Network Security Fundamentals

Introduction:

This assignment consists of two parts. Part 1 relates to the improvement of the network security posture of an organisation and is worth 25 marks. This part will mainly test your knowledge that you will gain during the lectures and study materials that are available through Blackboard.

Part 2 of the assignment is worth 15 marks and will test your hands-on experience on the use of cyber- security tools such as ‘Nmap' (Network Mapper) and ‘Wireshark'. You are encouraged to use a Virtual Machine, preferably ‘Kali Linux', and start looking for various resources for information on the use and deployment of these tools. You are also encouraged to make maximum use of the ‘Lynda Campus' resource freely accessible on the Student Portal to get you started on both parts. Also, you should start coming to grips with the use of Virtual Machine software such as ‘VMWare' and how to open a ‘Kali Linux' machine within a VM from the first week of the semester. It is also worth mentioning that the final exam is designed to test your knowledge and skills developed through this course, of which, the major assignment is an integral part.

Part 1 (Network Design):

‘Lucent Pharma' is a pharmaceutical firm based in Perth and has two offices in two different suburbs. The firm's current network topology was deployed in haste and as such does not have any effective security control. The CEO of the firm has started feeling the concerns around the cyber security of its network, as Lucent Pharma's business is flourishing, and competitors are also becoming more and more active in the region. The current network topology of Lucent Pharma is given in Figure 1.

Requirement:

As a network security consultant, you are required to:
1. Analyse the current network topology implemented at ‘Lucent Pharma' and identify five major vulnerabilities that exist in the network. You are also required to provide sound reasoning behind these identified vulnerabilities.

2. Place the following security devices/controls, bearing in mind that these devices do not compromise either the network performance or the security of the network:
a. Firewall
b. IDS/IPS
c. Honeypot
d. Routers/Switches
e. Other devices that may add value to the ‘Lucent Pharma' network

3. Explain/Justify why these devices were placed in the chosen locations in (2)? (5 marks for 2 and 3)

4. Does the Lucent Pharma network require segregation into multiple domains (i.e. requirement of VLANs)? If yes, please add these additional sub-networks to your topology.

5. Create a set of firewall policies and a set of firewall rules that should be implemented by the network administrator for firewall(s) placed in the network. Policies must be sound and robust to cover the cyber-security of the entire network.

6. Create a set of IDS/IPS policies and corresponding rules that are to be implemented by the network administrator. Policies must be sound and robust to cover cyber-security of the entire network.

7. Devise ten security policies that are essential for the Lucent Pharma network. Hint: You may refer to security policies from the SANS (SysAdmin, Audit, Network, and Security) website. However, you are required to draft these policies on your own, i.e., to be written in your own words.

8. Design the ‘Proposed Secure Network Design' for the pharmaceutical firm preferably in Microsoft Visio. An image of this design must be appended to the report.

Part 2 (Hands-On):

This part is independent of Part 1 and requires you to use software tools to examine remote machines and traffic thus captured. You are required to undertake this activity preferably through a ‘Kali Linux' Virtual Machine (other VM's are also acceptable).

Requirement:

1. Use ‘Nmap' tool to scan the server scanme.nmap.org. You are cautioned not to scan any other server as this is considered unethical and unlawful. This activity is known as ‘Port Scanning', and only those servers should be scanned for which you have explicit permissions.

There might be a situation where you find that running a port scanner on the above server may cause delay especially when run from within the ECU network. In this case, you are encouraged to run the scan outside ECU's network to avoid unnecessary delays.

2. Record the above traffic using the ‘Wireshark' tool. You may use the Wireshark tool available in ‘Kali Linux', or you may install Wireshark on your base operating system. Hint: It is always better to check the interface on which your Virtual Machine is running to avoid delays.

3. Scan the server from task 1 again with varying options. You should do as a minimum the following and present the command, arguments, discussion, in a tabular format. A small description of the arguments used must also be reported:
a. Do a TCP SYN scan.
b. Enable OS detection and version detection.
c. Quick scan.
d. Scan a single port.
e. Scan a range of ports.
f. Scan all ports.

4. Report the following in tabular form:
a. Commands used to scan the target server.
b. IP address/es of the target server.
c. Ports open on the target server. Mention the name of the port and what that port is used for?
d. Is the target server running any web server? If so, name the web server in use and the port it is running on?
e. Is the web server version in use is patched? If not, what is the latest stable version of the web server is available?

5. Analyse the ‘Wireshark' capture recorded in task 2 above and answer the following:
a. The filter used to extract ‘HTTP' traffic only.
b. The filter used to exclude ‘HTTP' traffic.
c. Highlight the difference between a ‘Capture Filter' and a ‘Display Filter'.

Attachment:- Assignment.rar