Lab Report Network Assessment and Defense Training Manual (Lab Report Sample)

Network Assessment and Defense Training Manual
Name
Course Details
Instructor
Date
Network Assessment and Defense Training Manual
Executive Overview
As a way of advancing NSSD company strategic goals and objectives, this training manual provides network security guidelines to be adopted by all the company’s stakeholders in protecting the code and software development process, as well as sensitive client information from internal and external breaches. The main purpose of the training manual is to provide IT personnel with the required network security tools, software and methods that can be implemented in the IT system of the company to prevent or mitigate any network security threats that may occur. This comes as a counteractive measure to the most recent network security breach that led to the possible loss of private information of the company and its clients. This training manual is a security policy update and it is seen as a means of strengthening the network security system to prevent and mitigate future security breaches in the event that they occur. The manual shall provide some of the recommended network defense, mitigation and incidence response methods and strategies.
The role and objective of the network defense methods and strategies is to develop and implement a defense mechanism that will secure the company’s network and IT systems from anomalous activities. The defense mechanisms are meant to seal all the security loop holes and vulnerabilities that exist within the company’s network and IT systems, which unauthorized personnel or a hacker can use to gain unauthorized access to the system and cause damage CITATION Kum15 \l 1033 (Kumar & Kaliti, 2015). The defense mechanism is more of a preventive approach of dealing with the security threats within the company. Basically, these methods and strategies are a way of protecting the company’s network and IT system from all possible interferences, whether internally or externally.
The role and objectives of mitigation methods and strategies is to initiate various procedures and tools to address the occurrence of a given security breach or attack. These methods and strategies define various software, tools and procedures to be implemented to handle a given security attack that has breached the network defense system and either interfered with or caused damage to the company’s sensitive data and codes. The main purpose of the mitigation methods and strategies is to prevent a wide scale impact of a security attack that has breached the defense system and to provide various tools that can be implemented to recover from such attacks.
The role of incidence response methods and strategies is to provide various actions and procedures that should to be carried out and followed by the IT personnel in responding to a particular security attack. They include various tools and programs that need to be initiated immediately after the occurrence of a particular security breach so as to limit its scale of impact and mitigate it accordingly. The main purpose of the incidence response strategies is to position the company in a place that will enable it to handle the security breach and recover from any hazards that might have been caused by that breach.
Training Manual
* Traffic Analysis
In traffic analysis, the strategy recommended for analyzing and identifying various network security threats is the use of packet capturing tools. Packet capturing tools monitor the network 24/7 by providing statistical information about protocols and node usage within a given network. Packet capturing tools help show the packets that have been blocked or forwarded, and then characterize these packets based on patterns of malicious activities CITATION Sci16 \l 1033 (ScienceDirect, 2016). Statistical information from packet capturing tools such as packet sniffers can be analyzed and interpreted accordingly to identify individual packets that are malicious or potential threats to the network security system.
fig1. Screenshot from flowmon packet capturing tools
In case malicious packets or traffic anomalies are identified by the packet capturing tool, the IT personnel are required to shut down the flow of traffic containing malicious packages. The traffic anomalies in the packet capturing tools are characterized based on their priorities (high, medium, low and legitimate traffic). All network processes containing high priority traffic anomalies should be blocked by the network administrators of the company to prevent any security breach. In the event of a security breach the traffic logs with high priority anomalies should be analyzed to identify the origin of the attack.
* Firewalls
The company will use Cisco ASA 5505 for the firewall configuration. The IT personnel should configure the firewall to block all traffic by default and only allow specific traffic to services that are known. For access rule configurations, a layer 4 firewall that specifies the source, destination and destination port of an IP address should be used CITATION Flo17 \l 1033 (Flowmon, 2017). This will only allow traffic for known network services and operations of the company. The figure below shows the Cisco ASA 5505 firewall security configuration.
fig2. Screenshot from Cisco Networks
The network should be segmented based on the various operational functions of the network, such that the resources of the company should be allocated a separate network segment from the resources specific to the consumers. Similarly, the segmentation should be configured such that the internal network structure will not be visible from outside. This will limit the attacker from breaching the internal network framework of the company. It is also recommended that a visitor’s access to the company’s network should be limited by implementing VLANs to segment or segregate the network. Therefore, a combination of firewalls and Virtual Local Area Network (VLAN) should be implemented in the network system of the company to prevent security attacks.
* Intrusion Detection System.
The company is required to fine tune the network intrusion detection system (IDS) when it is first installed by configuring it to ensure that it recognizes what legitimate traffic looks like in the network in comparison to potential malicious activities. This configuration is particularly important in preventing false positive alarms by the IDS CITATION Rou18 \l 1033 (Rouse, 2018). Once the IDS is properly oriented with the network structure of the company, it can then be configured to provide accurate blacklisting and whitelisting services. Potential malicious activities in the network are blacklisted while the legitimate network is whitelisted by the IDS. The IDS system detects known events and generates a log message with details of event.
It is recommended that an IDS system should be implemented together with an intrusion prevention system (IPS) so that it can execute responses to active attacks. IPS will have the ability to stop any malicious traffic from getting into the network by blocking all potential threats. The IT personnel need to configure the IDS and IPS systems such that they can monitor, log, block and report all potential malicious activities without the involvement of a system administrator CITATION Sci16 \l 1033 (ScienceDirect, 2016). We shall use the Cisco IPS Manager for IDS configuration as shown below.
Fig3. Cisco IME showing a recently added 4345 IPS
* Vulnerability Assessment.
Vulnerability assessment of the network system will be conducted by port and device scanning, as well as penetration testing and detection techniques. A port scanner will be used to probe the network server for open ports. Port scanning will be automated within the network security system such that all open ports will be visible to the administrators at all times, as shown in the image below.
fig4. Screenshot from Nmap guide manual
The system administrator is obligated to close all open ports within the system to prevent attackers from exploiting this vulnerability to cause harm to the system. Similarly, all devices inserted in the network such as end user computers and flash disk should be properly scanned for any malwares that may harm the system. To id...