Introduction
Computing security is a significant aspect that needs to be undertaken in any organization. With organizations adopting the use of information systems in their business operations, there is a growing concern to have a secure network perimeter. Most attacks come through the organization’s most valued asset, which is the computer network that is being used. Network security requires that there be a professional that will take care of the network and ensure that there is close monitoring of the network traffic. It is important to understand the requirements of the network and have ways in which the network will have controlled perimeter that will detect any form of intrusion to the network. This paper will assess Global Finance, Inc.’s network and recommend strategies that can be integrated to the network to ensure that there is enhanced security on the network. The paper will ensure that there is better security in the suggestions that will be made in the entire security aspect of the network. The paper will undertake a security assessment for the network that has been presented. It will make recommendations and redesign the network that will be used in the analysis and design of the network again. There are strategies that need to be taken into consideration to ensure that the network has been designed and enhanced to the right point where there is assured security in the entire network.
Company network of the GFI
The network of GFI has been designed to offer the services that are required in the network. The devices have been integrated that will enable the company to have ways in which they will have better network reliability and efficiency. The speed of the network to the internet is fairly fast. It has a 10Gbps connection speed to the VPN gateway. The speed is sufficient to support the organization networking requirements. The local network has also fair speed that is sufficient for the internal needs of the company. There is sufficient requirements that will ensure that the users get reliable and fast services. There are six departments, with each department having workstations and printers. Accounting and finance are the largest departments in terms of the computing requires that they have been installed with. Accounting department has 63 workstations and seven printers, while finance department has 49 workstations and five printers. The rest of the departments have 25 workstations and five printers for the loan department, twelve workstations and three printers for the customer services department, and five workstations and three printers for the management department. There is also the credit department which has ten workstations and three printers. The interconnection between the departments and the external network is 10Mbps while the interconnection between the switch and a router in the organization is 10Gbps. It is the same speed with which the organization is connected to the internet. It is a fair connection as the users can access the internet. The switches have been used to interconnect between the routers and the switches in the organization. It is important to understand the requirements of the network and have the necessary connections and steps that will ensure that there is a suitable interconnection.
There is a demilitarized zone (DMZ) which is used in the management of the network for security issues. The DMZ is the cushion between the LAN and the internet. It makes it hard for the attackers to attempt attacks to the network of the company. It is one of the recommendations that enhances the security of the LAN. By the time the attackers manage to get to the network, they shall have been detected in the DMZ.
The network has a firewall that acts as a filter of the external network and that of the internal network. It helps to filter packets so that if the packets are considered to be suspicions, they will be denied access to the network. In the GFI network, the firewall has been located between the PBX and the network. I feel there should be proper positioning of the firewall. There should be protection of the network with the internet with the use of a firewall. There are also some recommendations to have some of the servers in the Trusted Computing Base to be taken to the DMZ. They are the source of attacks if there is some form of attack that can be brought to the network. It is important to understand the security requirements of the connections and have ways in which the attacks can be eliminated in the network. It is also important to understand the need to have IDS that is used to enhance interconnection and security in the network.
Risk assessment
There are concerns that should be an issue in the network that has been presented. One of the concern is that there is a possibility of intrusion and attacks to the network. One of the ways in which the data will be compromised in the network is the attackers getting to the network in the current design. There are three ways in which there is a possibility to have an attack in the network. Most of the security threats and vulnerabilities that will be presented in this paper are as a result of faulty network design. There is a need to ensure that there is better security and management of the security in the network. It has not been assured in the current interconnection. These possibilities include:
Intrusion – there is a possibility to have network intrusion to the network. One of the ways in which the network will have intrusion is that of lack of firewall between the internet and the internal network. The firewall that has been put in place does not serve the internet connection in the network that has been presented. One recommendation would be to have a network that will ensure that there is a firewall between the internet and the internal network.
DoS attacks - Another possibility that is rife with the current connection is that of denial of service attack. It is possible to have a DoS attack in the current network because of having email and web servers together with the other servers. Most of the internet requests and processes are done through the web server. If the web server is attacked, the rest of the servers will likely be affected. They will likely be affected because it is located in the same location with the web and mail servers. It was not in order to have the two servers in the same location with the rest of the network. Also, there are workstations that have been connected together with the servers.it is a possible source of attacks to the network. If there will be attacks, it will affect the accessibility of the network in the company (Cardenas et al., 2011).
Data privacy breach - it is another vulnerability with the network. It is possible to have a data breach in the current network because of connecting the Oracle server with the mail server in the same location. There is a need to have the Oracle server, which has the data that is sensitive connected with the file and exchange server. It is important to understand the implications that the connection has to the data of the company.
Internal attacks - There is also the possibility to have internal networks within the current network setting. There are desktop computers that have been located on the same domain and place with the servers. There are seven workstations that are in the data center. These are a threat to the security of the network. It is the possibility to have attacks coming to the network through these desktop computers.
Mitigation strategies
I would recommend mitigation strategies that would be used in the network. The strategies have got to do with a new design of the network. It is important to have new ways in which the data and network flow is designed. It will eliminate most of the network design issues that have been shown in the network. One of the recommendations for the network is to have a strategy that will ensure that there is a better management of the network in a given scenario. For the intrusion vulnerability, it will be important to have a firewall between the internet and the network. The internet has been connected directly to the network through DMZ. It will be hard to have the network assessed and developed in the current status without having some form of filter in the network. It will help to understand the network design and have ways in which the network design will be achieved in the entire process. Also, there should be an IDS installed in the network. The IDS should be used in the network to ensure that there is a security of the network with the rest of the networks in the entire process.
For the denial of service attack, the web and mail server should be separated from the rest of the network. It will help to have the network separated and managed effectively in the entire proves. Also, the workstations that are found in the server room should be isolated from the server network. They should be separated in this process and have a better management and enhancement process. The design that has been presented does not allow the workstation to operate on their own. It is important to have the servers to be able to operate in their network. It will enable the devices to be able to separate the functions. It will be simple to achieve the logical division in the proposed design that has been put in place. It will be easier and manageable (Smith et al., 2014).
For the data privacy breach, the Oracle and file server should be isolated from the workstations. If there is an attack through the workstation, it will not be able to reach the Oracle server. It is important to understand these security requirements in the development and enhancement of the network. One of the possibilities in the entire process will be to have a network to have separated functions so that the devices will be able to function in terms of roles and functions.
For internal attacks, the users should be encouraged to have credentials that will be used in the access of the network. All users should be able to have s and passwords. These credentials will be used in assessing the attacks that might be encountered on the network. Also, there should be access control on the network. Although it is hard to know which of the users have higher access from the diagram that has been presented, it is important to understand the fact that access control is a significant development in any network. It helps to manage the access and the security of the data asset in the organization.
Methodology type
The methodology that has been presented in the paper is both qualitative and quantitative. It is qualitative because there are management issues that have been included in the assessment. An example is that the data breach is as a result of people accessing the network from the inside of the network. Another aspect is that there is access control that has been recommended in the mitigation procedures. It is a qualitative method of assessing the risk. On the other hand, there is quantitative risk assessment that is seen on the network. The risk assessment procedure can be said to be quantitative because of the devices and the recommendations to have them relocated or redesigned on the network. By assessing the network afresh and making fresh design considerations, it shows that there is a better way in which the network will be achieved and managed in the network.
Also, the number of workstations have been shown in the assessment process. The number and the locations of the workstations and networking devices have helped to understand the network in terms of the devices that have been included on the network.
Presentation to the management
I will present to the management the new proposal by having figures and numbers associated with the new design. By convincing the GFI management about the reliability of the proposed system, I will be able to have them have a new design. From the attacks that have been experienced, it is clear that the network and the location of the Oracle and email servers were to blame in the attacks. I will convince the management that there are higher chances and possibilities of having other attacks. That the attacks that were experienced on the network could be worse because of the increase in sophistication of the attacks. It is one aspect that can make the management come into terms with the realities that can meet the network. That they should see the damages that can occur in terms of the ability to undertake recovery. There are times when it will not be possible to make recovery of the data (Wu, Barker, & Desai, 2011).
Proposed network
Conclusion
The proposed network solution has put into consideration the possibilities and the aspects that can affect the current network. It is important to understand these issues and have ways in which the network will be secured. When designing a network, the location and the devices which are used should be an issue of concern for the designers. All the needed requirements have been put in place for the new network.
References
Cardenas, A. A., Amin, S., Lin, Z. S., Huang, Y. L., Huang, C. Y., & Sastry, S. (2011, March). Attacks against process control systems: risk assessment, detection, and response. In Proceedings of the 6th ACM symposium on information, computer and communications security (pp. 355-366). ACM.
Smith, P. K., Bennett, J. M., Darken, R. P., Lewis, T. G., & Larrañaga, M. D. (2014). Network–based risk assessment of the US crude pipeline infrastructure.International Journal of Critical Infrastructures, 10(1), 67-80.
Wu, L., Barker, T. G., & Desai, V. S. (2011). U.S. Patent No. 8,015,133. Washington, DC: U.S. Patent and Trademark Office.