1. SECURITY
Presented By Nidhi Yadav
CYBER
India_Internship
VIP 2023 -Industry Problem Statement
KIET Groups of Institutions, Ghaziabad
Nidhi Yadav
2100290110102
COMPUTER SCIENCE AND INFORMATION
2. Components and Structure of Campus
30 1 1 R o u t e r s
S e r i a l D C E C a b l e
Sw i t c h e s (Cisco 3 6 5
0 - 24 PS,2 9 6 0 - 2 4TT
)
Pr i n t e r s
PC ' s
La p t o p - PT
3.
4. Explanation:
A brief explanation of how these components can contribute to the
cybersecurity of your campus network:
Routers: Routers are responsible for directing traffic between different
networks. Implement strong access control lists (ACLs) and firewall rules
on routers to control incoming and outgoing traffic, preventing unauthorized
access and potential threats.
Serial DCE Cable: Serial DCE cables are used to connect routers and
switches. Ensure that physical access to these cables is restricted to
authorized personnel only, as tampering with the physical connections can
lead to network disruptions or unauthorized access.
Switches (Cisco 3650-24PS, 2960-24TT): Switches are essential for local
5. communication. Enable port security on switches to prevent unauthorized devices
from connecting to network ports and implement VLANs to segment traffic and
enhance security.
Servers :Servers house critical data and applications. Implement strong authentication
mechanisms, apply regular security patches, and use intrusion detection/prevention
systems to safeguard server assets from cyber threats.
Printers: Printers can be an entry point for attackers to gain unauthorized access to
your network. Ensure printers are on a separate network or segment them using
VLANs to minimize the impact of potential breaches.
Switches and Servers (as well as other network devices): Monitor network
devices and servers for unusual activities using security information and event
management (SIEM) solutions. This helps detect potential security breaches
early and allows for timely action.
6. • 3650-24PS (PoE Switch): If the 3650-24PS supports Power over Ethernet
(PoE), ensure proper security measures are in place to prevent unauthorized
access to powered devices, such as IP phones or cameras, to avoid potential
attacks.
• PCs and Laptops (including PT Laptop): Secure endpoints with up-to-date
anti-malware software, enforce strong password policies, and educate
users about phishing and social engineering risks. Consider using endpoint
detection and response (EDR) solutions for advanced threat detection.
• Printers: Regularly update printer firmware to patch vulnerabilities and
disable unnecessary services to reduce the attack surface.
• PCs and Laptops: Enforce encryption on laptops to protect sensitive data
in case of theft or loss.
7. • Laptop-PT: As a virtual environment, ensure the security of the
Laptop-PT by running it on secure hosts with up-to-date
virtualization software and monitoring its network activity.
• Address for main campus to cloud is
10.10.10.4/30
and cloud to server is 20.0.0.0/30.
• Address for main campus to other branch is
10.10.10.0/30.
• VLAN Portslike VLAN 10 and
192.168.1.0/24, so
on.....
8. “Remember, a comprehensive cybersecurity strategy involves a
combination of network security, endpoint protection, access control,
monitoring, and user education. Regular security assessments and
audits can help identify vulnerabilities and ensure that your campus
network remains resilient against potential cyber threats”.
10. SECURITY RISKS & SOLUTIONS
Security Risks:
1. Insider Threats
2. Malware and Ransomware Attacks
3. Phishing and Social Engineering
4. DDoS Attacks
5. Unpatched Vulnerabilities
6. Unauthorized Access
7. Physical Security Threats
8. Data Breaches
9. IoT and BYOD Risks
10. Lack of Incident Response Plan
11. Solutions:
1. Implement access controls and least privilege principles.
2. Deploy and update anti-malware and anti-ransomware solutions.
3. Conduct regular security awareness training.
4. Use email security gateways and implement multi-factor authentication (MFA).
5. Deploy DDoS protection solutions and redundant network infrastructure.
6. Establish a robust patch management process.
7. Implement strong network segmentation and use firewalls.
8. Secure physical access points and use surveillance.
9. Encrypt sensitive data and enforce data loss prevention (DLP) policies.
10. Segment IoT devices and implement network access control (NAC).
11. Develop and test an incident response plan.
12. Unauthorized Access
Unauthorized individuals gaining access to the campus network,
compromising sensitiveinformation or causing disruption.
Solution: Strong Access Controls and
Authentication Measures
Implement strong access controls, including multi-factor authentication,
and enforce robust password policies. Regularly review and update access
privileges and monitor network logs for suspicious activities.
13. Malware and Viruses
Campus networks are vulnerable to malware and viruses that can spread
rapidly and infect multiple devices, leading to data breaches or system
failures.
Solution: Robust Antivirus and Anti-Malware
Protection
Deploy up-to-date antivirus and anti-malware software across the network.
Regularly update operating systems and applications with security patches.
Educate users about safe browsing habits and caution against downloading
suspicious attachments or visiting potentially harmful websites
14. Insider Threats
Employees or students with malicious intent may abuse their privileges
or access rights to compromise the network or steal sensitivedata.
Solution: Addressing Insider Threats through Least
Privilege and Security Awareness
Implement least privilege principles, granting users only the necessary access
required for their roles. Conduct regular security awareness training to
educate employees and students about their responsibilities and the potential
consequences of insider threats. Implement user activity monitoring and
behavior analytics to detect anomalous behavior.
15. Data Breaches
Inadequate security measures exposing sensitive data, such as personal
information, academic records, or financial details, to unauthorized
parties.
Solution: Safeguarding Data through Encryption and
Data Loss Prevention (DLP)
Encrypt sensitive data at rest and in transit using strong encryption
algorithms. Implement data loss prevention (DLP) solutions to monitor and
prevent unauthorized data exfiltration. Regularly conduct security audits
and vulnerability assessments to identify and remediate potential
vulnerabilities.
16. Denial-of-Service (DoS) Attacks
Attackers overwhelming the campus network's resources, rendering it
unavailable to legitimate users.
Solution: Mitigating Denial-of-Service (DoS) Attacks
with Network Protection Measures
Deploy robust network firewalls and intrusion prevention systems to
detect and mitigate DoS attacks. Use traffic shaping and rate limiting
techniques to manage and prioritize network traffic. Establish
partnerships with Internet Service Providers (ISPs) to assist in mitigating
large-scale DoS attacks.