This lab is based and mostly taken of CISCO academy Security programme
Lab 1: CCM4332 - Designing a Security Plan
Objective
In this lab, students will analyse, offer recommendations, and help improve the security
infrastructure of a fictitious business. Students will complete the following tasks:
• Analyse business application requirements.
• Analyse security risks.
• Identify network assets.
• Analyse security requirements and tradeoffs.
Scenario
Widget Warehouse is a medium sized e-commerce company that supports 200 customers
daily. The student has been hired to assist in the development of a new security policy. An
assignment has been received to analyse the current network of Widget Warehouse. The
Widget Warehouse network is comprised of an intranet with 200 users, and a public Web
server that processes the company e-commerce traffic. The internal network is logically
divided into an information technology (IT) department branch, an accounting branch, a
customer service branch, a sales branch, and an inventory branch.
Preparation
To complete this lab, the students should have a firm understanding of the various security
exploits that pose a risk to companies.
Tools and resources
The curriculum lists a number of excellent Web links that will help the student understand
the material presented in these labs:
• Carnegie Mellon Software Engineering Institute or CERT http://www.cert.org
• National Institute of Standards and Technology Security Division or
NIST http://csrc.nist.gov/
Step 1 Create a list of various attack intruders
a. The IT department for Widget Warehouse has a general understanding of security but
they are very inexperienced with the various attacks an intruder can use to exploit their
network resources. Create a list of various attacks intruders can use maliciously against the
Widget Warehouse network. Also, provide a brief description of possible attacks, including
their purpose.
Attack Name
Denial of
Service Attacks
Attack Description
DoS attack or distributed DoS attack is intended to interrupt
service from that Host (Crash).
Attacker broadcasting the requests to the targeted address in
result is cannot process them all and service crash
Email spoofing
Email spoofing is when an email message appears to be
originated from a source when actually it is camouflaged massage what
look like legitimate sender, requesting some data to be inputted by the target, if
that happens the attacker obtain various kind of data such as username, pass at
etc
Packet sniffing refer to the software that can be installed on the
network component in order to collect traffic information from
that network segment an obtain by the attacker some data such as
credentials or other information going through the network
Packet Sniffing
Trojan horse
programs
Trojan horse programs are commonly referred as “social
engineering” intruders try to trick users into installing “back
door”programs. This type of software will get into the device
camouflaged as other non malicious software witout notifying
the user and activate executing action it was designed for
Email Borne
Viruses
Viruses and other malicious code can spread as attachments,
some more intelligent attacks (i.e. Melissa Viruses) originated
from familiar addresses what makes it more difficult to prevent.
Eavesdropping
Eavesdropping is based on Sniffing and Snooping, when
information are traveling on the network in clear text it can then
be “sniffed”.
Dictionary Attack
Dictionary attack is achieved from programs that will
exhaustively attempt to guess a password making usage of
words made from letters of the alphabet. Because many people
choose “weak “passwords that are based on common dictionary
words it’s still a risk if no password complexity is not in place.
Idle Scan
This attack is based on sending spoofed packets to a “Zombie”
which is an impersonating computer on the network that isn’t
sending or receiving packets. This is a TCP port scan-basedattack
to find out services that are running on the network.
Step2
a)
1. widget warehouse requirements
a)
b)
c)
d)
e)
f)
Build security
Data type(what kind of data will be operated )
confidential data specification
system specification, what system will be used
root and admin access, hierarchy
data security demand and requirements
Step 3
A)
To secure data flow it is recommended to use virtual private network to encrypt the traffic and create the tunnel between the departments.
VPN can provide integrity and authentication using encryption mechanisms
Step4
A) __
Secure
Monitor
Creating or choosing security policy what will be appied .
Packet filtering
Intrusion prevention system
Secure connectivity
Disabling unused applications
To monitor the network it is recommended to use both, active and passive method.
Active: active monitor active logs, require network administrator for frequent checks
Passive: it can be sufficed by measures such as anomaly detection system
Test
Vulnerability testing tools, connectivity testing tools , and acvie scanning tool should be used
Improve
Monitor and testing data is crutial while implementing scalability and determinate which areas should have
implemented improved options
STEP 5
5 departments with networksegment each, (assuming vlan is in use.)
NIDS(network based intrusion detection system) can be applied to that network on each segment. Furthermore, DMZ(perimeter
network )can be installed on firewall as IDS for passive security or CISCO IDS device manager even ciever can be used to scan to
scan network. More details needed to provide more specific security applications what can be applied here witout performance
decrease.
Step 6
Security policies are the instructions defining what actions are allowed to be executed by users and admins. Obeying these
instructions are crucial in maintaining network security, dealing with hazards and risks. This set of instructions should be agreed
with any network user beforehand.