COIT20265 Networks and Information Security Editing Services

COIT20265 Networks and Information Security Editing Services

Introduction

The Community College (CC) is one of the fastest growing educational institutes for which the headquarters is located in the Northampton main campus. CC is providing its educational service through its nine (9) branches located in the regional and metropolitan areas of Northampton. The institution is providing educational service program for two types of students. The students who study in regular and the others who study through online and distance education programs. The institution headquarters facility is located in the Northampton main campus. Operation facility of the institute is located 50KMs from the Headquarters in a warehouse near an industrial area, this facility holds the back-office technical functions, data center and IT staff. The Backup facility is located in the country area of about 1000KMs from the Headquarters. For the past two years the number of students and institution services are doubled and senior management of the CC has identified enrolment for both on-campus and distance education will increase by 50% within next three years. The CC institute has planned to improve its services to meet the future requirements as well as to reduce the risks in the networking. Therefore, this work is focused on designing and implementing a secured information and network infrastructure to enhance the availability of the services, reliability, scalability, high performance of the information system of the institution and improving the security support of CC services. The current network design of the CC institute can be easily upgraded and they have used T3 leased line connection and 100Base-TX Switched Ethernet to establish network link between headquarters, operations and backup sites. Adding additional servers and backup devices to improve the performance and functionalities, reducing the network traffic by deploying appropriate devices and components in the network. Deploying VPN and using wireless LAN connections to provide better networking. The primary objective of the network security draft plan is addressing the network requirements to meet the future needs and network security requirements of the CC institution.

Aim and objective

This project mainly concentrates on redesigning the existing network of the CC institution to meet the current and future demands. They are focused on implementing highly secured networking to provide better service to the students and to create a better communication medium between staffs to students, staffs with other campus staffs to improve their research work 
Some of the important objectives of this security plan are as follows;

• Upgrading the current design of the network to meet the future demands.
• Creating comprehensive network security plan to secure the sensitive and confidential data from unauthorized users and hackers.
• Using the advanced security technology concepts to secure the CC institution network.
• Using the advanced network devices to improve the network performance.
• Deploying data encryption mechanisms in the network to secure data travelling between internal and external of the CC institution network.
• Evaluating the possible risks in the network, and design and implementing the suitable disaster recovery and backup plan for the CC institution.
• Deploying enhanced efficient unified threat management solution for the organization.
• Allocating IP addresses using the CIDR format.
• Using the DMZ configuration to enrich the security for each zone in the institution.

Assumptions

• Almost 50000 users are accessing the CC institution network to connect with the faculty and to view other student’s activity.
• The CC institution network is available at 24/7 and approximately 99.9 percent of the time.
• Three firewalls need to be deployed in the three regions (headquarters, operations – Data center and backup).
• Using cloud service to store the temporary data of the CC institution.
• Using the satellite network to establish communication between the headquarters, operations and backup wirelessly.
• Validating the network design and mechanisms used to implement the network with networking experts and gathering advice from them to improve the security.

Security plan

Security for the network

The network design of the CC institute is going to concentrate on reducing the network traffic by increasing the performance of the servers and backup devices. Identifying and deploying improved WAN links helps to reduce the network traffic and for the forecasted growth (CISCO, Retreived on 2016).

• The CC institute may use satellite communication to establish communication between institute headquarters, operational divisions and backup center.
• Wide Area Network (WAN) connection would be used in the institution to establish communication between staffs and digital components (Laser printers, external storages, labs, VoIP video phones). By improving the bandwidth ability of the cables used within the institution.
• Using the wireless connection such as hotspots and Wi-Fi will help the students, guest and staffs to obtain the network connection from anywhere in the institution.
• Using the VPN and advanced protocols will help to increase the security of the wide area network.

Securing the LAN connections

• Using the high security protocols in the networking devices.
• Deploying separate firewall to monitor and stop the vulnerable activities in the network.
• Providing different type of access to the students, staffs and employees of the CC institution.
• Installing antivirus software in individual system.
• Monitoring the student’s activity in the network.

Email and communication activities

Monitoring the email and communication activities in the institute helps to minimize the problems because most of the virus and malicious codes are shared with the email attachment (FireEye, Accessed on 2016).

Password Policy

Creating policy to set password for the account will help to minimize the security risks. Users of the network can select strong passwords with the combination of uppercase, lowercase, numbers and symbols which will help to minimize the password guessing attacks 

Analyzing risks

Implementing secured network for the CC institute provides many advantages but the institution needs to face some serious risk in developing the network. They are as follows,

• Securing the network devices and components from the unauthorized user.
• The CC institute has to employ a network expert team to monitor and identify the drawbacks in the network; it will be the hardest process. This process takes much time to analyze the drawbacks in network.
• The CC institute needs to spend a lot of time in investigating the network design.
• The cost for implementing such a network is very high and institution must be in a position to afford it.
• Components and network tools failure is high, therefore it needs proper monitoring of the network and its components.
• Institution needs to employ experts to monitor the network.

Network security policies

Numerous security attacks and vulnerabilities are available in the internet with the help of these mechanisms attackers can easily access a private network. There are numerous tools available to access the data which is transmitted through network. Some of the attacks used by the unauthorized users to access the network is as follow,

• Black hole attack
• Warm hole attack
• DoS
• DDoS
• Man in the middle
• Virus
• Worms
• Buffer overflow
• Packet sniffing

Anyhow CC institute can use some mitigation techniques to avoid these kinds of attacks in the network. With proper training and awareness the institute network specialist can easily control the various attacks and using proper tools will help to secure the network from these kinds of attacks.

Using better security policies and procedures will help to slice the threats and attacks in the network. Using the encryption mechanism will help the CC institute to minimize the risk in the network and helps to avoid the unwanted attacks. While sharing the information through the internet it needs to be in an encrypted format which makes it hard for the attackers to access the original data without proper decryption code. Attackers can’t retrieve the original message from that encrypted data.

Information security policies

By categorizing and providing different access permissions to the users of the CC institute helps to reduce the unauthorized and misappropriate use of the CC data and software project. Currently, CC institute has different types of users such as regular students, online and distance education students, guests, staffs, faculty and employees. Providing different access permissions to the users in the network helps the CC institute to secure confidential information from the unauthorized users (Loukas & Oke, September 2010).
Driving different policies for the information access will help a lot to the CC to track which user accessed the information from the database and at what time.

The CC institute handles different types of data such as student personal and academic information, staffs and faculty information, accounts and financial information. All this data are stored in the backup center of the CC institution. The institute is providing the educational service to its students in different ways, so it needs a large storage to store the details. There are many possibilities for human and natural issues with the databases and networking devices. To avoid these issues and critical situations the institute needs to deploy extra backup servers. These systems automatically collect and store every day activities and processes of the CC institution. Any problems occurring in the institute network or in database server then it starts to provide the service the users (BRANDON, Accessed on 2016). To ensure that the disaster recovery and business continuity replica of backup database of the CC institute is deployed the system properly. This disaster recovery system helps the CC institute to provide better service and meet the future requirements of the users. The CC institute may deploy one hundred petabytes of additional storage device to store a replica of information system. They can use the cloud services to store and work with information and it provides many benefits to the institute and it is cost effective (Alhazmi, Accessed on 2016).

Using the listed security mechanisms in the network of the CC institution helps to secure its network, systems and applications from the threats and vulnerabilities,

• Packet filters
• Security firewalls (Emails, browsing, data)
• Authentication mechanisms
• Physical security

Security technology implementation

• Authentication system:The CC institute uses different access permissions for the students, faculty and staffs. Botnet mechanism is widely used to gain the access of the account. So using the captcha code will help the institute to avoid this attack in the network. As well as CC institute can store user’s details such as username, password and other in encrypted format which helps to avoid compromising their information (Rouse, Accessed on 2016).
• Firewall: Nowadays firewalls are playing a vital role in securing the organizational network and data from virus, worms and network security breaches. Configuring firewall to monitor files, web, mail, DHCP, DNS and Domain controllers will help  the CC institute to minimize the attacks and risks.
• Wireless network: Providing the safe network access to the visitors and employees with authentication helps  the CC institute to avoid data compromising.
• Intrusion Detection and Prevention Systems: OPNET and NetSim are the tools which are used to detect the intrusion in the network. Cisco Fire POWER 8000 Series Appliances plays an important role in the intrusion detection and prevention in the network.
• Wide area network: WAN connections are used within the colleges and they are developed with the basic security to defend against the virus and threats. Providing access permissions to the authorized personnel will help to minimize the risk.
• Virtual Private Network (VPN): This network helps to establish communication with public networks. users can easily send and receive data through shared or public networks and their devices are connected with the private network. Usually VPN connections are made with secured network so users need not worry about the privacy. Advanced encryption methods are used in the VPN to secure information from attackers.
• Securing the network from BYOD: There are many number of tools and techniques available in the globe to secure network from the BYOD. By choosing the appropriate device one can  secure the network from BYOD. We can install mobile device management (MDM) software to protect network from the BYOD (Long, Accessed on 2016).
• Antivirus: Numerous antivirus are available in the market, the CC institute may use any one based on their need which will help them to minimize the risks.