Design And Implementation Of A Secure Campus Network: Research Essay.

In this assessment you need to prepare a design and implementation of a secure campus network: research proposal.

Outline of the study

The proposal in this agenda is prepared to consider secure campus network concept along with suggesting security model. The paper provides proposal for showing security considerations and the factors that should be addressed for implementing network. The proposal further addresses checklist for showing certain aspects in the discussion in order to evaluate the campus network as to provide recommendations of best practice of reducing data confidentiality issue. The primary aim of the study is to address designing and providing security mitigation practices.   

This particular proposal aims to state the process of designing and implementing a secure campus network. Primary consideration of the proposal is to convey security over a campus network as enterprise. Innovation and new technology utilization such as universal computing, enterprise mobility, cloud computing, and e-commerce (Scott-Hayward, Natarajan and Sezer 2016). However, network security is considered as essential part for campus network implementing and increasing challenge for securing network. Generally, campus network faces several vulnerabilities in addressing major issues such as network architecture vulnerabilities. The problem occurs during open area network access such as wireless access for several students, the secured network access should cover security attacks associated with network (Dacier et al. 2017). Any secured network should be able to mitigate certain attacks during teaching, learning, and research activities. Furthermore, theoretical contribution from this proposal is to provide a reference model so that campus network can be adopted or followed with robust and flexible network design.

Outline of the study is to collect data from secondary sources for studying the topic. The application of practical data is to be considered in designing secure network and implement security in terms of campus network. The outline of the research should incorporate theoretical framework for designing the security in LAN and WAN connection configuration. Moreover, the proposal should adhere to security issues and threats for mitigation. Some attack scenarios such as Denial of Services, ARP spoofing attack, and mitigation of them should be depicted in this study. In short, the study should be conducted with presenting collected information about security issues and analyzed data over security scenarios.

The security in Local Area Network and Internet is identified as primary consideration for network related issues. Evolution of networking and new technology usage in internet increased security threats in network grids. Several other threats are exercised as causing damage and committing theft. As use of internet grows in exponentially, the LAN and Ethernet network became more insecure (Kreutz, Ramos and Verissimo 2013). Network security is considered as procedure for choosing particular way to protect and keep network secure along with information considering as asset. Security and data protection objectives for any network is to maintain data integrity, assure data availability, and protect data confidentiality (Sezer et al. 2013). Considering the security objectives, the imperative way is to consider the networks for protecting the networks from threats and resolving vulnerabilities over business to achieve security.

Security considerations for campus networks

This proposal paper considers all aspects of security in terms of attacks on router, some vulnerabilities in network configuration that should be mitigated to ensure data confidentiality, and data integrity. Routers and firewalls are considered as critical part of network so that operations and network security can be ensured. Proper management of network security along with digital auditing of network devices can prevent hacking attacks on network devices such as router, and reducing internet downtime. The network threats can be decreased and aided to suspected security breach analysis.

In typical way, the threats in network are considered to be persistent for network vulnerabilities for arising into wrongly configured hardware and software (Pathan 2016). Poor network design, coherent internet technology and network weaknesses can be part of network threats. For security in networks, the network devices are considered as part of ensuring major security considerations. The routers are chosen as particular device to ensure services enabled in the network grid as default. The services are generally unnecessary and however, any attacker can get through the router boundary into the network (Porras et al. 2012). Therefore, during router configuration, the unnecessary router settings should be prevented from attackers so that it could not damage the network from information theft and network device configuration issues. In personal, government, and business critical cases, the applications became common for using internet and increasing issues over network grids.

The network related applications and services could increase security risk and threats with growing information sources to companies and government. In several other cases, the network grids became insecure from expense of network security (Marsa-Maestre et al. 2013). Organizations should consider information as asset to protect them in network designing. Enforcing proper network security practices, the government and several other individuals are at stake of losing the information asset. Security aspect is considered as protecting assets over network grids (Porras et al. 2015; Shiravi, Shiravi and Ghorbani 2012). Within configuration of LANs, personal computers, and wider networks; generally, the networks are insecure. Major e-commerce websites and internet based applications need to balance between isolated system configuration and insecure system configuration to reduce all vulnerabilities. The security breach can increase with weaknesses mentioned in following table:      

Security Weakness	Ways to exploit security weaknesses
Insecure user accounts	Generally, user accounts are insecure across the network as users may share credentials over network. Disclosing user account information and sensitive data makes the accounts insecure.
Accounts and systems with easy guessed passwords	This common problem is found as poor selection and easily guessed passwords and usernames (Yi, Qin and Li 2015).
Wrongly configured internet services	Over web browser, some common problem is identified in JavaScript that easily enables attacks over hostile JavaScript. The JavaScript can access to IIS, un-trusted sites, FTP, and for posing problems in terminal services.
Unsecured settings as default within network device products	Some network devices have default settings for enabling security issues (Kim and Feamster 2013).
Wrong configured network equipments	Wrongly configured equipment can increase significantly vulnerable security protocol, SNMP with community strings for opening up more security holes.

Table 1: Common configuration weaknesses for network

(Source: Dong et al. 2015, pp. 67)

The LANs and personal computers increased in numbers and internet can create several security risks. Software, Firewall devices, and hardware can enforce access control policies between two or multiple networks in security consideration (Shang et al. 2014). Technology that gave business with balance for simple outbound and security access for the internet within mostly used as web surfing and e-mail. Network security is considered as most vital component for information security so that the network security can be considered as responsible with securing information as potential asset passing through networked computers (Ali et al. 2015; Chen et al. 2013). Network security can be referred to hardware and software functions, features, operational procedures, accounting measures, network characteristics, and access controlling. Moreover, the network should consider administrative and network control policy over accessible level of hardware and software within network information.

Common network security weaknesses

The network security and configuration can be made successful for preventing data loss along with some fundamental perceptions. Firstly, secure network must consider data integrity over stored information so that correct and protected information against data issues (Bari et al. 2013). Next, securing a network is essential for ensuring data confidentiality, data integrity, and data accessibility. The ability for sharing information over network grid can be used for some people. Finally, network security can be required for maintaining information availability over necessary recipients so that some pre-determined data can be utilized in exceptions (Zaalouk et al. 2014; Ding et al. 2014). Three principles for network security can be adhered to evolve from year wise network security practices and enforcing the security practices. While network security is discussed some common terms are considered for vulnerabilities, threats, and risks. Some vulnerabilities can be considered as weaknesses in which network security devices themselves. There exists three vulnerabilities or weaknesses such as:

Technology weaknesses: Network devices and computer can have some intrinsic security weaknesses. The weaknesses include operating system weaknesses, TCP/IP protocol weaknesses, and other network equipment weaknesses.

Network Device configuration weaknesses: The network administrations or network engineers can learn about Network Device configuration weaknesses (Scott-Hayward, Natarajan and Sezer 2016). The network administrators should consider configuration weaknesses in configuring network devices with compensations. The configuration weaknesses are mentioned as following:

Configuration issues	How the weakness is exploited
Lack of written policy	As policies are not written cannot be consistently and enforced.
Politics	Political issues can be considered for making the situation difficult with implementing consistent security (Mainanwal, Gupta and Upadhayay 2015).
Lack of working community	Frequent replacement of employee and personnel can increase chance of getting erratic approach towards security issues.
Access controlling is not applied	Access control that is wrongly chosen can make the default password malfunctioning for unauthorized access to the network (Mohaien et al. 2013).
Software and hardware installation and changes do not apply to policy	Unauthorized and unprecedented access to the network topologies and unauthorized changes made to networks can create security vulnerabilities in any system.
Disaster recovery plan is not applied	Absence of disaster recovery can make the plan into a chaos and makes other panic from occurrence of attacks (Lara, Kolasani and Ramamurthy 2014).

Table 2: Common security policy weaknesses for network

(Source: Rani and Singh 2012, pp. 139)

Security policy weaknesses: Some security policy weaknesses can exist for making major issues in network grids; moreover, the network can pose security risks in case the users do not follow security policies (Ahmad et al. 2015). The common security policy weaknesses are identified as in following table:

Threat	Internal / External	Threat consequences
E-mail with virus	External origination and internal use	Threat consequence can arise as infecting system reading email and subsequently spreading through entire organization
Network virus	External	Threat consequences could enter in unprotected ports, compromising inside whole network (Nunes et al. 2014).
Web based virus	Internal browsing for external site	The threat consequences compromise over system doing for browsing over subsequently affecting on internal systems
Web server attack	External over web servers	If web servers can be compromised for, hacker could gain access for other systems into internal network (Olivier, Carlos and Florent 2015).
Denial of Service (DOS) attack	External	External services so that web, email, and ftp could become unusable; in case router is attacked for, entire network could go down.
Network user attack	Internal to anywhere	Some traditional border may exist for firewalls that cannot do anything to the attack; moreover, the internal segmentation firewalls may help to certain damage (Scott-Hayward 2015).

Table 3: Threat Identification

(Source: Mainanwal, Gupta and Upadhayay 2015, pp. 4)

Security policy weaknesses could make people eager and willing for taking advantage of threats. The personnel can continually search for new vulnerabilities and weaknesses; moreover, the threats over variety of tools, scripts, and programs for launching attack to networks (Gao et al. 2012). In this paper, the researchers can discuss over primary classes over threats to network security, the internal and external threats. Some internal threats can be major source over straining over level of security attained by the network (Hong et al. 2015). The threats can be either removed from unethical employees.

Research methodology chapter is considered as helping in defining the format of studying in appropriate approach in the research process. The research design is chosen as descriptive so that the network issues and security vulnerabilities are discussed. The formative research format is chosen for this particular study is to consider description of the network threats. The design of secure campus network is considered as another work that should be considered in the analysis and discussion part. The proposal in this consideration acquires the essentiality of the designing and implementing a secure network in the campus. The justification of selecting descriptive design is that the outcomes in this study should consider security constraints. The study is considered as completely secondary. The secondary study should be considered with researching relevant secondary articles online and studying some previous works in to the study undertaken.

Principles of network security

The research outline in the study is stated as following:

Types of Attacks: The network attack classes may be identified from passive or active monitoring of communications and the attacks are generally classified as, passive attack, active attack, distributed attack, insider attack, spoof attack, hijack attack, buffer overflow, and others. However, some attack scenarios are discussed as:

Denial of Service (DOS): The denial of service attack is identified as causing interruption of service with making main system temporarily unavailable. For instance, attackers destroy hard drives, physical infrastructure, or wasting free memory for a resource.

ARP spoofing attack: The ARP spoofing attack is known as one kind of attack where malicious actor sends false Address Resolution Protocol (ARP) message to local area network (Shiravi, Shiravi and Ghorbani 2012). This attack results into linking victim’s MAC address with IP address over computer or server in a network.

Mitigation of these attacks: The mitigation of known attack can be performed with following these mentioned steps and activities:

• To propose cost effective design for secure campus network
• To create VLANs (Virtual LAN) for security
• To implement firewall to provide both internal and external security
• To provide virtual private network for campus network design

Relevance of these stages: The research over design and implementation work is important if these stages are justified. In this part, the mitigation steps are discussed showing how these stages can be used to proceed towards more secure campus network designing and implementation.

Cost effective yet secure campus network design is considered as potential way to reduce security gaps in network architecture (Zaalouk et al. 2014). The network design should incorporate separate configurations for different purposes such as campus, staff room, classroom, and library. One firewall should be included and DMZ should be implemented to provide protection over web, DNS, and Educational ERP system servers.

VLANs creation is another way where all network sizes are acceptable. Multiple VLANs in single network is effective for reducing headache of maintaining multiple cables. VLANs make the entire network segmented and multiple broadcast domain allows traffic properly.

Implementing firewall for internal and external security can be considered as a way to block and monitor network traffic both internally and externally. The firewall can be effective for blocking certain inbound traffic with allowing certain outbound traffic and reverse way as same.

Virtual Private Network (VPN) can be used for private network to enable sending data and receiving data over shared or public network (Bari et al. 2013). VPN can be created with P2P virtual network over dedicated connections, tunneling and traffic encryption. In general campus network design, Open VPN and IPSec is implemented.          

Vulnerabilities and weaknesses of network devices

Conclusion 

This particular paper considers security weaknesses in network devices and firewall configurations. The risks arise due to connection to internet and the paper discussed about how a complete research can be conducted based on this proposal document. The paper depicted some proper manner to conduct the study with secondary literature sources and source of information. The paper has presented some facts that can lead to identify weaknesses in networks and how the weaknesses can be exploited. The paper has pinpointed some vulnerabilities, threats, and attacks with applying security configurations over network devices. These findings can be used for presenting proper security policy in the study for adhering best practices in computer security and data confidentiality. The study and research work appears to be showing that firewall can provide additional access controlling over connections and network traffic. The firewall and router can be used for offering better security and configuration settings over network grid.

Poor routing filter setting can increase issue of overall security in a network grid; exposing internal network components and devices to attackers. However, before conducting the final research work based on this proposal, the realization should be raised as security and appropriate network design configuration is important for any organization. If the network engineers follow hierarchical network design, network will be scalable, performance and security will be increased. Hierarchical network design is easier to maintain for any network engineers. Furthermore, proper budget allocation and suitable timeline consideration can provide proper planning to conduct the implementation work. Network design that is made with proper structure is appropriate way to maintain scalability, flexibility, and security for handling multiple users in single grid. Based on proposed security and risk identification, the network design and implementation should be performed for a campus network; the proposal provided best practices with identifying the risks and threats as well.

References

Dacier, M.C., Konig, H., Cwalinski, R., Kargl, F. and Dietrich, S., 2017. Security Challenges and Opportunities of Software-Defined Networking. IEEE Security & Privacy, 15(2), pp.96-100.

Sezer, S., Scott-Hayward, S., Chouhan, P.K., Fraser, B., Lake, D., Finnegan, J., Viljoen, N., Miller, M. and Rao, N., 2013. Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communications Magazine, 51(7), pp.36-43.

Pathan, A.S.K. ed., 2016. Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.

Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M. and Gu, G., 2012, August. A security enforcement kernel for OpenFlow networks. In Proceedings of the first workshop on Hot topics in software defined networks (pp. 121-126). ACM.

Access control for network security

Marsa-Maestre, I., De La Hoz, E., Gimenez-Guzman, J.M. and Lopez-Carmona, M.A., 2013. Design and evaluation of a learning environment to effectively provide network security skills. Computers & Education, 69, pp.225-236.

Porras, P.A., Cheung, S., Fong, M.W., Skinner, K. and Yegneswaran, V., 2015, February. Securing the Software Defined Network Control Layer. In NDSS.

Shiravi, H., Shiravi, A. and Ghorbani, A.A., 2012. A survey of visualization systems for network security. IEEE Transactions on visualization and computer graphics, 18(8), pp.1313-1329.

Kim, H. and Feamster, N., 2013. Improving network management with software defined networking. IEEE Communications Magazine, 51(2), pp.114-119.

Shang, W., Ding, Q., Marianantoni, A., Burke, J. and Zhang, L., 2014. Securing building management systems using named data networking. IEEE Network, 28(3), pp.50-56.

Ali, S.T., Sivaraman, V., Radford, A. and Jha, S., 2015. A survey of securing networks using software defined networking. IEEE transactions on reliability, 64(3), pp.1086-1097.

Chen, Z., Han, F., Cao, J., Jiang, X. and Chen, S., 2013. Cloud computing-based forensic analysis for collaborative network security management system. Tsinghua science and technology, 18(1), pp.40-50.

Bari, M.F., Boutaba, R., Esteves, R., Granville, L.Z., Podlesny, M., Rabbani, M.G., Zhang, Q. and Zhani, M.F., 2013. Data center network virtualization: A survey. IEEE Communications Surveys & Tutorials, 15(2), pp.909-928.

Ding, A.Y., Crowcroft, J., Tarkoma, S. and Flinck, H., 2014. Software defined networking for security enhancement in wireless mobile networks. Computer Networks, 66, pp.94-101.

Scott-Hayward, S., Natarajan, S. and Sezer, S., 2016. A survey of security in software defined networks. IEEE Communications Surveys & Tutorials, 18(1), pp.623-654.

Mohaien, A., Kune, D.F., Vasserman, E.Y., Kim, M. and Kim, Y., 2013. Secure encounter-based mobile social networks: Requirements, designs, and tradeoffs. IEEE Transactions on Dependable and Secure Computing, 10(6), pp.380-393.

Lara, A., Kolasani, A. and Ramamurthy, B., 2014. Network innovation using openflow: A survey. IEEE communications surveys & tutorials, 16(1), pp.493-512.

Ahmad, I., Namal, S., Ylianttila, M. and Gurtov, A., 2015. Security in software defined networks: A survey. IEEE Communications Surveys & Tutorials, 17(4), pp.2317-2346.

Nunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K. and Turletti, T., 2014. A survey of software-defined networking: Past, present, and future of programmable networks. IEEE Communications Surveys & Tutorials, 16(3), pp.1617-1634.

Olivier, F., Carlos, G. and Florent, N., 2015. New security architecture for IoT network. Procedia Computer Science, 52, pp.1028-1033.

Gao, Z., Zhu, H., Li, S., Du, S. and Li, X., 2012. Security and privacy of collaborative spectrum sensing in cognitive radio networks. IEEE Wireless Communications, 19(6).

Rani, S. and Singh, V., 2012. SNORT: an open source network security tool for intrusion detection in campus network environment. International Journal of Computer Technology and Electronics Engineering, 2(1), pp.137-142.

Dong, X., Lin, H., Tan, R., Iyer, R.K. and Kalbarczyk, Z., 2015, April. Software-defined networking for smart grid resilience: Opportunities and challenges. In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security (pp. 61-68). ACM.

Kreutz, D., Ramos, F. and Verissimo, P., 2013, August. Towards secure and dependable software-defined networks. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking (pp. 55-60). ACM.

Zaalouk, A., Khondoker, R., Marx, R. and Bayarou, K., 2014, May. Orchsec: An orchestrator-based architecture for enhancing network-security using network monitoring and sdn control functions. In Network Operations and Management Symposium (NOMS), 2014 IEEE (pp. 1-9). IEEE.

Hong, S., Xu, L., Wang, H. and Gu, G., 2015, February. Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures. In NDSS.

Mainanwal, V., Gupta, M. and Upadhayay, S.K., 2015, March. A survey on wireless body area network: Security technology and its design methodology issue. In Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on (pp. 1-5). IEEE.

Scott-Hayward, S., 2015, April. Design and deployment of secure, robust, and resilient SDN Controllers. In Network Softwarization (NetSoft), 2015 1st IEEE Conference on (pp. 1-5). IEEE.

Yi, S., Qin, Z. and Li, Q., 2015, August. Security and privacy issues of fog computing: A survey. In International Conference on Wireless Algorithms, Systems, and Applications (pp. 685-695). Springer, Cham.