Professional Documents
Culture Documents
Herewith I agree for the given terms and conditions on plagiarism & Academic dishonesty also I declare the work
submitted doesn’t breach these regulation.
Note: Keep the softcopy of the assignment with you until the official results released by ESOFT. ESOFT has all rights to request the softcopy
again at any time.
Signature Date
I will keep the copy of this sheet until I receive the Results of my Submitted work
Signature Date
Unit Code & Title : D/601/1956– Unit 46 – Network Security (NS – 16 – 001)
Assessment Title & No’s : Security Solution for Zingavue (Pvt) Ltd
Date of Submission:
General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and be sure to fill the details correctly.
2. This entire brief should be attached in first before you start answering.
3. All the assignments should prepare using word processing software.
4. All the assignments should print in A4 sized paper, and make sure to only use one side printing.
5. Allow 1” margin on each side of the paper. But on the left side you will need to leave room for binging.
All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 2 of 29
6. Ensure that your assignment is stapled or secured together in a binder of some sort and attach the Softcopy
(CD) of your final document, system on last page.
Important Points:
1. Check carefully the hand in date and the instructions given with the assignment. Late submissions will not be
accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Don’t leave things such as printing to the last minute – excuses of this nature will not be accepted for failure
to hand in the work on time.
4. You must take responsibility for managing your own time effectively.
5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply
(in writing) for an extension.
6. Failure to achieve at least a PASS grade will result in a REFERRAL grade being given.
7. Non-submission of work without valid reasons will lead to an automatic REFERRAL. You will then be asked to
complete an alternative assignment.
8. Take great care that if you use other people’s work or ideas in your assignment, you properly reference
them, using the HARVARD referencing system, in you text and any bibliography, otherwise you may be guilty
of plagiarism.
9. If you are caught plagiarizing, you could have your grade reduced to A REFERRAL or at worst you could be
excluded from the course.
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.
Scenario
Zingavue (Pvt) Ltd, is an emerging textile company where its head office is located in Colombo. The existing network
of the company is a flat network with unmanaged switches. The company is facing huge network latencies and
broadcasts which has resulted in poor network performance and reduced productivity of the employees. Also it is
found that few employees bring their own laptops and connect it to the company network. Hence they use the
company internet connection to download movies and music. Also the switches are placed in open areas such that
physical access to any one is possible. The internet access is provided with no restrictions.
The management of the company is expecting to organize its head office according to the following plan.
60 hosts
30 hosts
10 hosts
R&D
10 hosts
Server Room
4 servers
Zingavue (Pvt) Ltd. has a branch office located in a suburb. Currently, the head office and the branch office send data
using the public internet.
As the newly recruited network administrator, you have been asked to provide a network plan for the head office
and come up with solutions which include a new LAN design, WAN design, security, manageability and performance.
Tasks
1. Evaluate the current situation of the network security of Zingavue (Pvt) Ltd. (LO 1.1)
2. Discuss about the impact and the common threats that will be faced by Zingavue (Pvt) Ltd. (LO 1.3)
3. Design a network plan (stating all your assumptions) and a basic network security solution for the head
office of Zingavue (Pvt) Ltd. Propose how you would enhance the security in the communication between
the head office and the branch office. (LO 2.1, M1.1, Activity 1)
4. Discuss how your proposed network design can impact the above network. (LO 1.2)
6. Redesign the network design provided on task 3 such that it includes different levels of security to increase
the complexity (LO 3.1, M2.5)
7. Test the above network security solution to fulfill the requirements and document them (LO 3.2, LO 3.3,
Activity 2)
8. State how you can manage the above network security solution and state network security policies and
practices you could implement (LO 4.1, LO 4.2)
9. Recommend how you can increase the performance and security of the network (LO 4.3, D1.1)
1.3 discuss current and common threats and their impact Task 2
Assessor: Signature:
Date: ____/____/______
Assignment No : (NS-16-001)
By
Vagish Kirubaharan
Reg. No : HND-COL/A-051935
Batch : HND-COM-065
They play and download movies and other stuffs on the internet and this created a attack for the network of
the company. The Company is vulnerable to many network threats. The network threats are malicious and
started attacking and destroying the files PCs and all the components of the network.
Since the Components are old They are replaced with Cisco network components.
The VLAN has the purpose of the development of the performance of a network and their property security
features.
The main problem of the network of the company is old switches old cables damaged ports and connectors
The tool that supports to make sure that the computers are running smoother and safe without any errors is
known as the Network Monitoring Tool.
As a solution they want Firewall to prevent outside users and a proxy server for filtering websites.
Due to the flat network with unmanaged switches the company cannot achieve any target.
Viruses
Trojan Horses
SPAM
Botnets
Phising
Packet Sniffing
Malicious Coding Website
Password Attacks
Shared Computers
Hacker Attacks
Logic Bomb
BackDoor
RootKit
Trojan Horses : This is equal to malware.The attacks of the Trojan horse are planned by fooling the users
who install malware without their knowledge.
SPAM : The Internet is full of spoffed or copied messages which are same
Botnet : Many owners of computers are unaware of it and it is a setup to forward transmission to other
computers.
Phising : This fraud method is in the use of mail where the person sends a legal mail in the illegal method
to gather some personal or financial details from other people.
Mallicious Coded Websites: This programme code is vulnerable to creating harmful threats to the
computer system.
Password Attacks : These attacks are created by hackers who can find out hidden passwords in strictly
and high security protected areas.
Shared Computers : This threat occurs when sharing your computer with one or more people.
Hacker Attackers : They are brilliant programmers with high talented skills of breaking stealing and
corrupting the computer systems and its files.They are professional engineers who have technical knowledge
and find out the weak points of the security system.
Logic Bomb : This threat remains slient and occurs in the period of time when it is triggered into action.
BackDoor : This gains access to the programme of the computer which bypasses the security mechanism
Rootkit : This is the type of a malicious software which is activated by the user to gain access to the
network or the computer.
The System needs firewall Routers New Switch New Servers and Security Software.
Firewall: This is the network security system. This can be executed in the software and hardware.The
Firewall maintains incoming and outgoing traffic which is based on the rules of the company.They are
installed to prevent outside internet users from accessing their network.
Packet Filter
Application Gateway
Circuit level Gateway
Proxy Server
Router : This is a device known as the modem or router which forwards data packets among the
network.They are located at the gateways where two or more networks connect. They install headers and
tables which are forwarded to decide the best path of the process for forwarding the packets.
The Company is using old managed switches They want to replace them with the new ones.
Servers : There are many types of servers such as FTP Server and Proxy Server.The File transfer
protocol(FTP) is used for sharing information in the company.The FTP utilizes a client server architecture
which is secured with SSL/TLS.
The Server which sits among a client application(web browser) is known as the proxy server This Server
helps to the limited company wanted sites.
Security Software : There are many security softwares such as Anti-Virus and anti spyware and the
network monitoring tool.The Antivirus prevents detects and removes worms viruses and other malicious
threats from the computer.They are the most important programs for the computer there must be a choice of
which antivirus must be installed There are many brands of Antivirus software available in the market
Eset
Kaspersky
Avast
Trend Micro
SunBelt Software
Webroot
FTP Server : It is used for sharing information and has a efficient and reliable data transfer
Secured Password : This means a strong password which cannot be hacked by anyone.The User must
utlize fairly complex passwords and change every passwords at least 90 Days.
Upgrading Anti-Virus Software : This is important for the PCS with network system Because they
cannot bear the New malicious threats .In order to avoid it The Anti Virus Software must be upgraded with
new features.
Secured SSH(Shell) : This is the important part of the network system. The Secured Shell supports
authentication,intergrity and confidence for a remote administration.
Secured Backup Plan : This helps the user and his PC to survive from anything For Eg Accidential Files
deletion due to floods or hurricane. This Backup helps to survive from cyberblackmail
If the CyberCriminal blackmails the user by informing him that he will send a malicious threat The user
backup the filles immediately in a safe location away from the premises of the company.This is the method
of protecting the data from many threats.
Vulnerabilty Scanner : This supports automatic security auditing and plays a crucial part in the security
of the IT(Information Technology) Field.
This Scans a number of websites and networks and finds out various risks which range up to thousands.
Monitoring Tool : This is utilized to describe the system which is continuously monitoring a network this
notifies the user known as the network administrator through the messaging system when the error or failure
of the device occurs.
The performance of this tool is utilized through software applications and tools.
VOIP Monitoring
Mail Server(POP3)
Video Stream Monitoring
7.1
Among the web portal anyone can create sites to see the IPs or the URLs which you like to scan by selecting
the scanning schedule .Once the process is over you can see the list of assets and vulnerabilities even it
includes asset details including the information of the software including the details of the vulnerabilities
and how you can fix them.
7.2
PRTG Network Monitoring Tool : The PRTG is a network monitoring tool which supports to make
sure that the computer systems are running smoothly and no errors must occur.In the network Management
terms this phrase is utilized to describe the system which monitors and notifies the administrator through the
messaging system when the failure or error of the device occurs.
The Process of Network Monitoring is performed during the utilization of software applications and tools.
The Teams of Security must help mandates with internal and external mandates,optimizing performance and
enabling new services.They should help with the possibility to troubleshoot on demand without creating a
space for errors.
The Company and its head office wants a holistic view of the network.
With the help of the vendor devices and hosts who are the security teams they want a normalized
comprehensive view of the network with routing rules,access rules,VPN.NAT.In the proposed network
security the security team can view the hosts in the network such as classfications configurations and any
other relevant information.For the network system The network map or the model is the both visualization
tool and the diagonistic tool. The network System of zingavague is in compliance method so a secured
changing management process which never introduces a new risk.
The policy begins with assessing the risk to the network by building a team to respond.The continuation of
the policy requires by executing a security change management practice and monitoring the network for
security violations.
The Policies
Network Performance : This is measured from the prespective of the enduser and the quality of the
services which are delivered to the user. The Quantiative and Qualitive process which defines and measures
the level of the performance of the network.It provides a guidance for the network administrator .
1. Priortizing Applications : The processors must be prioritized in order to make sure that
business-crictical applications are taking their control over the less important traffic.
2. Educating the Users : The employees must know the effects when watching a video during lunch
break can swallow the entire network speed of the company.Even the transfer of Powerpoint files via
mail have a huge effect.Its time to educate the staffs by holding workshops based on network
security and safe practices
3. Utilizing Compression Technologies: due to the latest surge in Big Data The Compression has
turned into a necessity for every network By upgrading Softwares and Processors The Organizations
can get their hands on improved algorithims.This saves precious bandwidth and processing of power
on the network
4. Knowing Network: Does the staff know the best practices and procedures to isolate the problems
and the trouble areas on the network.Its time to make sure that everyone is on the same line when it
comes to best practices and configurations.
5. Building Defenses against Junk Traffic: From antivirus and malware software from spam
filters and firewalls keeping your network protected is important to prevent viruses and other
malicious programmes from wrecking havoc.
1. Familiarizing with Device lists: This allows the device to be alert when unfamiliar devices enter
into the network.
2. Hiding your SSID: Creating you SSID in a hidden method is great start.If you leave the SSID
Name default its like inviting the hacker to break inside the network.
3. Disabling Wireless Administration: This is the option for not allowing people from outside to
join the LAN of the company.
4. Enabling MAC Address Filtering: The filtering of the MAC Address allows only devices
which are known only to connect to the network.
5. Disabling Guest Network: This option is useful for not allowing guests to connect to your
network.
6. Enable Encryption: This is the simple method to add more defence to the network security.
7. Checking for New Upgrades: Nowadays Routers and WiFi services are upgrading their services
due to demands from customers