SECURING A BUSINESS NETWORK


SECURING A BUSINESS NETWORK
ABC, Inc. has a very strong presence in retail and is expanding into the area of online shopping. It wants to host a variety of Web Servers that can act as a front end for its customers. They also want to implement other e-commerce components and to enforce the following policies on their network. There will be 50 users. Our goal is identify how to enforce that particular security policy.  We will suggest a network and system topology that addresses all the areas of concern. Security is a major concern for the organization, and their network needs to be secured inherently from external threats and internal threats.

We chose to go with a Linux Open-source, free Operating System, and the Tomcat or Apache Web Server, which is free, and open-source. Sendmail was chosen to be used for their Email application. The Servers will be protected using a packet-filtering stateful Firewall. Oracle will be used as the database back end and will be uniquely configured to control access and process privileges. Untangle is an open-source, free UTM, Unified Threat Management tool, that will be used to monitor the Network.

The network topology to be used will be the Star Topology, which is the most popular topology because a failure in any star network cable will only take down one computer’s network access and not the entire LAN. However if the hub fails the entire network also fails.
IllustrationStar Topology Diagram  source: Bradley Mitchell, About.com
Web scanners are tools focused on web applications and the web server code running behind them. Server scanners are tools focused on the general makeup of a server including machine configuration, running services, open ports, operating system vulnerabilities, and any other vulnerable applications running. It is best to think of web scanners as a specialization of the more general server scanner.
Host scanners
Host scanners are software you run locally on the system to probe for problems.
Cops
COPS is a collection of security tools that are designed specifically to aid the typical UNIX systems administrator, programmer, operator, or consultant in the oft neglected area of computer security. COPS is available at: 
http://www.fish.com/cops
Tiger 
Tiger is a UNIX Security Checker. Tiger is a package consisting of Bourne Shell scripts, C code and data files which is used for checking for security problems on a UNIX system. It scans system configuration files, file systems and user configuration files for possible security problems and reports them. You can get it from: 
http://www.giga.or.at/pub/hacker/unix
Network scanners 
     Network scanners are run from a host and pound away on other machines, looking for open services. If you can find them, chances are an attacker can too. These are generally very useful for ensuring your firewall works.
Strobe
     Strobe is Super optimized TCP port surveyor. It is a network/security tool that locates and describes all listening tcp ports on a (remote) host or on many hosts in a bandwidth utilization maximizing, and pro- cess resource minimizing manner. It is simple to use and very fast,
but doesn’t have any of the features newer port scanners have.
Strobe is available at: 
ftp://suburbia.net/pub/.
Nmap
    Nmap is a newer and much more fully-featured host scanning tool. Specifically, nmap supports: Vanilla TCP connect scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning Direct (non portmapper), RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-indent scanning. Nmap is available at:  
http://www.insecure.org/nmap/index.html.
Firewall scanners
     There are also a number of programs now that scan firewalls and execute other penetration tests in order to find out how a firewall is configured.
Firewalk 
     Firewalk is a tool that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. Firewalk the tool employs the technique to determine the filter rules in place on a packet forwarding device. System administrators should utilize this tool against their systems to tighten up security. Firewalk is available from:
http://www.packetfactory.net/Projects/Firewalk/.
Core routers and firewall gateways are usually comprised of basic and extended access control lists including rule sets that define local network security level and control access. They are commonly implemented on gateway routers restricting hosts, protocols and port access to other host or networks located after their default gateways. Basically, routers and default gateways serve as a line of defense to security intrusions and network attacks.
Sourcefire Offers Real-time Adaptive Network Security Tool.
Get the network intelligence, policy compliance, and automation needed to proactively adapt your network to threats and the needs of your business.
You may not have real-time adaptive security today but you should be striving for it. Real-time adaptive security is needed to best protect your network from attacks as they get more and more advanced and as multiple perimeters emerge. Get There with Sourcefire Real-time Adaptive Network Intrusion Prevention (IPS).
Sourcefire can meet your needs today and grow with you with throughput options up to 10 Gbps. Sourcefire provides vulnerability-based intrusion prevention built on the foundation of Snort®, the world’s most popular intrusion prevention software. No matter what type of network security you have today, Sourcefire can help you get the real-time adaptive security that you need.
Most providers offer a “one-size-fits-all” IDS or IPS, but Sourcefire is different. The Sourcefire solution is divided into three customer protection phases — IPS, Adaptive IPS, and Enterprise Threat Management (ETM) — with each phase building upon the benefits and features of the previous one, adding capabilities to optimize a company’s network protection. Real-time adaptive security is met with the Sourcefire Adaptive IPS and Enterprise Threat Management (ETM) solutions.:
IPS
: Based on the award-winning Snort® detection engine, Sourcefire:
IPS provides best-in-class intrusion defense with extensive analytics, powerful reporting, and unrivaled scalability. Through the use of Sourcefire 3D Sensors with the IPS module and one or more Sourcefire Defense Center™ management consoles, the IPS phase enables you to detect and/or block attacks targeting thousands of vulnerabilities.
·     Adaptive IPS allows you to know what is on your network–in real time, all the time. The network intelligence is derived from Sourcefire RNA® (Real-time Network Awareness) which enables automated threat impact assessment and automated IPS tuning. Adding RNA to your 3D Sensors significantly reduces false positives and false negatives and allows small IT security staffs to effectively monitor large networks.
·     Enterprise Threat Management:
ETM is the integration of a variety of network security technologies under one management console. You reduce risks before attacks by knowing when new hosts appear and monitoring for IT policy compliance. By getting the maximum amount of network security information, you can baseline your network to detect internal anomalies and detect compromise to rapidly shield your critical systems. With ETM, you get a level of network knowledge, visibility, and awareness that no other approach can provide.
The Security Administrator needs to know more about what’s on their network and  implement the Sourcefire real-time adaptive network intrusion prevention system (IPS), so that they can significantly reduce false positives and negatives, and have more time to focus their efforts on those security events that matter most. This greatly reduces operating cost and significantly reduces the potential for network downtime. (Source: http://www.sourcefire.com)
Security is not a solution! It’s a way of life. System Administrators must continuously scan their systems for security holes and fix the holes on detection. This will help tighten the security of the system and reduce the chances of security breaches. Security is a process!  This process is a continuous process. The security vulnerabilities will keep on arising and the process of fixing the security holes will never end!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s