Network security is a significant aspect when managing network. There are issues that should be put in place in order to have security over a network. One of the significant components that are of great use is firewalls. Firewalls provide a great tool that network administrators use to secure their networks. We have had a chance to look at computer networks and the use of VPN in the security aspects of the networks. We have had to go in-depth on how the networks relate to security.
One of the most significant aspects of a firewall is the installation and implementation process. Firewalls should be installed the right way in order to function well. We have a chance, as a class, to go through the installation process of the firewall. There are different kinds of firewalls and the different types have different configurations, but function well. In class, I had the chance to look at the Pfsense firewall and assessed the settings of PfSense.
PfSense
Under the settings of the PfSense firewall, I have the chance to assess the operations process of the firewall. For the firewall to function well, there are rules that must be set that the firewall will use. These rules will guide the firewall on what traffic to allow and what to block.
My machine
In my machine: I set adapter 1 as LAN Machine
I connected as a bridged adapter
The IP address was 192.168.1.1WAN machine
Adapter 2 was the WAN machine
It was connected as Host only Adapter
The IP address of the host adapter was 192.168.5.45
After the configuration had been done, the following screen appeared, which came as a result of starting Pfsense
After this, I copied the IP address of the adapter 1, my machine (192.168.1.1) to the URL of a web browser.
I went through the setup guide and was then presented with the home screen of the pfsense.
There are rules which have to be set in order to have firewall working properly. It is in terms of the traffic which can be allowed and those that cannot be allowed.
In the lab, I allowed green traffic to be outbound (engress) and restricted red traffic to be inbound (ingress). I then navigated to the rules which is found in the menu and changed the second rule.
I also edited the third rule in the list that is for the red traffic.
After I set all the issues and the requirements, I found the following results in the rules:
Question B: Security issues for using single-homed firewall as dual-homed
One of the issues that will be faced with the conversion of single-homed to dual-homed firewalls is the concentration and the points of control. There is an issue with the points of concentration. The security will not effective because the single-point firewall will not sufficiently handle all the points that need to be taken care. It will bring the issues of in-depth defense because there is no in-depth defense (Al-Haj, & Al-Shaer, 2011).
There is also the problem of routing to other networks. It is not possible to have routing in other networks, and the control of the networks is not possible. It will be hard to control the security of packets that have both internal and external points of control. It is because dual-homed firewalls have been enabled to control the security aspects of packets that operate both internally and externally to the network.
Another problem of making a single-homed firewall to a dual-homed firewall is that it is not endowed with enough resources that will enable them to manage the network functions that are required of them. It is necessary to ensure that there is proper management of the tasks and the management of the resources that have been assigned to the firewall (Kotenko, & Polubelova, 2011).
Making a single-homed firewall dual will introduce the problems that are associated with dual-homed networks. These are the problems of dual-homed firewalls. It is because dual-homed networks single-point failure firewalls. In this respect, if an attacker can compromise the dual-homed firewall, it means that they can compromise the security of the site. It does not matter the type of protocol that is being used. It is a requirement that the host should be secure. There is a need to ensure that the host of the site has the required security that will enable it to protect the clients (Kotenko, & Polubelova, 2011).
Making firewalls dual-homed will bring the issue of IP implementations concerns of the host. It will be possible to pass traffic on the machine or crash the machine. It is a problem that is common with packet-filtering routers. Although it is the case, it is a problem that can be solved in the process.
There will also be issues of having users to log directly into the proxy. By making the single-homed firewall dual, it will require that users who want to access the services will have to access through a proxy. Having users to log into the dual-homed host will bring security issues to the dual-host and the single-homed firewall convert will not be able to handle the users that have been logged into the host. Many of the single-homed firewalls that have been converted to dual-homed hosts are in most cases not able to manage the users who get access to the system. It will bring issues of control and management of the concerned parties. It will be important to have management controls for the users (Kotenko, & Polubelova, 2011).
Also, not all the services that are needed in proxying will be available when single-homed networks are used as dual-homed networks. It will be important to have the services that have been denied in the whole process. It is a problem that will be seen when the single-homed firewalls are used in the entire process.
Results
After completing the connection, and sharing the contents of key.txt, the remote IP address and client.ovpn into pfsense. With this, the connection of OpenVPN is complete, and thus, there is a secure connections between two machines which are remote to one another securely.
Question C: Security issues for inbuilt VPN for Microsoft
There are security issues that come with inbuilt VPN in Microsoft Windows operating systems. One of the concerns is the possibility to un-encapsulate MS-CHAP v2. In the authentication procedures of the MS-CHAP v2, there are possibilities of reversing the process that makes it hard to complete the authentication process. With the use of this exploit, there have been possibilities to crack PPTP within a short period, of up to two days. Although Microsoft has provided patches to correct the flaw, it has not earned the trust and the confidence of Microsoft. They have recommended the users to make use of L2TP /IPsec or should use SSTP as an alternative (XIE, & ZHANG, 2012).
There is also the issue of eavesdropper receiving two copies of the same plaintext when they are using MS-CHAP v2. The two copies are encrypted with two different keys. In the current modes of networking, if someone will watch over a network for a given period of time, it is possible to have different copies of the encryption credentials. Also, it is possible to have the attackers watch the users as they log in and out. From the analysis, it is possible for a passive listener to be able to have copies of the 8-byte challenge and 24-byte response using the information that has been sent (XIE, & ZHANG, 2012). There are tools that have been used in the past to break into the Windows password. This tool is L0phtcrack, which is used to break into passwords that are used by Windows NT. It is known to break into passwords that are used by inbuilt VPN in Windows. It is an issue that needs to be looked into and assessed.
There are also version rollback attacks that are possible in the MS-CHAP v2. It is possible because Microsoft has tried to have compatible versions of the software, and many attackers will try to mount attacks using this provision.
There are also man-in-the-middle attacks that have been found in inbuilt VPN on Microsoft. It is an issue that needs to be taken into consideration. Most attackers can connect to the Microsoft VPNs and can undertake their attacks. It is an issue that has been of concern for most attackers.
With inbuilt VPNs, it is possible for virus and malware creators to create IRC bots that have the possibility to enable the attackers to control computers from remote locations. It is an issue of concern than needs to be taken into account. With this possibility, remote attackers can control the computers to be able to attack other computers that are on the same network. They are also able to command the computers to infect the other computers which are on the sane network. It is possible and seen to be common with split tunneling that an issue is of concern that affects the other computers on the network. If split tunneling is allowed on the network, then the attackers can attack the remote computers on the network. They will, therefore, affect the working process of the remote computers on the internet (XIE, & ZHANG, 2012).
There are also an issue that have docked the protocol for long, the issues of dictionary attacks. These attacks are prevalent because of the wide use of the protocol. The protocol has been widely used so that it is possible to have a wide spate of attacks in the many users that MS popularity has.
References
Al-Haj, S., & Al-Shaer, E. (2011, October). Measuring firewall security. In Configuration Analytics and Automation (SAFECONFIG), 2011 4th Symposium on (pp. 1-4). IEEE.
Kotenko, I., & Polubelova, O. (2011, September). Verification of Security Policy Filtering Rules by Model Checking. In Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2011 IEEE 6th International Conference on (Vol. 2, pp. 706-710). IEEE.
XIE, Z. Q., & ZHANG, H. M. (2012). Remote Access System to Campus Network Resources Based on SSL VPN Technology. Computer Knowledge and Technology, 25, 020.