The document discusses the IT security architecture at IIM Rohtak, including wireless security, the AES encryption algorithm, the IIM Rohtak network configuration, unified threat management (UTM), firewalls, and Windows Active Directory services. The network uses WPA and AES encryption for wireless security. The college network has dual security with Wifi and firewall-based user logins, and can enable/disable users. UTM provides a single security solution for threats while Active Directory provides authentication, authorization, and backup of centralized user data.

1. Presented By:
C Satish Kumar
Dev Aditya
Puneet Chawla
Raghav Chadha
Rajat Lakhina

2. IT Security Architecture
Client Side
Application
Security
Server Side
IT Security
Network
security
Database
Security

3. Wireless Security
 Network is secured using Wi-Fi Protected Access
(WPA)
 WPA is a security protocol developed by the Wi-Fi
Alliance
 WPA protocol implements much of the IEEE 802.11i
standard.

4. How WPA works?
 WPA is secured using Advanced Encryption Standard




(AES) Encryption Algorithm
Uses the Temporal Key Integrity Protocol(TKIP)
Includes a message integrity check
Prevents an attacker from capturing, altering and/or
resending data packets
AES with a fixed block size of 128 bits, and a key size of
128 bits used in our college

5. AES Algorithm
 Advanced Encryption Standard (AES) is a
specification for the encryption of electronic data
 It is a symmetric key algorithm
 Our college uses 128 bit key, for which
AES has 10 rounds of encryption
 Considered to be quite safe even by
National Security Agency for U.S.
Government non-classified data

6. IIM Rohtak Network
 It has dual level of Security
 Wifi Security using WPA & AES
 Firewall based login Security for each user.

7. IIM Rohtak Network(Contd.)
 It has the facilities for making configurations which
 can enable or disable users.
 Eliminate the communication
between devices
 Different SSIDs(Service Set
Identifier) for different locations

8. UTM
 Unified Threat Management (UTM is the evolution of
the traditional firewall into an all-inclusive security
product able to perform multiple security functions within
one single appliance .
UT

9. Before UTM

10. After UTM

11. Advantages
Disadvantages
Reduced complexity: Single
security solution.
Single point of failure for network
traffic
Simplicity: Avoidance of
multiple software
installation
Single point of compromise if the
UTM has vulnerabilities
Easy Management: Plug &
Play Architecture, Webbased GUI
Potential impact on latency and
bandwidth when the UTM
cannot keep up with the traffic
Reduced technical training
requirements
Regulatory compliance
Cost effective

12. Firewall
 A firewall can help prevent hackers or malicious software (such
as worms) from gaining access to the network.
 A firewall can also help stop the local computer from sending
malicious software to other computers.
 The firewall is integrated with the
UTM suite .

13. Firewall, VPN, and Traffic Shaping
Integrated Antispyware ,antimalware
Easily programmable
Application Control
Dedicated CPU and RAM
Comes with an FortiAnalyzer dashboard and log viewing

14. Limited Buffer size –cannot block/ quarantine large files
Heuristic filtering may block legitimate content
Not IPv6 certified
May be bypassed with third party tools
Lack of L2TP Support may be a potential problem
if VPN is implemented

15. Windows Active Directory Services (ADS)
 ADS is a user account directory running on Windows Server




2008 .
It provides authentication and authorization mechanisms .
Integrity is maintained through authorization. File transfer is
done by using SFTP where the users are bound by it while
transferring files.
Since all the data is stored on the central server, this by default
forms a backup for the data stored. Even, if the independent
computer terminal crashes, this prevents the data from being
lost.
ASD provides secure, structured, hierarchical data storage for
objects in a network such as users, computers, printers, and
services .

16. AD Server-Authentication and Authorization
User Authentication
User Authorization
• Interactive logon
• Network authentication
• Using certificates to authenticate
external users
• User rights: Assigned to groups
• Access control permissions:
Attached to objects

17. Windows Client Security
 Client security comprises of OS and software security .
 Apart from UTM ,client security can be enforced through various built
in and third party applications
 Compliance can be monitored and enforced by using UAC .
 Using free applications such as Microsoft Security Essentials reduces
costs and overhead of managing updates and compatibility
 Patching can be manually deployed over the network or set to auto
mode .

18. UAC example-Guest User
 The guest user account allows a login without a user account to
access a database.
 User Access has been provided through the active directory
services configured on Microsoft Windows 2008
Server.(username- pgp04.***, Password- email password)
 Limited privileges in Computer Lab Desktops.
 Cannot control portable application installation and monitoring
.