- Network Security Proposal
- I. Analysis and Planning
- A. Vulnerability Assessment
- B. Security Policy
- C. Risk Management
- D. Business Continuity Plan
- E. Access Controls
- II. Securing Boundary Devices, Hosts, and Software
- A. Physical Security
- B. Mobile Device Security
- C. Perimeter Defenses
- D. Network Defense Devices
- E. Host Defenses
- III. Securing Data at Rest and in Transit
- A. Public Key Infrastructure
- B. Secure Protocol Implementation
- C. File Encryption
- D. Hashing
- E. Backup and Restore
Network Security Proposal
I. Analysis and Planning
A. Vulnerability Assessment
The UMUC’s network is vast and involves many students, staff and administration PCs and mobile devices to operate simultaneously. Hence there arises a huge need of vulnerability assessment in order to find weaknesses and overcome them on time. This helps in providing the university with targeted ways of avoiding and preventing the vulnerabilities for future security. The UMUC’s network needs to thoroughly analyze and then take proper actions towards these vulnerabilities .
In order to perform vulnerability assessment, following steps should be taken
1. Scanning must be done of all the IP addresses available in the network. User credentials such as username and password to access the network should also be scanned in order to find weaknesses at that end
2. Scanning all the tools employed over the network. The scanning of these tools must be performed in safe mode only.
3. All the vulnerabilities discovered in the network must be verified.
4. The impact should also be analyzed and then these vulnerabilities should be prioritized to generate possible mitigations on each one of them .
The weaknesses in the network should be identified and prioritized as early as possible so that it does not affect the network operations.
The solution to the above stated requirements is very much valid and correct since vulnerability assessment should be done practically all over the network. The solution discussed will surely affect the network performance since there will be acute weakness in the network which will result in better services to staff and students. If vulnerability assessment is not carried out on the network, it may result in delayed services and may cause havoc.
B. Security Policy
The UMUC’s network stores confidential credentials including passwords, files it becomes mandatory to apply security policies for network. Security policy is responsible for safeguarding the information on the network and also that of stored on the server. These measures are taken for the protection of information to build trust factor for the users. The staff files and students’ information are needed to be secured. The best way to employ security policy is providing passwords to the users be it staff or students .
UMUC must protect intellectual property and other information of the network and its users. The best solution is to provide passwords to each user of the network with monitoring their browsing pattern. The passwords to each user may keep their information safe towards them. The passwords not should be easy to guess for the other user over the network. Moreover, passwords should be at least 10 characters long with one symbol and one alpha numeric character. These constraints may make the network more secure. The authentication system should be included the network for more secure network operations .
Since the authentication system makes each user distinct and adds password to the system security increases eventually. No other user can enter to the network other than staff and students. This makes system more secure. The policy may also include some of the other measures to make it even more secure.
C. Risk Management
The network has several ways to avoid risks in the network. Cyber-crime avoiding is not a very difficult task. The possibility of attack must be known in order to avoid the risk. There are many risks involved with cyber-crime. Risk management must be initiated my looking up at a broader sense, then the amount of risk must be assessed with each risk identified .
With risk management, many risks related to cyber-crime can be found out. Learning how severe they can be and prioritizing them is very important and this can only be achieved by risk management. Risk management software such as SolarWinds MSP minimizes cyber-crime at very good level. Such applications may be helpful in identifying, verifying and mitigating risks especially for cyber-crimes. The networks where there are many users associated are more prone to such risks. Hence the risk management for cyber-crime is of much importance .
D. Business Continuity Plan
The business continuity planning is required for the network so that the plans must be ready for the disaster of the network. The network break down may result in unfavorable situation which can disappoint its users. Hence a business continuity plan must be incorporated in order to serve the network users even after the failure .
The UMUC should be ready with a backup plan on network break down. The backups should be very easily deployed for the operation of the network. For an instance if an access point at one building fails, the another access point at the same floor must be capable of handling the load till the issues with the access point is fixed. The staff and students must not experience any problems due to the small issue in the network .
The proposed solution is to avoid the problems arising due to network issues. Backup plans are very essential to continue any operation in the network even with small faults in the network. On small network changes, it may cause some problems in the network’s performance. Hence back up plans may save the overall network performance.
E. Access Controls
The most essential part of the network is access control. With the huge network, it becomes necessary to provide access control mechanisms. UMUC involves many users with different roles. With this complexity comes, the challenge of what to be shared and with whom. No network can be open for all the users. Hence it is highly required to put access control over the network. The authentication system itself is designed in such a way that on authentication, predefined set of parameters determine the authorization of the user. The access may be accepted or failed by the system on the basis of user credentials entered while logging into the network.
Access control implementation is quite challenging because it needs communication between protocols and various technologies to make it execute in the proper manner .
It has been a tough work to deploy network at university sites. This is due to frequent changes in users over a year. New students may add and old should be removed. Also the challenges are with those students who take a break from university especially if they have back logs during academic years. Staff and faculty members are constant than students but they login from multiple locations and different devices which again is a small challenge. Since multiple entities are involved with the network, access permissions are highly required.
The network access control provides the university campus network administrators the facility to determine who should access what part of the network and data. Access control also allows the administrators to set the restrictions for the number of devices a user can connect to the network .
The solution of implementing a good authentication and authorization system in the network is the only way to achieve access control. Using the authorization system may lead to divide the access to different users based on their roles in the university and the network.
II. Securing Boundary Devices, Hosts, and Software
A. Physical Security
In the age when computers were in limited use, they were accessed by few people and were safe in rooms where very few people could enter. But today, all the PCs and laptops anywhere in the network has access to the network. Physical security is a major concern since new technologies have introduced .
The solutions for the physical threat are quite challenging. RJ plug lock in device can be used in order to remove unauthorized access from the device. Another solution is the surveillance of the entire college. Deploying cameras at different locations in the college may help reducing physical devices tampering threat. The cameras must be high definition with night vision and also must clearly show the object at its fair visible distance .
The cameras can prove to be very beneficial when it comes to secure physical devices at the site. It may lessen the bad act of harming them.
B. Mobile Device Security
Hackers may hack your personal information by accessing remotely to your phone. They may steal your banking credentials and make you pay their bills by using your stored card details in your phone. Mobile devices may also get harm by sending new viruses and malwares to your phone. This may lead to permanently break down of your device or theft of your data stored in it .
The possible solutions can be considered as protecting your phone by making your phone more secure so that the thief may not know how to get into your phone. This can be achieved by adding some unlock pins or patterns. If your phone allows biometric ways to unlock such as fingerprint scanning and iris recognition then also apply those mechanisms. In order to save the data from stealing, encrypt the data that you store on the device. Always enable a feature name “remote wipe” on your phone. This feature is applicable to both iOS and android .
Mobile device security is the concern to the university students as well as staff members. Solutions to avoid mobile device theft are best as per the scenario. The users of University College network needs to safeguard their devices and information stored on it by taking above stated measures .
C. Perimeter Defenses
A perimeter defense is employed in most of the network structures. It includes hard exterior and soft interior. The UMUC’s network must include perimeter defenses to highly secure the network. If configured in the wisest way, the perimeter defense allows only thoses activities that are required to be conducted on the network. It then denies all the other activities that aren’t allowed in the network .
Perimeter defense includes use of firewalls, intrusion detection systems along with virtual private networks which can be very beneficial to remove anomalies and invalid requests from the network. Firewalls deny the unauthorized access to some websites from the network. It also identifies if the website contains malwares and viruses and also blocks its access for the users. Intrusion detection systems (IDS) are very useful to detect anomalies within the network .
Using virtual private networks, intrusion detection systems and firewalls may secure network in best possible way. University College should also employ all such infrastructural changes to make it less prone to external attacks.
D. Network Defense Devices
The network defense is required at UMUC’s network to protect the network from vulnerabilities, threats and attacks. The network where several documents including official and academic are stored, the network is highly needed to be safeguarded in such environment. There are several tools and applications available in the market especially to perform network defense for all kinds of network .
The tools are the best solution to provide network defense in the network. These tools enable the network administrators to preserve the veracity of the network. These tools available in the market protect all the data, credentials and other network information from getting tampered .
The ready solution in the market can save the network from threats and breaches that could harm the network in several other ways.
E. Host Defenses
Host defense is the key requirement of a network, be it small or huge. If the hosts in the network aren’t secure or they aren’t working fine, no services can be reached to its end users. For an instance, if no host defense mechanism is employed in the network, and some of the hosts got corrupted this may result in delayed services to staff and students. Hence host defense is another way of providing security especially to the hosts in the network. The host defense if not incorporated leads to compromising the effectiveness, performance and trust factor of the hosts .
The firewalls and host based intrusion detection system can help in achieving the host defense. The attacker may destroy the hosts on the network by sending viruses or malwares in the network. These viruses can be blocked by intrusion detection systems and firewalls set up on the hosts. Using firewalls any unauthorized access on the host can be filtered out easily .
The proposed solution for host defense in the form of firewall and host based intrusion detection system is something that should be adopted at university college network. On destruction of the hosts, the network will be of no use since no services of the network could reach the end user.
III. Securing Data at Rest and in Transit
A. Public Key Infrastructure
Public key infrastructure provides the public key assurance and its distribution. It includes a public key certificate as called as digital certificate, private key tokens, certification and registration authority and certificate management system. The network with several users attending different website needs the public key infrastructure in so as to secure data over the network .
Public key infrastructure is a framework which helps in achieving security over the internet. Various websites are being surfed by different users’ every day. While designing s public key infrastructure for a particular website the key attributes involved are authentication, access control, confidentiality, integrity and non-repudiation .
The identity checking solutions based on certificates are deployed if the website is serving confidential data. The further advancements can be made by including file encryption while sharing files over the network, email security scan can be provided to filter out malwares attached with the mail.
B. Secure Protocol Implementation
There are several security issues that should not be ignored at any cost. If ignored may cost to a huge loss. The security protocol is needed in the University college network because there are several files being transferred over the network. Moreover, all the entities, students, staff and administrative staff use the network for their personal use such as banking. Hence the protocol should be designed securely in order to provide secure network usage experience .
The foremost way to achieve secure network protocol is to design the protocols in an understandable formal language. First Authentication Header (AH) should be designed to provide authentication to sender’s data. Not only AH but also with integrity check and non-repudiation the sender’s data must be secured.
Another step for secure protocol should be adding Encapsulating Security Protocol (ESP) which supports sender’s data authentication check which is being communicated .
Since for huge UMUC network, the administrators need to monitor the protocol in the most secure data transfer. To achieve this, both the solutions stated above can be proved to be very beneficial for the sound file transfer on the network. For an instance, the students need to upload their assignments through the portal and for securely transferring the file from student’s end to the server is the most essential part of secure transmission.
C. File Encryption
All the data in UMUC network are intended for academic purpose and hence the loss in such data may result in overall huge data loss. Hence the file encryption is highly required in the network to safeguard the files stored on the servers and also it is equally of great need for files being transferred from one end to another. The data that should be encrypted is either at rest or in transit. At rest means when that data is stored on the server in the databases. The data stored on computers or on the cloud are also referred to as data at rest. Whereas, the data transferring on the network while sending email attachment or through website downloading is the data in transit .
To achieve encryption, following are the ways:
1. Full Disk Encryption (FDE): The data at rest needs to be protected through encrypting the hard disks on the computer which protects data on the computers and other such devices.
2. End-to-end Encryption (E2E) : This encryption conceals the data in such a way that the only he sender and the receiver can read it. This type of encryption is used to protect data in transit .
File encryption is achieved by adding suitable encryption mechanism to the data at transit and rest. Encryption of the data is the most suitable way to safeguard files on the network. It is equally important to protect encryption key because losing encryption key may lead to losing your data too.
Hash functions are most widely used way to securely access data from huge databases. Many applications make fair use of hashing technique to search the data in the most efficient manner. The function that converts an input value into another compressed form of input. The input usually is a numeric value. The input length may vary but the output is always fixed in length. The hash code is always different for all the different files. UMUC may require searching the files in the databases. To search a particular file from a pool of files is a tedious job for the system. Hence there is a good need of hashing to overcome this issue .
The most popular hashing technique is MD (Message Digest). It generates hash code for each uploaded file on the server. On searching any file its hash code is compared with the available hash codes on the network. Message Digest algorithm has the variations like MD2, MD4, MD5 and MD6. Out of all the variations of MD, MD5 is proved to be the best .
The message digest code generation for each file on the server may help in reducing overall searching time on the network. UMUC needs such hash codes for searching files which reduces the time for searching the files. When staff or students need to search a file, files with hash codes may perform better in searching the files rather than linear searches.
E. Backup and Restore
The data as well as hardware configurations should be backed up regularly to save the network from failure. Data loss may lead to huge damage internally disappointing all its users. But network hardware configuration loss may lead to overall network failure. Hence in both the cases, both types of backups are equally important to deal with. To backup data regularly is of utmost importance since it changes very frequently. A back after before few hours may also lead to acute data loss since data changes regularly .
To backup network hardware, is not a tedious job. Since the configurations are usually static, the network hardware setup does not change very frequently and hence a manual backup may also save the network from loss of services for a minor change in the network topology. University college network infrastructure needs to take hardware backups at some defined interval of time so as to save network break down. Backing up data on the server is quite challenging since it changes in short period of time. Servers store huge data and backing them up time to time needs a dedicated application intended to perform this task .
The backup applications are readily available in the market which can help a system in backing up software as well as hardware. Tools for backing up huge data should be employed on UMUC network for no chances of data loss. Restoring data is also performed by the same tool which creates back up of the network.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the studentsPlace Your Order
 “Network Protection and Information Security Policy,” NETWORK PROTECTION, September 14, 2012
 “RISK MANAGEMENT IN NETWORK SECURITY,” [Online] Available: https://www.solarwindsmsp.com/content/risk-management-in-network-security. [Accessed: 11- Feb- 2018]
 “Business Continuity Planning,” Federal Financial Institutions Examination Council, Business Continuity Planning Booklet, FEBRUARY 2015
 “Spotlight article: Domain 7, Business Continuity”, [Online] Available: http://searchsecurity.techtarget.com/feature/Spotlight-article-Domain-7-Business-Continuity. [Accessed: 11- Feb- 2018]
 Sue Marquette Poremba, “Network Access Control: Restricting and Monitoring Access to Your Network and Data,” March 24, 2017.
 D. Hutter, “Physical Security and Why It Is Important,” SANS Institute InfoSec Reading Room, 2016.
 “Mobile Device Security,” [Online] Available: https://ist.mit.edu/security/mobile_devices. [Accessed: 11- Feb- 2018]
 A. Lipson, “Perimeter Defense Model for Security,” June 2002. [Online] Available: https://www.scmagazine.com/perimeter-defense-model-for-security/article/548761/. [Accessed: 11- Feb- 2018]
 “Network Defense,” [Online] Available: http://vn.trendmicro.com/vn/business/cyber-security/index.html. [Accessed: 11- Feb- 2018]
 “Challenges of Host Defense Components,” [Online] Available: https://flylib.com/books/en/22.214.171.124/1/. [Accessed: 11- Feb- 2018]
 “PKI SECURITY: ENCRYPTION KEY MANAGEMENT & AUTHENTICATION,” [Online] Available: https://safenet.gemalto.com/data-protection/pki-security-solutions/. [Accessed: 11- Feb- 2018]
 B. Tobler, “A STRUCTURED APPROACH TO NETWORK SECURITY PROTOCOL IMPLEMENTATION,” Technical Report, November 2005.
 “Encryption Basics: How It Works & Why You Need It,” [Online] Available: https://www.upwork.com/hiring/development/introduction-to-encryption-data-security/. [Accessed: 11-Feb-2018]
 “Cryptography Hash functions,” [Online] Available: https://www.tutorialspoint.com/cryptography/cryptography_hash_functions.htm. [Accessed: 11- Feb- 2018]
 “Data backup and storage networking basics: Why back up network hardware?,” [Online] Available: http://searchdatabackup.techtarget.com/tip/Data-backup-and-storage-networking-basics-Why-back-up-network-hardware. [Accessed: 11- Feb- 2018]