Access Control and Network security Case Study

Question: Discuss about a Case Study for Access Control and Network security? Answer: Administrative network for any system stores several information regarding the business. In regard to the university administrative network it stores several information such as record of the employees, Record of Department Heads, Administrative computing records, information regarding internal audits, details of information security officers and record of any important system changes that happened recently (Abadie 2012). While considering a whole university system there might be several tables available. For example, university may maintain a dedicated table for their stuffs; they can maintain a table for the results of students and more. Data types are exemplified with the help of tables given below. Employee Name Date of Joining Salary Resume Picture Data type: Varchar Data type: Date Data type: Number Data type: BLOB Data type: BLOB Above is an example of a table that university administrative system stores within their network. Like explained for the name of the employee data type will be Varchar (20), for the image of the employee data type will be BLOB. Access control methods that are used for the administrative systems are public, sensitive, private and confidential. As the case is relating to a scenario, where I am a security manager of a company and I would have to come up with the solution for employees neglecting their security codes and passwords (Davidson 2012). To make the workers understand the necessity of using password the company should arrange a campaign or training session for some days. Again, some meeting sessions could be arranged to resolve the issue regarding the negligence of employees to using their passwords. Lastly, several policies could be developed to make the employees understand the necessity of using passwords. According to the questions, these concerns regarding the invasion of privacy by using biometrics are somehow justified, because we cannot trust all the vendors. Reputed vendors do store the inner structure of a humans eye to an internal chip of the device but we cant be assure about upcoming vendors who are coming up with such technologies. Another good example would be fingerprint scanner in Smartphone (Knapp et al. 2014). According to every vendor that uses a fingerprint scanner in their Smartphone, they store the scanned structure of the fingers inside the phone only through a chip, but we cannot trust some of the Chinese vendors that are recently coming up with such technologies. So one way or other it depends on the vendor or the manufacturer that uses the technology. As mentioned in the question the company is trying to settle a contract which involves working with the government, company should take necessary steps to make its employees understand that how much important it is to properly secure their accounts. If the employees does not properly secure their accounts then information can be hacked or an intruder from inside the system can access to the sensitive content (Liu 2014). Regarding the government contract that company is working for, it is very much necessary to maintain the privacy regarding the work. Network Security Perimeter Security Compiling an Infrastructure List According to the case study given in the question, there are 10 servers in the organization such as Web server, Mail server, FTP server, Real-time Communication server, Application server, Collaboration server, Telnet server, Open Source server and more. Functions of each servers are given below. Mail server: Mail server moves and store all the mails over the corporate networks. Web server: Web server helps to provide static content to a web browser. Application server: Fetches the real-time information required form the database servers to the end users. Communication server: Use to exchange information between the users present within the system. FTP server: Transfer files from server to client browser. Each server depend on their functionalities applies different level of security. There are four workstations present altogether. All the workstations are running UNIX operating system (Zhou 2012). Workstations are connected via wireless networks. As the company have several branches it uses Gateways for regulating network traffic between several networks. The company uses dissimilar network for every department so Gateways are used. Firewall at hardware level is implemented to regulate the network traffic. Through the firewall implementation, also the threats from the other networks are prevented. Other than Gateways, networking devices such as modems, bridges are used to maintain the networking data traffic. Network traffic allocation table TCP Port Number Service Yes No 20 FTP (Data Channel) YES 21 FTP (Control Channel) YES 23 Telnet YES 25 SMTP (simple mail transfer protocol) YES 49 Login Host Protocol YES 80 HTTP (WWW) YES 110 POP3 ( Post Office Protocol Version 3) YES 119 NNTP (Network News Transfer Protocol) NO 137,138,139 NETBIOS name, NETBIOS, NETBIOS session NO 143 IMAP(Internet Message Access Protocol) YES 389 LDAP(Lightweight Directory Access Protocol) NO 443 SSL (Security socket Layer) NO 636 LDAPS(Lightweight Directory Access Protocol over TLS/SSL) NO Firewall Design According to the given case scenario, it is recommended that management implements firewall protection at different levels. For the administrative office, firewall at network level should be implemented. For the Students lab computer application layer firewall would be fine. For the e-mail servers firewall at proxy level should be implemented. Creation of a corporate connection There are several network security topologies present there such as Network Address Translation, Virtual Local Area Network, Tunneling and more (Iovation et al. 2015). Keeping in mind of the given scenario the company should choose the security topology wisely that the wholesaler cannot access the private information of the company but also can maintain a mutual access to keep the business running. So in this case Screened host Gateway topology should be used. References: Abadie, A., Diamond, A. and Hainmueller, J., 2012. Synthetic control methods for comparative case studies: Estimating the effect of Californias tobacco control program.Journal of the American Statistical Association. Davidson, J., 2012.An introduction to TCP/IP. Springer Science Business Media. Edwards, J. and Bramante, R., 2015.Networking self-teaching guide: OSI, TCP/IP, LANs, MANs, WANs, implementation, management, and maintenance. John Wiley Sons. Knapp, E.D. and Langill, J.T., 2014.Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress. Liu, J., Xiao, Y. and Chen, C.P., 2012, June. Authentication and access control in the internet of things. In2012 32nd International Conference on Distributed Computing Systems Workshops(pp. 588-592). IEEE. Pierson, G. and DeHaan, J., Iovation, Inc., 2015.Network security and fraud detection system and method. U.S. Patent 9,203,837. Schneider, D., 2012. The state of network security.Network Security,2012(2), pp.14-20. Yang, K., Jia, X., Ren, K., Zhang, B. and Xie, R., 2013. DAC-MACS: effective data access control for multiauthority cloud storage systems.Information Forensics and Security, IEEE Transactions on,8(11), pp.1790-1801. Zhou, H., Wu, C., Jiang, M., Zhou, B., Gao, W., Pan, T. and Huang, M., 2015. Evolving defense mechanism for future network security.Communications Magazine, IEEE,53(4), pp.45-51.