SlideShare a Scribd company logo

Security assignment (copy)

A
Amare Kassa

The document discusses security measures taken by the ICT directorate of Addis Ababa Science and Technology University. They use a FortiGate 1200D firewall to secure their internal network and servers from threats. They also use Kaspersky antivirus software, implement backup and fault tolerance systems, and take steps to secure their web, database, and mail servers. The staff follow security checklists that include keeping systems updated, implementing firewalls and SSL, encrypting connections, securing user logins and databases, and scanning for malware.

Engineering
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
1. Introduction Addis Ababa Science and Technology University ICT is a large size enterprise network which has many departments inside. It includes the Application department, the Support and maintenance support and the network department. The network departments undergo the security issues beyond administrating the network. The security issue is administrated from two perspectives: network perspective and software perspective. For a system to be holistic, physical, technological and policies and procedures should all be included. The technological security aspect includes the operating system, application and the network security of the system. Physical Security The data center network is the small network mainly consisting of servers. The servers in AASTU ICT include web server, email server, TFTP server, registration system server and e- learning server. The data center network of the ICT is the main system which should be secured physically. Thus, the data center room is locked and keys are handed in seriously. Even stakeholders do not enter into the room as their office. The data center network room requires bio-metric authentication methods in addition to the keys. One must commit fingerprinting and use smart cards to enter in. Network Perspective of ICT Security The network administrators in the ICT directorate undergo different tasks regarding the security issues of the network. They mainly focus and depend on Firewall to secure their system. Firewall is the main tool used in securing a system. It can be physical or software based which can be installed virtually in the server.
FortiGate 1200D is the Firewall used in AASTU ICT directorate. They use it for both the firewall function role and Intrusion detection and prevention systems role. Thus, they don’t use standalone Network Intrusion detection/prevention System. The FortiGate1200D Firewall is deployed before the core switch (router) just after the epoch. What are Firewalls Network firewalls are security devices used to stop or mitigate unauthorized access to private networks connected to the Internet, especially intranets. The only traffic allowed on the network is defined via firewall policies – any other traffic attempting to access the network is blocked. Network firewalls sit at the front line of a network, acting as a communications liaison between internal and external devices. A network firewall can be configured so that any data entering or exiting the network has to pass through it – it accomplishes this by examining each incoming message and rejecting those that fail to meet the defined security criteria. When properly configured, a firewall allows users to access any of the resources they need while simultaneously keeping out unwanted users, hackers, viruses, worms or other malicious programs trying to access the protected network. Firewalls can be either hardware or software. In addition to limiting access to a protected computer and network, a firewall can log all traffic coming into or leaving a network, and manage remote access to a private network through secure authentication certificates and logins.  Hardware firewalls: These firewalls are released either as standalone products for corporate use, or more often, as a built-in component of a router or other networking device. They are considered an essential part of any traditional security system and network configuration. Hardware firewalls will almost always come with a minimum of four network ports that allow connections to multiple systems. For larger networks, a more expansive networking firewall solution is available.  Software firewalls: These are installed on a computer, or provided by an OS or network device manufacturer. They can be customized, and provide a smaller level of control over functions and protection features. A software firewall can protect a system from standard control and access attempts, but have trouble with more sophisticated network breaches.
There are a number of major firewall types that prevent harmful information from passing through the network: Application-layer Firewalls: This is a hardware appliance, software filter, or server plug-in. It layers security mechanisms on top of defined applications, such as FTP servers, and defines rules for HTTP connections. These rules are built for each application, to help identify and block attacks to a network. Packet Filtering Firewalls: This filter examines every packet that passes through the network – and then accepts or denies it as defined by rules set by the user. Packet filtering can be very helpful, but it can be challenging to properly configure. Also, it’s vulnerable to IP spoofing. Circuit-level Firewalls: This firewall type applies a variety of security mechanisms once a UDP or TCP connection has been made. Proxy Server Firewalls: This version will check all messages that enter or leave a network, and then hide the real network addresses from any external inspection. Next Generation Firewalls (NGFW): the filtering is determined by the applications or traffic types and the ports they are assigned to. These features comprise a blend of a standard firewall with additional functionality, to help with greater, more self-sufficient network inspection. Stateful Firewalls: Sometimes referred to as third generation firewall technology, stateful filtering accomplishes two things: traffic classification based on the destination port, and packet tracking of every interaction between internal connections. Fortigate 1200D FortiGate is the known Firewall used in various networks ranging from small businesses to large enterprises, service providers and carriers. The FortiGate line combines the FortiOSTM security operating system with FortiASICTM processors and other hardware to provide a high- performance array of security and networking functions including: • firewall, VPN, and traffic shaping • Intrusion Prevention system (IPS) • Antivirus/antispyware/antimalware • Web filtering • Antispam
• Application control (for example, IM and P2P) • VoIP support (H.323, SIP, and SCCP) • Layer 2/3 routing • multiple redundant WAN interface options Figure 3.1.1 shows the FortiGate 1200D and the interfaces it has. Fig.3.1.1 FortiGate Hardware Interface
Firewall Placement in Campus Networks Typically, firewalls should be placed between any network that has a connection to the internet, and businesses should establish clear computer security plans, with policies on external networks and data storage. Figure 2 shows typical placement of a Firewall for enterprise networks. Figure 2. Placement of Firewall in an enterprise network Firewall for Securing Internal System They use this firewall for securing the internal networks including the wireless networks (wifi). They use passwords encrypted to secure their networks. They use ADE algorithm to secure their password and username/network name. Since the threat likelihood and the effect/risk is lower as can be controlled if occurred, they don’t change their password regularly and use relatively weaker passwords to remember. They also use Firewall for implementing network security policy on their system. They implement their policies at the network level, transport layer manipulating ports and at the application layer to impose sites to block through the Firewall.
Wifi Controllers A WLAN controller manages wireless network access points that allow wireless devices to connect to the network. The ICT directorate uses AIR-CT3504-K9 wifi controller, for controlling access points and securing the wireless networks. It can support 150 APs and 3000 clients at the same time. 1. Kaspersky Enterprise Security Antivirus Kaspersky Anti-Virus formerly known as AntiViral Toolkit Pro; often referred to as KAV) is a proprietary antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows and macOS, although a version for Linux is available for business consumers. Kaspersky Anti-Virus features include real-time protection, detection and removal of viruses, trojans, worms, spyware, adware, keyloggers, malicious tools and auto-dialers, as well as detection and removal of rootkits. Kaspersky Enterprise Security Antivirus Used by ICT Staff The AASTU ICT uses Kaspersky enterprise security antivirus. It is centrally managed antivirus installed on one server and can be installed remotely to other hosts. They use this antivirus in addition to the FortiGate 1200D Firewall to mitigate and prevent malwares and viruses. 2. Backup Mechanism A backup is a copy of valued data/software/software configuration/transaction, created as a replacement for situations when the original data is lost or corrupted. Failures can be classified as follows: Transaction failure :  Logical errors: transaction cannot complete due to some internal error condition
 System errors: the database system must terminate an active  transaction due to an error condition (e.g., deadlock) System crash: a power failure or other hardware or software failure causes the system to crash.  Fail-stop assumption: non-volatile storage contents are assumed to not be corrupted by system crash ◦ Database systems have numerous integrity checks to prevent corruption of disk data Disk failure: a head crash or similar disk failure destroys all or part of disk storage.  Destruction is assumed to be detectable: disk drives use checksums to detect failures. The ICT uses different backing up methods in case files/programs/applications/system configurations are deleted. They use automatic backup mechanisms scheduled with in two weeks. Though staffs in ICT directorate use medias like USB flash, CD/DVD and other personal computers for backing up, they mainly use TFTP (Trivial File Transport protocol) server for backing back. They have recently deployed the TFTP server for backing up. TFTP Server TFTP is a simple and lightweight file transfer protocol and mainly used in many network devices. TFTP leaves out many authentication features of FTP and it runs on UDP port 69. TFTP is used to download the network device OS image, or even load/save their configuration on TFTP. 3. Fault Tolerant Systems Fault tolerant system is a system in which the system functions robustly in case the system incurs damage, or unexpected failure occurs. So making the system fault tolerant is important. Fault Tolerant is achieved using redundancy. All servers in the data center network and the core switch/core router, the Firewall, the distribution switches and the wifi controllers are made redundant. They are two in number and are designed to be standby in case the server or other network devices fails or security risks occurs.
4. Recovery Mechanisms Data recovery is the process of restoring data that has been vanished, unintentionally deleted, corrupted or made inaccessible for any reason. In enterprise information technology (IT), data recovery consistently indicates the restoration of data to a desktop, laptop, server, or external storage system from a backup. There are two methods that are primarily used for database recovery. These are:  Log based recovery - In log based recovery, logs of all database transactions are stored in a secure area so that in case of a system failure, the database can recover the data. All log information, such as the time of the transaction, its data etc. should be stored before the transaction is executed.  Shadow paging - In shadow paging, after the transaction is completed its data is automatically stored for safekeeping. So, if the system crashes in the middle of a transaction, changes made by it will not be reflected in the database. The staffs in ICT use both mechanisms for data/software recovery. 5. Securing Servers Securing Web Servers/ Database Servers Web Server is the backbone of websites and applications. Thus web servers need to be constantly available to make sure your business is up and running. Given their importance to businesses, web servers are often targeted by hackers, which can lead to downtime or even exposure of confidential data. Denial of Service attack DOS attacks are performed by overwhelming the web server in numerous ways including sending invalid data as input that causes application termination, flooding the web server with automated request causing a crash, blocking the traffic resulting in loss of access to the legitimate users.
Man-in-the-Middle A MitM attack occurs when a hacker inserts himself between the communications of a client and a server. This poses a risk as the hacker can directly interact with a web server by impersonating himself as a legitimate client. Input Invalidation attack In this the server executes a code injected by a hacker to the web server or the database server. By executing this code in places where inputs are not validated, information can be retrieved or modified by the attacker and further damages. Tampering of the hidden file is also possible with this attack. SQLi When this attack is conducted, there are chances of backend database server to be compromised and it can be catastrophic for a company. This can be done by Injecting malicious scripts into a database to modify or extract information from it. The stored procedures in the database can also be executed through SQL injection. Password Based Attack The authentication system of a web server is often based on the password that identifies a valid user and grants access to the web server. If the hacker can, by any means, get your username and password, he or she can access the information that only the legitimate user are supposed to access. Poor Error Handling This can lead to disclosing of Server information by the error pages and then malicious attacks can be crafted, by a hacker, in particular for that server to further damage it. Buffer Overflow Attack Once the buffer memory is overflown, the hacker can feed an executable command in the stack. After the stack recovers from the crash, it goes to the return address and if it has been changed and replaced with one that falls within the desired range, the malicious command may execute and grant entry to certain sections of the web server.
Directory Traversal This is vulnerability where an attacker is able to access beyond the web root directory from the application. If he is able to access beyond web root directory, he might execute OS commands and get sensitive information or access restricted directories. A Security Checklist Used by Staffs of ICT Directorates Here’s a five-point web security checklist that can help you keep your projects secure. 1. Secure Web Host  Use update operating system and software  regularly backups and restore  Enable Secure Sockets Layer (SSL) protocol (web hosts enlist SSL certificates as one of their main offers)  regularly scan malware for the web servers and application servers through FortiGate 1200D  Distributed Denial of Service (DDoS) attack mitigation  Firewall implementation 2. Encrypt All Connections and Secure User Logins Once you’ve chosen a secure web host, the next point you need to consider is encrypting all your connections. This is especially important for websites that require any form of registration or transaction. Protecting pages requiring authentication should also be a major priority. Incorporate a highly protective password standard that requires users to register with secure credentials. 3. Keep Your Database Secure Another security loophole hackers can easily exploit is the website database. Typically, you’ll have to store a lot of information (about your business and customers) on your web application’s server. However, make sure to store only the data you truly need.
Cross Site Scripting (XSS) – Client Hijacking Cross-Site Scripting (XSS) is one of the most common and dangerous cyber attacks targeting web applications. It’s usually carried out on the client side of the application (usually browser) by using malicious scripts embedded on a web page in web applications in order to take control of the current page.  This exploits website vulnerability by injecting malicious scripts that will run on the client’s side. The idea is to embed and run a script in a web page of a web application and execute it in the pattern desired by the attacker.  Denial of Service Denial of service attacks are one of the most popular and dangerous cyber attacks targeted at web servers or server instances like MySQL. The aim is to make the service, network resource or instances unavailable temporarily or indefinitely disrupting the whole system or a host the resource or instance is connected to. In the MySQL case, it can cause the MySQL instance to crash thereby making it temporarily unusable by any service connected to it for data source.  Race Condition Race condition is an unwanted situation or scenario that occurs when a device, system or software tries to run two or more operations simultaneously, however, due to the nature of the system or device, the operations must be executed in the right sequence or timing due to other uncontrollable events to ensure its done efficiently. In the MySQL case, this vulnerability can cause a race condition, which can be very severe. It can let a local user that has access to a database escalate their privileges and run arbitrary code as the database local user. 
Mail Server Security Mail Server A mail server is the computerized equivalent of your friendly neighborhood mailman. Every email that is sent passes through a series of mail servers along its way to its intended recipient. Although it may seem like a message is sent instantly – zipping from one PC to another in the blink of an eye – the reality is that a complex series of transfers takes place. Mail Server Components Types of Mail Servers Mail servers can be broken down into two main categories: outgoing mail servers and incoming mail servers. Outgoing mail servers are known as SMTP, or Simple Mail Transfer Protocol, servers. Incoming mail servers come in two main varieties. POP3, or Post Office Protocol, version 3, servers are best known for storing sent and received messages on PCs’ local hard
drives. IMAP, or Internet Message Access Protocol, servers always store copies of messages on servers. Most POP3 servers can store messages on servers, too, which is a lot more convenient. Email Server Vulnerabilities 1- Social Engineering attack 2- Malicious Files-controlled by content filtering When malicious content in the email attachment reaches to the user, it may take the whole computer system and network. For successful anti-phishing solution, these files must be analysed with signature-based antivirus software and behaviour analysis services. Ransomware DdoS Attack Mail Server security Checks by AASTU ICT Staffs As they do for securing other servers, they depend on FortiGate1200D for securing the email server.  Employ a strong authentication procedure  encrypt SMTP, POP3 and IMAP protocols with SSL/TLS type encryption.  Uses FortiGate to detect and delete spams  Patching the software  Patching and upgrading the mail client applications  configuring the mail client security features (e.g., disable automatic opening of messages)  enabling antivirus, antispam, and antiphishing features  configuring mailbox authentication and access; and  securing the client’s host operating system.  configuring, protecting, and analyzing log files; and
 periodically testing the security of the mail server application.  If the installation program installs unnecessary applications, services, or scripts, these should be removed immediately after the installation process is complete.  encrypt the user authentication session even if they do not encrypt the actual e-mail data.  Authentication, encryption  To prevent DoS attacks, you need to limit the amount of both general overtime and simultaneous connections to the SMTP server.  DDoS atack can also be prevented by enabling SMTP authentication

More Related Content

PPTX
Introduction of firewall slides
rahul kundu
 
PDF
Firewall
Sami Bacha
 
PDF
Firewalls
Dr.Florence Dayana
 
PPT
INTRODUCTION TO FIREWELL
PANKAJKUMAR2519
 
PPTX
Firewall presentation
yogendrasinghchahar
 
PDF
Importance of Using Firewall for Threat Protection
HTS Hosting
 
PPT
Firewalls
IGZ Software house
 
PPTX
Firewall ppt
LakshmiSamivel
 
Introduction of firewall slides
rahul kundu
 
Firewall
Sami Bacha
 
Firewalls
Dr.Florence Dayana
 
INTRODUCTION TO FIREWELL
PANKAJKUMAR2519
 
Firewall presentation
yogendrasinghchahar
 
Importance of Using Firewall for Threat Protection
HTS Hosting
 
Firewalls
IGZ Software house
 
Firewall ppt
LakshmiSamivel
 

What's hot (19)

PPTX
firewall and its types
Mohammed Maajidh
 
PDF
Firewalls
Jyoti Akhter
 
PDF
White paper scada (2)
Ivan Carmona
 
PDF
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET Journal
 
PDF
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
IJCNCJournal
 
PDF
Ii2514901494
IJERA Editor
 
PDF
Review of network diagram
Syed Ubaid Ali Jafri
 
PDF
Sb fortinet-nozomi
Ivan Carmona
 
PPTX
Firewall ppt
OECLIB Odisha Electronics Control Library
 
PDF
Linux Security best Practices with Fedora
Uditha Bandara Wijerathna
 
PPTX
Firewall & packet filter new
Karnav Rana
 
PDF
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET Journal
 
PPTX
Institutional IT Security
CRISIL Limited
 
PPT
Secure Financial Intelligence System
Joseph Yosi Margalit
 
PPT
Data security in local network using distributed firewall ppt
Sabreen Irfana
 
PDF
Hardware, and Trust Security: Explain it like I’m 5!
Teddy Reed
 
PPT
Firewall
nayakslideshare
 
PDF
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Seo Tss
 
PPTX
Firewall and It's Types
Hem Pokhrel
 
firewall and its types
Mohammed Maajidh
 
Firewalls
Jyoti Akhter
 
White paper scada (2)
Ivan Carmona
 
IRJET- Data Security in Local Network for Mobile using Distributed Firewalls
IRJET Journal
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
IJCNCJournal
 
Ii2514901494
IJERA Editor
 
Review of network diagram
Syed Ubaid Ali Jafri
 
Sb fortinet-nozomi
Ivan Carmona
 
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Linux Security best Practices with Fedora
Uditha Bandara Wijerathna
 
Firewall & packet filter new
Karnav Rana
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET Journal
 
Institutional IT Security
CRISIL Limited
 
Secure Financial Intelligence System
Joseph Yosi Margalit
 
Data security in local network using distributed firewall ppt
Sabreen Irfana
 
Hardware, and Trust Security: Explain it like I’m 5!
Teddy Reed
 
Firewall
nayakslideshare
 
Linux mail-server-firewall-dealers-thinclient-antivirus-cloud-computing
Seo Tss
 
Firewall and It's Types
Hem Pokhrel
 
Ad

Similar to Security assignment (copy) (20)

PPTX
UNIT-4 network information security ID system
agasyabutolia
 
PPTX
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
SakshiSolapure1
 
PPTX
Firewalls
vaishnavi
 
PPTX
Firewall presentation
gaurav96raj
 
PDF
Firewall.pdf
ImXaib
 
PPTX
csefirewall in network.ppt-170825044521.pptx
MohammedAli580048
 
PPTX
firewall as a security measure (1)-1.pptx
ShreyaBanerjee52
 
PPTX
Firewall
Naga Dinesh
 
PPTX
CSE_Instructor_Materials_Chapter7.pptx
Mohammad512578
 
PPTX
firewall filtering and communication domain
MohammedAli580048
 
PDF
Enterprise firewalls feature and benefits
Anthony Daniel
 
PDF
Network security architecture is the planning and design of the camp.pdf
aquazac
 
PDF
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
PPTX
Firewall
ArchanaMani2
 
PPTX
What is a Firewall_ The Different Firewall Types.pptx
AneenaBinoy2
 
PPTX
Firewall
reddivarihareesh
 
PDF
Ch20 book
amitnitttr
 
PDF
Network Security Fundamentals
Rahmat Suhatman
 
PPT
Firewall
Apo
 
PDF
Computer network 6
MDHASNAIN23
 
UNIT-4 network information security ID system
agasyabutolia
 
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
SakshiSolapure1
 
Firewalls
vaishnavi
 
Firewall presentation
gaurav96raj
 
Firewall.pdf
ImXaib
 
csefirewall in network.ppt-170825044521.pptx
MohammedAli580048
 
firewall as a security measure (1)-1.pptx
ShreyaBanerjee52
 
Firewall
Naga Dinesh
 
CSE_Instructor_Materials_Chapter7.pptx
Mohammad512578
 
firewall filtering and communication domain
MohammedAli580048
 
Enterprise firewalls feature and benefits
Anthony Daniel
 
Network security architecture is the planning and design of the camp.pdf
aquazac
 
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Firewall
ArchanaMani2
 
What is a Firewall_ The Different Firewall Types.pptx
AneenaBinoy2
 
Firewall
reddivarihareesh
 
Ch20 book
amitnitttr
 
Network Security Fundamentals
Rahmat Suhatman
 
Firewall
Apo
 
Computer network 6
MDHASNAIN23
 
Ad

Recently uploaded (20)

PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PPT
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PPTX
web development for engineering and engineering
keshriji700
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Sustainable Sites - Green Building Construction
mhdumerali
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
Project quality management in manufacturing
BarMusaTetik
 
PPT on Performance Review to get promotions
prashant593122
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
web development for engineering and engineering
keshriji700
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 

Security assignment (copy)

  • 1. 1. Introduction Addis Ababa Science and Technology University ICT is a large size enterprise network which has many departments inside. It includes the Application department, the Support and maintenance support and the network department. The network departments undergo the security issues beyond administrating the network. The security issue is administrated from two perspectives: network perspective and software perspective. For a system to be holistic, physical, technological and policies and procedures should all be included. The technological security aspect includes the operating system, application and the network security of the system. Physical Security The data center network is the small network mainly consisting of servers. The servers in AASTU ICT include web server, email server, TFTP server, registration system server and e- learning server. The data center network of the ICT is the main system which should be secured physically. Thus, the data center room is locked and keys are handed in seriously. Even stakeholders do not enter into the room as their office. The data center network room requires bio-metric authentication methods in addition to the keys. One must commit fingerprinting and use smart cards to enter in. Network Perspective of ICT Security The network administrators in the ICT directorate undergo different tasks regarding the security issues of the network. They mainly focus and depend on Firewall to secure their system. Firewall is the main tool used in securing a system. It can be physical or software based which can be installed virtually in the server.
  • 2. FortiGate 1200D is the Firewall used in AASTU ICT directorate. They use it for both the firewall function role and Intrusion detection and prevention systems role. Thus, they don’t use standalone Network Intrusion detection/prevention System. The FortiGate1200D Firewall is deployed before the core switch (router) just after the epoch. What are Firewalls Network firewalls are security devices used to stop or mitigate unauthorized access to private networks connected to the Internet, especially intranets. The only traffic allowed on the network is defined via firewall policies – any other traffic attempting to access the network is blocked. Network firewalls sit at the front line of a network, acting as a communications liaison between internal and external devices. A network firewall can be configured so that any data entering or exiting the network has to pass through it – it accomplishes this by examining each incoming message and rejecting those that fail to meet the defined security criteria. When properly configured, a firewall allows users to access any of the resources they need while simultaneously keeping out unwanted users, hackers, viruses, worms or other malicious programs trying to access the protected network. Firewalls can be either hardware or software. In addition to limiting access to a protected computer and network, a firewall can log all traffic coming into or leaving a network, and manage remote access to a private network through secure authentication certificates and logins.  Hardware firewalls: These firewalls are released either as standalone products for corporate use, or more often, as a built-in component of a router or other networking device. They are considered an essential part of any traditional security system and network configuration. Hardware firewalls will almost always come with a minimum of four network ports that allow connections to multiple systems. For larger networks, a more expansive networking firewall solution is available.  Software firewalls: These are installed on a computer, or provided by an OS or network device manufacturer. They can be customized, and provide a smaller level of control over functions and protection features. A software firewall can protect a system from standard control and access attempts, but have trouble with more sophisticated network breaches.
  • 3. There are a number of major firewall types that prevent harmful information from passing through the network: Application-layer Firewalls: This is a hardware appliance, software filter, or server plug-in. It layers security mechanisms on top of defined applications, such as FTP servers, and defines rules for HTTP connections. These rules are built for each application, to help identify and block attacks to a network. Packet Filtering Firewalls: This filter examines every packet that passes through the network – and then accepts or denies it as defined by rules set by the user. Packet filtering can be very helpful, but it can be challenging to properly configure. Also, it’s vulnerable to IP spoofing. Circuit-level Firewalls: This firewall type applies a variety of security mechanisms once a UDP or TCP connection has been made. Proxy Server Firewalls: This version will check all messages that enter or leave a network, and then hide the real network addresses from any external inspection. Next Generation Firewalls (NGFW): the filtering is determined by the applications or traffic types and the ports they are assigned to. These features comprise a blend of a standard firewall with additional functionality, to help with greater, more self-sufficient network inspection. Stateful Firewalls: Sometimes referred to as third generation firewall technology, stateful filtering accomplishes two things: traffic classification based on the destination port, and packet tracking of every interaction between internal connections. Fortigate 1200D FortiGate is the known Firewall used in various networks ranging from small businesses to large enterprises, service providers and carriers. The FortiGate line combines the FortiOSTM security operating system with FortiASICTM processors and other hardware to provide a high- performance array of security and networking functions including: • firewall, VPN, and traffic shaping • Intrusion Prevention system (IPS) • Antivirus/antispyware/antimalware • Web filtering • Antispam
  • 4. • Application control (for example, IM and P2P) • VoIP support (H.323, SIP, and SCCP) • Layer 2/3 routing • multiple redundant WAN interface options Figure 3.1.1 shows the FortiGate 1200D and the interfaces it has. Fig.3.1.1 FortiGate Hardware Interface
  • 5. Firewall Placement in Campus Networks Typically, firewalls should be placed between any network that has a connection to the internet, and businesses should establish clear computer security plans, with policies on external networks and data storage. Figure 2 shows typical placement of a Firewall for enterprise networks. Figure 2. Placement of Firewall in an enterprise network Firewall for Securing Internal System They use this firewall for securing the internal networks including the wireless networks (wifi). They use passwords encrypted to secure their networks. They use ADE algorithm to secure their password and username/network name. Since the threat likelihood and the effect/risk is lower as can be controlled if occurred, they don’t change their password regularly and use relatively weaker passwords to remember. They also use Firewall for implementing network security policy on their system. They implement their policies at the network level, transport layer manipulating ports and at the application layer to impose sites to block through the Firewall.
  • 6. Wifi Controllers A WLAN controller manages wireless network access points that allow wireless devices to connect to the network. The ICT directorate uses AIR-CT3504-K9 wifi controller, for controlling access points and securing the wireless networks. It can support 150 APs and 3000 clients at the same time. 1. Kaspersky Enterprise Security Antivirus Kaspersky Anti-Virus formerly known as AntiViral Toolkit Pro; often referred to as KAV) is a proprietary antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows and macOS, although a version for Linux is available for business consumers. Kaspersky Anti-Virus features include real-time protection, detection and removal of viruses, trojans, worms, spyware, adware, keyloggers, malicious tools and auto-dialers, as well as detection and removal of rootkits. Kaspersky Enterprise Security Antivirus Used by ICT Staff The AASTU ICT uses Kaspersky enterprise security antivirus. It is centrally managed antivirus installed on one server and can be installed remotely to other hosts. They use this antivirus in addition to the FortiGate 1200D Firewall to mitigate and prevent malwares and viruses. 2. Backup Mechanism A backup is a copy of valued data/software/software configuration/transaction, created as a replacement for situations when the original data is lost or corrupted. Failures can be classified as follows: Transaction failure :  Logical errors: transaction cannot complete due to some internal error condition
  • 7.  System errors: the database system must terminate an active  transaction due to an error condition (e.g., deadlock) System crash: a power failure or other hardware or software failure causes the system to crash.  Fail-stop assumption: non-volatile storage contents are assumed to not be corrupted by system crash ◦ Database systems have numerous integrity checks to prevent corruption of disk data Disk failure: a head crash or similar disk failure destroys all or part of disk storage.  Destruction is assumed to be detectable: disk drives use checksums to detect failures. The ICT uses different backing up methods in case files/programs/applications/system configurations are deleted. They use automatic backup mechanisms scheduled with in two weeks. Though staffs in ICT directorate use medias like USB flash, CD/DVD and other personal computers for backing up, they mainly use TFTP (Trivial File Transport protocol) server for backing back. They have recently deployed the TFTP server for backing up. TFTP Server TFTP is a simple and lightweight file transfer protocol and mainly used in many network devices. TFTP leaves out many authentication features of FTP and it runs on UDP port 69. TFTP is used to download the network device OS image, or even load/save their configuration on TFTP. 3. Fault Tolerant Systems Fault tolerant system is a system in which the system functions robustly in case the system incurs damage, or unexpected failure occurs. So making the system fault tolerant is important. Fault Tolerant is achieved using redundancy. All servers in the data center network and the core switch/core router, the Firewall, the distribution switches and the wifi controllers are made redundant. They are two in number and are designed to be standby in case the server or other network devices fails or security risks occurs.
  • 8. 4. Recovery Mechanisms Data recovery is the process of restoring data that has been vanished, unintentionally deleted, corrupted or made inaccessible for any reason. In enterprise information technology (IT), data recovery consistently indicates the restoration of data to a desktop, laptop, server, or external storage system from a backup. There are two methods that are primarily used for database recovery. These are:  Log based recovery - In log based recovery, logs of all database transactions are stored in a secure area so that in case of a system failure, the database can recover the data. All log information, such as the time of the transaction, its data etc. should be stored before the transaction is executed.  Shadow paging - In shadow paging, after the transaction is completed its data is automatically stored for safekeeping. So, if the system crashes in the middle of a transaction, changes made by it will not be reflected in the database. The staffs in ICT use both mechanisms for data/software recovery. 5. Securing Servers Securing Web Servers/ Database Servers Web Server is the backbone of websites and applications. Thus web servers need to be constantly available to make sure your business is up and running. Given their importance to businesses, web servers are often targeted by hackers, which can lead to downtime or even exposure of confidential data. Denial of Service attack DOS attacks are performed by overwhelming the web server in numerous ways including sending invalid data as input that causes application termination, flooding the web server with automated request causing a crash, blocking the traffic resulting in loss of access to the legitimate users.
  • 9. Man-in-the-Middle A MitM attack occurs when a hacker inserts himself between the communications of a client and a server. This poses a risk as the hacker can directly interact with a web server by impersonating himself as a legitimate client. Input Invalidation attack In this the server executes a code injected by a hacker to the web server or the database server. By executing this code in places where inputs are not validated, information can be retrieved or modified by the attacker and further damages. Tampering of the hidden file is also possible with this attack. SQLi When this attack is conducted, there are chances of backend database server to be compromised and it can be catastrophic for a company. This can be done by Injecting malicious scripts into a database to modify or extract information from it. The stored procedures in the database can also be executed through SQL injection. Password Based Attack The authentication system of a web server is often based on the password that identifies a valid user and grants access to the web server. If the hacker can, by any means, get your username and password, he or she can access the information that only the legitimate user are supposed to access. Poor Error Handling This can lead to disclosing of Server information by the error pages and then malicious attacks can be crafted, by a hacker, in particular for that server to further damage it. Buffer Overflow Attack Once the buffer memory is overflown, the hacker can feed an executable command in the stack. After the stack recovers from the crash, it goes to the return address and if it has been changed and replaced with one that falls within the desired range, the malicious command may execute and grant entry to certain sections of the web server.
  • 10. Directory Traversal This is vulnerability where an attacker is able to access beyond the web root directory from the application. If he is able to access beyond web root directory, he might execute OS commands and get sensitive information or access restricted directories. A Security Checklist Used by Staffs of ICT Directorates Here’s a five-point web security checklist that can help you keep your projects secure. 1. Secure Web Host  Use update operating system and software  regularly backups and restore  Enable Secure Sockets Layer (SSL) protocol (web hosts enlist SSL certificates as one of their main offers)  regularly scan malware for the web servers and application servers through FortiGate 1200D  Distributed Denial of Service (DDoS) attack mitigation  Firewall implementation 2. Encrypt All Connections and Secure User Logins Once you’ve chosen a secure web host, the next point you need to consider is encrypting all your connections. This is especially important for websites that require any form of registration or transaction. Protecting pages requiring authentication should also be a major priority. Incorporate a highly protective password standard that requires users to register with secure credentials. 3. Keep Your Database Secure Another security loophole hackers can easily exploit is the website database. Typically, you’ll have to store a lot of information (about your business and customers) on your web application’s server. However, make sure to store only the data you truly need.
  • 11. Cross Site Scripting (XSS) – Client Hijacking Cross-Site Scripting (XSS) is one of the most common and dangerous cyber attacks targeting web applications. It’s usually carried out on the client side of the application (usually browser) by using malicious scripts embedded on a web page in web applications in order to take control of the current page.  This exploits website vulnerability by injecting malicious scripts that will run on the client’s side. The idea is to embed and run a script in a web page of a web application and execute it in the pattern desired by the attacker.  Denial of Service Denial of service attacks are one of the most popular and dangerous cyber attacks targeted at web servers or server instances like MySQL. The aim is to make the service, network resource or instances unavailable temporarily or indefinitely disrupting the whole system or a host the resource or instance is connected to. In the MySQL case, it can cause the MySQL instance to crash thereby making it temporarily unusable by any service connected to it for data source.  Race Condition Race condition is an unwanted situation or scenario that occurs when a device, system or software tries to run two or more operations simultaneously, however, due to the nature of the system or device, the operations must be executed in the right sequence or timing due to other uncontrollable events to ensure its done efficiently. In the MySQL case, this vulnerability can cause a race condition, which can be very severe. It can let a local user that has access to a database escalate their privileges and run arbitrary code as the database local user. 
  • 12. Mail Server Security Mail Server A mail server is the computerized equivalent of your friendly neighborhood mailman. Every email that is sent passes through a series of mail servers along its way to its intended recipient. Although it may seem like a message is sent instantly – zipping from one PC to another in the blink of an eye – the reality is that a complex series of transfers takes place. Mail Server Components Types of Mail Servers Mail servers can be broken down into two main categories: outgoing mail servers and incoming mail servers. Outgoing mail servers are known as SMTP, or Simple Mail Transfer Protocol, servers. Incoming mail servers come in two main varieties. POP3, or Post Office Protocol, version 3, servers are best known for storing sent and received messages on PCs’ local hard
  • 13. drives. IMAP, or Internet Message Access Protocol, servers always store copies of messages on servers. Most POP3 servers can store messages on servers, too, which is a lot more convenient. Email Server Vulnerabilities 1- Social Engineering attack 2- Malicious Files-controlled by content filtering When malicious content in the email attachment reaches to the user, it may take the whole computer system and network. For successful anti-phishing solution, these files must be analysed with signature-based antivirus software and behaviour analysis services. Ransomware DdoS Attack Mail Server security Checks by AASTU ICT Staffs As they do for securing other servers, they depend on FortiGate1200D for securing the email server.  Employ a strong authentication procedure  encrypt SMTP, POP3 and IMAP protocols with SSL/TLS type encryption.  Uses FortiGate to detect and delete spams  Patching the software  Patching and upgrading the mail client applications  configuring the mail client security features (e.g., disable automatic opening of messages)  enabling antivirus, antispam, and antiphishing features  configuring mailbox authentication and access; and  securing the client’s host operating system.  configuring, protecting, and analyzing log files; and
  • 14.  periodically testing the security of the mail server application.  If the installation program installs unnecessary applications, services, or scripts, these should be removed immediately after the installation process is complete.  encrypt the user authentication session even if they do not encrypt the actual e-mail data.  Authentication, encryption  To prevent DoS attacks, you need to limit the amount of both general overtime and simultaneous connections to the SMTP server.  DDoS atack can also be prevented by enabling SMTP authentication