The current network installation poses a very big security threat to the users and the company. According to the scenario, some of these security lapses can be attributed to the former IT administrator who was violently evicted out of the company. As according, the skills and the competence that an IT administrator should have was in a position to address most of these network vulnerability. This paper will address all the security issues associated with the current network by defining and employing a new network from both hardware and software perspective to address the current vulnerability exposed in the network in terms of software used and networking hardware.
This paper is not intended to give a literature review but the practical and a possible implementation of a network that marches a contemporary IT security system.
The wireless security network installation for Rare Vintage Auto Parts Ltd intends to enhance and address the security challenges posed by the existing. Since the eviction of the IT administrator, the Rare Vintage Auto Parts Ltd has decided to evaluate their network wireless infrastructure to aid the increasing need for security operations for the company following the high rates of cybercrime leading to high losses of data and revenues. Financing will be a necessity to implement the proposed network, which should be both lineated and address all the security vulnerability seen in the current network.
Both the hardware and software have chosen possess a great security threat to the system used to run the company. This section will classify the vulnerability in terms of software and hardware used in an analytic way.
The threats are chances of risks to obtaining benefits from errors or vulnerability, which are reasons for damages andor losses to resources or group of resources, affecting the company indirectly or directly as it, is in the case study of Rare Vintage Auto Parts Ltd. Risks examination is a compelling tool in WLAN risk administration. With this, a great security approach can be inferred and executed to protect the WLAN against conceivable exploits. On-going screening and occasional testing would then be able to be utilized to check that a deployed WLAN meets characterized goals. Vulnerabilities found in the process are at that point (re)analyzed in order to refine the policies as well as apply fixes. The iterative procedure is delineated in the diagram below.
It’s critical to comprehend the attacks that may influence a system. In any case, it ought to be noticed that a few attacks are more outlandish or more harming than others are. All the more additionally, it ought to be noticed that it is not useful or conceivable to shield any system against every conceivable attack. A more practical objective is to decrease related hazard to an adequate level. Dangers are put into a point of view by distinguishing one’s own WLAN’s vulnerabilities the likelihood that hacker will misuse them – and the business impact would happen.
The accompanying pointssteps are essential for performing risk evaluation.
The current company network lacks control of all wireless enable-networking devices connected to the network. The initial phase in securing wireless systems is to distinguish and control every remote device linked to the system. Wireless gadgets connected with to system ought to have a documented business case and proprietor. The gadget configuration must match the endorsed company security profile. Gadgets that do not meet the configuration and documentation prerequisites ought to be denied access to the system. It is difficult to secure the obscure. A decent and current system diagram is an unquestionable requirement to help in controlling computing environment. The control change is required to guarantee that no obscure changes happen that may endanger the network security.
For a big organization like Rare Vintage Auto Parts ought to have an IDS (intrusion detection system), to have the capacity to identify of any attack scheme against their system which it lacks in the existing network infrastructure. WIDS (wireless intrusion detection) aids to recognize rogue wireless gadgets identify successful compromises and attempts. Traffic ought to be observed as it goes through the wired system. WIDS will screen and alarm on compromises and attacks, however, it is an identification framework, not a counteractive action framework. Detection framework enables the exploits to occur and cautions to help in minimizing the time that the hacker is in the system. Without dynamic checking and rapid response, WIDS, similar to every other detection frameworks, begin to lose their value. Guarantee that before executing WIDS gross cost of proprietorship is well accounted for. The physical equipment is a little segment of the cost of implementation.
Rare Vintage Auto Parts Ltd utilizes WEP, which is easy to breach making it insecure. Instructional exercises are promptly accessible on the web to guide the attacker through the way toward overcoming WEP security. AES (Advanced Encryption Standard) and WPA2 (Wi-Fi Protected Access 2) ought to be utilized for all wireless network.
The current system needs separations and segregation of trust levels aids to secure the business environment. VLANs (Virtual Local Area Networks) are utilized to fragment one physical network into numerous virtual systems. VLANs minimizes inside a fragment. BYOD (Bring to Your Own Device) or other untrusted gadgets ought to exist on a different VLAN. BYOD as another approach permits business partners, employee and different clients to use an individual acquired gadget to run an enterprise application and access information. Commonly, it comprises tablets and smartphone; however, the network may likewise be utilized for PCs. Web traffic from this VLAN ought to experience a similar border security gadgets as a corporate traffic. they should be filtering in an enterprise access in order to consider it as untrusted. BYOD security can be tended to by having IT give comprehensive security prerequisites to each sort of individual gadget that is utilized as a part of the work environment and associated with the corporate system. For instance, IT might expect gadgets to have passwords, preclude particular sorts of uses from being installed on the gadget or require all information on the gadget to be encoded. Other BYOD security arrangement initiatives may incorporate constraining activities that staffs are permitted to perform on these gadgets at work and intermittent IT reviews to guarantee the gadget is in consistency with the organization’s BYOD security strategy.
The current network has no firewall and VPN which makes it vulnerable. Nonetheless, setting up VPN links with go through proxy servers, firewalls, and routers keep on pushing most of the network administrators to the edge of giving in to the emergence of network cloud. In this manner, using VPN servers to makes the network work in a coordinated way with other system defense structure.
Generally, correspondence within WSNs (wireless sensor networks) is done utilizing omnidirectional receiving wires, which communicate radio signal consistently in all directions. The Omnidirectional antennas are small, economical and easy to deploy, however, they experience the ill effects of poor spatial reuse, high collisions and decreased vitality effectiveness and are defenseless to security attacks. An important case of omnidirectional antennas is a straightforward dipole, having the radiation pattern delineated in the figure below.
Figure 1
Omni-directional antennae’s are prone to Passive Eavesdropping in which the malicious nodes detect the information by listening to the message transmission in the broadcasting wireless medium. The malicious hubs detect the data by listening to the message transmission in the broadcast medium. Regular WSNs commonly comprise hubs equipped with omnidirectional receivers, which transmit radio signals consistently in all directions. Thus the best solution for this is using Cisco 2504 Wireless controllers and thirty 802.11G/N Fixed Unified Access Points with Internal Antenna which is more secure as the is no systems that are 100% secure.
Cisco 1200 series Aps supports both the 802.11g and 802.11b clients concurrently. The performance provided by 802.11g is equivalent to that of 802.11a WLAN standards that work in the 5-GHz band, which also offers regressive compatibility with legacy 802.11b 11-Mbps standard. However, this series is vulnerable to a number of attacks namely:-
Cisco 2500 Series Wireless Controllers APs would be more secure than the Cisco 1200 Series APs. The proposed network will utilize the Cisco 2500 Series Wireless Controllers APs. Administrator and network control access is via RADIUS. Authentication of passwords and usernames happens against the backend database prior allowing access. In the case of added security, debilitate any unwanted wireless network. For instance, if all gadgets utilize 802.11n and 802.11g debilitate 802.11b and 802.11a. The virtual passage IP address must be the same for all controllers in a versatility group.
The firmware of Netgear WG602 is 1.5.67 this firmware has a vulnerability that can enable an attacker to remotely gain access to the computers utilizing administrative privileges. This exploit exists in both WLAN and LAN web interfaces while verifying a user of a particular computer. The computer comprises undocumented administrative account with a known password and username credentials. This account cannot be erased. A hacker can access administrative privileges through either the WLAN or LAN interface utilizing the credentials.
The first step in securing wireless will involve Defense in Depth. Every layer of security will be used to slow down the ant attack; as one of the measure incorporation and utilization of Wi-Fi Protected Access 2 (WPA2) security, installing WIDS (Wireless Intrusion Detection Systems), actively monitoring and scanning for rogue gadgets. Comprehending the types of threats’ guides in choosing the best possible layers of protection to apply will determine how deployment will happen.
Utilizing several levels of defense to make it hard for attacker’s task hard and more complex, which is a method that is employed by military Defense in Depth mechanism. These same countermeasures should be utilized to ensure resources in the enterprise. NSA (National Security Agency) suggests a balance between the security ability and performance, cost, and operational contemplations. According to the NSA People, Operations and Technology are the three essential components of Information Assurance the new intends to use the approach as one of its countermeasures. This is well depicted in the figure below.
Figure 2
Comprehending what kinds of enemies and their motivation to the business will confront is one of the initial steps to an effective Defense in Depth approach. Enemies could comprise Hackers, Insiders, Criminals, Nation States, Terrorists or Competitors. Inspiration could be as basic as bragging rights to theft, denial of service or pride. Without a fundamental comprehension of the sorts of hackers and their intentions, the company has no clue what to attempt to secure. Nevertheless, in the scenario, the company is attempting to secure possible theft of data by an ex-IT administrator.
Specialists from all fields and roles developed the controls. Use information of real attacks that have compromised frameworks to give the foundation to persistently have knowledge from these attacks to construct compelling and practical defenses. Incorporate just those controls that have demonstrated to stop attacks in the real world. No system is hundred percent secure; layering security makes it harder for the hackers. Every layer may just stop thirty to forty percent. Accomplishing a protected domain requires using numerous layers. The new network will follow these recommended precaution controls, the initial phases of locking down and securing wireless systems are achieved. Detection and prevention both are needed to combat the hackers effectively.
Before actualizing Control 15 and its subsections, the business case and a site study are concluded. The business case legitimizes that the wireless condition is secure. The site review has aided in deciding the hardware that required for the network. The following is the configuration design. The configuration reference comprises two Cisco 2504 Wireless controllers and thirty 802.11G/N Fixed Unified Access Points with Internal Antenna. These gadgets are configured with RADIUS (Remote Authentication Dial-In User Service) verification for securing access administration. The figure 3 below demonstrates the configuration selection for setting up RADIUS verification; figure 4 below the comprehensive server settings. This setup is controlled and managed. The controllers are set up for failover to dispose of a solitary breakdown point. Routing all activity through a firewall and NIDS (network intrusion detection system) serves to improve security.
Figure 3: Radius Authentication Server configuration
Figure 4: Settings of Radius Authentication Server
Utilizing commercial grade wireless APs enables the network to perform two functions. APs can be utilized to supply signal for the wireless network and also act as WIDS wireless intrusion detection systems). APs are set up to scan for rogue users and access points. They likewise are set to recognize any rogue remote gadgets and attempt or successful attacks and compromises. This is well demonstrated in the figure below for the rogue scan on a scan on the Cisco 2500 series controller.
Figure 5
The Head office, Kalamunda, and Joondalup all have to separate WLANs Wireless Local Area Networks. Partition is vital for control and security of the traffic of the wireless devices. Every WLAN is then linked into VLANs as shown in figure 6 below. At that point when all traffic of the wireless devices undergoes same firewall and security stack as wired network traffic. Directing the traffic through the security stack enables auditing and filtering of the traffic. This is demonstrated by the figure 6 below that WPA2 (Wi-Fi Protected Access 2) security is being implemented. In addition, MAC filtering is utilized to guarantee that only approved and know users can access the Head Office, Kalamunda, and Joondalup network. Approved MAC addresses are stored in the Active Directory. Their validation and verification are controlled by RADIUS server. The authorized credentials are passed to the controller utilizing Cisco ACS. Control of Head office access is by Web-Auth (Web Authentication). Head office access a password and Username expires at after every 24-hours’ time frame. When linking with the Head office (SSID) Service Set Identifier, all clients are constrained into a web-based portal that expects them to provide their certifications.
Figure 6: WLANs
Figure 7: interfaces
(PEAP/TLS) Protected Extensible Authentication Protocol gives mutual authentication and AES (Advanced Encryption Standard) is utilized to encrypt the traffic. Both the authentication and encryption are set up on the controller and the user. The setting must match to enable effective correspondence. To add layered security PEAP/TLS was included. PEAP exemplifies the EAP protocol inside an encoded TLS tunnel.
Figure 8
Lastly, on the implementation figure 9 below depicts the proposed network infrastructure. POE (power over Ethernet) Switches routes the wireless traffic and provides power to the switch then into the remote controller. At this the wireless controller, the traffic goes via the NIDS and the firewall. Once the traffic navigates the security checks, it gets to its destination either the system or out through the POP (Point of Presence) to the web.
Figure 9: Network Infrastructure Diagram
Prior to configuration and setup, the parameter data in figure 10 below is needed. Note that the password and username cannot be the have the same values. (“Cisco 2500 Series Wireless Controllers – Upgrade and Install Guides – Cisco,” 2011). Administrator and network access control are via RADIUS. Authentication of passwords and usernames happens against the backend database before allowing access. For included security, impair any unneeded remote systems. For instance, if all gadgets utilize 802.11n and 802.11g impair 802.11b and 802.11a. The virtual gateway IP address should be similar for all controllers in a versatility group.
Figure 10: configuration of Cisco 2500 series
Subsequent to gathering the required information link a PC to the controller’s administration port. With Hyper Terminal Run VT-100 emulation, Putty or any emulator. Set the emulator settings for 9600 baud, No stream control, 8 bits data, No parity, 1 stop bit. Then power on the controller. The controller runs a boot-up content and performs out a POST (power-on-self-test). The following is the boot illustration.
Figure 11
The time frame that the whole boot-up process takes is at most three minutes. Amid the boot procedure, the controller runs and initializes the bootup scripts and Posts test. The boot content begins the Setup Wizard for fundamental configuration utilizing the beforehand gathered data.
Figure 12: configuration tool for Cisco
Consequently, the first configuration is a full log into the controller to play out the extra setup, security design and start interfacing access points. In figure 13 below demonstrates external Cisco links illustration while figure 14 indicates APs linked to a controller. MAC address of all APs that linked and the Radio Asset Management (RRM) is recorded to the controller and will auto-configure the access points.
Figure 13: external network hardware
The wireless policy applies to all departments of the wireless links of the Rare Vintage Auto Parts Ltd network infrastructure and incorporates every wireless gadget working inside the company IP address scope, on any of the company premises, or any remote area directly linked with the company network. Data Services are as of now in charge of the Rare Vintage Auto Parts Ltd network framework. The wireless system is an expansion of this network and accordingly, Data Services has the sole obligation regarding the plan, management, and deployment of the company WLANs.
Rare Vintage Auto Parts Ltd bolsters the proper and appropriate utilization of facilities and service that the company offers to its clients, staff and other approved users.
Related to the provision of these facilities and services, Rare Vintage Auto Parts Ltd considers its obligation seriously to give a suitable administrative structure, comprising particular measures and rules for the proper utilization of these companies’ facilities and services. The wireless policy constitutes a segment of this administrative structure. Utilization of all IT facilities gave by Rare Vintage Auto Parts Ltd is liable to the applicable Policies and Regulations, specifically, the company Internet Policy and the IT Regulations company Statement.
The utilization of IT facilities of Rare Vintage Auto Parts Ltd, set a condition to all members of staff or another approved individual, that the client consents to be bound by the pertinent Company Regulations and Policies.
Conclusion
They have been extensive research papers and articles that persistently shows that utilizing one or two levels of security are insufficient. Wireless administrators need to take a more extensive view and take into account the Defense in Depth approach to make their wireless network as secure as would be prudent. Applying several layers of protection defers the hackers and needs more experience and effort to breach the network. Consistently amid an exploits puts the attack in threat of discovery.
To secure wireless totally has had no foolproof route as per now. Indeed, even the most secure protocols for WLANs still have errors. Appropriate setup and Defense in Depth are as yet the best and most grounded strategies for security. The knowledge and tools to exploit and breach into wireless systems are uninhibitedly accessible. Hackers and culprits attack organizations consistently to steal or access their information and money. The fundamental controls from the Center for Internet Security give twenty distinct controls separated into Application controls, Networks, and Systems. Controls of the CIS are a set of globally acknowledged measures created, refined, and approved by driving IT security specialists from around the globe. Controls of the CIS speak to the most critical digital hygiene activities every company should actualize to secure their IT systems. Putting things into perspective, an assessment by the Australian government demonstrates that eighty-five percent of known vulnerabilities can be halted by employing the five top CIS Controls. It incorporates taking a stock of IT resources, actualizing secure configurations, vulnerabilities, patching and limiting unapproved users.
Rare Vintage Auto Parts Ltd needs to keep up with present up to date network diagrams. Setup control is an absolute necessity. When configurations are set up reviews ought to be intermittently performed to guarantee no unapproved changes happen. It is difficult to ensure the security of the network with obscure gadgets giving access and interfacing. Security experts need to discover and secure all avenues; all the what hackers need to do is discover one, to take the company’s’ information and data. Reports of larger and new breaks happen day by day. Previously, a little break was real news, today when a breach of a huge number of records happens it is merely a stun. Society is getting to be numb to the impacts of hacking.
Programmers, Active Directory Administrators, System Administrators, Network Administrators, and Managers all should be engaged in security training and awareness. These are considered the people in charge of the resources and data, so they should know about the perils and the solutions to guarantee the security of the business. Protection is not only the security group responsibility it is everybody.
References
Al Ameen, M., Liu, J., & Kwak, K. (2012). Security and privacy issues in wireless sensor networks for healthcare applications. Journal of medical systems, 36(1), 93-101.
Chandra, P. (2011). Bulletproof Wireless Security: GSM, UMTS, 802.11, and Ad Hoc Security. Elsevier.
Dong, L., Han, Z., Petropulu, A. P., & Poor, H. V. (2010). Improving wireless physical layer security via cooperating relays. IEEE transactions on signal processing, 58(3), 1875-1888.
Gollakota, S., & Katabi, D. (2011, April). Physical layer wireless security
Hosseini-Khayat, S. (2011, March). A lightweight security protocol for ultra-low power ASIC implementation for wireless implantable medical devices. In Medical Information & Communication Technology (ISMICT), 2011 5th International Symposium on (pp. 6-9). IEEE.
Khan, S., & Pathan, A. K. (2013). Wireless networks and security. Berlin: Springer.
Kumar, P., & Lee, H. J. (2011). Security issues in healthcare applications using wire
Metke, A. R., & Ekl, R. L. (2010). Security technology for smart grid networks. IEEE Transactions on Smart Grid, 1(1), 99-107.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.
Raza, S., Duquennoy, S., Höglund, J., Roedig, U., & Voigt, T. (2014). Secure communication for the Internet of Things—a comparison of link?layer security and IPsec for 6LoWPAN. Security and Communication Networks, 7(12), 2654-2668.
Shinde, R., & Awasthi, H. M. (2015). U.S. Patent No. 9,148,422. Washington, DC: U.S. Patent and Trademark Office.
Shiu, Y. S., Chang, S. Y., Wu, H. C., Huang, S. C. H., & Chen, H. H. (2011). Physical layer security in wireless networks: A tutorial. IEEE wireless Communications, 18(2).
Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security: principles and practice (pp. 978-0). Pearson Education.
W.Stallings, Cryptography, and Network Security Principles and Practice, 4th edn, Pearson Education, India, 2006.
Yang, N., Wang, L., Geraci, G., Elkashlan, M., Yuan, J., & Di Renzo, M. (2015). Safeguarding 5G wireless communication networks using physical layer security. IEEE Communications Magazine, 53(4), 20-27.
Zou, Y., Zhu, J., Wang, X., & Hanzo, L. (2016). A survey on wireless security: Technical challenges, recent advances, and future trends. Proceedings of the IEEE, 104(9), 1727-1765.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download