Type your college name here
Infrastructure Assignment – 5
Infrastructure Assignment-5
Submitted By:
Type your name here
1. At a company, you are responsible for securing a network server utilized primarily for data
storage and internal application sharing as well as for securing numerous desktop computers
connected to the network. Describe the access control that you would put in place for each
and explain why.
 The more valuable your data, the more effort you should put into securing your firm's
network servers. The following areas will help to maintain a server on the network.
Firewall:
It might sound obvious, but it's important to ensure your server's built-in firewall is running
and that you are also using at least one level of network firewall. This may be something as
simple as a firewall on the router attached to the server.
Placing a server on a network without a firewall is like leaving the front door wide open.
Once the firewall is running, the next step is to turn off every port you don't need. If you are
not using the port, you don't need it open on the firewall.
Hardening:
Getting the firewall running is only a start. A critical step is "hardening" the system. This is
the process of trimming the machine of every piece of software it doesn't need to complete its
assigned task. Every single piece of software is going to have an exploit. You want to reduce
the machine down to the necessities to increase the security.
This means removing software from the server box. If, for example, the machine is an e-mail
server, then delete all office productivity applications, the Web browser, even games and
utilities. In short, everything that does not specifically support the server's role should be
moved from its location on the network to a safer place internally.
Auditing:
Once you've firewalled and hardened your server, the next step is to check your work for any
unknown leaks and weak spots. Software audit tools provide detailed analysis of just how
tight you've sealed up your box. The Centre for Internet Security, for example, provides a
number of free auditing tools for a wide variety of platforms.
It’s suggested that use Nessus Vulnerability Scanner. This free tool checks for open ports,
lists specific exploits and vulnerabilities, and even runs some exploits in an attempt to ferret
out weakness in the server set-up.
Ongoing maintenance:
Once the system is secure and running smoothly, keeping the machine under control and free
of worms, viruses, and renegade processes requires an ongoing plan of maintenance.
Serious maintenance starts with running intrusion detection software, such as the Open
Source Snort. Snort monitors server activity and helps flag suspicious events. Installing
updates and patches to the system can create issues with other software running on the
machine so check the update details before you update any patch. Keeping the patches on the
server operating system up to date is a good idea for dealing with the some of the most
obvious flaws.
- [1] [2]
Page | 2
2. Generate a message of at least 30 characters. Using a Vigenere cipher key that is at least
three letters long, encrypt the message. You should list the initial message, the cipher key
chosen, and the encrypted message. Explain how secure you think this message is and justify
your reasoning.
 The Vigenère cipher is the process of encrypting alphabetic text by using a series of
different Caesar ciphers based on the letters of a keyword. It is a simple form of
polyalphabetic substitution.
The Vigenère cipher has been reinvented many times. The method was originally described
by Giovan Battista Bellaso in his 1553 book La cifra del. Sig. Giovan Battista Bellaso;
however, the scheme was later misattributed to Blaise de Vigenère in the 19th century, and is
now widely known as the "Vigenère cipher".
- [3] [4]
Vigenère can also be viewed algebraically. If the letters A–Z are taken to be the numbers 0–
25, and addition is performed modulo 26, then Vigenère encryption can be written,
And decryption
An example of Vigenère cipher,
Plain Text Input:
The Vigenère cipher is the process of encrypting alphabetic text by using a series of different
Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic
substitution
Using the cipher key: JEANA
Cipher text Output:
Cle Iizlrèmm imcyit qh alv xjhjihj ch ifufdtgkee pexugbpipc uiqb dr ypboe u kmeoek sw
lmxtjumsy Griftt cmhhvta qhwvv pn llh zrmaicw hy e bwmbobh. Gp wj d abuhlw nagx sk
dfxmfadsybpipc tyuavanvlbwg
The cipher key is generated using online tool provided by www.rumkin.com at
http://rumkin.com/tools/cipher/vigenere-autokey.php
At first glance the Vigenère Cipher appears to be unbreakable, due to its use of up to 26
different cipher alphabets. Ciphers like this, which use more than one cipher alphabet, are
known as Polyalphabetic Ciphers. These can be incredibly difficult to decipher, because of
their resistance to letter frequency analysis. Indeed, over time, the Vigenère cipher became
known as 'Le Chiffre Undechiffrable', or 'The Unbreakable Cipher'.
It wasn't until 1854, over two hundred years later, that the Vigenère Cipher was finally
cracked by the British cryptographer Charles Babbage. Babbage employed a mix of
cryptographic genius, intuition and sheer cunning to break the Vigenère Cipher. Amazingly,
his work was never published in his lifetime, and it was over a hundred years later, in the
1970's, that his technique was finally made public.
- [5]
The strength of the Vigenère Cipher is that the same letter can be encrypted in different ways.
For example, if the keyword is KING, then every plaintext letter can be encrypted in 4 ways,
because the keyword contains 4 letters. Each letter of the keyword defines a different cipher
alphabet in the Vigenère Square. The 'e' column of the square is highlighted to show how
Page | 3
encipherment depends on which keyword letter is defining the encryption. Similarly, whole
words will be enciphered in different ways - the word 'the' could be enciphered as DPR,
BUK, GNO and ZRM depending on its position relative to the keyword. Although this makes
cryptanalysis difficult, it is not impossible. The important point to note is that if there are only
four ways to encipher the word 'the', and the original message contains several uses of the
word 'the', then it is inevitable that some of the four possible encipherments will be repeated
in the ciphertext. This is demonstrated in this example, in which the line "The Sun and the
Man in the Moon", has been enciphered using the Vigenere cipher and the keyword KING.
The word 'the' is enciphered as DPR in the first instance, and then as BUK on the second and
third occasions. The reason for the repetition of BUK is that the second 'the' is displaced by 8
letters with respect to the third 'the', and 8 is a multiple of the length of the keyword. In other
words, the second 'the' was enciphered according to its relationship to the keyword, and by
the time we reach the third 'the', the keyword has cycled round exactly twice, to repeat the
relationship.
3. For the network you have chosen to characterize, identify the forms of security utilized. Be
sure to consider physical as well as electronic security. For electronic security, be sure to
include items like virus checks, firewalls, and encryption protocols employed in addition to
any access controls. Explain how each helps to secure the network.
 To secure the network following electronic securities are implemented,
Antivirus Application:
Antivirus programs are designed to detect and intercept harmful files downloaded to your
computer. In order to monitor incoming files, though, antivirus programs--like all
applications--need to use system resources.
A variety of strategies are typically employed. Signature-based detection involves searching
for known patterns of data within executable code. However, it is possible for a computer to
be infected with new malware for which no signature is yet known. To counter such so-called
zero-day threats, heuristics can be used. One type of heuristic approach, generic signatures,
can identify new viruses or variants of existing viruses by looking for known malicious code,
or slight variations of such code, in files. Some antivirus software can also predict what a file
will do by running it in a sandbox and analysing what it does to see if it performs any
malicious actions.
Firewall:
A firewall is a part of a computer system or network that is designed to block unauthorized
access while permitting authorized communications. It is a device or set of devices that is
configured to permit or deny network transmissions based upon a set of rules and other
criteria.
Firewalls can be implemented in either hardware or software, or a combination of both.
Firewalls are frequently used to prevent unauthorized Internet users from accessing private
networks connected to the Internet, especially intranets. All messages entering or leaving the
intranet pass through the firewall, which inspects each message and blocks those that do not
meet the specified security criteria.
Encryption:
An encryption protocol is an abstract or concrete protocol that performs a security-related
function and applies cryptographic methods.
Page | 4
A protocol describes how the algorithms should be used. A sufficiently detailed protocol
includes details about data structures and representations, at which point it can be used to
implement multiple, interoperable versions of a program. Cryptographic protocols are widely
used for secure application-level data transport.
4. Two key aspect of the planning phase of the systems development life cycle are to assess
needs and to identify project objectives. For the Unit 10 project, you will be developing a
proposal for improving or enhancing the network that you have characterized throughout this
class. List the needs of those making use of the network you have characterized. Identify a
need that is not fully met and explain the problems or deficiencies that exist. List three or
more specific project goals which if met would reduce or alleviate these problems or
deficiencies.
 Network design is an exercise in meeting new and old requirements while working within
certain constraints. These constraints include budget, labour, technology, space, and time.
To achieve the network project goals, need the following requirements.
Server – the network server is a fast performance computer to store data and share network
applications to users in the company.
Operating system – Open source powerful and dynamic operating system is requiring in the
servers like Ubuntu Linux distribution.
Routers – In network routers are very important to connect different segments of the network.
Company network has Cisco 2800 series router which is connected to the company’s
headquarter via VPN.
Gathering network features or services requires an understanding of applications, basic traffic
flows, and user and site counts. You can use this information to create a logical design and
feature set that will help network architects understand requirements such as bandwidth,
interface requirements, connectivity, configuration, and physical device requirements.
Creating solution scalability objectives helps you design networks that meet future growth
requirements and ensure that proposed designs do not experience resource constraints during
expected growth of the network. Resource constraints include overall traffic volume, number
of routes, number of virtual circuits (VCs), neighbour counts, broadcast domains, device
throughput, media capacity, and a number of other scalability-type parameters.
Setting network management objectives requires an understanding of the support process and
associated network management tools. Management objectives include an understanding of
how new solutions will fit into the existing support and tool model, with references to any
potential differences or new requirements. This step is critical to deployment success,
because the ability to support new solutions is key to network availability.
- [6] [7]
Page | 5
References:
1. http://technology.inc.com/security/articles/200609/tipsnetworksecurity.html
2. http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1150483,00.html
3. http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
4. http://rumkin.com/tools/cipher/vigenere-autokey.php
5. http://www.simonsingh.net/The_Black_Chamber/vigenere_cracking.html
6.
http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f908.
shtml#serve
7. http://thedata.org/book/system-requirements
Page | 6