Design And Implementation Of A Secure Wireless Enterprise Network

Importance of Network Security

Discuss about the Implementation of Secure Enterprise Wireless Network.

The report is developed for designing and implementation of a secure wireless enterprise wireless network for an organization. The network solution is developed after a detailed analysis on the current technology that can be applied for maintaining the confidentiality of the organization. The settings that should be made on the networking device should be analysed for securing the network from the unknown sources. The main areas that should be covered for the enterprise is demonstrated using the network design created for the enterprise. For maintaining the security of the network the server is configured with AES encryption protocol and authorization, authentication, integrity and network intrusion is prevented for the management of the network. The security of the wireless network is the main factor for the success of the network and for enabling remote connection the RADIUS server should be configured with the appropriate settings.

The confidential information of the enterprise should be kept secured and the wireless local area network should be secured with the application of encryption algorithm such as WPA2 for improvement of the security of the organization. An analysis is made on the ethical implication for the installation of the network device in different location of the workplace area and documented in the report. A design of the enterprise wireless network is also given in the report for the identification of the network topology used for the development of the network. For the analysis of the network a social analysis is done and the users are involved in the analysis for the identification of the needs of the wireless framework. The proposed action that is taken for designing the network should be evaluated for finding its consequences for deployment of the network device in different location of the network. The radiations emitted from the network device and the standards maintained for deployment of the new device should be analysed for the management of the network and removal of the constraint to develop the network framework. For testing the network a penetration testing should be used and it can cause violation of the trust issues of the organization.

The details of the testing team should be documented for the management of the network information and maintaining the confidentiality of the data. The different acts such as computer misuse act 1990, data protection act 1998 should be evaluated for the protection of the data and policy of the organisation. The router configuration used for connecting the different departments of the organization and securing the wireless network should be kept protected and the computer misuse act helps in implementation of a legislative control on the network for reducing the frauds and illegal access of the network. The application of the act causes the unauthorised access of the network to be considered as criminal activity.

Network Design and Topology

The wireless network is designed using three cisco 2811 series router and each of the router are connected with each other for increasing the redundancy in the path for sending and receiving the data packets in the network. The router 1 is connected with two local servers that are used for storing the information of the organization and management of the information system. The Router 2 is connected with a switch for the management of the local distribution and connecting the different hosts in the network. The wireless access point is also connected with the distribution switch. Two different vlans are created for connecting the wireless hosts and the pcs and increase the security of the network. The wireless access points are configured with the application of security encryption for restricting the unknown users to connect with the wireless network of the organization and keep the network secure from illegal agents. The routers are interconnected with each other suing serial connection such that the connection is stable and The two access point deployed in the network are kept in the same VLAN. The Router 3 is also connected with a switch for the management of the distribution of the network. An analysis should be made on the number of users and the area of coverage of the wireless network for the installation of the access point in different location of the network. For enabling the VPN and the remote connection with the user the server 2 is configured as a RADIUS server and username and password is set for the management of the remote users. The password management is important for the maintaining the identity of the user and record the details of the user for allowing them to access the sensitive information of the enterprise network solution. The router 1 should also be configured with IPSEC protocol and Windows server 2012 R2 should be used as a RADIUS server configuration with the management of the authentication service and configuring the active directory service. The router should also be configured with the firewall policy such that the unknown IP address and the data packets can be blocked to reach the server. The channel used for the transmission of the VPN traffic is also encrypted for the increasing the security of the network framework.

The user should be authorised for accessing the wireless network and the configuration choices should be given to the user such that the records of the user using the wireless network is kept. The user should be managed with controlling the encryption and development of a user access policy for the personal and corporate device provided to the employees. A user access policy should be created and the use of third party tools for the automation of the client provisioning and integration of the wireless access control with the other network access control. The guests connecting to the wireless network should be redirected to a page accepting the user access policy for securing the company equipment. The creation of the VLAN and running antivirus program can help in controlling the wireless network device. The embedded wireless device on the WLAN can be managed with the use of pre shared WPA 2 and AES encryption.

Encryption Protocol and Password Management

Different types of authentication techniques such as open system authentication, MAC based access control can be implemented for allowing the network device to connect with the wireless network solution. The open mode is used when guests are needed to connect with the wireless network for increasing the efficiency of the work and management of the network resources according to the business policy of the organization. The Mac based access control is used for a closed network where the registered device can only connect with the wireless network for sending and receiving the data packets. The Pre shared keys can also be an alternate solution for the authentication of the user using the wireless network where the pass key is provided to the user to connect with the WLAN and the strong encryption is used for the management of the authentication of the user.

The integration of the mobile information is essential for eliminating the limitation of the business boundaries and enforcing the security priorities from the perimeter of the network. For maintaining the integrity of the corporate information focus should be given on the prevention of unauthorised access and maintaining a control on the wireless network environment. With the rapid growth in the adoption of the wireless network the implementation of network firewall, enforcing the security policy has become an important task for the prevention of the malicious attempt on the network

For the prevention of the network eavesdropping the wireless access point should be configured with WPA2 encryption because it provides better encryption than its primitive versions. It should also be analysed that if the router supports partitioning and layer 2 isolation can be applied for blocking the user to user communication and make the network secure from the internal users. For sharing of the file and the information the user needs to communicate with the RADIUS server and it needs complex configuration for connecting with the wireless network.

For the implementation of the secure enterprise wireless network it is important to analyse the different wireless standards and analyse the encryption methodology that can be selected for the development of the wireless network framework. The risk associated with the development of thee wireless network framework is analysed for the development of the WLAN network. The intruder can access the wireless network from remote location and use amplified equipment for breaking the wireless signals and gain the access of the framework. A proper planning should be made for defending the network from the external agents. A proper planning for the management of the configuration is essential for eliminating the risks and taking the necessary steps for protecting the network for the migration of the risks. There should be a classification of the data into private and public data for minimizing the bleeding of the control signals. Uni-directional antenna should be used for localizing the signal and shielding it from the external walls for expectation of the location. Each of the layers of the OSI model should be used for protecting the wireless network signal. There are different tools that are used for the penetration into the network and kali linux is the mostly used tool that are used for gaining the action of the network. With the growth of the wireless network IEEE 802.11 are widely used for the management of the media access control and it is important for the application of the encryption protocol for securing the access points.

Authentication Techniques

The defence in depth technique is implemented with the application of WPA2 and enabling wireless intrusion detection system. An active scanning and monitoring of the unknown device also helps in prioritizing the deployment of the wireless network. There can be different types of attacks such as active, passive, inside, close in and distribution attacks. The link and network layer encryption can act as the first defence and security encryption can also be used for increasing the security. The defence mechanism for the active attack is to defend against the enclave boundary and defend from the computing environment. The insider content can also be protected with the application of personnel and physical security and auditing, authentication of the access The close in attacks can also be avoided with the application of physical and personnel security and using countermeasure for technical surveillance. The attacks in the distribution layer can be avoided with the use of trusted software and the use of run time integrity controls.

Conclusion

The secure enterprise wireless network solution is designed in Boson network for the identification of the new concept and technology used for the development of the network. For designing the network an analysis is made on the different available network device that can be used for serving the needs of the users using the enterprise network. Two network servers are used and configured according to the different service that are needed for providing authorization, authentication, integrity and prevention of the eavesdropping. An intrusion prevention system and an intrusion detection system is used for gathering evidence from the network and use it for securing the network. The combination of the password encryption protocol should use with the combination of alpha numeric and special character for increasing the security. The distribution layer switches are configured with VLAN for isolating the access point maintaining the stability of the WLAN. The default security mechanism can be altered and added with new security techniques for getting the best security solution. The application of WPA2 for increasing the security of data can help in enforcing the centralized security policy and enforcement of the wireless security policy for the access point. The effect on the ongoing traffic is analysed for identification of the impact of the application of the wireless security policy and reduce the error for getting the best possible output from the security policy designed for the WLAN of the enterprise.

• Santana, D. Souza, K. Simon, Fischbach and H. De Moura, Network Science Applied to Enterprise Architecture Analysis: Towards the Foundational Concepts. In Enterprise Distributed Object Computing Conference (EDOC), 2017 IEEE 21st International(pp. 10-19). IEEE, 2017, October.
• Arambatzis, Theodoros, Ioannis Lazaridis, and Sotirios Pouros. “Modern Windows Server Operating Systems Vulnerabilities.” In The Third International Conference on Computer Science, Computer Engineering, and Social Media (CSCESM2016), p. 29. 2016.
• Coffey, Kyle, Richard Smith, Leandros Maglaras, and Helge Janicke. “Vulnerability Analysis of Network Scanning on SCADA Systems.” Security and Communication Networks2018 (2018).
• Simon, K. Fischbach and D. Schoder, Enterprise architecture management and its role in corporate strategic management. Information Systems and e-Business Management, 12(1), pp.5-42, 2014.
• N. Chorafas, Enterprise architecture and new generation information systems. CRC Press, 2016.
• El, Malaka, Emma McMahon, Sagar Samtani, Mark Patton, and Hsinchun Chen. “Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments.” In Intelligence and Security Informatics (ISI), 2017 IEEE International Conference on, pp. 83-88. IEEE, 2017.
• Gurrib, “Do Shareholders Benefit From a Merger? The Case of Compaq and HP Merger”, International Journal of Trade, Economics and Finance, vol. 6, no. 1, pp. 53-57, 2015.
• Safari, Z. Faraji and S. Majidian, Identifying and evaluating enterprise architecture risks using FMEA and fuzzy VIKOR. Journal of Intelligent Manufacturing, 27(2), pp.475-486, 2016.
• Hacke, U.G., Venturas, M.D., MacKinnon, E.D., Jacobsen, A.L., Sperry, J.S. and Pratt, R.B., 2015. The standard centrifuge method accurately measures vulnerability curves of long?vesselled olive stems. New Phytologist, 205(1), pp.116-127.
• Lapalme, A. Gerber, A. Van der Merwe, J. Zachman, M. De Vries and K. Hinkelmann, Exploring the future of enterprise architecture: A Zachman perspective. Computers in Industry, 79, pp.103-113, 2016.
• Hinkelmann, A. Gerber, D. Karagiannis, B. Thoenssen, A. Van der Merwe and R. Woitsch, A new paradigm for the continuous alignment of business and IT: Combining enterprise architecture modelling and enterprise ontology. Computers in Industry, 79, pp.77-86, 2016.
• Kenkre, Poonam Sinai, Anusha Pai, and Louella Colaco. “Real time intrusion detection and prevention system.” In Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014, pp. 405-411. Springer, Cham, 2015.
• Khari, Manju, and Neha Singh. “Web Services Vulnerability Testing Using Open source Security Scanners: An experimental Study.” International Journal of Advanced Engineering and Global Technology (IJAEGT)(2014): 790-799.
• Kuvaiskii, Dmitrii, Somnath Chakrabarti, and Mona Vij. “Snort Intrusion Detection System with Intel Software Guard Extension (Intel SGX).” arXiv preprint arXiv:1802.00508(2018).
• Da Xu, Enterprise integration and information architecture. CRC Press, 2014.
• Zarvi? and R. Wieringa, An integrated enterprise architecture framework for business-IT alignment. Designing Enterprise Architecture Frameworks: Integrating Business Processes with IT Infrastructure, 63, 2014.
• Orth, Ulrich, Richard W. Robins, Laurenz L. Meier, and Rand D. Conger. “Refining the vulnerability model of low self-esteem and depression: Disentangling the effects of genuine self-esteem and narcissism.” Journal of Personality and Social Psychology110, no. 1 (2016): 133.
• Saint-Louis, M.C. Morency and J. Lapalme, Defining enterprise architecture: A systematic literature review. In Enterprise Distributed Object Computing Workshop (EDOCW), 2017 IEEE 21st International(pp. 41-49). IEEE, 2017, October.