NEtwork Security Admin Portal


Published on

Security web portal,
used for vulenerability Assessment.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

NEtwork Security Admin Portal

  1. 1. Prepared by :-Bhadreshsinh GohilME in Computer Engineering3rd Sem.Enroll no. :- 111060751030.Gujarat Technological University,Ahmedabad.Guided by :-Dr. Sandeep K. Joshi Rishi K. Pathak Satyaswarup YerramilliPrinciple Technical Officer Senior Technical Officer Seniour Technical OfficerNPSF Group NPSF Group NPSF GroupC-DAC C-DAC C-DACPune Pune Pune GTU 12/4/2012 1
  2. 2.  Introduction and Motivation The Identified Problem The Proposed Solution Illustrative Case Studies References GTU 12/4/2012 2
  3. 3.  Internet is now ubiquitous Many Internet-based applications are in use today Web services is an important paradigm for designing Internet-based applications This all web services are hosted not only in DMZ in datacenter but also with Public IPs using with various Network Technology like NAT. For this we need implementation of Security Devices and controls like firewalls. GTU 12/4/2012 3
  4. 4. GTU 12/4/2012 4
  5. 5.  The web hosting setup and associated network security and networking setup being vast and there being multiple stakeholders in the decision making process, releasing new websites/ web portals to the public internet becomes very intricate, cumbersome and error prone often leading to delays, unsatisfied expectations and ownership of responsibilities issues. GTU 12/4/2012 5
  6. 6.  To resolve these issues it is proposed to build a framework which will streamline the process and also delegate most of the activities to several of designated stakeholders from each group. The framework will enable the users/groups to do most of the work related to public release of the websites/webportals and other network based services on their own with the intervention from the systems administrators or network security experts coming in only towards the final steps, if at all required. The framework will also support different roles. GTU 12/4/2012 6
  7. 7.  The proposed framework will be web enabled. It will be built using standard web development technologies like PHP, Java, Javascripts and use databases like mysql/postgresql in the backend. Apart from these the core networking technologies like firewall, router, bandwidth management and security/vulnerability assessment of web applications will be exploited to their maximum capabilities. The framework will require extensive scripting in either bash or python on linux platform to handle several of the backend tasks like implementing policy changes on the security device, enabling virtual hosting on apache server etc. The framework will use OpenAM based Single Sign-On or LDAP for user authentication and authorization purpose. GTU 12/4/2012 7
  8. 8.  Intranet Security Framework Based on Shortlived Certificate Symantec Security Framework Cyberroam Security Framework IBM unified Threat Management GTU 12/4/2012 8
  9. 9. Definition & UnderstandingThreat Target Threat Direction Attack!Internal Data Asset Internal to InternalInternal Disruption External to Internal Information Assets Computers Attack! Applications Attack! At Risk! Mobile Devices Networks /Threat Highway Infrastructure Threat Detection Attack!Internal Connection Required Network BasedDirect/Wireless/Remote/VPN Connection Oriented GTU 12/4/2012 9
  10. 10. Key Elements of Delivering SecurityCommunication Security • Protection of data and voice communications between designated endpoints. Network Infrastructure Protection • Protection of routing and networkAuthorisation & Access Control management infrastructure against • Support of multi-level security both passive and active attacks, such measures by implementing identity as rogue devices, insertion, deletion, or role based access control on modification or replay of control applications, application server, messages, 802.1x etc EfficiencyReliability & Resilience • Electrical, computing power, RF • Tolerance to hardware and software resource and network bandwidth failures, asymmetric and unidirectional links, or limited range Transmission Security of wireless communication • The services include countermeasures against radio signalEasy detection, jamming, control/user • Deploying technology should not data acquisition, and eavesdropping impact usability in a way that is intolerable GTU 12/4/2012 10
  11. 11. GTU 12/4/2012 11
  12. 12. GTU 12/4/2012 12
  13. 13. GTU 12/4/2012 13
  14. 14. GTU 12/4/2012 14
  15. 15. GTU 12/4/2012 15
  16. 16. 1. Information Gathering and Discovery  Example of tools: NMAP2. Enumeration  Example of tools: NMAP3. Detection  Example of tools: Retina,NESSUS. GTU 12/4/2012 16
  17. 17. 1. Information Gathering and Discovery ◦ Network Scanning ◦ Ports Scanning ◦ Directory Service ◦ DNS Zones and Registers GTU 12/4/2012 17
  18. 18. 2. Enumeration ◦ Hosts and OSs ◦ Ports (including the well-known: 0-1023) ◦ Services and their versions info ◦ SNMP Communities GTU 12/4/2012 18
  19. 19. 3. Detection ◦ Weakness ◦ Vulnerabilities ◦ Reports are generated ◦ Remediation Tools GTU 12/4/2012 19
  20. 20. GTU 12/4/2012 20
  21. 21.  Provide Access to the portal 24/7 Security Intelligence Awareness And Alerting User Configuration & Policy Detail Security Incident & Service Ticket Information A Template Driven Reporting Dashboard Authorization to download log data. GTU 12/4/2012 21
  22. 22.  Mr. Rishi K. Pathak (Seniour Technical Officer,NPSF Group,C-DAC) for valuable comments and suggestions Satyaswarup Yerramilli(Seniour Technical Officer,NPSF Group, C-DAC) for his review of the thesis Mr. Rishi K. Pathak , Seniour Technical Officer, NPSF Group for continuous guidance and support Dr. Sandeep K. Joshi, Research Guide for his motivation throughout All my colleagues and staff members of my department for technical interactions The NPSF Group of C-DAC Pune for their administrative support GTU 12/4/2012 22
  23. 23.  Zachman, J. A. (1987). A framework for information systems architecture. IBM Systems Journal, 26(3), 276-292. Retrieved 18:15, January 21, 2009, from pdf Zachman framework. (2009, January 19). In Wikipedia, The Free Encyclopedia. Retrieved 21:40, January 20, 2009, from mework&oldid=267343979 CCITT, “The Directory—Authentication Framework,” Recommen-dation X.509, 1989. _security_services_for_unified_threat_management.pdf services/unified-threat-management-utm-service.html GTU 12/4/2012 23
  24. 24. GTU 12/4/2012 24
  25. 25. GTU 12/4/2012 25
  26. 26. GTU 12/4/2012 26