By Sentuya Francis Derrick ID 08051602 Module code:CT3P50N BSc Computer Networking London Metropolitan University 13 th /04/11 Supervisor: Mr Shahram Salekzamankhani
Jan 01, 2016
By Sentuya Francis DerrickID 08051602
Module code:CT3P50NBSc Computer Networking
London Metropolitan University13th/04/11
Supervisor: Mr Shahram Salekzamankhani
Two fold: LAN & LAN Security LANs: group of computers and devices interconnected in a limited
geographical area i.e. home, office building, or school to enable the sharing of resources like printers, files etc. (REF 2)
LANs include higher data-transfer rates (REF 2)
It’s imperative to make LANs secure to achieve confidentiality, data integrity, and authentication of users on the network. (REF 2)
Use OSI Model Approach to understand LAN Vulnerabilities. (REF 2)
Secure protocols, applications, technologies, and devices, with network security tools and techniques in order to mitigate any threat i.e. Virus, Worm, unauthorised access (REF 2)
Network Security
Network security solutions started coming up early 1960 due to network threats:
Reconnaissance attacks:o Packet sniffers, o Ping sweeps,o Port Scans
Access attacks:o Buffer overflow ,o Man-in-the-middle, o Password attacks, o Port Redirection
Denial-of-service o Ping of Death ,o Smurf Attack , o TCP SYN Flood attack
Layer 2 of the OSI model – (Data link layer)poses the most network security vulnerabilities on the LAN- Layer 2 Switches, Ethernet, Token Ring, FDDI Protocols.
Imperative to secure other Protocols on other layers too.
LAN security threats MAC Address Spoofing, MAC Address Table Overflow Attacks, LAN Storm, STP manipulation attack VLAN attacks
Operating system basic Security (OS vulnerabilities) Trusted code and trusted path Privileged context of execution Process memory protection and isolation
Aim 1:To find out most OSI model is most vulnerable layer of OSI model.
Objectives:
Secure Layer 2 Protocols Secure Addressing Structure and Routing Protocol Secure Identifiable and Transport mechanism Secure ways for Applications to translate data formats. encrypt,
compress. Secure Application layer protocols-HTTP,FTP,TELNET etc
Aim2: Investigate & Analyse tools & methods to secure LAN
Objectives Prevent un-trusted network traffic access to trusted networks To provide Reliable, efficient, & cost effective
LANPersonal & Academic objectives
Gain Computer Network Security Skills Learn to organise my time Efficiently To Learn & gain research skills To Improve report writing skills To improve my presentation skills and improve my confidence to prepare for Career in Network Security
Approach Secure the LAN’s endpoints i.e. hosts, servers, other network
clients devices non-endpoint LAN devices i.e. switches, storage area networking devices (SAN),etc
REF 1
Scenario I am assigned with a project specification of type research and
practical work to do a project on ‘Securing Wired Local Area Networks (LANs)’. A virtual topology is used to show network devices that require to be secured on the LAN.
Policy Compliance
Threat Protection
Infection Containment
Cisco Security Agent
NAC,IPS,CSA
Cisco Network Control
Cloud
Cisco ASA 5500
Webmail
Email Server
DHCP& DNS Server
DMZ
3560Catalyst L3 Switch 3560Catalyst L3 Switch
Management centre Vlan99Cisco Security Agent
CS-MARS/Wireshark
Host C Vlan2 Host D Vlan3
Host B Vlan3
Host A Vlan2
2960cat L2 Switch 2960cat L2 Switch
CSA Agent
Cisco Security Agent
CSA Agent
Cisco PerimeterRouter1 with Firewall
My own designed Topology: REF1
AAA Radius Server Vlan40
IPS
Brief History of LAN evolution Network Security in General Wired LAN Security Threats◦ Internal Threats◦ External Threats
Wired LAN Security Vulnerabilities◦ Internal Threats◦ External Threats
Secure Wired LAN Devices Wired LAN Security Mitigation Technologies Virtual Topology Wired LAN Security implementation Impacts of the Network Security Threats
Designate a secure physical environment – Data centre Configure port level security for traffic control Use VLAN technology Configure access- lists i.e. router access- lists, port access- lists,
Mac access- lists, and VLAN access- lists. Configure DHCP snooping and enable IP source guard Configure Authentication, Authorization, and Accounting (AAA)
protocol on TACACS+ Server Use the Cisco Adaptive Security Appliance (ASA) firewall Create a demilitarized zone (DMZ) Use Network-based and Host-based intrusion prevention systems Structure the LAN in a 3 layer hierarchal model
Front Page Contents Page Introduction Acknowledgements Chapter 1: What is a LAN? Chapter 2: What is Network
Security? Chapter 3: LAN Security Threats Chapter 4: LAN Security Devices Chapter 5: Benefits of a Secured
Wired LANs Chapter 6:L AN Security
Technologies
Chapter 7: Secured Wired LAN Topology
Chapter 8: Testing and Analysis Chapter 9: Conclusions
References & Bibliography Appendix A: Project Plans &
System Models Appendix B: Test Plans & Results Appendix C: Project Proposal
Report
Carroll, B.(2004) Cisco Access Control Security: AAA Administration Services, Cisco Press, 2Rev Ed
Hucaby, D.(2005)Cisco ASA and PIX Firewall Handbook, Cisco Press.
Behringer, M.H.(2005) MPLS VPN Security, Cisco Press. Wayne Lewis (2008)LAN Switching and Wireless Companion
Guide. CCNA Fundamentals of Network Security Companion Guide, Cisco
Press (REF 2)
Secured LAN Topology Cisco lib images (Ref 1) http://www.referenceforbusiness.com/small/Inc-Mail/Local-Area-Net
works-LANS.html(accessed 12/03/11)
http://www.sans.org/top-cyber-security-risks/ (accessed 20/03/11) http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xr/dmz_port.
html#wp1046651 (accessed04/04/2011).
http://flylib.com/books/2/464/1/html/2/images/1587052091/graphics/08fig14.gif (accessed 05/04/11)
http://compnetworking.about.com/library/graphics/basics_osimodel.jpg (accessed 25/03/11)
http://www.orbit-computer-solutions.com (accessed 30/03/11) http://www.i1u.net/images/web/PAT.gif (accessed 09/03/11) http://ptgmedia.pearsoncmg.com/images/0131014684/
samplechapter/0131014684_ch02.pdf (accessed 02/03/11) http://www.cisco.com/warp/public/cc/so/neso/sqso/roi1_wp.pdf
(accessed 10/03/11) http://www.cisco.com/en/US/docs/solutions/Verticals/EttF/
ch5_EttF.html#wp1031600 (accessed 19/03/11)