SlideShare a Scribd company logo

Investigation, Design and Implementation of a Secure

Download as PPTX, PDF
F
Firas Alsayied

1) The document outlines a network design project for the University of Tripoli that involves designing the network infrastructure and implementing security policies and protocols. 2) The design includes VLANs, firewalls, VPN access, and wireless access across multiple engineering departments. 3) The implementation phase focuses on secure configuration of network devices, access control lists, firewall rules, encrypted management access, and a captive portal for wireless users.

1 of 48
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Investigation, Design and Implementation of a Secure Network Model for the University of Tripoli. Presented By: Firas Alsayied
Outline Network Overview Network Security, Policy & Vulnerabilities Security Countermeasures Case Study: - Phase One : Network Design & Layout Planning. - Phase Two :Applications of Protection & Implementation of the Secure Policy.
Network Overview
What is a Network ? A Network Is a collection of devices and End-to-End systems connected together that originate, route and terminate the data.
Characteristic of Networks Topology Speed Cost Security Availability Scalability Reliability
Types of network PAN LAN WAN
Network Components
Network Security, Policy & Vulnerabilities  l
Security  Security has one purpose: „to protect assets“  In terms of computer networks the assets can be: - Information - files, data streams … - Servers - Configurations - User accounts - Passwords - Devices
Network Security Goals (CIA Model)  1. Confidentiality: Ensure that the secrecy is enforced and the information is not read by unauthorized users.  2. Integrity: modification of data is not permitted to unauthorized Users.  3. Availability: prevention of loss of access to resources and information.
Security Policy • Policy define how the security is implemented with a set of laws. And that’s done by answering the following questions  What are you trying to protect?  What data is confidential?  What resources are precious?  What are you trying to protect against?  Who is authorized to login into the management plan ?
Vulnerabilities  Vulnerability is a weakness which is inherent in network, device, technology or policy.  Types of vulnerabilities: - Technology weaknesses - Configuration weaknesses - Security policy weaknesses
Threats  Threats: are the people eager, willing, and qualified to take advantage of each security weakness, and they continually search for new methods and techniques to do so. ` Types of threats: - Internal Threat - External Threat
Examples of Threats Eavesdropping MIN Denial of Service DOS
Security Countermeasures
Firewalls  Is a network security system (Software/hardware) that monitors and controls the incoming and outgoing network traffic, based on predetermined security rules. • Modern firewalls includes - Intrusion Prevention System - Authentication, Authorization, and Vulnerability assessment systems.
Intrusion Detection System (IDS)  Used to monitor for “suspicious activity” on a network • Syslog Server :
VPN  Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.  VPN uses several protocols such as: • PPTP -- Point-to-Point Tunneling Protocol • L2TP -- Layer 2 Tunneling Protocol
Encryption • Encryption -- is a method of “scrambling” data before transmitting it onto the Internet. - Public Key Encryption Technique - Digital signature
k 1- phase one : Network infrastructure Design & layout planning 2- Phase Two : Application of Protection & Implementation of Secure Policy
Network Design  Is the process of arranging the various components of a network to supply the demands of the subscribers.  Our network design must answer some pretty basic questions - What stuff do we get for the network ? - What’s the size and type of the devices ? - How do we connect it all ? - How do we configure it to work right ? - What’s method of connection ? - Finally Is the network secure ?
Phase one Objectives  Design a sophisticated network Infrastructure to EEE and the other surrounding departments of the Engineering faculty that accomplishes the concept of availability  Connect the total infrastructure of the department’s by a main core-switch.  Assigning interfaces and different DHCP pools for each department  Distribute VLAN subnets that covers (Classes, Labs and Staff offices)  Configure the Wireless access point for each
GNS3  GNS3 is a Graphical Network Emulator that allows us to design complex network topologies. It provides Real Implementation to various devices such as Routers, Switches and Firewalls
EEE Department Network
Total Infrastructure
Access Layer
Core Layer
Head layer
Switches distribution in each department Department Floors 24 - Port Switches 48 – Port Switch Wireless access Points Electric and Electronic Eng. 3 1 2 1 Marine Eng. 2 2 - 1 Mechanical Eng. 1 1 1 1 Architectural Eng. 3 1 1 1
Assigning IP addresses and VLANs: Departments & servers Student VLAN 10 Labs VLAN 20 Staff 30 WLAN 40 Electrical and Electronic Eng. 10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0 Marine Eng. 10.5.0.0 10.6.0.0 10.7.0.0 10.8.0.0 Mechanical 10.9.0.0 10.10.0.0 10.11.0.0 10.12.0.0 Architectural Eng. 10.13.0.0 10.14.0.0 10.15.0.0 10.16.0.0 AAA Server 20.1.0.20 - - - Syslog Server 20.1.0.3 - - - Firewall 20.1.0.2 - - -
Phase Two  Applying the security protocols.  Creating encrypted password for the management plan  Configure Isolation mechanism.  Allowing the head of department’s networks to be able to connect to each other.  Creating a syslog server.  Configure VPN private network.  Creating a zone-base firewall.  Applying authentication for users.
Securing the Management plan:  Enable password for each network device and authentication retries limit.  Enable SSH encryption for VTY auxiliary port.
Access List Isolation Policy for each VLAN
Configuring Syslog Server
Initialize the Zone based Firewall  Separate the Network into three zones 1- In Zone (internal network) 2- Out zone (ISP) 3- Self (Firewall)  configure the interfaces of the firewall Inside(trusted) Interfaces: Outside(untrusted) Interface: FastEthernet0/0 (20.1.0.2)/24 FastEthernet1/0 (192.168.137.5)/24
Configure the Firewall through CCP
Configure VPN tunnel for Wireless Users  Define the interface for the wireless access point in the CCP then select the Pre- shared Key authentication
Group Policy for VPN and Maximum Connection Allowed
Implanting PFSense Captive Portal
Test & Results
Test the internet connection for clients and LABS 1- Clients 2- LABS
Connection Between Head-Departments
Attempt to access the firewall from un- authorized user
Test the Management Plan Access
Test the wireless network VPN connection
Check Captive Portal login  k
Conclusion Network designing and security is an important field that is getting more and more attention as the internet expands. Providing the resources and the type for connection is a primary task that should be considered before implementing a network, keeping in mind the security measures and policies needed to be applied for the clients and the communication chain to keep it safe. An effective network design should be developed with: 1- Understanding of the network design concepts such as reliability and availability . 2- learning the factors that make a network vulnerable and weak to potential threats and attackers. 3-Needed level of security that’s required to achieve stability and confidentiality of the subscribers. 4- Finally implementing and configuring the network components to supply the demand of the clients while aligns with the security plan that has been imprinted.
j  j

More Related Content

PPTX
Firewall and It's Types
Hem Pokhrel
 
PDF
Firewalls
Dr.Florence Dayana
 
PPTX
Firewall in Network Security
lalithambiga kamaraj
 
PDF
Network security at_osi_layers
Federal Urdu University
 
PPTX
Firewall ppt
LakshmiSamivel
 
PPTX
Firewall and its types and function
Nisarg Amin
 
PPTX
firewall and its types
Mohammed Maajidh
 
PPTX
wireless communication security PPT, presentation
Nitesh Dubey
 
Firewall and It's Types
Hem Pokhrel
 
Firewalls
Dr.Florence Dayana
 
Firewall in Network Security
lalithambiga kamaraj
 
Network security at_osi_layers
Federal Urdu University
 
Firewall ppt
LakshmiSamivel
 
Firewall and its types and function
Nisarg Amin
 
firewall and its types
Mohammed Maajidh
 
wireless communication security PPT, presentation
Nitesh Dubey
 

What's hot (18)

PPTX
Firewalls
vaishnavi
 
PPTX
Network management ppt
DheerajPachauri
 
PPTX
Firewall Design and Implementation
ajeet singh
 
PDF
Wired and Wireless Network Forensics
Savvius, Inc
 
PPTX
Wireless Communiction Security
Meet Soni
 
PPT
Firewals in Network Security NS10
koolkampus
 
PPT
Firewalls
IGZ Software house
 
PPT
Data Security in Local Area Network Using Distributed Firewall
Manish Kumar
 
PDF
Approach of Data Security in Local Network Using Distributed Firewalls
International Journal of Science and Research (IJSR)
 
PDF
DNS based distributed firewall
Kiran Vemuri
 
DOCX
Firewalls
Sonali Parab
 
PPTX
LTE Security Training – LTE and LTE-Advanced Security
Bryan Len
 
PPT
Network security and protocols
Online
 
PDF
Review of network diagram
Syed Ubaid Ali Jafri
 
PPSX
What is firewall
Harshana Jayarathna
 
PPT
Data security in local network using distributed firewall ppt
Sabreen Irfana
 
PPTX
Multilayer Security Architecture for Internet Protocols
Nasir Bhutta
 
PDF
LAN Design and implementation of Shanto Mariam University of Creative Technology
Abdullah Al Mamun
 
Firewalls
vaishnavi
 
Network management ppt
DheerajPachauri
 
Firewall Design and Implementation
ajeet singh
 
Wired and Wireless Network Forensics
Savvius, Inc
 
Wireless Communiction Security
Meet Soni
 
Firewals in Network Security NS10
koolkampus
 
Firewalls
IGZ Software house
 
Data Security in Local Area Network Using Distributed Firewall
Manish Kumar
 
Approach of Data Security in Local Network Using Distributed Firewalls
International Journal of Science and Research (IJSR)
 
DNS based distributed firewall
Kiran Vemuri
 
Firewalls
Sonali Parab
 
LTE Security Training – LTE and LTE-Advanced Security
Bryan Len
 
Network security and protocols
Online
 
Review of network diagram
Syed Ubaid Ali Jafri
 
What is firewall
Harshana Jayarathna
 
Data security in local network using distributed firewall ppt
Sabreen Irfana
 
Multilayer Security Architecture for Internet Protocols
Nasir Bhutta
 
LAN Design and implementation of Shanto Mariam University of Creative Technology
Abdullah Al Mamun
 
Ad

Viewers also liked (17)

PPTX
Virtualisasi network ( gns3 )
Jirji Zaidan
 
PPTX
gns3 y su uso
goreolson96
 
PDF
Router Virtualization With GNS3
mrmouse
 
PDF
14.connect gns3 to internet
Irfan Barbarossa
 
PDF
Gns3
Ngoc Quyen Pham
 
PPTX
GNS3- A Brief User Guide
1Pv6_Zahra
 
PPTX
Simulator gns3
M Reza Gunawan
 
PDF
Gns3
Bahaa Aladdin
 
PDF
Gns3
Alexander Hernandez
 
DOCX
Aportes científicos guatemaltecos
Noemi Suchite
 
PPTX
Peer to peer system
Jahanzaib Niazi
 
PPT
Ns2
Zainab Albayati
 
PPTX
Gns3final
DJENDARA
 
PPTX
Peer To Peer Networking
icanhasfay
 
PPTX
GNS3
Jim Calano
 
PPT
Understanding P2P
urbanlabs
 
PPTX
Online examination system
Aj Maurya
 
Virtualisasi network ( gns3 )
Jirji Zaidan
 
gns3 y su uso
goreolson96
 
Router Virtualization With GNS3
mrmouse
 
14.connect gns3 to internet
Irfan Barbarossa
 
Gns3
Ngoc Quyen Pham
 
GNS3- A Brief User Guide
1Pv6_Zahra
 
Simulator gns3
M Reza Gunawan
 
Gns3
Bahaa Aladdin
 
Gns3
Alexander Hernandez
 
Aportes científicos guatemaltecos
Noemi Suchite
 
Peer to peer system
Jahanzaib Niazi
 
Ns2
Zainab Albayati
 
Gns3final
DJENDARA
 
Peer To Peer Networking
icanhasfay
 
GNS3
Jim Calano
 
Understanding P2P
urbanlabs
 
Online examination system
Aj Maurya
 
Ad

Similar to Investigation, Design and Implementation of a Secure (20)

PDF
K011117277
IOSR Journals
 
PPTX
PACE-IT, Security+1.3: Secure Network Design Elements and Components
Pace IT at Edmonds Community College
 
PPTX
Network design consideration
lavanya marichamy
 
PPT
Chapter08
Muhammad Ahad
 
PDF
Introduction to Cyber security module - III
TAMBEMAHENDRA1
 
PPT
Lecture 6
Education
 
DOCX
Chapter 13Secure Network DesignCopyright © 2014 by McGraw-Hi
EstelaJeffery653
 
PPT
Brian cernypeer 3
bricer1272
 
PPT
Brian cernypeer 3
bricer1272
 
PDF
ClubHack Magazine issue 26 March 2012
ClubHack
 
PDF
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
 
PPT
Material best practices in network security using ethical hacking
Desmond Devendran
 
PPTX
UNIT-4 network information security ID system
agasyabutolia
 
PPTX
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sally's Special Services
 
PDF
network security.pdf
JeganathanJayaran
 
PDF
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Tương Hoàng
 
PDF
Overview of SMB, NetBIOS and other network attacks
David Sweigert
 
PDF
Architecting Secure Web Systems
InnoTech
 
PPS
Developing an Effective
webhostingguy
 
DOCX
Week - 5Report.docxjustify and support the relationship bet.docx
melbruce90096
 
K011117277
IOSR Journals
 
PACE-IT, Security+1.3: Secure Network Design Elements and Components
Pace IT at Edmonds Community College
 
Network design consideration
lavanya marichamy
 
Chapter08
Muhammad Ahad
 
Introduction to Cyber security module - III
TAMBEMAHENDRA1
 
Lecture 6
Education
 
Chapter 13Secure Network DesignCopyright © 2014 by McGraw-Hi
EstelaJeffery653
 
Brian cernypeer 3
bricer1272
 
Brian cernypeer 3
bricer1272
 
ClubHack Magazine issue 26 March 2012
ClubHack
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
 
Material best practices in network security using ethical hacking
Desmond Devendran
 
UNIT-4 network information security ID system
agasyabutolia
 
Sallysspecialservices networksecurityproposal2-100305141834-phpapp02
Sally's Special Services
 
network security.pdf
JeganathanJayaran
 
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Tương Hoàng
 
Overview of SMB, NetBIOS and other network attacks
David Sweigert
 
Architecting Secure Web Systems
InnoTech
 
Developing an Effective
webhostingguy
 
Week - 5Report.docxjustify and support the relationship bet.docx
melbruce90096
 

Investigation, Design and Implementation of a Secure

  • 1. Investigation, Design and Implementation of a Secure Network Model for the University of Tripoli. Presented By: Firas Alsayied
  • 2. Outline Network Overview Network Security, Policy & Vulnerabilities Security Countermeasures Case Study: - Phase One : Network Design & Layout Planning. - Phase Two :Applications of Protection & Implementation of the Secure Policy.
  • 4. What is a Network ? A Network Is a collection of devices and End-to-End systems connected together that originate, route and terminate the data.
  • 8. Network Security, Policy & Vulnerabilities  l
  • 9. Security  Security has one purpose: „to protect assets“  In terms of computer networks the assets can be: - Information - files, data streams … - Servers - Configurations - User accounts - Passwords - Devices
  • 10. Network Security Goals (CIA Model)  1. Confidentiality: Ensure that the secrecy is enforced and the information is not read by unauthorized users.  2. Integrity: modification of data is not permitted to unauthorized Users.  3. Availability: prevention of loss of access to resources and information.
  • 11. Security Policy • Policy define how the security is implemented with a set of laws. And that’s done by answering the following questions  What are you trying to protect?  What data is confidential?  What resources are precious?  What are you trying to protect against?  Who is authorized to login into the management plan ?
  • 12. Vulnerabilities  Vulnerability is a weakness which is inherent in network, device, technology or policy.  Types of vulnerabilities: - Technology weaknesses - Configuration weaknesses - Security policy weaknesses
  • 13. Threats  Threats: are the people eager, willing, and qualified to take advantage of each security weakness, and they continually search for new methods and techniques to do so. ` Types of threats: - Internal Threat - External Threat
  • 16. Firewalls  Is a network security system (Software/hardware) that monitors and controls the incoming and outgoing network traffic, based on predetermined security rules. • Modern firewalls includes - Intrusion Prevention System - Authentication, Authorization, and Vulnerability assessment systems.
  • 17. Intrusion Detection System (IDS)  Used to monitor for “suspicious activity” on a network • Syslog Server :
  • 18. VPN  Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.  VPN uses several protocols such as: • PPTP -- Point-to-Point Tunneling Protocol • L2TP -- Layer 2 Tunneling Protocol
  • 19. Encryption • Encryption -- is a method of “scrambling” data before transmitting it onto the Internet. - Public Key Encryption Technique - Digital signature
  • 20. k 1- phase one : Network infrastructure Design & layout planning 2- Phase Two : Application of Protection & Implementation of Secure Policy
  • 21. Network Design  Is the process of arranging the various components of a network to supply the demands of the subscribers.  Our network design must answer some pretty basic questions - What stuff do we get for the network ? - What’s the size and type of the devices ? - How do we connect it all ? - How do we configure it to work right ? - What’s method of connection ? - Finally Is the network secure ?
  • 22. Phase one Objectives  Design a sophisticated network Infrastructure to EEE and the other surrounding departments of the Engineering faculty that accomplishes the concept of availability  Connect the total infrastructure of the department’s by a main core-switch.  Assigning interfaces and different DHCP pools for each department  Distribute VLAN subnets that covers (Classes, Labs and Staff offices)  Configure the Wireless access point for each
  • 23. GNS3  GNS3 is a Graphical Network Emulator that allows us to design complex network topologies. It provides Real Implementation to various devices such as Routers, Switches and Firewalls
  • 29. Switches distribution in each department Department Floors 24 - Port Switches 48 – Port Switch Wireless access Points Electric and Electronic Eng. 3 1 2 1 Marine Eng. 2 2 - 1 Mechanical Eng. 1 1 1 1 Architectural Eng. 3 1 1 1
  • 30. Assigning IP addresses and VLANs: Departments & servers Student VLAN 10 Labs VLAN 20 Staff 30 WLAN 40 Electrical and Electronic Eng. 10.1.0.0 10.2.0.0 10.3.0.0 10.4.0.0 Marine Eng. 10.5.0.0 10.6.0.0 10.7.0.0 10.8.0.0 Mechanical 10.9.0.0 10.10.0.0 10.11.0.0 10.12.0.0 Architectural Eng. 10.13.0.0 10.14.0.0 10.15.0.0 10.16.0.0 AAA Server 20.1.0.20 - - - Syslog Server 20.1.0.3 - - - Firewall 20.1.0.2 - - -
  • 31. Phase Two  Applying the security protocols.  Creating encrypted password for the management plan  Configure Isolation mechanism.  Allowing the head of department’s networks to be able to connect to each other.  Creating a syslog server.  Configure VPN private network.  Creating a zone-base firewall.  Applying authentication for users.
  • 32. Securing the Management plan:  Enable password for each network device and authentication retries limit.  Enable SSH encryption for VTY auxiliary port.
  • 33. Access List Isolation Policy for each VLAN
  • 35. Initialize the Zone based Firewall  Separate the Network into three zones 1- In Zone (internal network) 2- Out zone (ISP) 3- Self (Firewall)  configure the interfaces of the firewall Inside(trusted) Interfaces: Outside(untrusted) Interface: FastEthernet0/0 (20.1.0.2)/24 FastEthernet1/0 (192.168.137.5)/24
  • 36. Configure the Firewall through CCP
  • 37. Configure VPN tunnel for Wireless Users  Define the interface for the wireless access point in the CCP then select the Pre- shared Key authentication
  • 38. Group Policy for VPN and Maximum Connection Allowed
  • 41. Test the internet connection for clients and LABS 1- Clients 2- LABS
  • 43. Attempt to access the firewall from un- authorized user
  • 44. Test the Management Plan Access
  • 45. Test the wireless network VPN connection
  • 46. Check Captive Portal login  k
  • 47. Conclusion Network designing and security is an important field that is getting more and more attention as the internet expands. Providing the resources and the type for connection is a primary task that should be considered before implementing a network, keeping in mind the security measures and policies needed to be applied for the clients and the communication chain to keep it safe. An effective network design should be developed with: 1- Understanding of the network design concepts such as reliability and availability . 2- learning the factors that make a network vulnerable and weak to potential threats and attackers. 3-Needed level of security that’s required to achieve stability and confidentiality of the subscribers. 4- Finally implementing and configuring the network components to supply the demand of the clients while aligns with the security plan that has been imprinted.

Editor's Notes

  • #6: Topology : the arrangement of the network components Speed: of the data transition between source and distiation Cost: less money more honey Security: indicates how protected the network is Avalibility: of the network to the subscribers 24/7 of the time Sacbility: how easily the network can accommodate more users and data transmission requirements Reliability: indicates the dependability of the components that make up the network
  • #7: PAN: is a computer network organized around an individual person. LAN: is a group of devices that share a common communications line. Wan: used in large geographical area such as cities or countries.
  • #8: Network components can be divided into 4 groups : 1- End Points: such as PC, Servers 2- Interconnections: NIC LAN Card 3- Network media: which can be a physical media such as cables, wireless media 4-Connector devices : switch, router
  • #10: Assets can be defined as something of value
  • #11: In network security certain concepts needed to be attained, which are : Confidin: who’s authorized to be log in or reading the data Intig: Is the data that arrived is the same data that has being sent Avalib: of the network resources and services to subscribers.
  • #13: Vulnerabilities may exist in computer systems and networks, allowing the system to be open to a technical attack or in administrative procedures
  • #14: Internal threats can cause more damages to the network information than the external ones
  • #15: Dos : attacks that originate from a large number of systems that usually controlled from a single master sending a ping packet to network server causing it to fail. Min: Is an attack where the attacker secretly relays and alters the communication between two parties who believe they are directly communicating with each other
  • #17: Firewall acts like a shield from outside threats, allowing only pre-determined protocols to pass throw while denying the others.
  • #18: Is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities
  • #19: VPN acts like a private tunnel in untrusted network such as the internet, establishing encrypted communication between the two parties.
  • #20: or simply alters the data in such way to hide it from unauthorized Individuals to see it Encryption have several techniques such as:
  • #25: As shown in figure, the EEE Department consist three floors The first floor contains 7 classes and one beta office for students The second floor consist of the staff offices and 3 labs The last floor consist of two labs and the admistration office
  • #26: The total contains 4 departments of the Eng faculty, (names) The infrastructure consist of 3 layers
  • #27: Which Provides connectivity for network hosts and end devices, contains the 48 and 24 port switches, also the wireless access points
  • #28: Core layer contains fast switching layer 3 device that connect the departments together.
  • #29: As shown this layer contains the AAA and syslog server that are connected to the Firewall then to the isp
  • #30: Access switches are chosen depending on the number of the classes, labs, and floors that has been estimated in each department
  • #32: 1- to designate when and who is authorized to access/configure the network components. 2- designated for administrators. 3- to separate each VLAN for the other 4- !!!!! 5-to receive and correlate events 6-for Wireless access point users. 7-using captive portal application.
  • #33: 3 authentication retries and 60 sec idle time
  • #34: To segregate each vlan from the other, we used extended access list protocols in main core-switch as shown in this figure
  • #35: Using kiwi syslog program to receive messages from the core-switch and firewall, while choosing the debugging level of log
  • #37: The figure demonstrate the firewall applied policies form in zone to out zone
  • #45: In this action we Emulate the password spoofing attack to aquire the usern & passw of the administrator, this action attack was a failure due to the ssh protocol that has been used