This report gives a detailed proposal and analysis for strengthening the network security of Callister Inc. The company has its branches in Cambridge and Manchester. The analysis includes evaluation of the existing network structure, singling out weaknesses, and coming up with proposals on new security mechanisms and implementing them using packet tracer, testing their effectiveness and drafting a report regarding the findings.
Recently, Callister Inc. has expanded and opened branches in Cambridge and Manchester. Though, it has been noted that its network design has various security faults, which is defecting the entire system. This presentation aims at analyzing the existing network setup, highlighting the weakness, and suggesting effective security measures by utilizing packet tracer and testing the new system to ensure that it is effective.
The network of the company is made up of DMZ, Public Network, Cambridge branch and Manchester HQ networks. Individual network segment plays a specific role and interacts with both external and internal devices. The current configuration is composed of NAT settings, IP address and the specifications of each device.
An in-depth analysis of the company’s network established numerous serious risks that called for an immediate intervention.
Unsecured network devices such as routers pose a major threat to the network by expose it to attackers (Rizvi et al., 2020,) This includes:
The servers which are located in the DMZ and intended for public access are susceptible and exposed as critical points to cyber-attack threats. They are exposed directly to the internet and they are key targets for malicious attacks which include the SQL infiltration, malware infiltration, denial of service attacks, and further exploitation via zero-day risks. The network does not have robust strengthening measures and proactive risk management which further increases chances of being attacked. These servers are exceptionally vulnerable to exploitation. The security concerns within the DMZ is important since it safeguards the confidentiality and integrity of sensitive data that is stored in the servers. Reducing the chances of these risks to occur involves processes such as controlling access to the servers, having regular security patches and updates, and close monitoring of the firewall configuration systems.
Since the network operates without intrusion prevention system (IPS) and firewalls, this result in uncontrolled traffic movement across and within different network zones. This increases vulnerability of the system to malware injection, illegal lateral movement and data breaches in the network. Lack of these important security apparatuses in place, will result into the system experiencing malicious entrance compromising the company’s data and deflating the overall security of the network posture. Implementing the IPS and firewalls will be important to keep track, block, and filter suspicious traffic hence, protecting the network against illegal access and possible threats.
The integrated switches into the network lack important ports, VLAN implementation and security measures; thus, permitting unauthorized devices to connect uninterrupted. These aspects pose a big risk on the network as it allows potential access to sensitive information. Additionally, the encryption absence on the internal network traffic further increases the data interception risks. The network becomes vulnerable without holistic layer 2 security measures, leading to data access by unauthorized users and information breaches. Moreover, implementing mechanisms such as port security protocol or VLAN segmentation is crucial in protecting sensitive information, minimizing unauthorized access, and controlling connections. Additionally, permitting encryption for internal network security is vital in limiting unauthorized users and safeguarding data security.
Manchester and Cambridge rely on the public internet for communication, posing major network vulnerabilities like information hijacking, eavesdropping, and data manipulation. Public internet further lacks the needed security protocols and encryption methods, making the communication channel prone to unauthorized connections and numerous interceptions. This, in turn, jeopardizes the confidentiality and integrity of data in transmission, thereby threatening the security and privacy of sensitive information. Therefore, it is vital to consider the implementation of secure and safer communication channels and protocols like encrypted communication channels or virtual private networks to help prevent potential security breaches and protect data during transmissions.
The recommended security measures are implemented by the use of Cisco Packet Tracer. This can be achieved by configuring and securing network devices such as the Manchester Router for administrative access, setting up zone-based policy firewalls, reinforcing layer 2 security, deploying intrusion prevention systems and creating VPN connections between Cambridge and Manchester. A detailed policy document and configuration process will be issued for the future reference and maintenance.
Recommendations include:
The configuration of the Manchester router is minimal and lacks various security best operations. Securing devices is very important since it minimizes the risks of successful attacks, prevents costly disruptions and protects data. Also, it minimizes the overall network threats by addressing risks across the network, minimizing vulnerable cyber-attacks and improving the security posture of the network (Aslan, et al 2023). This report recommends the following security settings and improvements.
Figure 1: Router Security Settings
Figure 2: Securing Router Device
The implementation entails establishing security zones, then incorporating polices that allows traffic control between these zones based on a specific, defined criteria (N’goran et al., 2022).
Figure 3: Creating the Firewall Zones
Figure 4: Identifying Traffic Using a Class-Map
Figure 5: Specifying and Applying Firewall Policies
The IPS systems involves active monitoring of network traffic. The systems detect malicious codes, patterns and signatures and immediately block them or provide an alert of the suspicious activity before it proceeds to infiltrating the network and harming sensitive data.
Figure 6: Creating an IOS IPS configuration directory in flash, Configuration of the IPS signature storage location, Creating IPS rule.
Figure 7: Configuring IOS IPS to use the signature categories, Applying the IPS rule to an interface and signature modification
Specific MAC ports address authentication through configuring port security on switches to restrain unauthorized devices access. Also, implementing VLANs and enhancing layer 2 security to segregate network segments logically further improves the security boundaries. It can be achieved by deploying Network Access Control (NAC) solutions for better control over access of devices and activity on the networks.
Figure 8: Enabling Port Fast on all access ports.
Figure 9: Enabling BPDU guard on all access ports.
Figure 10: Adding switch Port Security
Figure 11: Disabling unused ports
As described by (Nyakomitta et al., 2020), VPNs allows secure communication and access to resources only to the authorized devices and users and devices as if they are in the same location.
The testing involves verification of the implemented security plans.
What |
Where |
Command/Test |
Result |
Comments |
Secure administrative access |
Manchester router |
Check the connectivity of SSH from authorized user |
Successful connection |
The SSH service (version 2) is enabled and Can only be accessed through the correct credentials. |
Telnet connection attempt |
Error |
The telnet connection has been disabled to prevent unsafe access. |
||
Review ACLs |
The ACLs have been rightly configured for the purpose of controlling flow of traffic between interfaces. |
Confirmed that only allowed traffic is allowed to flow between network segments. |
||
Password Settings |
Encrypted and, strong passwords. |
Complex passwords that are hard to guess have been set and are needed for privileged access. |
||
Zone based policy firewalls |
At the Manchester firewall |
Check connectivity between authorized devices within the permitted zones. |
Successful connection |
Firewall rules are permitting communication between the allowed zones. |
Ping requests from unauthorized zones and devices |
Request denied |
The firewall blocks unauthorized traffic between zones. |
||
Checks logs for denied connections or dropped packets. |
Presence of log entries from blocked traffic attempts |
Firewall monitoring for suspicious activities. |
||
Layer 2 Security |
DMZ switch |
Check for configuration of port security on access ports. |
Port security settings enforced |
Only the authorized devices can connect to the selected ports. |
Test unauthorized connection of devices to the secured ports. |
Denied Connection. |
The port security blocks attempt of unauthorized access. |
||
Test Vlan Communications with authorized devices |
Successful connection |
Segmented VLANs controls traffic and restricts unauthorized access. |
||
Secure Communication from VPNs |
Manchester and Cambridge users |
Test for VPN connectivity |
Successful pings |
VPN allows secure remote access |
Data transfer between tunnels |
Successful |
Data transferred between the VPN tunnels is encrypted and safe. |
||
Try unauthorized access to resources which are beyond the authorized endpoints |
Access denied |
The VPN restricts unauthorized access within the network. |
This security analysis and design plan offers a comprehensive overview of Callister Inc's roadmap to attain a sustainable network security. Implementing the recommendations and appropriately testing the solutions' efficacy will result in substantially lower security risks while safeguarding the valuable data assets. Furthermore, progressive security awareness training is key in organizational success along with occasional employee vulnerability assessments for proper posture maintenance. Adopting a proactive strategy to network security will secure Callister Inc.'s long-term success and sustainably protect the company against the evolving cyber risks.
Aslan, Ö., Aktuğ, S.S., Ozkan-Okay, M., Yilmaz, A.A. and Akin, E., 2023. A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions. Electronics, 12(6), p.1333. https://doi.org/10.3390/electronics12061333
N’goran, R., Tetchueng, J.L., Pandry, G., Kermarrec, Y. and Asseu, O., 2022. Trust Assessment Model Based on a Zero Trust Strategy in a Community Cloud Environment. Engineering, 14(11), pp.479-496.
Nyakomitta, P.S. and Abeka, S.O., 2020. Security investigation on remote access methods of virtual private network. Global journal of computer science and technology, 20.
Rizvi, S., Pipetti, R., McIntyre, N., Todd, J. and Williams, I., 2020. Threat model for securing internet of things (IoT) network at device-level. Internet of Things, 11, p.100240. https://doi.org/10.1016/j.iot.2020.100240
You Might Also Like
Computer Science Assignment Help
Guide on Sequel Programming Languages
1,212,718Orders
4.9/5Rating
5,063Experts
Turnitin Report
$10.00Proofreading and Editing
$9.00Per PageConsultation with Expert
$35.00Per HourLive Session 1-on-1
$40.00Per 30 min.Quality Check
$25.00Total
FreeGet
500 Words Free
on your assignment today
Get
500 Words Free
on your assignment today
Doing your Assignment with our samples is simple, take Expert assistance to ensure HD Grades. Here you Go....
🚨Don't Leave Empty-Handed!🚨
Snag a Sweet 70% OFF on Your Assignments! 📚💡
Grab it while it's hot!🔥
Claim Your DiscountHurry, Offer Expires Soon 🚀🚀