Type your college name here Infrastructure Assignment – 5 Infrastructure Assignment-5 Submitted By: Type your name here 1. At a company, you are responsible for securing a network server utilized primarily for data storage and internal application sharing as well as for securing numerous desktop computers connected to the network. Describe the access control that you would put in place for each and explain why. The more valuable your data, the more effort you should put into securing your firm's network servers. The following areas will help to maintain a server on the network. Firewall: It might sound obvious, but it's important to ensure your server's built-in firewall is running and that you are also using at least one level of network firewall. This may be something as simple as a firewall on the router attached to the server. Placing a server on a network without a firewall is like leaving the front door wide open. Once the firewall is running, the next step is to turn off every port you don't need. If you are not using the port, you don't need it open on the firewall. Hardening: Getting the firewall running is only a start. A critical step is "hardening" the system. This is the process of trimming the machine of every piece of software it doesn't need to complete its assigned task. Every single piece of software is going to have an exploit. You want to reduce the machine down to the necessities to increase the security. This means removing software from the server box. If, for example, the machine is an e-mail server, then delete all office productivity applications, the Web browser, even games and utilities. In short, everything that does not specifically support the server's role should be moved from its location on the network to a safer place internally. Auditing: Once you've firewalled and hardened your server, the next step is to check your work for any unknown leaks and weak spots. Software audit tools provide detailed analysis of just how tight you've sealed up your box. The Centre for Internet Security, for example, provides a number of free auditing tools for a wide variety of platforms. It’s suggested that use Nessus Vulnerability Scanner. This free tool checks for open ports, lists specific exploits and vulnerabilities, and even runs some exploits in an attempt to ferret out weakness in the server set-up. Ongoing maintenance: Once the system is secure and running smoothly, keeping the machine under control and free of worms, viruses, and renegade processes requires an ongoing plan of maintenance. Serious maintenance starts with running intrusion detection software, such as the Open Source Snort. Snort monitors server activity and helps flag suspicious events. Installing updates and patches to the system can create issues with other software running on the machine so check the update details before you update any patch. Keeping the patches on the server operating system up to date is a good idea for dealing with the some of the most obvious flaws. - [1] [2] Page | 2 2. Generate a message of at least 30 characters. Using a Vigenere cipher key that is at least three letters long, encrypt the message. You should list the initial message, the cipher key chosen, and the encrypted message. Explain how secure you think this message is and justify your reasoning. The Vigenère cipher is the process of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution. The Vigenère cipher has been reinvented many times. The method was originally described by Giovan Battista Bellaso in his 1553 book La cifra del. Sig. Giovan Battista Bellaso; however, the scheme was later misattributed to Blaise de Vigenère in the 19th century, and is now widely known as the "Vigenère cipher". - [3] [4] Vigenère can also be viewed algebraically. If the letters A–Z are taken to be the numbers 0– 25, and addition is performed modulo 26, then Vigenère encryption can be written, And decryption An example of Vigenère cipher, Plain Text Input: The Vigenère cipher is the process of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution Using the cipher key: JEANA Cipher text Output: Cle Iizlrèmm imcyit qh alv xjhjihj ch ifufdtgkee pexugbpipc uiqb dr ypboe u kmeoek sw lmxtjumsy Griftt cmhhvta qhwvv pn llh zrmaicw hy e bwmbobh. Gp wj d abuhlw nagx sk dfxmfadsybpipc tyuavanvlbwg The cipher key is generated using online tool provided by www.rumkin.com at http://rumkin.com/tools/cipher/vigenere-autokey.php At first glance the Vigenère Cipher appears to be unbreakable, due to its use of up to 26 different cipher alphabets. Ciphers like this, which use more than one cipher alphabet, are known as Polyalphabetic Ciphers. These can be incredibly difficult to decipher, because of their resistance to letter frequency analysis. Indeed, over time, the Vigenère cipher became known as 'Le Chiffre Undechiffrable', or 'The Unbreakable Cipher'. It wasn't until 1854, over two hundred years later, that the Vigenère Cipher was finally cracked by the British cryptographer Charles Babbage. Babbage employed a mix of cryptographic genius, intuition and sheer cunning to break the Vigenère Cipher. Amazingly, his work was never published in his lifetime, and it was over a hundred years later, in the 1970's, that his technique was finally made public. - [5] The strength of the Vigenère Cipher is that the same letter can be encrypted in different ways. For example, if the keyword is KING, then every plaintext letter can be encrypted in 4 ways, because the keyword contains 4 letters. Each letter of the keyword defines a different cipher alphabet in the Vigenère Square. The 'e' column of the square is highlighted to show how Page | 3 encipherment depends on which keyword letter is defining the encryption. Similarly, whole words will be enciphered in different ways - the word 'the' could be enciphered as DPR, BUK, GNO and ZRM depending on its position relative to the keyword. Although this makes cryptanalysis difficult, it is not impossible. The important point to note is that if there are only four ways to encipher the word 'the', and the original message contains several uses of the word 'the', then it is inevitable that some of the four possible encipherments will be repeated in the ciphertext. This is demonstrated in this example, in which the line "The Sun and the Man in the Moon", has been enciphered using the Vigenere cipher and the keyword KING. The word 'the' is enciphered as DPR in the first instance, and then as BUK on the second and third occasions. The reason for the repetition of BUK is that the second 'the' is displaced by 8 letters with respect to the third 'the', and 8 is a multiple of the length of the keyword. In other words, the second 'the' was enciphered according to its relationship to the keyword, and by the time we reach the third 'the', the keyword has cycled round exactly twice, to repeat the relationship. 3. For the network you have chosen to characterize, identify the forms of security utilized. Be sure to consider physical as well as electronic security. For electronic security, be sure to include items like virus checks, firewalls, and encryption protocols employed in addition to any access controls. Explain how each helps to secure the network. To secure the network following electronic securities are implemented, Antivirus Application: Antivirus programs are designed to detect and intercept harmful files downloaded to your computer. In order to monitor incoming files, though, antivirus programs--like all applications--need to use system resources. A variety of strategies are typically employed. Signature-based detection involves searching for known patterns of data within executable code. However, it is possible for a computer to be infected with new malware for which no signature is yet known. To counter such so-called zero-day threats, heuristics can be used. One type of heuristic approach, generic signatures, can identify new viruses or variants of existing viruses by looking for known malicious code, or slight variations of such code, in files. Some antivirus software can also predict what a file will do by running it in a sandbox and analysing what it does to see if it performs any malicious actions. Firewall: A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices that is configured to permit or deny network transmissions based upon a set of rules and other criteria. Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which inspects each message and blocks those that do not meet the specified security criteria. Encryption: An encryption protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods. Page | 4 A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program. Cryptographic protocols are widely used for secure application-level data transport. 4. Two key aspect of the planning phase of the systems development life cycle are to assess needs and to identify project objectives. For the Unit 10 project, you will be developing a proposal for improving or enhancing the network that you have characterized throughout this class. List the needs of those making use of the network you have characterized. Identify a need that is not fully met and explain the problems or deficiencies that exist. List three or more specific project goals which if met would reduce or alleviate these problems or deficiencies. Network design is an exercise in meeting new and old requirements while working within certain constraints. These constraints include budget, labour, technology, space, and time. To achieve the network project goals, need the following requirements. Server – the network server is a fast performance computer to store data and share network applications to users in the company. Operating system – Open source powerful and dynamic operating system is requiring in the servers like Ubuntu Linux distribution. Routers – In network routers are very important to connect different segments of the network. Company network has Cisco 2800 series router which is connected to the company’s headquarter via VPN. Gathering network features or services requires an understanding of applications, basic traffic flows, and user and site counts. You can use this information to create a logical design and feature set that will help network architects understand requirements such as bandwidth, interface requirements, connectivity, configuration, and physical device requirements. Creating solution scalability objectives helps you design networks that meet future growth requirements and ensure that proposed designs do not experience resource constraints during expected growth of the network. Resource constraints include overall traffic volume, number of routes, number of virtual circuits (VCs), neighbour counts, broadcast domains, device throughput, media capacity, and a number of other scalability-type parameters. Setting network management objectives requires an understanding of the support process and associated network management tools. Management objectives include an understanding of how new solutions will fit into the existing support and tool model, with references to any potential differences or new requirements. This step is critical to deployment success, because the ability to support new solutions is key to network availability. - [6] [7] Page | 5 References: 1. http://technology.inc.com/security/articles/200609/tipsnetworksecurity.html 2. http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1150483,00.html 3. http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher 4. http://rumkin.com/tools/cipher/vigenere-autokey.php 5. http://www.simonsingh.net/The_Black_Chamber/vigenere_cracking.html 6. http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f908. shtml#serve 7. http://thedata.org/book/system-requirements Page | 6