Network Security and Vulnerability Threat Table
LAN Security
Is the local area network that access control using the private VLANs and it’s a networking device within a small geographical area. They are not safe and secure compared to other networks because it’s easy to access the WLAN security compared to others its more of convenience over security thus it will help business and IT organizations to improve on their network by providing suitable choices for WLAN security for organizations to have a safe WLAN in their working place they must have procedures that outlines forms of double connections that are allowed in the work place for security purposes, also to consider security and its impacts to other networks for instance theWLAN ,to have client devices and APs,also to perform attack and vulnerability monitoring respectively to support this type of network and lastly to carry out a regular assessment about WLAN security in the organization.
The wireless system helps devices to connect to the computer minus them being connected to the network,WLAN consists of client devices for examples the laptops and the access points(APs),the APs connect client devices with distributing system(DS) and DS it’s the only way by which client devices can pass information or communicate with LAN and other networks. Also we have wireless switches that help the WLAN is administrators to manage it.
WLAN Architecture
It has the following components including the client devices,APs and the wireless switches, this part tries to show the importance of having a standard mechanism of security thus providing recommendations for implementing, evaluating and maintaining those configurations of the client devices.
The architecture of an organization should be standard when it comes to the issues of security configurations because it provides a base for security thus reducing the vulnerabilities and consequences of attacks that might be successful, it will improve the consistency and predictability of security. The following makes up WLAN architecture: roaming, microcells, infrascture, and independent.
Independent WLAN is the simplest one which consists a group of computers that are equipped with client adapter and access points are not necessary in this case.
Infrastructure WLAN consists of wireless stations and access points combined with DS that help roaming and mediating wireless network traffic.
Microcells and roaming; a microcell is an area coverage for an AP,they help users to move between access points without having to log in again and restarting the applications again, for roaming to work, access points must have a way of exchanging information as a user connect
Threats of WLAN
The following explains the security threats of WLAN that are likely to happen: eavesdropping, spoofing and denial of service
A) Eavesdropping
Involves attack against the confidentiality of data that is transmitted across the network, eavesdropping is a big threat because the attacker can intercept the transmission over air from a distance that is away from the organization
B) Spoofing
It is where the attacker could gain access to data and resources in the network by assuming the identity of a valid user this is because some networks do not authenticate the source address thus the attackers may spoof MAC addresses and hijack sessions.
C) Denial of service
This is where the intruder floods the network with either genuine or fake information affecting the availability of the network resources, WLAN are very vulnerable against denial service attacks due to the nature of the radio transmission.
LAN Security |
Is a wireless networking device within a small locality that access control using the private VLANs. |
Identity management |
Is the system discipline whereby the right people access the right and valid information at the right moments and for good particular reasons. |
Physical security |
It’s the protection of the hardware, software, networks, and data from actions that could cause loss or damage to an organization for instance theft. |
Personal security |
|
Availability |
Is the quality or state of information or data of being available and easily accessed. |
Privacy |
Is the state of a person to seclude himself or herself, or information about him or her, so it’s the procreation of information or confidentiality of data. |
Cyberattactks in tabular format
Type of attack |
Effect |
Malware |
It’s a computer code that a malicious function, used to destroy or steal private data in a computer. |
Password attacks |
They attack on cracking a person or user is password so that the attacker may obtain access to a secured system. |
Denial of service |
Focuses on the interruption of a network service when an attacker sends volumes of traffic to the network that is targeted. |
The following will be employed to mitigate the above types of attacks on the computer:
Threat intelligence reports, are documents that describe types of system and information that is on mission or the one being targeted and information important to the organization.
We have security alerts that are notifications about the current vulnerabilities and some security concerns.
Tool configuration is the recommendations for mechanisms that support the exchange, analyzing, and the use of threat information.
Indicators can also be used, they suggest or tell that an attack is imminent or its underway for instance we have the IP.
Plan of protections
openStego-it’s a free steganography that has the following functions:
Data hiding where it can hide data within a cover file watermarking files with an invisible signature.
Quickstego -helps someone to hide text in pictures so that its only users of quickstego who can be able to retrieve and go through those messages.
Oursecret -enables the user to hide text files for instance images and videos thus suitable for sending confidential information.
Veracrypt -it adds enhanced security to the algorithms used for system and partions encryption making it immune to new developments in brite-force attacks.
Axcrypt -it integrates seamlessly with windows to compress, encrypt, decrypt, store, send, and work with individual files.
GPG-it enables to encrypt and sign data, communication, as well as access modules for all public directories.
Cryptographic mechanisms to organization
Cryptographic is writing is in secret code within the context of any application and these are the requirements for it;
Authentication, privacy, intergrity, and non-repudiation
They include:schannel CNG provider model,ECC cipher suites,AES cipher suites and the default cipher suite preference. so the basic mechanism is to covert data into cipher text form and then again into the decipherable when it gets into the user. Encryption and decryption is the main mechanism which works and ensures free flow of data within the system.
Benefits
The use of using public keys enables individuals to convert data into the encrypted form.
Used to hide crucial important and vital information.
Helps in preventing leakage of vital data from a network
Helps in the authentication of users over the transfer or flow of data in electronic way.
Risks associated with these are that they make the problem of general key recovery difficult and expensive and too insecure and expensive for many applications and users as large.
File encryption tools
Veracrypt, axcyrpt, Bitlocker, GNU Privacy Guard and 7-zip
File encryption method
We have the following methods; exceptions, syntax, remarks and security
Results of the encryption files
They provide an overview and pointers to resources on EFS
They also point to the implementation strategies and best practices
Encryption technologies
Shift/Caesar cipher-it’s a tool that uses the substitution of a letter by another one further in the alphabet.
Polyalphabetic cipher-is a cipher that is based on substitution using the multiple substitution alphabets.
Perfect cipher-these are ciphers that can never be broken even with after an unlimited time.
Block ciphers-is an algorithm deterministic that operates on fixed-length groups of bits.
Triple DES-is a symmetric-key block cipher that applies the DES algorithm three times to the data bits in the system.
RSA-is a public-key in the cryptosystems and is used for the transmission of secure data.
Advanced encryption standard-it’s a cipher based on the substitution-permutation network and works fast in both the hardware and software.
Symmetric encryption-these are the algorithms that uses the same cryptographic keys for both encryption and decryption of the cipher text.
Text block coding-are the family of error-correcting codes that do encode data in bits.
Information hiding and steganography-is the process of concealing a file, video, image or file.
Digital watermarking-is the practice of hiding digital information in a carrier signal in the system.
Masks and filtering-masks show which of the part of the message is displayed.
Description |
||
security architecture of the organization |
It has the following components including the client devices,APs and the wireless switches, this part tries to show the importance of having a standard mechanism of security thus providing recommendations for implementing, evaluating and maintaining those configurations of the client devices. The architecture of an organization should be standard when it comes to the issues of security configurations because it provides a base for security thus reducing the vulnerabilities and consequences of attacks that might be successful, it will improve the consistency and predictability of security. The following makes up WLAN architecture: roaming, microcells, infrascture and independent. Independent WLAN is the simplest one which consists a group of computers that are equipped with client adapter and access points are not necessary in this case. Infrastructure WLAN consists of wireless stations and access points combined with DS that help roaming and mediating wireless network traffic. Microcells and roaming a microcell is an area coverage for an AP,they help users to move between access points without having to log in again and restarting the applications again, for roaming to work, access points must have a way of exchanging information as a user connect. |
|
the cryptographic means of protecting the assets of the organization |
Cryptographic is writing is writing in secret code within the context of any application and these are the requirements for it; Authentication,privacy,intergrity and non-repudiation They include: schannel CNG provider model, ECC cipher suites, AES cipher suites and the default cipher suite preference. so the basic mechanism is to covert data into cipher text form and then again into the decipherable when it gets into the user. Encryption and decryption is the main mechanism which works and ensures free flow of data within the system. Benefits The use of using public keys enables individuals to convert data into the encrypted form. Used to hide crucial. important and vital information. Helps in preventing leakage of vital data from a network Helps in the authentication of users over the transfer or flow of data in electronic way. |
|
the types of known attacks against those types of protections |
Password attacks-it’s a third party who tries to get access of information by cracking the password. Malware-codes with malicious intent to steal data or destruction of the computer system. DOS attacks-it majors on or targeting disruption of the network and can be prevented by keeping the system secure. |
Strong passwords are the only way against this attack. Malware should be avoided by doing away with links to unknown users. |
How to ward off the attacks |
Malware-avoid clicking and downloading attachments from unknown users. Phishing-through verification of any requests from organization via email over the business phone. Passwords attacks-use of strong passwords DOS attacks-the system of the organization to be kept secure with software updates. |
|
Encryption Technologies Data Hiding Technologies and |
Shift/Caesar cipher-it’s a tool that uses the substitution of a letter by another one further in the alphabet. Polyalphabetic cipher-is a cipher that is based on substitution using the multiple substitution alphabets. Perfect cipher-these are ciphers that can never be broken even with after an unlimited time. Block ciphers-is an algorithm deterministic that operates on fixed-length groups of bits. Triple DES-is a symmetric-key block cipher that applies the DES algorithm three times to the data bits in the system. RSA-is a public-key in the cryptosystems and is used for the transmission of secure data. Advanced encryption standard-it’s a cipher based on the substitution-permutation network and works fast in both the hardware and software. Symmetric encryption-these are the algorithms that uses the same cryptographic keys for both encryption and decryption of the cipher text. Text blocks coding-are the family of error-correcting codes that do encode data in bits. Information hiding and steganography-is the process of concealing a file, video, image, or file. Digital watermarking-is the practice of hiding digital information in a carrier signal in the system. Masks and filtering-masks show which of the part of the message is displayed. |
Network security vulnerability and threat table above
Common Access Card Deployment Strategy
How identity management can be part of security program and CAC deployment plan
Identity management involves telling what the user can do to certain devices at a given time. Identity management can be part of the program because of its reasons well known for instance: increasing security, also production while decreasing the cost and effort.
The program tools of identity management need to run as application towards a server because it defines the type of user and devices allowed to work on a certain network this for it to be part of the program, must depend on alerts, reports, policy definition and alarms
Thus offering directory integration and connection of the wireless and non wireless users and meeting almost the operational and security requirements.
Deployment plan of the common access control
Can come for different reasons so as to deploy and enforce the authorization policy for instance:
The organization -wide authorization policy that is driven from compliance level of organizational requirement.also departmental authorization policy where they have some special data handling the requirements that would be passed to various department. Then the specific data management relating to compliance and targeting at the protection of the right access of information.
Email Security Strategy
Types of public-private key pairing
Public keys may be disseminated widely but private are only known to user owner. This makes two functions-the authentication when public key is used to verify or show a private user sent a message and encryption where the holder of the private key can decrypt the message.
Authentication-is when the public key is used to verify that a holder of the paired private key sent the message.
Non-repudiation-it’s an attribute of communication that seeks to prevent the occurrence of the untrue or false denial of involvement by either party because it provides the originator of data with credible evidence showing information was received as it was addressed.
Hashing -it’s used to index and retrieve items in database because it is faster to find an item through the use of shorter hashed key thus hashing being the transformation of a string of characters into a shorter fixed length than the original size.
This added security benefit will ensure integrity of messaging by:
Speeding being high this is when the number of entries is large because maximum number of entries can be predicted in advance so that the bucket array can be allocated once also one may reduce the average lookup cost by a careful choice of the hash function and even the internal data of structures.
Pretty Good Policy-it’s a program that is used to encrypt and decrypt email over the internet as well as to authenticate digital messages with signatures the stored files that are already encrypted.
GNU privacy Guard-it’s an encryption software program since it uses the combination of conventional symmetric-key cryptography for speed.
Public key infrastructure -it’s a cryptography key that enables the distribution and the identification of the public encryption keys thus enabling the devices to exchange data securely over various networks.
Digital signature -it’s an electronic signature that can be used to authenticate the identity of the person sending the message.
Mobile device encryption-they help mitigate security risks whereby data must be encrypted while it is in transit and when in storage.
How to use smartcard readers tied to computer systems
Smartcard are the credit-sized plastic cards that do contain the circuit card that are integrated they can be deployed together with readers to provide user authentication and the non-repudiation for wider range of security purposes.
A single smart card can be issued to each network user so as to provide a single set of credentials for logging to remote networks.
Complexibility of cost and technical of email encryption strategic to security benefits
The following elements must be considered:
The basics because encryption is a process that is based on the cipher that makes or ensures information is hidden.Aslo choosing what to encrypt because it will be part of the risk management and the planning process of data governance. The three states of data in order for data to be secure from data in motion to data at rest and last data in use.
Recommendation
Smart card can be deployed together with readers to provide user authentication and the non-repudiation for wider range of security purposes.
A single smart card can be issued to each network user so as to provide a single set of credentials for logging to remote networks
A deployment plan it’s a step to step on what need to happen in the last stage in the email security strategy, for a deployment plan to be effective the following must be put into consideration:
Layered application that deals with the design management dependencies  between components also the people who structure application layers should not be same again to structure the hardware infrastructure.
Reference
Atul.kahate, cryptography, and Network security Tata mc Graw.Hill Publishing Company Limited, 2003
E .kranakis primarily and cryptography, Wiley, 1986