Exploration of the security management systems of the institute’s network and how it can be improved Presented By: C Satish Kumar Dev Aditya Puneet Chawla Raghav Chadha Rajat Lakhina
Exploration of the security management systems of the institute’s network and
how it can be improved
Presented By:C Satish Kumar
Dev AdityaPuneet Chawla
Raghav ChadhaRajat Lakhina
IT Security Architecture
IT Security
Application Security
Client Side
Server Side
Database Security
Network security
Wireless SecurityNetwork is secured using Wi-Fi Protected
Access (WPA)WPA is a security protocol developed by the
Wi-Fi AllianceWPA protocol implements much of the IEEE
802.11i standard.
How WPA works?WPA is secured using Advanced Encryption
Standard (AES) Encryption AlgorithmUses the Temporal Key Integrity
Protocol(TKIP)Includes a message integrity checkPrevents an attacker from capturing, altering
and/or resending data packetsAES with a fixed block size of 128 bits, and
a key size of 128 bits used in our college
AES AlgorithmAdvanced Encryption Standard (AES) is a
specification for the encryption of electronic data
It is a symmetric key algorithmOur college uses 128 bit key, for which AES has 10 rounds of encryptionConsidered to be quite safe even by National Security Agency for U.S. Government non-classified data
IIM Rohtak NetworkIt has dual level of Security
Wifi Security using WPA & AESFirewall based login Security for each user.
IIM Rohtak Network(Contd.)It has the facilities for making configurations
whichcan enable or disable users.Eliminate the communication between devices
Different SSIDs(Service Set Identifier) for different locations
UTMUnified Threat Management (UTM is the evolution of the
traditional firewall into an all-inclusive security product able to perform multiple security functions within one single appliance .
UT
Before UTM
After UTM
AdvantagesReduced complexity:
Single security solution.
Simplicity: Avoidance of multiple software
installation
Easy Management: Plug & Play Architecture,
Web-based GUI
Reduced technical training requirements
Regulatory compliance
Cost effective
Disadvantages
Single point of failure for network traffic
Single point of compromise if the UTM has vulnerabilities
Potential impact on latency and bandwidth when the UTM cannot keep up with
the traffic
Firewall
A firewall can help prevent hackers or malicious software (such as worms) from gaining access to the network.
A firewall can also help stop the local computer from sending malicious software to other computers.
The firewall is integrated with the UTM suite .
Firewall, VPN, and Traffic Shaping
Integrated Antispyware ,antimalware
Easily programmable
Application Control
Dedicated CPU and RAM
Comes with an FortiAnalyzer dashboard and log viewing
Limited Buffer size –cannot block/ quarantine large files
Heuristic filtering may block legitimate content
Not IPv6 certified
May be bypassed with third party tools
Lack of L2TP Support may be a potential problem if VPN is implemented
Windows Active Directory Services (ADS)ADS is a user account directory running on Windows
Server 2008 .It provides authentication and authorization
mechanisms .Integrity is maintained through authorization. File
transfer is done by using SFTP where the users are bound by it while transferring files.
Since all the data is stored on the central server, this by default forms a backup for the data stored. Even, if the independent computer terminal crashes, this prevents the data from being lost.
ASD provides secure, structured, hierarchical data storage for objects in a network such as users, computers, printers, and services .
AD Server-Authentication and Authorization
User Authentication• Interactive logon• Network authentication• Using certificates to
authenticate external users
User Authorization• User rights: Assigned to
groups• Access control permissions:
Attached to objects
Windows Client Security
Client security comprises of OS and software security .Apart from UTM ,client security can be enforced through
various built in and third party applications Compliance can be monitored and enforced by using UAC .Using free applications such as Microsoft Security
Essentials reduces costs and overhead of managing updates and compatibility
Patching can be manually deployed over the network or set to auto mode .
UAC example-Guest User
The guest user account allows a login without a user account to access a database.
User Access has been provided through the active directory services configured on Microsoft Windows 2008 Server.(username- pgp04.***, Password- email password)
Limited privileges in Computer Lab Desktops.Cannot control portable application installation and
monitoring .
Thank You!!!