Upload
preston-kelley
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
Secure Wired Local Area Network(LAN)
By Sentuya Francis Derrick
ID 08051602Module code:CT3P50N
BSc Computer Networking
London Metropolitan University03/02/12
Supervisor: Dr. Shahram Salekzamankhani
LAN : A group of computers and devices interconnected together in a limited geographical area such as computer laboratory, etc to enable the sharing of resources like printers, files, amongst users .
LAN security provides confidentiality, data Integrity, and availability to network users. (Protection: information, systems, hardware that store, and transmit information.)
OSI Model is used as a basis for a systematic approach to secure LAN Vulnerabilities.
A Virtual topology is used to show how to have a secured wired LAN solution.
Introduction
LAN Security? Network security solutions started coming up as the early 1960 but didn’t have a
big impact not until the 2000s. Last 13 years measures to mitigate LAN security threats and cryptography security
technology(encryption and hashing mechanisms) been developed.
Categories of Network threats
Reconnaissance attacks Packet sniffers, Ping sweeps, Port Scans, Internet information queries,
Denial-of-service Ping of Death, Smurf Attack, TCP SYN Flood attack Worm. Virus, Trojan horse,
Project background
Access attacks Man-in-the-middle, Buffer overflow, Port Redirection, Password attacks, Trust exploitation
Other categories that exploit LAN switches vulnerabilities. MAC address spoofing, Spanning Tree Protocol manipulation attack, MAC address table overflows, LAN storms, VLAN attacks,
Cont: Project background
Aims
1: To investigate which OSI model layer is most vulnerable to attacks.
2: To investigate, analyse the available tools and methods to secure a wired LAN.
Objectives To secure the physical layer devices i.e. Routers, Switches, PCs, servers, etc.
To secure layer 2 protocols i.e. Ethernet/IEEE 802.3, token ring / IEEE 802.5.
To secure the addressing structure and routing protocols at the network layer.
To have a secure and reliable transport mechanism between two communicating devices.
To provide a secure way for applications to translate data formats, encrypt and decryption of the data using authentication methods, SSH, passwords, encryption etc.
Aims and objectives
Cont: Objectives
To provide a secure platform for users to interact with applications by securing application layer protocols such as HTTP, FTP, TELNET, FTP-DATA.
To prevent un-trusted traffic to access the network resources. To provide a cost effective but efficient and reliable LAN.
Personal and Academic objectives
To learn how to secure LAN. To learn to organise my time meaningfully to meet deadlines. To learn research technique and writing well-structured report. To improve my presentation skills, confidence ,and prepare for a career in
Computer and Network Security.
Aims and objectives
Scenario: Secured LAN Topology
Developments
End users
Host- Based Intrusion Detection Systems(London Met labs)
Cisco catalyst Switches Message of the day / login Banner Port level Port Security BPDU Guard Storm Control Root Guard High Availability with Hot Standby Routing Protocol
(HSRP) VLANs VLAN Trunk Security Root Bridge Spanning Tree Protocol feature – PortFast
Cont: Developments
Cisco Router security
Password requirement (router access). Secure remote routers access . Secure unused router network services & interfaces.
Authentication, Authorization, Accounting protocol. Syslog server – LAN activities.IPS software firewall.Secure EIGRP routing protocol authentication
Secure router IOS imageAccess ListsNetwork Address Translation/PAT
Analysis
Inspection rule/Audit-trail process
CBAC rule
Secure DHCP server: DHCP Snooping , Dynamic ARP inspection, IP source
guard
Cont: Analysis
Public users access internal web server
Public denied access to private VLAN 2, and 3 subnets
Cont: Analysis
Inter- VLAN routing :
VLAN 2 accesses VLAN 3 & DMZ VLAN 3 accesses VLAN 2 & DMZ
Cont: Analysis
ISP/WEB server pings successfully the Company DMZ Web server
NAT Transactions
Cont: Analysis
In-line IPS software firewall inspection Syslog server activity
Cont: Analysis
Secure line VTY: SSH Vlan 2 & 3 access internet
London Met Cisco laboratory enabled me achieve a secured environment of the physical layer devices.
layer 2 is the LAN’s most vulnerable layer
Secured layer 2 to 7 of the OSI model layers.
Secured the private network from receiving un-trusted traffic from public network/internet .
LANs redundancy, reliability and cost effectiveness achieved by;
Implement Network Security Policies & employ Network Security Professionals.
Skills learnt: LAN security threats,& mitigation technology , Time management, report writing , information research and presentation skills.
Conclusion
QUESTIONS ARE WELLCOME
THE END