COMP2003 Securing Networks

Task 2: Network Monitoring

Devices to be monitored

According to the provided network design, various kinds of vulnerable network devices are available in the network including servers and workstations. All the servers of the organization are placed in the internal network, Adelaide network, and DMZ network. By performing a data breach, a cybercriminal steals lots of confidential files as well as a copy of user credentials from the serves of the organization. Therefore, the organization needs to develop a network monitoring strategy to continuously monitor its network.

The network infrastructure of the organization comprised by the organization is CentOS server, OpenSUSE server, DHCP server, File Server, SMTP server, Web server, and DNS server. All of these servers are needed to be monitored to ensure a high level of security of the network as these devices are the main target by the cybercriminals because all of these devices comprise various kinds of sensitive information (Chahal, Kharb and Choudhary 2019). It is also important to continuously monitor the routers of both the Remote Net office and the main office. Aside from that, both routers must be monitored and guarded using a firewall, and traffic must be controlled within the network. Without a proper network monitoring strategy, there is a possibility of data breach again so all the servers that comprised sensitive information are needed to be monitored.

Reasons behind device monitoring

The network infrastructure of the organization comprises different kinds of networking comprises. All these devices play an important to connect the network to the internet. In order to secure all these networking devices, network monitoring is very important. The continual study of a network to discover and solve any performance faults is known as network monitoring (Singh and Kumar 2018). Network monitoring entails gathering network information in order to assess the network's service quality. It is important for the organization to monitor the network software and hardware equipment on a regular basis. Network monitoring aids in pinpointing the precise location of a network problem or demonstrating that the network has no issue. Continuous monitoring can aid in the detection of possible problems before they arise. It implies the organization to address problems ahead of time before they reach the users. Through network monitoring, the organization can detect and fix network delay before it has an impact on company operations. Early detection of such problems can salvage your company's reputation.

Through device monitoring, the organization is able to detect and prevent failures before they occur. Device monitoring systems are also responsible to control the technology utilized by the organization including operating system and applications, network and communications, and hardware to analyze their performances and operations as well as to detect possible security issues.

The key reasons behind device monitoring are provided below:

• It significantly enhances the utilization of hardware components of the organizations by its good control.
• It prevents security issues by detecting the possibility of a security issue which significantly saves time as well as money.
• Sometimes, a network comprises some misconfigured devices that become a major threat to the organization. A single erroneous update may compromise company perimeter security, raise red flags during regulatory audits, and even trigger costly disruptions that can put the company to a halt (Magán-Carrión et al.2020). For an instance, an improperly configured firewall can provide easy access to the whole network to the cybercriminal. In these cases, network monitoring plays an important role by alerting the possible issues associated with these devices.
• The majority of the login to the networking devices are legitimate, but some are not. The company is exposed to intruders attempting to hack their way into your network if you are unable to identify strange login attempts quickly enough. In such cases, the network monitoring tool audits the log on to networking devices and allows only privileged users to access these devices.
• Before performing an attack, cybercriminals always scan the network to get an idea regarding the network structure and behavior. Then, on the basis of network scanning, cybercriminal launches an attack (Colace et al.2021). In order to prevent this kind of network scanning, the organization needs to implement a network monitoring tool that proactively defends the network against different kinds of threats.
• By using network monitoring, the organization is able to easily identify the specific problem and its associated devices. Without a network monitoring tool, the network administrator of the organization needs to thoroughly monitor each device of the network to identify the issue that is very easily managed with the network monitoring tool.

The proposed system for monitoring network

Currently, several network monitoring software’s are available on the internet that can be utilized to monitor the devices of the network. A proper network monitoring tool is needed to select for the organizations because a single minute of downtime can cause significant loss to the organization. Network device monitoring is necessary to guarantee the network performance, security of the network, and maximize efficiency (Guan and Shen 2019). Proactive network device monitoring guarantees that an organization's IT expenditure gets the most bang for its buck. For the given network, a proper network monitoring tool is needed to be implemented that can protect both the resources and data of the server against different types of malicious activities.

In order to protect all the networking components of the organization, the most effective tool is OPManager which is a simple as well as robust networking monitoring tool. This tool supports more than 200 virtual and physical device types including servers, firewalls, switches, and routers, and provides end-to-end monitoring to the different KPI metrics. The organization can customize the monitoring tool as per their requirement. It comprises different kinds of in-built toolsets that can also be utilized for network monitoring all the devices available in the network. This tool also provides real-time visualization of the networking devices that can assist the organization to understand how a device bottleneck or device security issue provides an impacts the whole network (Abushagur et al. 2019). With multi-level cutoff point alerting features, OpManager enables complete, end-to-end networking component fault monitoring that allows the company to proactively discover faults in the network devices. Therefore, this network monitoring tool will significantly enhance the security of the organization by providing a continuous monitoring facility as well as will also proactively notify the faults of networking devices.

Task 3: Network vulnerability scanning

History of OpenVAS

OpenVAS is an open-source full-featured network vulnerability scanner that allows people to identify the vulnerability of a system, device, or even a whole network infrastructure. This tool is introduced by the Greenbone Vulnerability Manager in 2009 as a security framework for various kinds of tools and services (Xia, Liu and Yu 2020). This specific tool comprises powerful internal programming language, low and high-level industrial and internet protocols, authenticated and unauthenticated testing, and it is tuned for large-scale scanning.  The vulnerability scanner has a collection of over 53 thousand test plugins that may be used to test a system for security flaws. It also permits the pen testers or attackers to get unauthorized access to a network by exploiting vulnerabilities identified by the OpenVAS. It is mainly developed by following the client-server architecture (Wang et al. 2020). By configuring the target on the OpenVAS scanner, a user is able to scan a network. After the completion of the analysis, this tool generates a report that comprises detailed information on each identified vulnerability. Hence, by scanning the network through the OpenVAS, an organization is able to identify the potential vulnerabilities of the network as well as get the idea to fix them.

OpenVAS vulnerability details

In this section of the report, a vulnerability scan has been performed by using the OpenVAS vulnerability scanner. Here, OpenSUSE and Cent OS operating has been as target machine to identify the vulnerability of these two web servers.

At first, the OpenSUSE web server has been installed on the machine and then OpenVAS has been opened to configure the target and launch the vulnerability analysis.

In the above figure, the configuration of the target is shown. Here, the name of the target and the IP address of the target has been configured. From the above figure, it has been clear that the IP address of the OpenSUSE machine is 192.168.11.131.  

After the configuration of the target, a new task has been created to launch the vulnerability analysis. In the above figure, the details of the new task have been shown.

From the vulnerability scan, OpenVAS did not identify a single vulnerability from the OpenSUSE machine. The below figure illustrates the scan result of the OpenVAS:

Therefore, there is no vulnerability in the OpenSUSE machine. Then, the Cent OS server has been scanned by using the OpenVAS vulnerability scanner to identify the vulnerability of this webserver.

In the above figure, the configuration of the target for scanning the Cent OS is shown. Here, the name and IP address of the target has been configured. From the above figure, it has been clear that the IP address of the OpenSUSE machine is 192.168.11.130.  

After the configuration of the target, a new task has been created to launch the vulnerability analysis in the Cent OS web server. In the above figure, the details of the new task have been shown.

From the OpenVAS scan on the cent OS web server, 1 medium level and 1 low-level vulnerability have been identified. The details of this vulnerability are shown in the below figure:

In the above figure, the graphical representation of the identified vulnerabilities has been shown. It comprises tasks based on the task's intensity and status. The Greenbone Security Assistant helps to visualize the detected vulnerabilities so users can better comprehend them.

Vulnerability 1: SSH Weak encryption algorithm

The above figure illustrates that the cent OS server is vulnerable due to SSH's weak encryption algorithm that can permit the remote attacker to compromise the ssh server through encryption algorithms. The vulnerability exists due to the utilization of ‘arcfour’ cipher which is a weak algorithm and should not be used anymore. Along with the details of identified vulnerabilities, the OpenVAS tool also provides a mitigation plan for each identified vulnerability. Here, the tool suggests disabling the weak encryption algorithm to mitigate this vulnerability.

Vulnerability 2: TCP timestamps

In the CentOS server, the tool also detects a low-level vulnerability which is known as TCP timestamp vulnerability. Due to this vulnerability, the uptime of the remote host can be computed that is not a major flaw but sometimes it can create an issue for the webserver. The affected software due to this vulnerability is RFC1323. As CentOS is Linux-based, the organization needs to disable the TCP timestamp by modifying some source code.

Determining attack vector

According to the findings of the OpenVAS investigation, CentOS is exposed to a variety of security threats. The CentOS web server's SSH port is open, which broadens the attack surface and raises the risk of a data breach. As a result, CentOS is primarily prone to SSH security problems. An attacker can acquire remote access to sensitive information by exploiting this type of vulnerability (Aksu, Altuncu and Bicakci 2019). While TCP timestamp is another dangerous vulnerability for this web server. The organization needs to mitigate all the vulnerabilities of the CentOS server to ensure a high level of security of the network.

Conclusion

In this report, three separate tasks have been performed regarding the security of a network. In the first task, a suitable network encryption architecture has been developed for the provided network, and justification for selecting the encryption architecture also has been provided. While the second task is based on the network monitoring techniques where various different types of device monitoring techniques have been recommended to monitor the components of the network. In the third task, a network vulnerability analysis has been performed by using the OpenVAS tool on different web servers. Therefore, after completing this coursework, it can be said that cybersecurity, network encryption, monitoring, and vulnerability play an important role in securing an organization's network.  

References

Abushagur, A.A., Chin, T.S., Kaspin, R., Omar, N. and Samsudin, A.T., 2019, October. Hybrid software-defined network monitoring. In International Conference on Internet and Distributed Computing Systems (pp. 234-247). Springer, Cham.

Aksu, M.U., Altuncu, E. and Bicakci, K., 2019, March. A first look at the usability of openvas vulnerability scanner. In Workshop on usable security (USEC).

Chahal, D., Kharb, L. and Choudhary, D., 2019. Performance analytics of network monitoring tools. Int. J. Innov. Technol. Explor. Eng.(IJITEE), 8(8).

Colace, F., Khan, M., Lombardi, M. and Santaniello, D., 2021. A multigraph approach for supporting computer network monitoring systems. In Proceedings of Fifth International Congress on Information and Communication Technology (pp. 470-477). Springer, Singapore.

Guan, B. and Shen, S.H., 2019, September. FlowSpy: An efficient network monitoring framework using P4 in software-defined networks. In 2019 IEEE 90th Vehicular Technology Conference (VTC2019-Fall) (pp. 1-5). IEEE.

Magán-Carrión, R., Camacho, J., Maciá-Fernández, G. and Ruíz-Zafra, Á., 2020. Multivariate Statistical Network Monitoring–Sensor: An effective tool for real-time monitoring and anomaly detection in complex networks and systems. International Journal of Distributed Sensor Networks, 16(5), p.1550147720921309.

Mijumbi, R., Asthana, A., Koivunen, M., Haiyong, F. and Zhu, Q., 2021. Design, implementation, and evaluation of learning algorithms for dynamic real?time network monitoring. International Journal of Network Management, 31(4), p.e2108.

Rahalkar, S., 2019. Openvas. In Quick Start Guide to Penetration Testing (pp. 47-71). Apress, Berkeley, CA.

Singh, R. and Kumar, S., 2018, December. A comparative study of various wireless network monitoring tools. In 2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC) (pp. 379-384). IEEE.

Wang, Y., Bai, Y., Li, L., Chen, X. and Chen, A., 2020, June. Design of network vulnerability scanning system based on NVTs. In 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC) (pp. 1774-1777). IEEE.

Xia, Y., Liu, C. and Yu, K., 2020, February. Design and Implementation of Vulnerability Scanning Tools for Intelligent Substation Industrial Control System Based on Openvas. In IOP Conference Series: Earth and Environmental Science (Vol. 440, No. 4, p. 042031). IOP Publishing.

Are you seeking reliable essay help from academic experts in the UK? At Myassignmenthelp.co.uk, we have searched high and low to recruit the top paper writers in the UK who can provide you with the best assignment help. Most of these professionals have completed their PhDs from top universities in the UK. Therefore, they’re the best at resolving every "Who can do my assignment for me?" query.

These professionals undergo intense training to provide coursework help services within strict deadlines. Hence, you don’t have to waste precious seconds wondering, “Can your experts write my assignment within the deadline?" Instead, rest assured that our experts will consistently deliver top-quality work within the due date.