The major vulnerabilities that mainly exist within the current network topology of “Lucent Pharma” are listed below:
Missing patches: Missing patches is considered as one of the major vulnerabilities that is present within the present network topology of “Lucent Pharma”. It is identified that missing patches generally permits an authenticated backdoor path as well as command prompt into the web environment for the attackers or rouge insider. Therefore, it quite necessary to be quite careful during the application of patches. It is identified that it is necessary to follow best practices for network security by updating the operating system as well as the software that is generally running with the security patches.
Weak or default passwords: It is identified that though passwords are not considered within the network security vulnerability however it is identified that many of the content management system as well as web applications generally configured by utilizing weak passwords that generally requires SQL injection as well as file inclusion within the database as well as file system that can generally be accessed. This problem can be resolved by testing the passwords regularly for ensuring that the passwords that are generally utilized are proper as well as strong.
Misconfigured firewall releases: The misconfigured firewall release is also one of the major vulnerabilities that is present within the network of the organization. It is identified that misconfiguration of firewall release can be one of the serious configuration related weakness that generally helps in allowing unauthorized web environment. In order to mitigate this issue, it is quite important to utilize appropriate security policies.
USB flash drives: The danger that is associated with USB flash drives can create number of network vulnerabilities as well as issues. It is identified that USB drivers are one of the most common ways through which the entire network can be infected from or inside the firewall. In order to mitigate this issue, it is quite important to utilize proper security related policies in context to personal storage devices.
The security devices/controls that are generally placed by assuming that none of the devices can compromise security as well as network performance. The security devices or controls that are generally placed are generally elaborated below:
Firewall: Firewall is considered as one of the device of network security that generally assists in monitoring both outgoing as well as ingoing traffic that generally helps in deciding whether to block or allow the entire traffic that is mainly based on number of security rules. firewall is considered as one of the first line of defence within the network security. They generally assist in creating proper obstruction between controlled as well as secured internal network which generally can trusted and untrusted outside network including the internet.
IDS/IPS: Intrusion detection is considered as one of the procedure that assists in monitoring the entire event that generally occurs within the entire network by determining the signs of various types of incident violations as well as imminent threat in context to various security policies. However, on the other hand, system prevention is one of the procedure that helps in performing the entire intrusion detection that generally helps in obstructing the incident that is detected. It is found that this security measures that are generally present as IDS and IPS become one of the part of the network for detecting and stopping different types of potential incidents.
Honeypot: Honeypot is one of the computer system that is generally set for acting as one of the decoy in order to lure various cybercriminals and for detecting and deflecting various study attempts in order to achieve unauthorized access to various information system. It generally compromised of various applications, data as well as computers that generally helps in simulating behaviour of the real system.
Router/Switches: Router generally helps in forwarding various data packages within the network. It is identified that it is mainly connected with the network that. They are generally located within the gateways for connecting various networks as well as devices. Routers generally utilizes headers in order to forward tables for determining proper path in order to forward the entire packet. On the other hand, switch is defined as of the device that helps in filtering as well as forwarding packets between LAN segments. It is identified that switches generally operates as the data link layer and therefore assists in supporting the packet protocol.
The devices like Firewall, IDS, Honeypot, Routers are generally placed within the selected location due to the reasons that are generally explained below:
Firewall: The firewall is mainly utilized within the network in order to prevent unauthorized access or from different private network. It is identified that network firewalls generally assist in preventing unauthorized users of the internet from accessing network that re private and connected with intranets. All the messages that enters as well as leaves the intranet needs to pass through the firewall and the then the firewall examines each of the messages properly and generally assists in blocking those messages that do not generally assists in meeting the security related criteria.
IDS/IPS: Network intrusion detection system is mainly placed within the network so that they can be able to monitor the behaviour of the system and can be able to provide alert on various types of potentially malicious network traffic. It is found that both IDS and IPS are generally utilized so that the symptoms of traffic as well as intrusions can easily be detected so that the security related vulnerabilities as well as challenges can be resolved in the initial stage. IPS/IDS also helps in analyzing unusual behaviour as well as malicious code that generally can create security challenges for the network.
Honeypot: This is considered as one of the vulnerable as well as isolated system that is generally kept within the network in order to know about the various methods as well as techniques of attacks and for protecting the actual system from different types of attacks. Honeypots is considered as one of the most effective security of network that generally can helps in emulating vulnerabilities, accepting as well as responding to various probes that is mainly set by various attackers.
Routers/Switches: Routers or switches are generally utilized between various types pf networks in order to connect the network with the help of internet. It generally assists in checking both the destination as well as source IP address that is associated with each packet and helps in routing the packet to another router. It is found that routers generally assist in providing ISP that further helps in assigning router IP address which is one of the public IP address.
Yes, the lucent pharma requires network segregation into multiple domains which reflect that VLANs are utilized. VLANs are mainly defined as one of the network computer that is mainly located within the same area. It is found that VLANs are mainly utilized within the network in order to make the entire network management system much easier in number of ways. It is identified that VLAN are generally categorized into number broadcast domains as well as number of logical subsets for making the entire network management system easier. One of the greatest advantage of VLANs is that it generally assists in establishing specific collision domain segment for each of the single equipment that is related to the switch.
It is identified that VLANs provides number of advantages that are generally listed below:
Security: VLANs helps in providing enhancing network security. It is identified that VLAN network environment helps in controlling each port as well as user. A malicious user can generally plug workstation for switching network.
Broadcast control: Broadcast is considered as one of the normal function of the network. It is identified that there are number of protocols as well as applications that generally depend on the communication broadcast to functions appropriately. It is identified that utilization of VLANs within the network generally assists in reducing the broadcast traffic as each of the broadcast are generally sent to the relevant as well as specific VLAN only.
Physical layer transparency: VLANs are quite transparent on the physical topology and medium over which the entire network is connected.
Cost: It is identified that segmenting large VLAN helps in creating proper routed network with the routers as routers are generally quite costlier as compared to the switches.
It is identified that VLANs generally helps in minimizing the need to have router deployment on the network that generally have broadcast traffic. In addition to this the confinement of the broadcast domains generally assists in reducing the traffic.
Firewall is considered as one of the appliance that is mainly designed for controlling the flow of the internet protocol in order to form proper network or electronic equipment. In order to examine the network traffic as well as for enforcing policies that is dependent on instructions contained within the ruleset of the firewall. The policy that is mainly designed is helpful in providing proper guidance when the firewall is needed. The firewall policies that is utilized is quite helpful in raising awareness on the significance of properly configured firewall. The firewall policies that must be implemented by the network administrator are listed below:
Network connection: All the wireless connection of the organization network must pass through the firewall of the network. Additionally, all the network connections that generally enters high security network generally passes through the network firewall.
Dedicated functionality: The network firewall must be utilized for protecting the network of the organization by running on single purpose devices. Each firewall network must have appropriate set of rules that must be specific to its purpose as per the ITS standard of network firewall.
Network firewall change control: It is identified that network firewall configuration rules should not be changed unless proper permission is provided by the information security officer as well as network manager. It is found that any of the of the changes to various services as well as rules needs to be properly documented.
Regular auditing: Proper audit on the network firewall must be done properly. These audits must include the proper execution of vulnerability scanning as per the ITS vulnerability assessment policy. Audits are generally performed by the team of the information security as well as network services.
Network firewall physical security: The network firewall of the organization is generally located on the ITS data centre and it must be accessible by the roles and responsibilities that generally provides access to the network firewall that is defined within the entire ITS access control policy. It is identified that this secure space generally has proper security related measures installed and therefore all the physical access that is generally secured will be generally automatically logged. It is identified that all the visitors access must helps in securing spaces that is generally abide by the ITA access control related policy.
Intrusion detection system are considered as one of the automated system that assists in monitoring as well as analyzing the network traffic in response to various activities that generally matches through known patterns of malicious activities. It is identified that to analyze as well as monitor the traffic, number of policies are required to be implemented by the network administrator so that the policies and rules are quite helpful in resolving the challenges of cybersecurity from the network. The policies that are required to be implemented are mainly listed below:
The security policies that are very much essential for the network of Lucent Pharma are mainly listed below:
Sys admin: The entire power of the network depends on the system admin. The entire role of the system admin depends on the entire functionality of the network in order to intend the work of the network. It is found that if any type of security related challenges occurs then the system admin needs to deal with various functionality of the system. The system functionality must considers all the security related policies while working with the system so that no security related challenges can be able to affect the system effectively.
Audit: It is identified that the audit sector plays a great role in the field of networking due to number of factors that are generally involved with the various sectors of the functionality that is achieved from the entire system. It is found that the main policy that is mainly applicable within the devices must be performed successfully as well as system requirements. The audit concept must be done so that the person can take the entire responsibility. It is found that if any type of error is found within the network it would generally helps in securing the entire system. Sometimes proper planning must be done in context to policy due to number of types of alterations within the system which would affect the normal functionality of the system.
Network: The policy that is mainly related with the network can be within the sector which reflects that all the packets that generally transferred within the network must be properly accessed. It is found that the main motive of the network is to minimize the overall time that is mainly associated with the packets delivery from one part to another. It is found that the network must be properly secured so that no activity can impact the working of the network negatively. It is identified that as network comprises of various types of packets and therefore it must include different types of vital information that are very much essential.
Security: Security is considered as one of the important aspect in the perspective of networking. This is generally since there are number of types of attacks that can generally be initiated within the system so that the entire functionality of the system does not get affected. The main policy that is applicable within the concept is enhancing the security of various system components that should be done effectively so that it would not create any type of impact on the external as well as internal working of the organization. It is identified that there are number of rules and policies that must be included within the concept of network in order to maintain both external as well as internal working of the entire system.
|
Command used to scan server |
Sudo nmap scanme.namp.org |
|
IP address of the server |
45.32.33.156 |
|
Ports open in the server |
22 – ssh 25 – smtp 30 – http |
|
Sunning Web server |
Http Server, port 30 |
|
web server version in use is patched |
No |
Acemoglu, D., Malekian, A., & Ozdaglar, A. (2016). Network security and contagion. Journal of Economic Theory, 166, 536-585.
Chen, G., Gong, Y., Xiao, P., & Chambers, J. A. (2015). Physical layer network security in the full-duplex relay system. IEEE transactions on information forensics and security, 10(3), 574-583.
Cruz, T., Barrigas, J., Proença, J., Graziano, A., Panzieri, S., Lev, L., & Simões, P. (2015, May). Improving network security monitoring for industrial control systems. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on (pp. 878-881). IEEE.
Durkota, K., Lisý, V., Bosanský, B., & Kiekintveld, C. (2015, July). Optimal Network Security Hardening Using Attack Graph Games. In IJCAI (pp. 526-532).
Hyun, S., Kim, J., Kim, H., Jeong, J., Hares, S., Dunbar, L., & Farrel, A. (2018). Interface to Network Security Functions for Cloud-Based Security Services. IEEE Communications Magazine, 56(1), 171-178.
Jang, H., Jeong, J., Kim, H., & Park, J. S. (2015, March). A survey on interfaces to network security functions in network virtualization. In Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on (pp. 160-163). IEEE.
Kountouras, A., Kintis, P., Lever, C., Chen, Y., Nadji, Y., Dagon, D., … & Joffe, R. (2016, September). Enabling network security through active DNS datasets. In International Symposium on Research in Attacks, Intrusions, and Defenses(pp. 188-208). Springer, Cham.
Mishra, S. (2015, December). Network security protocol for constrained resource devices in Internet of things. In India Conference (INDICON), 2015 Annual IEEE (pp. 1-6). IEEE.
Moreira, R., Moreno, R., & Strbac, G. (2016). Value of corrective network security for distributed energy storage applications. IET Generation, Transmission & Distribution, 10(7), 1758-1767.
Ochang, P. A., & Irving, P. (2016). Performance analysis of wireless network throughput and security protocol integration. Int J Future Generation Commun Netw, 9(1), 71-78.
Olivier, F., Carlos, G., & Florent, N. (2015). New security architecture for IoT network. Procedia Computer Science, 52, 1028-1033.
Shin, S., Wang, H., & Gu, G. (2015). A first step toward network security virtualization: From concept to prototype. IEEE Transactions on Information Forensics and Security, 10(10), 2236-2249.
Shin, S., Xu, L., Hong, S., & Gu, G. (2016, August). Enhancing network security through software defined networking (SDN). In Computer Communication and Networks (ICCCN), 2016 25th International Conference on (pp. 1-9). IEEE.
Singhal, A., & Ou, X. (2017). Security risk analysis of enterprise networks using probabilistic attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.
Wang, L., Jajodia, S., Singhal, A., Cheng, P., & Noel, S. (2014). k-zero day safety: A network security metric for measuring the risk of unknown vulnerabilities. IEEE Transactions on Dependable and Secure Computing, 11(1), 30-44.
Yang, N., Wang, L., Geraci, G., Elkashlan, M., Yuan, J., & Di Renzo, M. (2015). Safeguarding 5G wireless communication networks using physical layer security. IEEE Communications Magazine, 53(4), 20-27.
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., & Xu, C. (2015, November). Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (p. 5). ACM.
Zaalouk, A., Khondoker, R., Marx, R., & Bayarou, K. (2014, May). Orchsec: An orchestrator-based architecture for enhancing network-security using network monitoring and sdn control functions. In Network Operations and Management Symposium (NOMS), 2014 IEEE (pp. 1-9). IEEE.
Zseby, T., Vázquez, F. I., King, A., & Claffy, K. C. (2016). Teaching network security with IP darkspace data. IEEE Transactions on Education, 59(1), 1-7.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download