For the creation of the server a network operating system is required to be selected and Microsoft Server 2012 R2 is selected for the management of the business. The windows server 2012 has new features included and it refines the previous version and is highly stable operating system. Installing the windows server 2012 R2 provides direct access and act as a replacement for the VPN networks.
It have different features like IIS, PowerShell, Direct Access, Cluster Shared volumes, Deduplication, Hyper V, NFS and SMB. The main reason for selecting Windows Server 2013 R2 is the hyper V feature of the operating system. It helps to utilize the hardware of the server and create virtual machines and utilize the resources efficiently. With the implementation of the Hyper v the server can be managed remotely using the remote desktop connection. The windows server is easy to manage and has the inbuilt firewall configuration that can be used for setting traffic rule for the inbound and the outbound data traffic.
The minimum hardware requirement for the installation of the Windows Server 2012 R2 is listed as follows:
Memory – 2 GB or more
Processor – 2 GHz or more
Disk Space – 80 GB or greater
Optical Drive – DVD Rom
Monitor – XGA (1024 x 768)
The Windows Server can be installed in titanium computer for acting as a domain controller and can be used for virtualization. Moreover there are different version for windows server version that can be selected according to the requirement of the organization. The windows server is available in 64 bit version and the 32 bit version has been discontinued and thus the hardware is required to be strong for experiencing smooth performance from the system. For connecting the server with more than one interface an NIC card is required to be connected and configured for connecting with the other interface of the network.
For the desktop operating the operating system selected is Windows because most of the it causes minimal disruption for the business. The Microsoft windows requires minimum hardware specification and have application support for installation of different software’s on the PCs. The different applications that are required to be run on the desktop is analyzed for the selection of the operating system. The other operating system available in the market are not compatible with different software programs and thus the Windows operating system is selected to be installed in the desktop computers of the organization.
The windows operating system are available in different version and the license cost for the basic version is less compared with the ultimate version. There is a requirement for selection of the up to dated version such that it have support for lifetime and increase the security of the system. Selection of the right platform is necessary for the success of the business and the requirement of training is eliminated with the selection of the Windows platform for the desktop computer because most of the employees are familiar with the windows operating system.
The windows operating system can run on a minimum hardware specification but the performance can be improved with using better hardware and the user experience can be improved. The hardware requirement for running the windows operating system in the desktop computer are listed as follows:
Processor: 1 GHz or better
RAM/ memory: 2 GB for 64 bit and 1 GB for 32 bit
Hard Disk Space: 20 GB for 64 bit version and 16 GB for 32 bit version
Graphics: Direct X 9 or other with WDDM 1.0
Display: 1024 x 600 minimum
The server will be running the following roles;
Active Directory Domain Services: It requires analysis of the requirement of the organization before the installation of the AD DS for identification of the potential errors in the system. During the installation of the active directory domain service if it is found that adprep/domainprep is required to be run for the preparation of the domain and a verification is required to be done. The verification would ensure the sufficient rights are available to the user for performing the rights.
DNS: Domain Name System is required to be configured and deployed with the Active directory domain service for making the server a domain controller. Configuring the server as the domain controller increases the availability of the system in the distributed environment. The installation of the active directory domain service ion the windows server 2012 and configuring it to the domain controller automatically configures the DNS server.
DHCP: Dynamic host configuration protocol is used for allocation of the IP address to the machines. The server if configured with DHCP it would automatically assign the range of IP address to the machines connect with it. For application of the DHCP server in the existing Active Directory Environment the DHCP fail over feature is required to be utilized for availability of the DHCP service for the clients connected with the server network.
File and Print Services: The file and share access is required to be configured for enabling the file and print service in the Windows Server. The server roles and the features is also required to be enabled and it can be configured from the computer management. The permission provided to users can be viewed from the sessions and allowed or restricted to increase the efficiency of the system.
For the preparation of a network documentation the three essential items that is required to be included are listed as follows:
Inclusion of a network topology diagram- It is required to be created with each of the segment that are connected with the router. For a large network a general map is required to be created and the individual segment are included for understanding the details of the network.
Server name, IP addresses and roles- The information of the network topology cannot be specific and thus there is a requirement to include the specific information. The list of the server name and the IP address and the role of the server is required to be included in the report. It should be noted that the server may be assigned with multiple IP address and it is also required to be included in the document.
Change log- It is important for tracking the recent changes and thus the configuration of the server is documented in the form of a log book and documentation of the changes occurring in the server. It can be useful for troubleshooting the problem in future and rebuild the server during catastrophic failure.
In the windows operating system the Error Logging events can be viewed from the Administrative tools in the control panel. The Event viewer records all the errors and it can be clicked and the Application can be selected for getting the list of the errors. The information about the error can be get from the description box.
The incorrect user login attempt can be fetched from the Local security policy editor under the Administrative tools in the desktop. The account policy option in the left is required to be expanded and account lockout policy is required to be clicked. After the configuration of the Account lockout threshold the number of invalid attempts can be seen.
The higher availability of file in the Windows Server 2012 can be configured easily with the feature continuous Availability File Windows Server. The CASF feature uses the cluster and the server message block for increasing the availability of the server files and the documents. The previous problem of high availability such as loss of data due to connection failure and downtime are overcome using the CAFS. The CAFS provides continuous access to the files and low cost storage option.
There are two types of CASF such as general purpose CASF and Scale-out CASF. The scale out file server uses the Hyper v and it requires extra hardware and software to run different application in the system. The hardware option available for high availability of the files is running implementation of datacenters for managing the data. And the software option available is configuration of virtual machines to provide data as demanded by the user. The cluster can be used for supporting multiple roles and for the configuration of the CAFS the configure role in the action pane is required to be clicked the option is required to be chosen. It supports DFS replication, encryption and the client access point is also require to be configured and the storage option is required to be selected for higher availability.
The network directory service that is used by the user to locate the service and the resources distributed in the network. The database can be used as a directory service and a customizable information store for the management of the objects and the attributes. The information store is stored in a distributed form but appears a single point and a good network should consist of the necessary information about the objects and it should not have any dependency on the physical location. The information store is also required to be accessible from different OS and should have communication standards. The Active Directory acts as a schema for the network directory and is used for maintaining a transparency between the network topology and the protocols such that the user does not have knowledge about the physical connection.
The steps involved for the installation and the configuration of a network directory service with a domain name contoso.local is given as follows:
- Click Start, point to Administrative tools, and then click Configure Your Server Wizard.
- On the Manage dropdownpage, click Add role and features.
- On the Add roles and Features Wizardpage, click on the Role-based or feature based installation.
- Click on the server roles on the left paneand a popup window would open.
- The Group Management Console and the Remote Server Administration Toolis required to be selected and the next button is required to be clicked.
- The Install option is required to be clicked and add the roles to the local server is required to be clicked
If this is the first time you have installed Active Directory on a server running Windows Server 2012 R2, click Compatibility Help for more information.
- After the completion of the installation, to promote this Server; a Domain Controller is required to be clicked and the role is required to be configured.
- On the Deployment Configurationpage, click Add a new forestand then click Next.
- On the Deployment Configurationpage, type the full DNS name (such as corp.contoso.com) for the new domain, and then click Next.
- On the Domain Controller option Page, the forest functional level is required to be selected that suits the environment.
- The NETBIOS is selected from the additional option and the domain name is required to be given and the location of the Database, Log Files and the SYSVOl folder is selected and the next option is clicked.
- On the Shared System Volumepage, type the location in which you want to install the SYSVOL folder, or click Browseto choose a location, and then click Next.
- 13. The forest functional level or the domain functional level is required to be selected depending upon the environment. The domain controller automatically checks the Global catalog and it it advertise itself as a Global catalog (GC).
These screenshots are taken from client PC; configuration is conducted with the following settings for each DNS client:
- TCP/IP settings for DNS
- Host name and domain membership
To configure DNS client settings
1. At the computer that you are configuring to use DNS, click Start, point to Control Panel, and then click Network Connections.
2. Right-click the network connection that you want to configure, and then click Properties.
3. On the General tab, click Internet Protocol (TCP/IP), and then click Properties.
4. If you want to obtain DNS server addresses from a DHCP server, click Obtain DNS server address automatically.
5. If you want to configure DNS server addresses manually, click Use the following DNS server addresses, and in Preferred DNS server and Alternate DNS server, type the Internet Protocol (IP) addresses of the preferred DNS server and alternate DNS server.
6. Click OK to exit.
It is not necessary to restart the computer at this time if you intend to change the computer's name or domain membership in the following steps.
7. In Control Panel, double-click System.
8. On the Computer Name tab, click Change.
9. In Computer name, type the name of the computer (the host name).
10. Click Domain, and then type the name of the domain you want the computer to join.
11. If Computer Name Changes appears, in User Name, type the domain name and user name of an account that is allowed to join computers to the domain, and in Password, type the password of the account. Separate the domain name and user name with a backslash (for example, domainusername).
12. Click OK to close all dialog boxes.
The two option for the performance tuning for the installation of the server are as follows:
Use of Power plan in the Windows Server- There are three power plans available in the windows that are set for meeting the business needs. The plans are balanced, high performance and power saver.
Processor performance and boost policy- Additional performance can be added in the server with the use of the boot feature present in the Intel feature. Although it increases the consumption of the energy and thus the turbo boost is required to be configured based on the power policy.
For management of the user account in the windows server 2012 the control panel is required to be opened and managing user accounts is required to be clicked. From here the user account can be added and the existing account can be modified. Only the admin can have the right to remove a user account or admin account of another user.
It is same as the normal as the operating system installed in the desktop computer of the organization.
The best practice for backup and restore is to create a backup and restore plan and the plan should be specific to store the backup files in a computer and the program is required to be selected that would be used for creation of the backup. The schedule is also required to be created for occurrence of the backup and the location to store the backup archives.
A written record is also required to be kept for all the changes occurred in the system for restoring the system closely to the last configuration.
A fault tolerance at the software and the hardware level is also required to be applied for the successfully develop the backup plan.
The backup media is required to be archived on secure location on regular basis.
For rebooting the server in case of power failure the BIOS is required to be configured and within the BIOS the AC Power Recovery is required to be turned On and the configuration is required to saved and restarted.
For getting the system help and support utilities in the windows operating system the F1 key on the keyboard can be pressed and it opens the help system for the program. The help and the support system consist of multiple part and it have a search capacity. The utility program such as the disk defragment, disk cleanup can be get from the control panel and the administrative tool option.
For the smaller network print management can be done from the window operating system. The print management can also be done from the Windows server, for it the server manager is used for installing the print service, features and the optional role service. The print related events can also be seen from the server manager from the event viewer and administer for the local server only. The print management option in the administrative tool can be used for management of the multiple printers and print servers connected in the network.
On the Windows server the task manager can be used for process and task management. The task manger lists the application and the background process running in the server and shows the resources such as the CPU, Memory, Disk and the Network consumed by it. The background process can be terminated by clicking on the process and going to the details option. From the details option the process Id can be obtained and it can be terminated. The command prompt can also be used for killing the process with the process ID with the command .
The screenshot of killing a process is given below:
The two task scheduling utilizes available for the windows operating using the task scheduler are as follows:
Creating task using the task scheduler wizard, and
View and manage the existing tasks
The power shell can be used for the network diagnostic and the two utilities are described below:
Viewing the current network configuration- the power shell can be used for viewing the current status of the network and the adapter properties. It is useful for troubleshooting network problems
Testing the network connectivity- Ping, tracert and the nslookup can be used for testing the connectivity of the network and is useful for directly scripting with the network and checking the remote connectivity.
The local user account can be managed in the server from the computer management option and in the console tree the user option is required to be clicked and a logon script can be applied to the user accounts by clicking on the properties of the user account. Then on the profile tab the path of the script can be added with the file name for management of the user account.
User account management process includes management of user accounts and management of passwords and access. Management of user account process includes adding user account, removing, viewing, activating, and other activities with particular or multiple user accounts.
Add user account: In this step, administrator is responsible for providing name, password to user account defining role such as admin or user. Then enabling shared folder access, email options, remote accessibility option, online Microsoft services and assignment to group is performed for adding an account.
Remove user account: In this step, administrator selects individual user account from certain group of users to remove them.
Furthermore, other activities whenever those are deemed necessary should be conducted as well. Therefore, viewing, activating user accounts can be performed as per certain systematic manner.
Change password Policy: This step incorporates systematic manner to change policy for a particular user groups and accounts. From user’s tasks pane, password policy is set, from change policy page; the policy could be changed as well.
Password could be Changed or reset for certain user account from administration side. The users account page includes changing password option, from where the change password can be done. Furthermore, password management could be performed with providing level of access to shared folder and others.
In case, the server faces any problem regarding incorrect password, the troubleshooting steps should be conducted based on some checking. The checking list is as following:
- The Domain Controller should be shut down; and after that Domain Controller should be restarted. After rebooting the domain controller, system log should be checked whether event 5823 and event 4 are logged in or not.
- Network connection to domain controller should be properly checked.
- In case, the local account is used for logging in; then user should be advised that once, server is under domain controller; then local account is no longer usable. The username should be in format .
Operating System Installation from CD or DVD: Installation of operating system is easier with using CD or DVD. Most of the cases, installation is generally identified as following on-screen instruction and not turning computer off. Installation of operating system requires setting up backup of previous files in removable media such as USB, external hard disk or DVD. Once, the backup is created in external media; the installation of operating system could be conducted. General installation steps are identified as following:
- Insert CD or DVD to computer where windows operating system is to be installed.
- Computer should be restarted and from DVD the PC should be booted. In case, boot option is not available after restart; then boot menu should be started from BIOS settings.
- On install windows page, language, date, time, keyboard preferences should be chosen and “next” should be clicked.
- “Install windows” should be clicked.
Every windows current versions show proper steps to make partitions in hard disk. Partition is made with making virtual disk in windows and segmentation is performed with 250 GB chunks. Windows use these chunks as separate disks as in partitions. Once, the installation is completed; computer will be rebooted and system will take some time for initialization. Once, initialization is finished; installed operating system will run for first time and entire system will check all verifications for running with it.
Operating System installation from USB Boot Disk: In this installation process from USB boot disk, the bootable disk preparation is quite important. Bootable disk creation steps are discussed as following:
- Select “Windows-7-USB-DVD-Tool” and tool (32 bit or 64 bit) should be downloaded.
- The downloaded tool should be double-clicked and installed.
- Application should ask for ISO file when it was started.
- On click “next”, the application will burn ISO file to DVD with creating bootable USB disk.
- USB flash drive should be of 4 GB size.
- Application will confirm for erasing all data from USB stick and process for bootable USB stick will be started. Once, the process is finished; USB disk will be used as bootable media.
Once, the bootable USB disk is created; the disk should be inserted in place of inserting CD or DVD to a computer. The computer will be restarted and from boot option the windows will be installed following similar process as CD or DVD.
Automated Operating System installation via network boot: Windows operating system could be installed based on two ways for small or large organizations. The automatic installation could be performed as discussed underneath:
For smaller organization, Windows AIK (Automated Installation Kit) should be used. This kit will let user to install operating system from network location; this application completely automates the process with XML file creation as Answer File. This installation process is easiest as installation and some command could used for knowledge and basic understanding of the installation process.
For larger organization, the windows server role as WDS (Windows Deployment Services) should be used that includes windows AIK into server environment. In this environment, several operating system images could be stored, sorted out, and categorized along with driver packages and answer files. The answer files should be stored in a GUI and PXE could be used without physical media as AIK CD. The machine requires only network connection for reaching the WDS server.
User access should be controlled with maintaining user accounts, Windows NT user accounts. In case user cannot log into network; the user could not run the application. User account maintenance should be primary for Windows NT security; each user should have individual access to Windows NT system with account including username, password, and access to other parameters. Within NT user manager, the user account should be established, created or deleted. Multiple user account could be required and restriction could be prepared for individual access to the server. Specific applications could require Windows NT security administrator for adding or changing network logon accounts. Being first line of protection, Windows NT authentication is necessary for enterprise application interaction in the system. Proper user control and rights policies should be utilized in the system for maintaining directories and other services.
Asset tracking and asset auditing could be performed with maintaining user groups. The user groups should be managed with rights policies and appropriate authentication management process. Once the policies are put into practice, the users should be managed in to working groups.
An example of network security antivirus is identified as Symantec products. “Symantec End point Protection for Small Business” product could be essential for providing effective protection with devices; system should be protected within time. Automatic updates could help user to keep focusing on business running. This product could be used as cybersecurity solution so that enterprise and large companies could protect their assets. Symantec provides security packages for building security solution within smaller budget.
Acronis could be used as “Business Backup and Storage Management Software” solution. This product / solution provides feature of having backup solution as in market. Incremental backup could be used in synchronizing data directly from SharePoint, MS Exchange, and others. User can prepare backup for Windows and Linux servers. The backup and restore process could be prepared for server license and covering workstations as well.
MSINFO32: Windows 98 provides this particular tool that is identified as Microsoft System Information (Msinfo32.exe). This particular tool could be used for gathering information regarding the computer, computer issues could be identified, and accessing other tools in Windows 98 could be performed.
DXDiag: This tool is identified as “DirectX Diagnostics Tool” and this particular tool could be used for DierctX functionality. The tool could troubleshoot video or sound-related hardware problems. DirectX diagnostics could save the text files within the scanned results.
Microsoft Software Inventory Analyzer: Microsoft Software Inventory Analyzer tool can be used for scanning the inventory in single computer or in network among multiple computers. The tool provides report showing details of Microsoft products, includes their types, characteristics, and licenses. The tool is free to use and it can offer HTML and excel based reports as well.
E-Z Audit: This tool can perform audit in any network based on certain schedule without harming (slowing down) the network traffic. The tool can provide file details for any program offering faster audits. It stores audit data in server and on single click report could be exported through command-line interface with automated reporting facility. This tool does not require database, SNMP, ports and not event installation in server. This tool is easy to use and does not require constant monitoring.
The application server log files should be viewed regularly for ensuring network and data integrity. Monitoring application server log file ensures about no exceptions that could identify problems regarding network and data integrity system.
In case of major disaster, Acronis will be used as Backup and Restore solution. Incremental backup could be used in synchronizing data directly from SharePoint, MS Exchange, and others. User can prepare backup for Windows and Linux servers. The backup and restore process could be prepared for server license and covering workstations as well.
Two authentication issues can occur due to password authentication and cryptographic key authentication problem. Password authentication issue can occur due to several types of problem such as entering wrong password or misspelt keywords in password for certain number of times. Once, the password is put wrong multiple times, the server would automatically disallow access to the user. Again, on the other hand, cryptographic key authentication issue can occur when client tries to interact with the server. In case client could not compute values from random number then server cannot authenticate the client. As a result, client cannot get access to the server.
In this server management activities and networking administration, some certain privacy issues may occur. These issues are identified as following:
Compelled disclosure to government, where stored data is subject to multiple protective measures so that information is stored in-house. Electronic Communications Privacy Act (ECPA); Stored Communications Act (SCA) are applicable for this particular privacy concern.
Security of data and disclosure of data breaches; in this concern, the breach incident should not be shared with user or other entities inside the organization. Gramm-Leach-Bliley Act (GLBA); Family Educational Rights and Privacy Act (FERPA) are applicable for this particular privacy concern.
Location of data; physical location of data should not be shared to anyone except administration.
Consumer notice and individual choice; this organization may require user information for storing them in server. Henceforth, the consumers must be informed about storing them in server.
Sources of security information are identified as reputable security informative websites. The websites were listed as:
Google’s Digital Attack Map: In this site, the front and end placed in DDoS attacks show monitoring modes for the attacks. This site maps attack trends over real-time showing instances where this attacks occurred.
“Bleeping Computer”: This site provides best resources regarding computer users to understand about malware, virus, potentially insecure devices, and security threats. This site offers more about ransomware, screen lockers, adware threats so that user could be easily become aware about them.
Common Vulnerabilities and Exposure: This particular site provides common vulnerabilities and exposure threat database with definite software flaw repository. The site includes major information about security threats, privacy concerns, general risks in networking, server management and others.
The security requirements of risk analysis are identified as following:
Threats: In this security requirement, the elements are identified where attack may occur, the certain situations where attack could occur. The threats are for instance can include fraud and other disasters. Individual system may face threats in the consideration.
Vulnerabilities: The vulnerabilities make any system prone to face such threats in server management and networking applications. Vulnerabilities show how certain attack could occur with chance of facing identified threats and risks. The occurrence of DDoS attack is vulnerable for having poor quality threat protection from it.
Controls: The controls are identified as major countermeasures that could expose threats and mitigate them. For instance, for DDoS attacks, major control should be mitigating them from happening. Controls reduce likelihood of threats to occur for a particular system. Preventive measures protect the system from facing the networking threats. Moreover, the detection of threat is essential to countermeasure the threats.
For risk assessment and analysis, COBRA methodology could be adopted; whereas, the “Conductive Objective and Bi-functional Risk Analysis” is identified as COBRA methodology. In this risk assessment, above mentioned security requirements are quite essential.
As the network has ADSL2+ 20Mbit downstream and 1Mbit upstream connection; the network will be capable to perform following:
10-20 Mbps downstream connection: This downstream connection allows user to conduct digital software distribution; whereas 20-50 Mbps downstream connection allows user to download larger files and others.
1 Mbps upstream connection: This upstream connection allows user to conduct video chat, emailing several attachments, network activity with several users could be done, screen sharing, and using torrent applications.
With this connection setup, the user can face certain issues as following:
- No connection line synchronization
- No authenticated communication
- Network dropouts
- Slower speeds
To protect the connection from facing these mentioned problems, the user should conduct proper speed testing and checking connections with VPN and connection lines.
Two VPN issues along with their solutions are mentioned as following:
Issue 1: In this issue, attempt to connect is rejected when VPN connection should be accepted. This attempt to connection is repeatedly rejected.
Solution 1: For this issue, the solution should consider systematic steps to verify everything. Ping command is to be used for verification of host, IP address where VPN is reachable. Routing and remote access is to be verified. Connection parameters are to be verified in this connection so that as per control access policy is connection should be tested. Once, the testing is completed; then the settings of remote access policy should be verified for IAS and RAS servers as well.
Issue 2: Inability to reach certain locations beyond the VPN server
Solution 2: To resolve this issue, remote access VPNs should be verified whether LAN protocols are used in or not. DHCP connection, APIPA address range should be verified; after that, the remote access clients should be verified with connection thread so that server could interpret the calling router. Finally, the packet filtering should be disabled for VPN servers and demand-dial connections.
Site-to-Site VPN: This VPN connection allows several users in office to establish secure connections with individuals. The VPN offers individual connection with each other over public network such as internet. Site-to-site VPN includes network and extends it with resources from available location to other remote and unavailable locations. Several branch offices across the world; such organization requires site-to-site VPN connection. This particular VPN connection is of two types as intranet-based and extranet-based. Intranet-based site-to-site .
VPN offers connection between one or more remote locations within single private network creating intranet VPN between each other over separate or single LAN. On the other hand, extranet-based VPN connection offers closer relationship between other companies such as partners, suppliers, customers; this network can build extranet VPN connecting all these LAN connections. Extranet site-to-site VPN allows user to work in secure and shared network protecting access to separate intervals.
User-to-Site VPN: This VPN connection is recognized as remote access VPN connection along with allowing individual users to establish or create secure connections between remote computer networks.
Extranet VPN: This VPN connection is prepared or created generally between all types of users such as customers, suppliers, and partners.
In a VPN, the PCs at each end of the tunnel encrypt the information entering the tunnel and decrypt it at the flip side. Be that as it may, a VPN needs something beyond a couple of keys to apply encryption. That is the place protocols come in. A webpage to-website VPN could utilize either Internet protocol security protocol (IPSec) or non specific routing embodiment (GRE). GRE gives the system to how to bundle the traveler protocol for transport over the Internet protocol (IP). This structure incorporates data on what sort of packet someone is encrypting and the connection amongst sender and recipient.
IPSec is a broadly utilized protocol for securing activity on IP systems, including the Internet. IPSec can encode information between different gadgets, including router to router, firewall to router, desktop to router, and desktop to server.
Firewalls and VPNs go as an inseparable unit. Numerous firewall items give scrambled firewall-to-firewall tunnels. Specifically, it was expressed that application doors give IP address stowing away by exemplifying one IP packet in another. This, by definition, is the tunneling related with VPNs. Firewalls control access to corporate system assets and builds up trust between the client and the system.
The firewall at each system controls access to assets in the system. Be that as it may, the information transmitted between the two sites is as yet helpless against assault as it navigates the Internet. Then again, VPNs are made to give security between two sites; there is generally no trust between the two sites. A mix of firewalls and a VPN builds up trust and gives protection between the two sites. This approach gives more security than utilizing either firewalls at both sites or a VPN between the two sites. VPN tunnel could be made between two firewalls. Previously, firewall items gave just firewall security benefit. Notwithstanding, numerous new firewall items now bolster VPN functionality. As expressed before, both firewall functionality and VPN functionality are expected to build up powerful security control.
To setup packet tunnelling, the VPN tunnel of layer 3 interface at individual end should incorporate logical tunnel interface for firewall to connect and establish the VPN tunnel. Tunnel interface is identified as a tunnel for delivering traffic between two individual terminals. In this tunnel interface several networks could be connected as well. Tunnel interface could include security zones that are applicable to policies. The tunnelling could be assigned with virtual router for preparing infrastructure. Guarantee that the tunnel interface and the physical interface are appointed to the same virtual switch so that the firewall can play out a course query and decide the suitable tunnel to utilize.
Commonly, the Layer 3 interface that the tunnel interface is joined to has a place with an outer zone, for instance the untrusted zone. While the tunnel interface can either be in a similar security zone as the physical interface, for included security and better perceivability, you can make a different zone for the tunnel interface. On the off chance that the administrator makes a different zone for the tunnel interface, say a VPN zone, the administrator should make security arrangements to empower movement to stream between the VPN zone and the trust zone.
To course activity between the locales, a tunnel interface does not require an IP address. An IP address is just required in the event that you need to empower tunnel observing or if the administrator is utilizing a dynamic directing convention to course activity over the tunnel. With dynamic directing, the tunnel IP address fills in as the following jump IP deliver for steering activity to the VPN tunnel.
On the off chance that the administrator is arranging the Palo Alto Networks firewall with a VPN peer that performs arrangement based VPN, you should design a neighborhood and remote Proxy ID when setting up the IPSec tunnel. Each associate analyzes the Proxy-IDs designed on it with what is really gotten in the packet so as to permit a fruitful IKE stage 2 arrangements. In the event that different tunnels are required, design one of a kind Proxy IDs for each tunnel interface; a tunnel interface can have a greatest of 250 ProxyIDs. Every Proxy ID checks towards the IPSec VPN tunnel limit of the firewall, and the tunnel limit shifts by the firewall show.
For VPN authentication method, Password Authentication Protocol is to be used. This protocol allows user to secure individual access to the site or other user in another company. PAP protocol handles different password policies as well to prevent incorrect password entering and processing.
SOHO or Small Office/Home Office network connection is developed for supporting the users with network connection security by the help of the firewall connection. The enterprise firewall vendors have been targeting SOHO network users for increasing their sales and operations. The benefits of the SOHO grade hardware firewalls are,
Sophisticated Features: The hardware firewalls for the SOHO network connection includes the retention of the major features of the enterprise class firewalls. The Stateful Packet Inspection or SPI is used in the SOHO network connection. The DHCP and the protocol of point to point in the Ethernet connection are developed for SOHO network connection. The ability for inspecting the network security would comprise the development of the system integration.
VPN support: The SOHO network connection is implemented for forming the development of the firewall protection for the network connections. The SOHO network connection supports the site to site VPN and VPN servers for security of remote clients.
SOHO or Small Office/Home Office network connection is developed for supporting the users with network connection security by the help of the firewall connection. The enterprise firewall vendors have been targeting SOHO network users for increasing their sales and operations. The benefits of the SOHO grade software firewalls are,
Improved protection: The selection and installation of the firewall is very important for the security of the data and information stored in the network storage. The development of the adequate network connection is being used for the development of the SOHO network connection. The appropriate firewall configuration of the SOHO network connection would help in mitigating the attacks and protecting the valuable resources of the client.
Log Function: The SOHO network connection is developed with the capability of activity log in the network access of the business enterprise. It would help in monitoring the various activities of the network connection used for the operations of the SOHO network connection.
The three major issues for the operations of the organization having single server and five computer devices due to the security threats in network are explained below,
Data Theft: The major issue in the network of the small business organizations is the theft of the data and information. The data stored in the server network of the organization could be stolen and accessed by the use of the network connection.
Denial of Access: The denial of access is a major issue in the network communication system caused by the external infiltration. The organization would have to face the issue of the network connection not being able to communicate with the main client organization.
Congestion in network: The network connection (single server network) has to face the issue of the network congestion due to multiple activities in the network. The users of the five computer devices would not be able to access the network or data due to the advent of the cyber criminal activities.
The security perimeter for the network connection of the organization is developed for the implementation of the security measure in the organization. The implementation of the security perimeter can be done for the organization by following the steps mentioned below,
Step 1: Implementation of the security layer with the help of IDS/IPS, web filtering, advanced malware detection and other functions
Step 2: Configuring updates for the software used in the development of the network and implying some security policies that would help in forming the secured practice
Step 3: Enabling secure network access by using authorization and authentication via passcodes and security keys through the firewall connection
Step 4: Using DMZ as a front end firewall for optimizing and developing the secured network connection
The main purpose of using security perimeter is for developing the concise development of the security measures for network connection of the organization. The use of IDS/IPS, web filtering, advanced malware detection, software security policies, authorization and authentication via passcodes and security keys through the firewall connection, and DMZ as a front end firewall would help in developing strong security measures for the organization.
The steps involved for the configuration of the routers and the switches are as follows:
Step 1. enable
Step 2. configure terminal
Step 3. hostname name
Step 4. Verification that the router displays the new hostname.
Step 5: int S0/0
Step 6: Ip address 192.168.1.1 255.255.255.0
Step 7: line console 0
Step 8: password cisco
Step 9: login
Step 10: exit
Step 11: enable secret class
Step 12: exit
Step 13. end
TCP or Transmission Control Protocol, UDP or User Datagram Protocol, and Https or Secure Hyper Text Transfer Protocol would be explained below,
TCP: The transmission control protocol is very reliable and error checked protocol for the delivery of octet streams of data in between the applications that are running on hosts using communication with an IP network. Example- Email, World Wide Web, and File transfer
UDP: The User Datagram Protocol is another core member of the suites of Internet protocol that use simple connectionless models of transmission for communicating the messages (termed as datagrams) and have minimum number of protocol mechanism. It is used mostly in error checking, correction, and time sensitive applications.
HTTPs: The secure hyper text transfer protocol is used for transmitting the data between the browser and website that the user is connected to. It helps in forming encrypted communication between the website and the browser of the users.
Security Protocols: The security protocols are developed for preventing any unauthorized application, user, device or services for accessing the data and information. The security and integrity of the data transmit over the network connection would be ensured by the use of some security protocols consisting of methodologies and processes.
Standards: The standards are used for ensuring interoperability of the technologies used in networking with the help of network devices. These standards are set for ensuring that the different vendors are synchronized for working together in a network by omitting the risk of incompatibility.
Data Encryption: Data encryption is used for transmutation of the data in some form or code that cannot be deciphered or accessed by everyone. A specific key is used for decrypting the codes and achieving the appropriate information from the ciphered text and the key is named as decryption key. There are two types of data encryption asymmetric encryption and symmetric encryption.
Eavesdroppingà Eavesdropping can be defined as the unauthorized real time intrusion in the private communication between two users. Some system and network are prone to get eavesdropping due to the lack of the security measures and privacy options in the network connection.
Data interceptionà Data interception can be defined as the phenomena when the transfer of the data or the storage of the data is intercepted by any external user. The data interception occurs when any external application, device or user intercepts in the network for extracting important information from the network.
Data corruptionà Data corruption refers to the activity where any useful data stored in a particular storage becomes corrupted that means it becomes non usable by the user. The Data corruption can occur while writing, reading, processing, transmitting or storing the data in the computerized devices.
Data falsificationà Data falsification is an activity in which the stored data on the network or storage device would be altered and modified by the user for personal use. The manipulation of the data is done for personal gain and it can be done externally also by gaining access in the network system.
Audit System: The audit system is developed for forming the accurate development of the analysis of the tools and components of the network. The audit system in network is developed for reviewing the components and security system of the network. Audit is a type of the analysis that is being done from the prospect of finding errors and flaws in any process/activity.
Intrusion Detection System: Intrusion Detection System is a tools used for analysing the network and monitoring it for finding the key components of the system implemented. The major activity of the Intrusion Detection System is that it constantly monitors the network and ensures that no external unauthentic access could be established in the network. The Intrusion Detection System comes in pair with the Intrusion Prevention System that helps in preventing any access by halting or freezing the activities of the network on detection of any unauthentic access. The two Intrusion Detection System and Intrusion Prevention System combined are used in all major network infrastructures for implementing security measures.
The auditing is used for forming the accurate development of the analysis of the tools and components of the network and reviewing the components and security system of the network. It is a type of the analysis that is being done from the prospect of finding errors and flaws in any process/activity. The auditing is used in the following manners,
- For monitoring and reviewing the system developed and the obtained as the audit would evaluated the components and their functionalities
- For reporting any flaw or error in the system developed/network implied so that it can be helpful for developing mitigation strategies
The penetration testing is an analysis of the evaluation of the IT infrastructure with the help of exploiting it with the vulnerabilities. The penetration testing is done for,
- Avoiding the cost of downtime in network
- Management of the vulnerabilities intelligently
- Preserving the loyalty of the customers and corporate image in the market
Cryptography is the process where the data is coded in form of ciphered text that can be decrypted by the use of decryption key only and it is helpful for ensuring that the data and information had not being misused. The two use cases of cryptography are,
Government data: The government data and information is kept encrypted form for ensuring that no external user can use it for harming the state and government. Cryptography is used for transmutation of the data in some form or code that cannot be deciphered or accessed by everyone. A specific key is used for decrypting the codes and achieving the appropriate information from the ciphered text and the key is named as decryption key. The cryptography encryption is being used for forming the security of the data and it would form the assurance of the privacy of the government data.
Bank data: It is used for transmutation of the data in some form or code that cannot be deciphered or accessed by everyone. A specific key is used for decrypting the codes and achieving the appropriate information from the ciphered text and the key is named as decryption key. The data and information related to the account information is kept encrypted form for ensuring that no external user can use it for harming the bank account holders. The cryptography encryption is being used for forming the security of the data and it would form the assurance of the privacy of the bank data.
LAN: LAN or local area network is a network connection that is used for implementing the wired network access. The routers and the switches are connected via cables and it is helpful for forming the specific communication measure via network connection. The mapping or connection media requires physical and logical connection in the network.
WLAN: WLAN or wireless local area network is a network connection that is used for implementing the wireless network access. The routers and the switches are connected via wireless connection such as infra red or Wi-Fi and it is helpful for forming the specific communication measure via network connection. The mapping or connection media requires only logical connection in the network.
WAN: WAN or wide area network is the most widely used network connection and it can range maximum to a whole country. The Internet is the most widely used WAN connection that includes lower bandwidth, unlimited geographical area connection, and interconnected multiple LAN connection. The mapping or connection media requires only logical connection in the network.
Screened Subnetà Screened Subnet is a type of network architecture that acts a firewall in the network interfaces (three) and hence it is termed as triple homed firewall. The first interface is the public interface that connects Internet. The second Interface connects to the DMZ or demilitarized zone that is attached with the hosted public services. The third interface is connected to the intranet and it helps in accessing within the internal networks. Even in the failure of the firewall, the unauthorized access is not established in the network structure.
TCP: The transmission control protocol is very reliable and error checked protocol for the delivery of octet streams of data in between the applications that are running on hosts using communication with an IP network. The transmission control convention is exceptionally solid and mistake checked convention for the conveyance of octet surges of information in the middle of the applications that are running on has utilizing correspondence with an IP arrange. Example- Email, World Wide Web, and File transfer
UDP: The User Datagram Protocol is another core member of the suites of Internet protocol that use simple connectionless models of transmission for communicating the messages (termed as datagrams) and have minimum number of protocol mechanism. The User Datagram Protocol is another center individual from the suites of Internet convention that utilization basic connectionless models of transmission for conveying the messages and have least number of convention component. It is used mostly in error checking, correction, and time sensitive applications.
Virus Detection Software: The virus detection software is used for detecting any virus infliction in the network and it is very helpful for supporting the activities of the virus protection. Virus Detection Software is a tools used for analysing the network and monitoring it for finding the key components of the system implemented. The major activity of the Virus Detection Software is that it constantly monitors the network and ensures that no external unauthentic access could be established in the network. The Virus Detection Software comes in pair with the Virus Prevention Software that helps in preventing any access by halting or freezing the activities of the network on detection of any unauthentic access. The two Virus Detection Software and Virus Prevention Software combined are used in all major network infrastructures for implementing security measures.
Dely, P., Kassler, A., Chow, L., Bambos, N., Bayer, N., Einsiedler, H., ... & Sanchez, M. (2013). A software-defined networking approach for handover management with real-time video in WLANs. Journal of Modern Transportation, 21(1), 58-65.
Kim, H., & Feamster, N. (2013). Improving network management with software defined networking. IEEE Communications Magazine, 51(2), 114-119.
Nunes, B. A. A., Mendonca, M., Nguyen, X. N., Obraczka, K., & Turletti, T. (2014). A survey of software-defined networking: Past, present, and future of programmable networks. IEEE Communications Surveys & Tutorials, 16(3), 1617-1634.
Wen, X., Gu, G., Li, Q., Gao, Y., & Zhang, X. (2012, May). Comparison of open-source cloud management platforms: OpenStack and OpenNebula. In Fuzzy Systems and Knowledge Discovery (FSKD), 2012 9th International Conference on (pp. 2457-2461). IEEE.