title: Manager IT Department
Evaluation Criteria
The bidder will have to provide a list of referees and testimonials from previously completed projects. Experience in the field will be considered in evaluating the qualifications of the bidder. It is imperative that the bidder provide a list of the workers alongside their qualifications. On the same note, a statement of cost including costs pertaining to any subcontractors should be included in the bid
Physical location: the project will be carried out in the premises of Anderson & Rilley Law Firm in Ellicott Square Building located in Buffalo, NY 14225
References
Schwalbe, K. (2010). Information technology Project Management. Boston, MA: Course Technology/Cengage Learning.
Network Design Consultation
Network Design Consultation
Student’s Name
Professor’s Name
Course title
Date
Introduction
The network consultation guides one through the process of designing a network for the small business. A typical network of this sort includes three computer users, two laptops, a server, one quality networked printer and access to wireless network. The main aim is to build and design the best network for the organization, with top degree of functionality and security at the same time maintaining a low and reasonable cost. The business scale should be flexible so that as the business grows the network should also grow with it. A Small business has a reserved networking and computing requirements. The business may have a number of computers and laser printers. The network for the small office network should allow the members to share data, and printers as well as other peripherals. The computing requirements in small organizations may be met by use of a single LAN with one to two servers, and using off-the-shelf components. A small business LAN is usually managed by one person with a moderate experience and technical knowledge (Gregory, 2002).
Network design for a small billing business
A network design that allows one server to control the networking, filter internet and serve printers is the easiest since the owner can manage his business at a single point. It should have easy connections that grow with the business. Web and mail servers could be used from a hosted service and thus having one internet connection. This is recommended since it is a cost effective and is efficient for a small business. The recurring cost of maintenance could be reduced by a big rate. In this business, the owner will consider using the following devices for his billing business.
The modem serves as a network adapter that configures the internet technology on the business operating system. For proper networking, the modem is first installed before the other software to confirm compatibility. The modem is connected to an AP router that is used when transmitting data between wired and wireless networking devices. The two laptops use wireless networking from the router to access network while the workstations and the other 3 users use LAN and are connected to the main server via the switch box. The two working stations are placed in a local area network which is secure to protect data and the working stations themselves.
The LAN’s IP addresses are private and available to the local network only. The workstations and the network printers are given an IP address automatically by the server, as well as to the wireless network that hook the three users and the laptops. The IP Addresses may be allocated permanently to the printers and workstations for easy locations accessibility. Therefore it is vital for the business owner to give an IP address to the LAN available depending on the type of business. A Switch is a mechanical device that is used for separation of machines to prevent data from going to machines that are not intended on the network. By using it, the network usage is reduced and the security of every machine is separated from the traffic created by other machines. It controls the network hard drive that transfers files to all the other computers.
The basic configuration recommended for a secure computing environment.
For a secure computing environment, the user should establish different security policies to protect data and threats. Implementing a basic firewall that manages threats and protects the system and the use of basic Antivirus software or even an anti-spyware program that protects from virus is the main methods used by business owners to protect information and the devices. Since there will be a wireless connection, a robust password is advised since wireless traffic is highly detected by software. Review of the router and firewall logs helps to identify any abnormal network connections as well as any Internet traffic. Use passwords are encouraged for all accounts.
Diagram of the network configuration
18757908445500
-800100-714375112395-19050 SEQ Figure * ARABIC 1
00 SEQ Figure * ARABIC 1
-1128395212344000-1515745221932500-1971675207645000-86677515938501014095-87185595251143000-8763002362200CABLE MODEM
00CABLE MODEM
-939802732405001838325923925SWITCH BOX
00SWITCH BOX
200025013335000466090137795000-885190215328500181927537623752 WORKSTATIONS
002 WORKSTATIONS
23336252847975952500284797547498002952750NETWORK HARDRIVE FOR FILE SHARING
00NETWORK HARDRIVE FOR FILE SHARING
474980024288751943102276475AP
ROUTER
00AP
ROUTER
952514478003800475-238125SERVER
00SERVER
3038475-790575413385054292551435001019175NETWORK PRINTER
00NETWORK PRINTER
1114425182245
108648513462000157226010985500756285628650014204951346200012560304318000
15430505905500
36703094615005314959461500
53149501206500201930012700002019300120650031527751206500
The 3 users
Network architecture and Internet access configuration
Network architecture, is the structural and logical layout of the network that consists of transmission devices, hardware and software as well as communication protocols and mode of transmission such as wireless or wired and connectivity between components. LAN is the best network type that can be used in a small business. The other computers are served by only one server (Gregory, 2002).
The networking consultation applies to the fundamental networking concepts solutions and terminology on computer networking. The networking allows one to implement network using the physical media and data links created. Ethernet and Wi-Fi deploy the LANs as they guide on the network design to be used on any business.
Hardware recommendations and related costs
This are the tangible devices required by the user to access either through a dial up connection or direct connection to a host computer. Connecting cable lines enable connection to the Internet bringing about increase in users and speed of connections on the web. A router is recommended as it is the main part of the architecture. It transmits information from one place to another in data grams. A switchbox is required as it is the central control of all the actions taking place; it distributes traffic based on application or load content. Printer prints data from the connected computer. Pc is has components such as the key board, mouse monitor, data storage, hard drive and the system unit. A Modem is used to configure and to set up the internet technology on the operating system.
Cost Table listing all the items needing purchasing and the associated cost.
Item Cost Quantity Total Cost
2working station $150 2 $300
2laptops $400 2 $800
Printer $300 1 $300
Cables $100 1 $100
Router $100 1 $100
Switch box $100 1 $100
Network hard drive $100 1 $100
Software’s (Microsoft office) $500 1 $500
(Operating System) $600 1 $600
(Timer) $50 1 $50
Cost of installation $300 1 $300
Internet Expenses $200 1 $200
Electricity Expenses $100 1 $100
Modem $100 1 $100
Business License $200 1 $200
Miscellaneous Expenses(telephone etc) $1,000 1 $1,000
$4,850
balance $150
Software recommendations and related costs
Software is the intangible utilities and Operating System that allows the computer to function, and the programs that do real work for users. For instance: windows 7&8, word processors and database, spreadsheets. Management systems and timers as well as any other software found in the ROM memory are software
Deployment in bandwidth, distance, and number of users
Network is a classification of devices that are linked to each other. Networks can be grouped into a variety of uniqueness, such as the topology, means used to transport the data, scale communications protocol used, advantage, and organizational scope. Different technologies are organized in different framework of networking for instance in topology which has bus, ring star, tree and mesh classification. Topology is a crucial part of network design theory. One can build a small business computer network without perception of the difference between star design and a bus design, but when familiar with the typical topology provides one with a better understanding on the essentials of networking concepts such as routers, hubs, and broadcasts. Bandwidth is rate of data transfer within a band of wavelengths in a computer network. It is said to be the volume of data an internet connection can handle per second. The rate/speed of bandwidth is measured in bits per second (bps). An internet connection with a larger bandwidth can move a huge amount of data in a short span compared to an internet connection with a bandwidth that is relatively low. Network failure and a large decrease in the signal strength can hinder the bandwidth rate.
Characteristics of various communication protocols
A communications protocol is a structure of rules for data switch between computers. A protocol should define the semantics, syntax and synchronization of communication. The character depends on how it is independently implemented. It can be implemented as software or hardware and even as both. A technical standard should be developed to bring the protocol into an agreement.
Deploy a basic Ethernet LAN and compare it to other network topologies
Network topologies are ways in which network elements are connected, thus the logical and physical arrangement of network nodes. Ethernet topology compared to other topologies has the simplest connection and has less network nodes. It is only preferred to a less load to avoid traffic.
Ethernet LAN network topology is cost effective mode of achieving high speed LAN transmissions since it can operate with as low as 10 to 100MB/s as compared to other topologies that are expensive. It supports various writing configurations and works best with a huge number of LAN as well as the micro-to-main frame applications. It is the easiest to install as compared to other network topologies. When compared to other network topologies, Ethernet is not a high-level performer when it comes to high-load environments. This protocol Carrier Sense Multiple Access/Collision Detection slows down significantly when many workstations compete for the one cabling trunk. It has a linear bus decentralized control which may complicate isolation of problems (Ekert, 2004).
Use technology and information resources to research issues in networking
The Networking and Information Technology Research issues are done to support technology leadership, science, and engineering and bolster economic competitiveness. The research focuses on identifying issues that will help the countries out-educate, out-innovate and out-build the world. Networking and information technology assists in Cyber security and information assurance from any attacks. High-confidence software and systems have priorities such as; Management of autonomous and complex systems; Development of science and technology for creation of cyber-physical systems (CPS); Development of technology assurance; Improvement of quality of high-confidence real-time system and software; as well as the improvement of CPS education to expand a new generation of experts (Edgar, 2005).
Reference
Gregory, R. (2002). Securing wireless networks. The Internet Protocol Journal, 5(3).
Edgar, D. (2005). Ieee 802.11. The Internet Protocol Journal, 5(1).
Ekert , V. L. (2004). An ontology for network security attacks. Lecture Notes in Computer
Science, 317-323. doi: Lecture Notes in Computer Science 3285.