Id 00153639 md. mahbub alom_nsc_assignment_march-16
1. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-161
Contents
INTRODUCTION:..................................................................................................................................................................2
TASK -1 ....................................................................................................................................................................................3
RISK ASSESSMENT ..............................................................................................................................................................3
Important information assets of City College......................................................................................................3
Asset list, threat, likelihood and risk matrix .........................................................................................................4
TASK-2......................................................................................................................................................................................5
EXPLAINING RISK CONTROL..............................................................................................................................................5
Internal risk control: .....................................................................................................................................................5
External risk control:....................................................................................................................................................7
System:............................................................................................................................................................................8
WHERE I USE ENCRYPTION AND WHY? ...........................................................................................................................9
Relevant: .........................................................................................................................................................................9
TASK-3...................................................................................................................................................................................10
NETWORK DIAGRAM .........................................................................................................................................................10
Without IP (Network components).......................................................................................................................10
Network diagram with suitable IP ........................................................................................................................11
Firewall rules and explanation of table: .............................................................................................................12
TASK-4...................................................................................................................................................................................13
MAINTAINING SECURITY ..................................................................................................................................................13
TASK-5...................................................................................................................................................................................14
REFLECTIVE COMMENTARY ............................................................................................................................................14
CONCLUSION: ...................................................................................................................................................................16
BIBLIOGRAPHY.................................................................................................................................................................17
2. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-162
Introduction:
This assessment is written about City College it’s a private institution which based in UK.
This college run’s local area network. They want to setup new virtual learning environment
so that Staff and students enable to secure access. Here need to provide security matters of
the city college.
3. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-163
Task -1
Risk assessment
After analysis the scenario in this task I have identified five important assets of City College.
Important information assets of City College
I. Financial system
II. Employee personal data
III. Network folder (Y-drive)
IV. Marketing website (own website hosting)
V. Record students data
4. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-164
Asset list, threat, likelihood and risk matrix
5. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-165
Task-2
Explaining Risk Control
Here I will discuss how to control risk which I have identified in previous task. To control all
risk of City College here I have divided three parts as their requirements these are given
below
1. Internal risk control
2. External risk control
3. System risk control
Internalrisk control:
How to control internal risk of City College which threats I have identified as their
requirements after analysis all these threats I should provide some internal risk control ways
these are given below;
Strong password policies and Controlling User Accounts: Strong password policies are
one of the most important ways to protect from unauthorized user. Longer passwords are
harder for criminals to estimate or break, a combination of upper case and lower case
letters, numbers and keyboard symbols such as @ # $ % ^ & * ( ) _ +Dictionary password
not allowedand password should be encrypted. So I think strong password policy will control
internal risk.
Access controls on folder:Access control is a safety method that can be used to control
who or what can view in a computing environment. Only authentic user should be permitted
to access network folder(y-drive) by following user authentication method.
Remote access Authentication:Remote access authentication must be needed to access
securely by HTTPS from their home so that students and staffs access virtual learning
environment (VLE).
Restrictions: Need restriction to access Y-Drive, file download, and file transfer and
Dropboex access etc by following user authentication.
Wi-Fi Security: keep secure Wi-Fi encrypted password, after two or three months old
password should be changed and Dictionary password not allowed.
Monitoring: The senior management team will be monitoring all sectorsby IP address,
access history and they will find week point then they will solve.
6. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-166
Justification: I think above these things like encrypted strong password or Wi-Fi security
policies, authentication, IP address monitoring etc. will control all these internal risk.
7. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-167
Externalrisk control:
(CROWN COPYRIGHT, 2015)
Network perimeter: The limitation of access to set of connections ports, protocols and
applications pass through a filter and checkingevery part of traffic at the network boundary to
make sure that just traffic which is needed to maintain the business is being replaced.
Manage allincoming and outgoing network links and deploy technological controls to scan for
malware and other malicious content. There are temporary IP address blacklist.
Install firewall: To control traffic, external risk and control all incoming and outgoing network
connections and deploy technical controls to scan for malware and other malicious content
install firewall.
Vulnerability scans: This institute should run automated vulnerability scanning tools against
all networked devices and identified vulnerabilities within an agreed time frame.
Disable unnecessary input/output devices and removable media access: to control risk
disable ports and system functionality that is not required (Which may include USB ports,
CD/DVD/Card media drives).
Set anti-malware defenses across the own network: Set anti-malware defenses across
the own network of city college and keep secure all host and users machines with antivirus
resolutions that will dynamically scan for malware.
Encryption: Encrypt sensitive data when send over the internet such as email sending, file
transfer etc. I should encrypt with digital signatures, keys, certificates and any other
encryption tools.
Secure configuration: Don’t use default configuration to keep secure.
Anti-phishing protection:Detection and blocking of scam and blocking website.
Anti-spam protection: Detection and removal of spam emails and block sender (email) IP
address.
Email client protection: Scanning of emails received and sent through an email client.
Web access protection: Detection and blocking of websites with malicious content.
VPN for external users:set virtual private network for external users.
8. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-168
SoI think if you follow and use above these things then external risk should be control.
System:
Data backup: Backup system should be required to control system risk. There are two types
of backup system offline data backup and online data backup system. I think online data
backup system is best in this college. Here I used cloud backup system.
Redundant hardware: Redundant hardware is required to emergency connect because
somehow any hardware can be damage so to control this system risk and come out from
risk I think Redundant hardware must be needed.
Data recovery: accidently important data can be removed or deleted so we can recover
documents, emails, photos, videos, audio files and more. So by using data recovering
system I can control this risk.
UPS: UPS will provide short time electricity backup so that a user enables to use in load
shedding period and enable to save data.
Voltage stabilizer: it control electricity voltage and supply accurate electricity. So it will
prevent much hardware.
9. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-169
Where I use encryption and why?
I use Encryption to save from harm our data by following symmetric encryption method. It
saves our data when it's sitting on our computers and it protects it when it's being
transmitted around the Internet.
Financial system: I use encryption in financial system of City College because I need to
protect all financial information of this college.
Protocol: Here I recommend using PPTP and IPSec.
All personal information: To share the personal information’s of City College over the
network I use encryption to protect data from unauthorized users.
Protocol: Here I recommend using IPSec, HTTPS,
Registration: I use encryption in employee and students registration form so that no one
can get their personal information.
Protocol: Here I recommend using IPSec, SSL.
Y-drive: To store all personal information of City College like policies, procedures,
committee minutes etc. will be encrypted.Secure File Transfer Protocol (SFTP), IPSec,
L2TP.
Microsoft’s office 365 (emailing): IPSec, L2TP. SMTP
Relevant:
Virtual learning environment:Media Transfer Protocol (MTP) use to transfer image, video
etc.
Wi-Fi security key: Here I recommend using WPA, WPA2.
10. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-1610
Task-3
Network diagram
Without IP (Network components)
Figure 1: Network Diagram
11. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-1611
Network diagram with suitable IP
Figure 2: Network Diagram
Here one switch (8-port) has reserved to emergency connects.
12. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-1612
Firewall rules and explanation of table:
Here I used top quality device to design this network. Here I have used unshielded twisted-
pair (UTP), RJ-45 connectors, layer3-switch, switch (8 ports). To give network protection
from incoming threats used firewall. Here I have set access list in firewall which user can
access and who can’t access. A firewall permits you to found certain rules to decide what
traffic should be permitted in or out of your private network. Here are used two types of
firewalls, software firewalls and hardware firewalls. Hardware firewalls are naturally
established in routers, which allocate incoming traffic from an Internet connection
to computers and Software firewalls exist in individual computers.
Firewalls are necessary; they can block genuine transmission of data and programs. Some
Firewalls traffic blocking rules are given Words or phrases, Domain names, IP addresses,
Ports, Protocols etc.
Name Access Authentication Modification
Y-drive
IP-192.168.0.3
Authentic IP-192.168.0.5 Allow
Finance PC
IP-192.168.0.2
Authentic IP-192.168.0.5 Allow
Drop-box Any one IP-192.168.0.4 Allow
Student –PC
IP-192.168.0.4
Authentic IP-192.168.0.4 Allow
Virtual Learning
environment(VLE)
Authentic IP-192.168.0.4
IP-192.168.0.5
Allow
13. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-1613
Task-4
Maintaining Security
Maintaining is the most important part of this city college. Preventive maintenance helps
avoid unexpected downtime and breakdowns. After given top security like install firewall,
vulnerability scans, access control, VPN, web security, mail security and different types of
authentication etc. now need to proper maintenance and I think to ensuring maintaining
security they should be needed employee training and development, workshop, audits,
software up-to-date etc.
14. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-1614
Task-5
Reflective commentary
In this assessment I learnt many things here I have learnt security issues I have known
which mechanism needs to give protection data. Here I have known about cyber security
attack, different types of encryption method etc.
(A)
Here I faced many problems to complete their requirements which the city college have
given, to solve these problem I learnt many things like I don’t know how to secure network,
how to draw logical network diagram. To prepare this assignment I have spent too much
time, I have followed NCC materials like lecture slide, student handbook and others
referenced book. After reading this scenario I am confused about network diagram and I
disappointed, our module leader have removed all these confusion and also helped to
complete the assignment.
(B)
In this assignment some task I would do differently if I start again. In task-1 I can do it
differently here I have completed in one table. If I start again this task then I should four
individual tables and one complete table like first table is look like
2nd
table is look like
3rd
table is look like
15. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-1615
After all final or complete table is look like
Network diagram also change if I start again here I would draw cloud backup in network
diagram. Here I will also provide backup internet connection.
(C)
In this assignment I have identified which types of securities are the most important for this
city college. I think chief executive officer will be pleasure about security. I described about
the security matters as their requirements.
16. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-1616
Conclusion:
Here the assignment has been finished and I believe I have successfully recognized better
security for completing this assignment. In this assessment I have done risk assessment as
their assets and I identified all possible risk and I described all these risk how to control
these risks.
17. Network Security and Cryptography
ID_00153639_Md. MahbubAlom_NSC_Assignment_March-16 March-1617
Bibliography
CROWNCOPYRIGHT. 2015. Crown copyright. [online]. [Accessed 06 January 2016].
Available from World Wide Web: <https://www.gov.uk/government/publications/10-steps-to-
cyber-security-advice-sheets/10-steps-network-security--11>