Network Security Analysis And Recommendations For Lucent Pharma

Identifying Vulnerabilities in Lucent Pharma’s Network Topology

Part 1

Some of the major vulnerability, which are majorly seen within the concept of the network, are stated below:

            Missing patches: All it takes for an attacker to indulge into different illegal activity within the concept of the network is a missing patch on the server. This directly allows an unauthenticated command prompt or other backdoor path into the environment of the web. The main aspect, which should be taken into consideration in the aspect, is that the patches should be applied very carefully (Raines, 2017).

            Weak or default password: The main vulnerability in the concept of the weak password or a default password. The main aspect, which is taken into consideration in the aspect, is that any type of intruders can directly indulge into different types of activity. The activity can range from accessing of the data of the user or of the system. The password should be always secured and it should be taken care of that, it does not go into the hand of another person exact the authorized user. This would be directly securing the networking channel and helping to build a more secured aspect of the networking.

            Misconfigured firewall rule base: It can be stated here that the concept of the misconfigured firewall rule base can be considered as one of the most important vulnerability in the concept of the network. It can be considered as an assumption, which directly states that everything is going fine in the concept of the network and everything is well inside the concept of the firewall. The concept of the digging into the firewall rule base that has been never analyzed can be considered inevitable with serious impact in the sector of the working in different scenario. This directly allows unauthorized user to get into the concept of the network and retrieve the saved data from the concept of the network (Raines, 2017).

            Unauthorized access: It can be stated here that the sector of the unauthorized access can be considered very much vital in the aspect as it could harm the overall working of the system. In most of the cases, it can be seen that the path of the network access and the authority to access the network should be restricted to only authorized person who would be directly dealing with the different aspects of the network. The security of the network can be considered as a very important point and it should be always taken care of.

Part 2

1. Firewall: A router can be considered as a connected network. The main aspect, which is related to the concept of the router, is that it acts as a dispatcher as it decides which way to send the packet. The router is usually located at any gateway where one network meets another network including each point of presence on the internet. The virus attacks can also be prevented with the implementation of the firewall, as it would be directly involving the security of the communication channel, which is established between different channels of communication, which is established through the implementation of the network (Neira, Corey & Barber, 2014). The security form the channel from different types of intruders should be the main point of concern.
2. IDS/IPS: network intrusion detection system is usually related to the aspect if the monitor system behavior and the alert, which is related to the potential malicious, network traffic. The IDS can be set inline attached to a spanning port relating to the switch or make use of a hub in place of a switch. The network intrusion prevention system can be considered as a component of the network traffic which can be considered as a key component relating to protection of the system of information. It acts very much like a firewall and is placed in the junction of the network.
3. Honeypot: The honeypot generally consist of data, which directly appears to be a legitimate part of the site but is very much isolated and monitored. The main role of the honeypot can be considered as a protection device which directly protects the system.
4. Router/switches: The router/ switch can be placed in the gateway, which directly links one sector to another sector in the network. A router can also be used in the practice of switching of packets (Raines, 2017).

Part 3

• Firewall: a firewall is placed at the junction of the network due to factor of protecting the network from intruders. The main activity, which is related to the concept, is the securing of the system or the network, which would be enhancing the quality of the network, which would be involved into the process. There can be different types of attack form intruders, which would be directly effecting the overall performance of the system. It can be stated that the main functionality of the firewall would be in the sector of the securing the overall process and the different components which would be involved into the aspect of the networking.
• IDS/IPS: The deployment of the IDS/IPS in the network is also related to the securing of the network from different types of attack, which can be applied in the concept of the network.
• Honeypot: The main implementation of the honeypot is in the sector of the providing a means of communication for the network which would be directly helping the service of the network.
• Router/switches: A router and a switch is used for the aspect for the redirecting of the different packets of the network. In most of the cases, it can be stated that the placement of the router/ switch is very much important in the network due to the factor that the decision of which packet goes where is taken into consideration by this device. The function of the router can be considered to be very much vital due to the factor that it would be dealing with the overall functionality of the network. If it were seen that router is not working properly it would be directly affecting the overall networking aspect.

Part 4

            The concept of VLAN is very much beneficial in the network. This is due to the factor that a VLAN allows a network manager to logically segment a LAN into the different broadcast domain. Since the concept of the VLAN is logically segmented and not a physical device it sometimes does not need to be implemented physically. Different network, which are located on the same channel, can directly become one communication channel with the help of the VLAN (Ghali, Frayret & Robert, 2016).

Placing Security Devices/Controls

            The main advantage, which can be related to the aspect of the VLAN, is that in the concept of high percentage of multicast and broadcast VLAN concept can directly decrease the need of such traffic to unnecessary destination. When comparing a switch with router it can be stated that a router requires more processing of the incoming traffic. As the volume of the traffic passes through the router the aspect of the latency in the router can be decreased which would be directly helping the implementation of the network. The use of VLAN can directly reduce the number of routers which are required in the network channel since the concept of the VLAN’s create a broadcast domain using the switch instead of the concept if the router.

Part 5

Source(Required)	Description
Log (optional)	Logs a match to this rule. This is mainly recommended when a rule directly indicates a security breach such as a data packet on a policy that is meant only for the use in the voice channel.
Queue (optional)	Mirrors session of the packet to data path or the remote destination.
Time range(optimal)	The queue in which a packet matching the rules would be placed. Select of high for the higher priority and low for low level packets.
Black list	Automatically blacklist a client when a traffic is present which may include some sort of intruder activity.
White list	A rule, which directly explains the aspect, which is related to the working of the packets and how they would be nearing into the network and what, would be the main function of the packet (Neira, Corey & Barber, 2014).
TOS	The TOS must be marked at the end of each of the header which would be directly securing the packets and would be restricting the intruders to be indulged into the different

Part 6

• The packets, which enter into the network, should be very much free of any sort of virus, which is indulged into the aspect.
• It should be taken care of that no malware are detected in the system
• The passing of packets which be taken care of so that no packets go missing in the aspect of transferring from one point to another.
• It should be taken care of that, most of the components of the network work properly and so not indulge into any false activity in the network.
• An acknowledgement should be received from the end of the receiver at the time they actually receive the packet.
• There should not be any gap or time framework delay between the different packets which are transferred in the process
• In most of the time, it can be stated that the respond time relating to a packet transfer is not more than few millisecond (Neira, Corey & Barber, 2014).

Part 7

Sys admin: The system admin has the overall power of the network. He has the role of taking care of the overall functionality of the network and intend to work for the network. He should be able to deal with any problem, which is associated with the network. In case of any risk factor, he should be able to deal with the different functionality of the system and take care of the aspect.

Audit: The sector of the audit play a very vital role in the sphere of the networking due to the factor of involving of the different sectors of the functionality, which is archived from the system. The main policy, which can be applicable in the concept, is that most of the devices should be upmost and should be performing according to the requirement of the system. The concept of the audit should be done in some period of time which directly the responsibility of the main in charge of the person (Ghali, Frayret & Robert, 2016). If any type of error are found in the network it should be directly be secured and the system should be maintained properly. Sometimes an initial planning has to be done in the aspect of the audit policy due to the factor that there can be different types of alteration into the system, which would be directly affecting the normal functionality of the system and the network as well.

Network: The main policy, which is related to the aspect, can be in the sector that all the packets, which enter the network, are transferred to the port, which has to be accessed. In most of times it can be stated that overall main motive of the network is to reduce the overall time which is involved in the delivery of the packets from one part to another part. The network should be highly secured due to the aspect of there can be different types of crucial activity, which are done in the form of the network, and it can include different types of packets, which may include different types of vital information.

Security: The aspect of the security can be considered as one of the most important parts in the concept of the networking. This is due to the factor that there can be different types of attack, which can be initiated into the system which would be directly affecting the overall functionality of the system. The main policy, which can be applicable in the concept, is that the security enhancement of the different components of the system should be done properly so that the it would not be effecting the internal as well as external working of the organization. In most of the times, there are different policies, which are included into the concept of the working of the network, which would be maintained in the internal as well as external working of the system (Ghali, Frayret & Robert, 2016).

Part 2

Scanning Server

TCP SYN scan

Sudo nmap –sS scanme.namp.org

                                         

Enable OS detection and version detection.

                                       

Quick scan

                                         

Scan a single port

                                         

Scan a range of ports

                                     

Scan all ports

                                     

4.

Command used to scan server	Sudo nmap scanme.namp.org
IP address of the server	45.32.33.156
Ports open in the server	22 – ssh 25 – smtp 30 – http
Sunning Web server	Http Server, port 30
web server version in use is patched	No

 

5. HTTP packets

                                                 

Exclude HTTP packets

                                         

Difference Between the capture filter and Display filter

A capture filter is used to select which packets should be saved to disk while capturing. For capture filters Wireshark uses the BPF syntax. BPF is module that runs in the kernel and can therefor maintain high rates of capturing because the packets do not have to move from kernel space to user space when filtering. The things that can be filtered on are predefined and limited (compared to display filters) as full dissection has not been done on the packets.

Display filters are used to change the view of a capture file. They take advantage of the full dissection of all packets. This makes it possible to do very complex and advanced filtering when analyzing a network trace file.