Network Design Solution

The main focus is given on the security of the network for the development of the network solution and the network security mechanism that can be applied for increasing the security of the sensitive insurance documents are analysed. The main procedures that is used for creating a link between the London and Glasgow site is to conduct a survey on the requirement and analyse the existing the existing technology that can be applied in the network design solution to secure the network from external agents.

The VDSL technology is used for connecting the branch office with the head office network because a larger bandwidth can be obtained with the application of the VDSL connections. Thus it reduces the congestion in the network and the current network infrastructure can be used for reducing the cost of the migration (Kizza 2017). Moreover the VDSL connection is capable to carry the voice and the data signals and used the fibre optics cable for avoiding future hassles. Since the company have a VDSL connection the creation of the second link can be used as a backup link and transferring the loads of the network. The creation of the redundant link increases the reliability of the system (Knapp and Langill 2014). For the implementation of the second link a cable modem would be required and it needs to be connected with the switch for enabling communication between the remote site and head office. The reliability of the network can be increased with the implementation of the VDSL since this have the capability of providing high speed internet service. The London headquarter should be connected with the branch office using two VDSL connections for the creation of redundancy of the network such that if one of the link fails then the other link can be used as a backup link for reaching the destination address of the network.  

There are different networking technologies that are used for maintaining the security of the network such as Novell network. For the deployment of the security measures the different hardware and software are deployed in the network and it should be integrated for automating the data collection and processing the data storage and meeting the distributed storage environment. The computer hardware such as firewall and network monitoring tool are used for the identification of the traffic pattern in the network and secure the vulnerable points (Khouzani et al. 2016). The main goals of securing the distributed environment is to securely share data and communicate with the other users connected with the organizational network. The assets that are required for the development of the network framework must be listed and the areas where they can be deployed for enabling a control on the network are analysed for increasing the security of the network (Tabbane 2014). An analysis should also be made on the available human resources for the collection of the data and information for taking any decision for maintaining confidentiality and security of the network from external entities.

Network Security Mechanism

Conclusion

The implementation of the network security measures helps in reserving the different goals by analysing the investments, data accuracy and application of sustainable trust for the automation of the security of the network. A control measures that are applied in the network should be reviewed for the development of a secure network framework and the areas of application of the security measured are evaluated for management of the network and secure it from external entities to access the core resources of the network.

The report is prepared for a national firm of insurance broker for analysing their security requirements for the development of a secure network for the organization. The report is developed for the accommodation of the current expansion of the network and connect with the new branch offices in Glasgow Scotland. The current requirement of the organization is to design the network for connecting with their remote branch office. The existing network framework of the organization is analysed for the preparation of the report and design the new network solution by addressing the issues currently faced by the organization.

There are different types of security threats in the network that may affect the business of the organization and it should be reviewed for finding the exposure of the major categories. Auditing the current security policy followed by the organization to maintaining security of the network helps in identification of the vulnerabilities and implement security mechanism for securing the entry and exit point of the network (Xing et al. 2016). For reviewing the security and controlling threats the network can be broken down into the following categories such as:

1. Hardware or physical  security
2. Security of the operating system
3. Security of communication, and
4. Procedural security

The physical vulnerability of the network can arise from different points and they are listed as follows:

Software attack – In this type of attacks the main affected elements are the operating system, application software and TSRs. The attack can arise from different point such as external agents or due to an activity of the internal users (Singhal and Ou 2017). The hacker gathers data from the software for accessing the resources of the hosts and create a backdoor for retrieving the data later and deny the users for accessing the data and network.

Hardware attacks – In this type of attacks the hacker can attack an external device with the current network of the organization to gain the access of the core network elements and monitor the flow of data in the network. The hackers can also use different malware, viruses and spyware program for gathering and tap off data from the network.

Types of Security Threats in the Network

Masquerade attacks – The attacker can intrude into thee network with the credential of the authorised users for accessing the current elements of the network (Riabov et al. 2016). The forgery of the identity of the internal users can help the attacker to review the data and the current framework of the network for implementing an attack on the network.

Copy of data and software without permission – The hacker can access the system illegally and install unlicensed software or rootkits causing a violation of the license agreement for unauthorized copying of software in the current system and break the confidentiality of the company’s information and sensitive data (Han et al. 2015). Moreover, the installation of the unlicensed software in the computers can cause opening of ports through the hacker can intrude into the system from remote location for deployment of denial of service attacks.  

Operating system level security threats arises from the unauthorized individuals with the installation of third party unlicensed software programs that makes the operating system vulnerable to different security threats and removes the restriction that are designed to prevent malicious user to access the core resources of the network (Sekhavatmanesh and Cherkaoui 2017). This threats are implemented with the installation of different commercially available software that are designed for exploitation of the loopholes and inherited bugs of the operating system.   

The communication security threats can arise in the network in different forms such as:

1. Spoofing, and
2. Tapping

Spoofing – it is used by the hacker to pretend as the internal server or a host that takes the credentials of the user used for validating the authorization and access the network elements on the network.

Tapping – It is used for accessing the data communication system and track the data flow in the network (Shu et al. 2015). For example the open line of the telephones can be accessed for monitoring the data flow in the network.

Procedural security threats can occur from different points of the network and have the following elements such as:

• Software installation efficiency
• Administration of the network and the system installed in the network
• Management of the user rights and the privileges given to the users
• System restoration methodology followed in case of system failure.

Justification for the recommendations

The threats can arise from different point in the network and it can be categorised as physical threat, operating system level threats, communication security threats and procedural security threats (Cankurtaran and Karatepe 2017). For the improvement of the security of the network it is important to develop different countermeasures for handling the security threats acting on the network of the organization. Firewalls are added to the each of the entry and exit point of the network for securing the internal network and controlling the data flow in the network (Tsohou et al. 2015).  In the preliminary stage it is important to develop a network security plan with the details of the methodology followed for securing the different areas of the network. The issues that are currently faced by the organization should be found and the network security plan must address the issues in order to increase the security of the network. A network security policy must be established and security management experts must be involved for getting expert ideas and achieve the following goals such as:

Countermeasures for Handling Security Threats

Confidentiality – the sensitive organizational information must be encrypted and it should be available to the authorized users for ensuring that privacy and confidentiality of the data are maintained (Hausken and Zhuang 2015).

Authentication – The core elements of the network such as the servers must be protected with the application of more than one level of security. Different accounts should be created for the users to enabling them connect with the servers and transfer data file (Haryadi and Ibrahim 2015). Authentication should be used and strong password should be used for the creation of the password policy such that it cannot be easily identified and the security of the servers are maintained.  

Data Integrity – It is used for maintaining the accuracy of the data and reduce the errors in the network that can be faced by the users such as link failure, loss of data packets, etc.

Access Control – The users must be permitted or denied, based on different parameters to access the core resources of the network. The user needs to maintain their identity for sending and receiving data in the network and fulfil the other criteria of the network security policy (Speicher et al. 2018).

Non repudiation – The proof the data transmission in the network and the receipt must be stored for using it as an evidence in case of any violation of the security rules.   

For the development of a security policy some provisions must be kept such that it can be modified later for meeting the changes in the business policy of the organization. It should also be distributed to the group of users for increasing the awareness and establishment of standards for implementation of the security training programs. Apart from the implementation of the strong security plan the organization can also use different other techniques such as implementation of new technologies and countermeasures for the possible security threats acting on the system for securing the network from external entities. Here in this report the Novell network is used for securing the organizational network.

Recommendations and a design for a workable network

There are different security models that can be applied in different levels of the organizational network for meeting the security requirement of the organization. The application of the security model can increase the maintenance cost of the network and the following five security models are presented for enhancing the security levels of the organization.

The simple model

It provides minimum security and can be deployed in the network following the steps given below:

• Installation of an antivirus package in the network and auto loading it in the login script
• To distribute the log in script with each of the users connected in the network
• Installation of the network application software following the specifications (Akbari et al.2017)
• Installation of the servers in a safe zone for protecting it from tamper
• To use a discrete password for the administrator account that is not shared with any of the users and use of separate password for the other guest accounts created on the server.
• To use different location of keeping the backup of the server and secure it with the application of different encryption algorithms (Xing, Fu and Cheng 2017).
• To create regular backups of the system such that no data is lost.
• To testing the backup created by restoring it another directory and moving them in off site storage location
• Locking the console of the file server in the Monitor.Nlm
• Avoiding storing the password of the file server in the autoexec.ncf file
• Provide training to the user for using the network

Network Security Plan

Basic Model

The basic model consists of all the security features of the simple networking model and the additional steps that are given below:

• Implementation of an education training program for the organization to aware them about the computer viruses and the password policy
• The users should log out the system when the system is in ideal state and lock the system
• Creation of a test directory for testing the backup process and filling the backing up files and the non-essential data for restoring it with the backup device (Yang et al.2015)
• Maintaining an archive for all the data and the applications for implementation of disaster recovery
• Understanding the file system and the different file attributes
• Installation of software in the directory of the server
• Removal of the DOS with the implementation of the command REMOVE DOS (Lincke 2015).
• The console password should be kept different from the ADMI password.  

Protected Model

The protected model is created by comprising the all the security features of the basic model and the steps as follows:

• Implementation of a security education
• Implementation of a distribution system premise key
• Application of password for the print servers
• It should be verifies that all the users exists from the system log in script and use the log in script distributed to them
• The number of concurrent connections should be limited (Ma, Lv and Wu 2018)
• The system administrator should have all the privilege as the administrator account such as permission for addition or deletion of users from the system.
• The system administrator should be able to check the access control list rules for all the users of the network expect the administrator
• The user account of the terminated or the retired employees must be deleted or disabled
• The details of the users, accounts and other information should be recorded for restoring the backups (Moreira, Street and Arroyo 2015)
• Certified and tested NLMs should be applied in the network
• The intruder detection should be enabled in the network
• The security console feature should be enabled on the server end for restriction of NLM loading
• A password must be assigned to the RCONSOLE for enabling a protection on the remote access of the data
• Time restriction should also be applied on the network
• For the configuration of the mail directory the write and the create rights for the public trustee should be removed.
• A network analysis tool should also be used for the analysis of the passwords used in different levels of the network
• The users must be trained to logout the system whenever they leave the machine alone and automatic locking tool can be applied for increasing the security of the computers (Dominguez et al.2017)
• The expiry time should be set for the password such that the user needs to change their password after a certain interval of time for all the accounts (Soomro, Shah and Ahmed 2016)
• A password should not be reused multiple times
• The size of the installer files must be verified with the size mentioned by the manufacturer for ensuring that there are no changes in the final product.

Audited model

The audited model is created based on the protected model and the following steps are included for the development of the model such as:

• Auditing the security after a certain interval of time by the CIS auditors
• The access of the server rooms, workstations and the cable must be monitored (Correa,  Bolanos and Garces 2015)
• The executable files must be monitored
• A security training should be provided to the users for the administration of the network security

Secured Model

It is the most secured model and its security is developed from the audited model and the following steps are followed for the development of the model:

• The disk drives should be removed from the local workstations when they are not in use
• The physical address of the station should be restricted
• The access to the workstations should be given to the trusted users
• The untrusted user accounts should be removed from the trusted network
• The workstations connected in the network must be secured with the application of password (Almeshekah and Spafford 2014)
• The connectivity components used in the network must be trusted

There are different vendors that can deal with the clients and the security professionals for the development of a network security tool for assisting the organization to develop a secure network. There are different network security tools that are used by the network administrator for fighting against the security infiltration arising from the hackers or any unauthorised users (Alzate and Alberto 2017). The internet can be used for searching the specific issues identified using the security tools and it also allows the professionals for sharing of information with each other to eliminate the security risk acting on the current network framework of the organization.

Conclusion

An examination is made on the floor plan for finding the current network topology used for connecting the hosts connected in different areas of the network. The security weakness of the current network and changes in the network that can be used for reducing the risk of data theft or data loss is analysed for designing the new network solution for the organization. Network diagram are used for demonstration of the weakness and the problems of the current network. Justification for the placement of the devices are demonstrated and justification is provided for any alteration of the current network design. The development of the network security policy helps in creation of a proactive plan where the information security personnel’s and the network manager can integrate their skills and knowledge for auditing and maintaining the security plan of the network.

The network security models are used for reviewing the main areas of security in the local or the wide area network. The issues associated with the external access of the network using the internet, intranet or the electronic mail service should also be analysed for the selection of the best network security model. The confidentiality, authentication, access control, data integrity and the non-repudiation should be maintained for securing the network elements. The use of the access control mechanism can become a serious concern for the security of the organization because telecommunication mechanism is used for connecting with the different network located in different geographical areas.

Connection with the remote office

The network security tools are used for exploiting the issues and helps the network administrator to identify the flaws and the bugs present in the system. The poorly configured system can also be identified by analysing the lack of password protection and the unauthorised access of the network devices (Li et al. 2015). The unprotected internet connection and the can be found and the tool can provide suggestion for the correction off the flaws and removal of bugs in the system. The vulnerabilities that are analysed using the tool should not be tolerated and removed immediately for increasing the security of the network.

Securing connection to the vehicles

The installation of a network firewall is an ideal choice for the organization for maintaining the security of the network and defend it from the outside intruders. The firewall can be a compilation of software and hardware that are designed to work combined for maintaining the security of the internal network by restricting the access of the components (Fielder et al. 2016). The implementation of the firewall varies and it is mainly designed for installing between the gateway of the internal and the outside network also termed as the entry and exit point of the network.

The installation of firewall in the network enables better control on the network because it can block or allow network traffic for increasing the safety and reducing the risk of the organization. The network administrator have the information that what network are allowed or blocked in the network (Nikolopoulou, Martin and Dalton 2016). The five domains of the network security that are implemented with the installation of the firewall are:

1. Internet security
2. Workgroup security
3. Mobile PC security
4. Remote site security, and
5. Integrated enterprise security

The CIS auditor and the information security personnel is responsible for playing a key role for monitoring the integrity of the firewall and ensuring that is compatible with the operational security of the organization. The specific requirement of each of the domain can be met with the installation of the firewall and the suspicious activity of the users connected in the network can be tracked for securing the communication of the users (Liu et al. 2018). The network management tools can be implemented with the firewall for the increasing the levels of security.

Additional hardware required for the implementation

• Firewalls – The firewalls are used for securing the communication channels followed for the transferring of data packets in the network. The firewall also helps to secure the internet connection and protects the network from the internal users to avoid risk of surfing malicious sites and installation of malicious software in the workstations.
• Wireless access point – it is used for providing wireless connectivity of the handled devices used by the insurance agents to register the insurance policy and upload data in the data centres servers of the network (Mohtashami, Pudjianto and Strbac 2017).  
• Cisco 7962 IP phone – It is used for connecting with the remote branches and reducing the communication cost of the network and increase the efficiency of the current network framework designed for national firm. Separate channels should be used for the voice for reducing collision of the voice and the data packets and increase the efficiency of the network.
• Security tools – To analyse the security risks of the network in the distributed environment different network monitoring tool can be used for the identification of the weakness of the current network. SATAN (Security administrator tool for analysing network) is a security tool that is used for administration of the network and finding the presence of potential hackers in the system (Missanga, Msuya and Mtenga 2017). The information about the network is gathered using the security tool about the internet connected hosts and detection of the presence of the UNIX services such as file transfer and remote log in.

Conclusion

The main point identified for the distributed environment is to enable the transfer of files and information between the different systems connected inside or outside the organization. The main challenge faced for securing the network is to restrict the hackers and the viruses without affecting the performance of the network for the authorised users.  For the preparation of the report on network security, an analysis is made on the different networking technology that can be used for the development of the network framework. The challenges faced by the organisation for securing the current distributed network environment can be mitigated with the implementation of a network security plan. The security consultants, CIS auditors and the staffs can play an important role for the management of the security of the network and controlling the secure environment of the network.

References

Akbari, T., Zolfaghari Moghaddam, S., Poorghanaat, E. and Azimi, F., 2017. Coordinated planning of generation capacity and transmission network expansion: A game approach with multi?leader?follower. International Transactions on Electrical Energy Systems, 27(7).

Almeshekah, M.H. and Spafford, E.H., 2014, September. Planning and integrating deception into computer security defenses. In Proceedings of the 2014 New Security Paradigms Workshop (pp. 127-138). ACM.

Alzate, F. and Alberto, F., 2017. Characterization, Modelling and Implementation of TSO: Security Process and its Application in the Operational Planning of Sustainable Electric Power Systems. kassel university press GmbH.

Cankurtaran, M.F. and Karatepe, E., 2017, April. Flexible transmission expansion and reactive power planning with wind energy considering N-1 security. In Smart Grid and Cities Congress and Fair (ICSG), 2017 5th International Istanbul (pp. 22-26). IEEE.

Correa, C.A., Bolanos, R. and Garces, A., 2015. Enhanced multiobjective algorithm for transmission expansion planning considering N− 1 security criterion. International Transactions on Electrical Energy Systems, 25(10), pp.2225-2246.

Dominguez, A.H., Macedo, L.H., Escobar, A.H. and Romero, R., 2017. Multistage security-constrained HVAC/HVDC transmission expansion planning with a reduced search space. IEEE Transactions on Power Systems, 32(6), pp.4805-4817.

Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F., 2016. Decision support approaches for cyber security investment. Decision Support Systems, 86, pp.13-23.

Han, B., Gopalakrishnan, V., Ji, L. and Lee, S., 2015. Network function virtualization: Challenges and opportunities for innovations. IEEE Communications Magazine, 53(2), pp.90-97.

Haryadi, S. and Ibrahim, J., 2015, November. Security requirements planning to anticipate the traffic flooding on the backbone network. In Wireless and Telematics (ICWT), 2015 1st International Conference on (pp. 1-4). IEEE.  

Hausken, K. and Zhuang, J., 2015. Imperfect screening, 58, 69 Independent system operator, 81, 84 Information value theory, 166 Infrastructure planning, 221. Game Theoretic Analysis of Congestion, Safety and Security, 87, p.309.

Khouzani, M.H.R., Malacaria, P., Hankin, C., Fielder, A. and Smeraldi, F., 2016, September. Efficient numerical frameworks for multi-objective cyber security planning. In European Symposium on Research in Computer Security (pp. 179-197). Springer, Cham.

Kizza, J.M., 2017. Guide to computer network security. Springer.

Knapp, E.D. and Langill, J.T., 2014. Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress.

Li, Z., Shen, W., Xu, J. and Lev, B., 2015. Bilevel and multi-objective dynamic construction site layout and security planning. Automation in Construction, 57, pp.1-16.

Lincke, S., 2015. Designing Information Security. In Security Planning (pp. 115-133). Springer, Cham.

Liu, J., Cheng, H., Tian, Y., Zeng, P. and Yao, L., 2018. Multi-objective bi-level planning of active distribution networks considering network transfer capability and dispersed energy storage systems. Journal of Renewable and Sustainable Energy, 10(1), p.015501.

Ma, H., Lv, G. and Wu, C., 2018. Campus Network Planning and Design. Journal of Computer Hardware Engineering, 1(1).

Missanga, J., Msuya, S. and Mtenga, D., 2017. Network of Actors in Agricultural Improvement for Food Security and Associated Local Planning in Most Vulnerable Areas to Climate Change in Central Tanzania; A case of Chololo Village in Dodoma Municipality. Imperial Journal of Interdisciplinary Research, 3(11).

Mohtashami, S., Pudjianto, D. and Strbac, G., 2017. Strategic distribution network planning with smart grid technologies. IEEE Transactions on Smart Grid, 8(6), pp.2656-2664.

Moreira, A., Street, A. and Arroyo, J.M., 2015. An adjustable robust optimization approach for contingency-constrained transmission expansion planning. IEEE Transactions on Power Systems, 30(4), pp.2013-2022.

Nikolopoulou, M., Martin, K. and Dalton, B., 2016. Shaping pedestrian movement through playful interventions in security planning: what do field surveys suggest?. Journal of Urban Design, 21(1), pp.84-104.

Riabov, A., Sohrabi, S., Udrea, O. and Hassanzadeh, O., 2016. Efficient high quality plan exploration for network security. In International Scheduling and Planning Applications woRKshop (SPARK).

Sekhavatmanesh, H. and Cherkaoui, R., 2017. Optimal Infrastructure Planning of Active Distribution Networks Complying with Service Restoration Requirements. IEEE Transactions on Smart Grid.

Shu, J., Wu, L., Zhang, L. and Han, B., 2015. Spatial power network expansion planning considering generation expansion. IEEE Transactions on Power Systems, 30(4), pp.1815-1824.

Singhal, A. and Ou, X., 2017. Security risk analysis of enterprise networks using probabilistic attack graphs. In Network Security Metrics (pp. 53-73). Springer, Cham.

Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.

Speicher, P., Steinmetz, M., Backes, M., Hoffmann, J. and Künnemann, R., 2018. Stackelberg Planning: Towards Effective Leader-Follower State Space Search.

Tabbane, S., 2014. Handbook of Mobile Radio Networks (Artech House Mobile Communications Library). Artech House, Inc..

Tsohou, A., Karyda, M., Kokolakis, S. and Kiountouzis, E., 2015. Managing the introduction of information security awareness programmes in organisations. European Journal of Information Systems, 24(1), pp.38-58.

Xing, H., Cheng, H., Zhang, Y. and Zeng, P., 2016. Active distribution network expansion planning integrating dispersed energy storage systems. IET Generation, Transmission & Distribution, 10(3), pp.638-644.

Xing, H., Fu, Y. and Cheng, H., 2017. Active Distribution Network Expansion Planning Integrating Practical Operation Constraints. Electric Power Components and Systems, 45(16), pp.1795-1805.

Yang, N., Wang, L., Geraci, G., Elkashlan, M., Yuan, J. and Di Renzo, M., 2015. Safeguarding 5G wireless communication networks using physical layer security. IEEE Communications Magazine, 53(4), pp.20-27.