Network Security Solutions And Network Vulnerability Scanning

Types of Network Security Vulnerabilities

Network security solution mainly comprises practices, processes, and policies that are adopted by the organizations for detecting, preventing, as well as monitoring the modification, misuse, or unauthorized access of a computer network. Recently, I have joined as a network security consultant in a consulting company named Big4 consulting firm. After joining, I have recently assigned to my first new client. Here, my task is to help the company to secure its entire network. The organization has a large number of employees and several workstations and servers are placed in their network. Recently, the network infrastructure company was breached and cybercriminals steal various kinds of sensitive information from the organization’s network. The company wants proper security solutions from our consulting firm as they did not want another security to their network. The company mainly handed over a network design of their network to identify the key attack vector that allows cybercriminals to get unauthorized access to the network. The network design of the client company is presented in the following figure:

From this network design, it has been confirmed that the organization mainly has four departments namely server net, remote net, corp net, and R & D network. Both the server net and corp net are located in the same building of the head office network. Whereas the R & D net and remote net are located in different geographic locations but all of them are connected through the internet service provider. As the chief information security officer of the organization is feared about the security breach, he contacted our company to get assistance in combating network security vulnerabilities (Alexander 2020). Therefore, in this paper, the current trend of security issues will be identified and further proper recommendations will be provided to combat the security issues. 

From the provided network design, it has been identified that the corp net and server net are connected to the same internet connection and they are located in the same building so the server network which comprises sensitive information of the organization that is accessible by all the workers of corp network so there is a possibility of an internal breach. However, the network design of the company contains some wireless devices that can lead to man-in-the-middle attacks and DDoS attacks (Lin et al. 2018). However, there are some other current network security vulnerabilities available like ransomware, phishing attacks, injection attacks, insider threats that can create a problem for the organizations. So, the organization needs proper security control measures to combat the current network security issues that are discussed below:

• Implementing security policy: As corp net and server net are connected to the same internet connection and they are located in the same building so the server network comprises sensitive information of the organization that is accessible by all the workers of corp network so there is a possibility of an internal breach (Alexei 2021). So, it is recommended to the organization to implement a robust security policy that should contain the procedures of detecting and preventing misuse of the network as well as provide a guideline to handle the sensitive information.
• Develop a DMZ for server net: It is also recommended to the organization to develop a DMZ zone for the server network. The Zone will provide an extra layer of security to the organization’s network by unauthorized and remote access to the internet information and servers. So, by developing DMZ zone, it is possible to ensure the security of the server network.
• Implementing firewall and VPN: It is also recommended to install network security tools like VPN and firewall to prevent the current trend of security breaches. The company should bring three firewalls and they should be placed between the internet and internal network of three departments so that it can monitor the incoming and outgoing traffic of the network (Jiang 2021). However, VPN is recommended to use for remote communication where it will encrypt the transmitted data between remote net, R & D net, server net, and corp net.
• Using strong authentication: By using strong authentication, it is also possible to prevent the current trend of security breaches. By deploying multi-factor authentication that combines user ID and password with fingerprint readers, smart cards, or tokens, it is possible to prevent unauthorized access to the servers and workstations.
  Segmenting LANs: from the network design, it has been seen that the server net and corp net are in the same network so can create network security issues as insider threats can steal sensitive information from the servers as there is no physical security (Furdek et al. 2021). So, by segmenting the server net from the corp net, it is possible to provide an adequate level of security to the organization.
• Input sanitization and validation: In order to store various kinds of sensitive information of research, a database server is placed in the R & D department. If the database server is not protected properly, it can disclose sensitive information to the client. Therefore, it is recommended to sanitize as well as validate all the input to prevent injection attacks.
• Use encryption: As the organization supports remote access and their remote network is situated in different geographical areas, they need to frequently share information with the remote network. However, if it is shared as plain text, a cybercriminal can steal information by performing a man-in-the-middle attack (Hamza, Gharakheili and Sivaraman 2020). Therefore, it is recommended to encrypt all the sensitive information by using an advanced encryption technology so it will protect the information while it is in transit.

Security Control Measures

Furthermore, the firm must use the security threat mitigation approach outlined above to improve network security and reduce potential security threats. The company is able to establish a powerful network that will be hard for cybercriminals to infiltrate by implementing all of the above-mentioned rules, processes, and security technologies. However, it is also advised that the organization’s chief security officer undertake cybersecurity training programs for workers so that they are aware of possible cybersecurity dangers and can respond appropriately in the case of a breach. 

Network vulnerability scanning is the procedure of identifying potential security flaws of a computer system, entire network, or different types of IT assets that are targets for exploitation by cybercriminals. Here, the customer wants to perform a network vulnerability scanning on their network to identify the major security issues of their network. So, it is recommended to the customer to utilize an automated network vulnerability scanner tool to perform the vulnerability analysis. However, it is also recommended to utilize Kali Linux operating system to perform the network vulnerability scanning. Kali Linux OS is recommended because it contains a wide range of network vulnerability scanners that can be utilized to identify the key security issues of a system (Aksu, Altuncu and Bicakci 2019). In order to perform a basic scan on the network, Nmap is best as it provides details of the open ports as well as vulnerable services that run on the target machine.

For performing a complete network scanning, the OpenVAS tool is recommended which is a highly efficient and widely utilized network vulnerability scanning scanner. The tool mainly comprises different kinds of internet and industrial protocols, and a powerful programming language to perform efficient vulnerability testing. In order to perform vulnerability scanning through this tool, only the IP address of the target machine is needed to utilize. On successful completion of the vulnerability scanning, this tool provides categorize the risk of vulnerability on the basis of the harshness of each identified vulnerability (Xia, Liu and Yu 2020).  Therefore, it is recommended to the client to perform a white-box vulnerability scanning on their machine by using the OpenVAS tool to identify the attack vector that can lead to security breaches of the network. In the OpenVAS tool, by tapping on each vulnerability, the client company can know the causes and remediations of each vulnerability and one basis of it they can mitigate those vulnerabilities.

Using Automated Scanning Tools

Here, a breached server has been provided to perform the vulnerability analysis on the server. So, the oracle virtual box has been utilized to install the breached server, CyberOps workstation, and Kali Linux operating system. In the below figure, the setup of the AT1 breached server has been shown:

The IP address of the breached server has been shown in the following image that is 192.168.30.33:

After the identification of the IP address of the breached server, a new target has been configured on OpenVAS by using the IP address of the breached server that is illustrated below:

In the below figure, the OpenVAS scanning result is shown:

CyberOps workstation scanning

The IP address of the CyberOPs has been shown in the following image that is 192.168.30.32:

In the below figure, the OpenVAS scanning result is shown: 

The result shows that the rating of the vulnerability is 6.4 and its severity is medium.

All the identified vulnerabilities are presented below:

Conclusion

In this report, the OpenVAS vulnerability scanner has been used to perform vulnerability scanning on two servers. Here, for the vulnerability scanning, one breached server and one CyberOps workstation have been provided that has been scanned by using the OpenVAS tool. By performing vulnerability scanning on both servers, it has been identified that the attack vector is an external attack vector that has been utilized by the cybercriminal to perform a man-in-the-middle attack in OpenSSL Server. However, another vulnerability exists on the remote server as a remote server running a telnet service that permits cleartext login. Therefore, a total of 22 vulnerabilities has been identified from the breached server and 3 vulnerabilities have been identified from the CyberOps workstation. However, both the SSH and telnet port open the breached server that can allow cybercriminals to get unauthorized remote access to the system.

References

Aksu, M.U., Altuncu, E. and Bicakci, K., 2019, March. A first look at the usability of openvas vulnerability scanner. In Workshop on usable security (USEC).

Alexander, R., 2020. Using the Latin Square Design Model in the Prioritzation of Network Security Threats: A Quantitative Study. Journal of Information Security, 11(2), pp.92-102.

Alexei, A., 2021. Network security threats to higher education institutions.

Furdek, M., Natalino, C., Di Giglio, A. and Schiano, M., 2021. Optical network security management: requirements, architecture, and efficient machine learning models for detection of evolving threats. Journal of Optical Communications and Networking, 13(2), pp.A144-A155.

Hamza, A., Gharakheili, H.H. and Sivaraman, V., 2020. IoT network security: requirements, threats, and countermeasures. arXiv preprint arXiv:2008.09339.

Jiang, J., 2021, August. Computer Network Security Threats and Treatment Measures Based on Host Security Protection. In Journal of Physics: Conference Series (Vol. 1992, No. 3, p. 032049). IOP Publishing.

Lin, H., Yan, Z., Chen, Y. and Zhang, L., 2018. A survey on network security-related data collection technologies. IEEE Access, 6, pp.18345-18365.

Vinoth, S., Vemula, H.L., Haralayya, B., Mamgain, P., Hasan, M.F. and Naved, M., 2022. Application of cloud computing in banking and e-commerce and related security threats. Materials Today: Proceedings, 51, pp.2172-2175.

Xia, Y., Liu, C. and Yu, K., 2020, February. Design and Implementation of Vulnerability Scanning Tools for Intelligent Substation Industrial Control System Based on Openvas. In IOP Conference Series: Earth and Environmental Science (Vol. 440, No. 4, p. 042031). IOP Publishing.