An IT company has their built in network and connected network infrastructure to fulfil their business needs. This will include devices like router, switches, hubs, cables, computer systems, server, firewall and so many other tools and devices. All these devices should be run to do their daily business tasks. If there is no proper security technique is used, all their network and responsible devices are always at risk and can be hacked by any intruder any time. Besides this there are also so many risks are associated with a network and connected devices. As technology grow, also preventive mechanisms are there to help a network or system administrator to ensure confidentiality, availability, integrity and reliability of a network. In this report, we are going to discussed on these types of vulnerabilities, risks and their preventive mechanisms.
Threats against network router / switches
These two devices are the main connectivity devices in any network either Ethernet or with wireless. If no proper security will be implemented both the devices are at risk and it will very harmful for the whole internal network. There are so many types of attacks that can be against these devices to gain access of the device or shut down the network. Denial of service and Syn Flood attack is one of the types of threat to these devices. These attacks are done through exploitation of TCP protocol. The attacker sends a large number of TCP SYN packet to the device with a forged IP address. This make the device insensitive to the network and other linked networking components. Every time when any device tries to begin connection with these devices, all their resources are fully used by the flooded packets and cause the whole network to go down or unresponsive for a long time (Cisco Certified Expert, 2019).
A study done by ACI, says that about 80 percent of routers and other devices are vulnerable to cyber attacks. All the main service components are directly connected to these devices such as servers, end user devices, data base etc. In their research, they found that so many devices in this class are always has security issues or no update on their firmware, that create a security vulnerability. They rank this vulnerability as low, medium, high and critical. Besides this, Brute force attacks is also a commanding and generally used attack type to take unauthorized access of the devices. In this attack, the in hacker uses some computerized tools like dictionary attack, to generate random pass phrases. Then try these pass phrases to gain access to the devices. They could damage our device or network or steal any confidential information reside in our network. To protect from this type of risks, there are so many tools and techniques available that should be used to secure these devices and connected network.
Network security devices
The Intrusion prevention and detection system and firewalls are the two security systems that are most usually used in controlling security and control threats in to an email and web servers (Blog.netwrix.com, 2019).
IPS/IDS – Intrusion prevention and detection system is a hardware security device that installed with the router or switch to detect and prevent threats and attacks in a network. It scans the incoming packets in a network for any unidentified threat, capture them and block their access. It detects threats and make decision based on rules before forwarding packets to the destination network. This approach provide protection from single packet of threat on the very first attempt by blocking the distrusted attack packet. It performs inspection of incoming packets at wire speed. An IPS that has active response technology deliver a better level of defense by examining normal and abnormal actions and characteristics of the network and additional services.
Firewall – A firewall in the network is the first line of defense. It isolates a network from another network and only allow access of resources to the authorized connection or users that are pre-defined based on rules and policies. A firewall can be both hardware and software form and installed at the starting point of the network. a software firewall also can be installed at router. Firewall use a firewall policy to allow or deny the network traffic coming inside or outside the network. two types of firewall policies are used – whitelisting and blacklisting. The connection mentioned in the whitelist policy are always allow and others are blocked. Beside this connection in blacklisting policy are always blocked to enter into the network. There are mainly four types of firewall – proxy, stateful, packet filtering, web application firewall. These has their specific uses according to the requirement.
Availability of the web service
Windows server 2016 has many new and improved features to keep the services available all time. When a web server or IIS service is running on the windows server 2016, there are many functions to support the availability of web services in the network (Docs.microsoft.com, 2019). The new features involved –
Impact of employee on information
Any running business is always at risk with the breaches related to cyber-attacks, data loss or masquerading. Sometime an employee in the organization is the biggest cyber security risk to the business. Here are some reasons that clearly describe the risk issues related to an employee (Open Access Government, 2019).
Windows server 2016 auditing tools
Windows server 2016 has some tools to audit events that help in early detection of suspected activity in the network. Here are some auditing tools that can be used to track potential risk to the organization (Datacenter and Private Cloud Security Blog, 2019).
APIC logo image
Now we are going to use stenography tool to hide a text file which contains student names and IDs in to an image file that is provided to us (<email@example.com>, S., 2019). The preview of text file and logo image is here –
Logo image –
Student.txt file details –
Steganography steps and screenshot
The steps used in this lab exercise are here –
Steghide is being installed by running the below command from terminal –
# apt-get install steghide
To hide the text file in to logo image, we use this command. It will ask for password, we enter “student@123” as a password string –
# steghide embed -cf apic.jpg -ef student.txt (passphrase – student@123)
In this step, we are extracting the actual data from the steno file that we hide in the above steps. To do this, we use below command and enter the password that we used to hide the data.
# steghide extract -sf logo.jpg (entered passphrase – student@123)
This report has detailed description of the asked question. We have researched on the topics and got the best solution available to be used in an IT organization. Our research is related to the topics asked in the question as network security, windows server 2016 advantages, auditing tools, vulnerabilities, employees’ impact on IS security. After finding solution, we moved to the stenography technique, with Steghide tool. It is free tool; we use it on Ubuntu server for stenography. A text file, which is having details of students and their IDs, is hide behind the jpg image file named logo.jpg. Further we retrieve data from the jpg file by Steghide. Commands used in this process is describe in the report, with details and screenshots for reference.
For solution, connect with our online Professionals NOW!