unit 6 homework

docx

School

Columbia Southern University *

*We aren’t endorsed by this school

Course

SEC 4302

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

9

Uploaded by briandjones127

Report
Running head: CVE IN LAN TO WAN 1 CVEs in the LAN to WAN Domain Brian Jones Columbia Southern University
CVE IN LAN TO WAN 2 CVEs in the LAN to WAN Domain Lab 6.1a The United States Department of Defense (DoD) utilizes network hardening guides to strengthen the security of information on networks used by the DoD and other agencies. They accomplish this strengthening by reducing the amount of vulnerable points an attacker could use to gain access to the system. Three of the Security Technical Implementation Guides (STIGs) that pertain to this hardening are as follows. Windows 2012 Server Domain Name System STIG, Version 1, Release 11 addresses alternate methods on how best to disable IPv6. Microsoft Windows 10 STIG, Version 1, Release 16 provides updated information on the use of Full Disk Encryption (FDE) on all Windows 10 systems. Apple iOS 12 STIG, Version 1, Release 2 offers information on configuration of the profile key for each control (DoD, 2019). Lab 6.1b CVEs While there are untold numbers of threats, vulnerabilities and exploits that could damage a network from an outside source, these are the most prevalent. Viruses – A virus could take the form of a Trojan Horse or simply malicious code. Regardless of how it is presented, it seeks to damage a device or assume control of it for illegal purposes. Sniffers – Sniffers capture network traffic, mostly usernames and passwords, and emails to gain information that could be used to gain access.
CVE IN LAN TO WAN 3 Scanners – Scanners are just what their names implies, they scan networks for vulnerabilities that may be exploited. Distributed Attack Tools – These are similar to sniffers but have a much deeper reach into the network and can affect a greater number of devices. Denial of Service Tools – These attacks disrupt legitimate network traffic to servers and websites (Hawley, 2004). Hardening of Infrastructure There are multiple resources available online from both government agencies and private sector companies that relate to the hardening of every layer of IT. The DoD site features a list of registered websites featuring this information. Sites included in the list are the Defense Counterintelligence and Security Agency (DCSA) and the National Reconnaissance Office (NRO). Additionally, the use of frameworks provided by either the Federal Information Security Management Act (FISMA) or the National Institute of Standards and Technology (NIST) allow for systems to easily be audited for compliance. FISMA acknowledges that the best solutions may be those available in the commercial marketplace and has created checklists to ensure that those applications meet minimum DoD requirements (Weiss & Solomon, 2016). The NIST framework also provide strict compliance guidelines for government agencies and subcontractors who have access to sensitive information (Breaking Defense, 2020). Lab 6.1c Enclave Perimeter An enclave is best defined as a computing environment that falls under the control of a single authority. It is also a priority to have security measures and trained personnel in place to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CVE IN LAN TO WAN 4 safeguard the enclave. To ensure that the enclave’s perimeter is as protected as possible, the following measures have been addressed. Network infrastructure diagrams must always be maintained and kept up to date. This not only shows the overall layout of the network, but also where all devices are physically located. External connections are defined as any connection to any network that the organization’s security policy deems to be untrusted. It is critical that any of these connections do not directly bypass the enclave’s perimeter security. Leased lines are means of connection to external networks that are leased from outside providers. By rule SV-8537r3, all leased lines must be authorized, in writing, before a connection can be made. Approved gateways from internet service providers should be reviewed frequently and use of these connections should be kept to a bare minimum as needed for operations. Backdoor connections are to be strictly controlled to restrict unauthorized access. An unauthorized user could override or change start options or network definitions with such a connection. IPv4 address privacy is of paramount importance. An attacker can learn more about a private network if the real IP address is found. To ensure privacy of the hosts, Network Address Translation (NAT) on the firewall and/or router must be used (STIG viewer, 2018). Firewall
CVE IN LAN TO WAN 5 Much like the enclave perimeter discussed above, the firewall is another safeguard used to secure the data and information within the network. Some of the items regarding the installation and configuration of a firewall are as follows. Packet filters operate by only allowing approved IP addresses through the perimeter. The downside of this is that this type of approach is all or nothing in terms of connections. If a port is open, it is open to all traffic. Thus, further steps are needed to secure the network. Bastion host is another term used for a screened host that is minimally configured and managed to be as secure as possible. All incoming traffic from the packet filtering router is directed to the bastion host. Stateful inspection acts much in the same way as packet filtering and does not break the connection between two endpoints of data flow. Firewalls that feature application awareness operate on various levels of the OSI model and add additional features to stop attacks. Deep packet inspection utilizes an attack object database to store anomalies and attack patterns to recognize attacks. Application- proxy gateways use a method in which the firewall software routes so that packets must travel the network under the control of the software. Finally, hybrid firewalls utilize both stateful inspection and proxies to filter traffic across the network. Dedicated proxy servers are usually deployed behind firewalls because they have the capabilities of a traditional proxy but lack the capabilities of a firewall. Dedicated proxy servers are especially efficient at scanning web and email content. Layered firewall architecture relies on multiple firewalls being placed at strategic points throughout the network depending upon the sensitivity of the data being protected. This
CVE IN LAN TO WAN 6 also allows for the implementation of a demilitarized zone (DMZ) that will keep harmful traffic from spreading to the entire network. Content filtering achieves increased security by accepting outbound traffic from the internal network and filtering the data before passing it to the firewall for outbound delivery. Perimeter protection adds the feature of displaying a visible message when a possible security violation is present. The message will remain in view on a workstation until it is acknowledged by a user (DISA, 2007). Lab 6.1d The Cisco switch will be configured to filter for non-registered or unauthorized IP addresses and block traffic from those connections. All network connections shall be terminated after 10 minutes of inactivity to prevent unauthorized users from controlling the management session. The switch must be configured to audit and log misuse of privileged functions either intentionally or unintentionally. The switch will be configured using a least privilege access to all users based on level of security. The switch will also be configured to log all in-band management access attempts. Lab 6.1e The Cisco router will be configured to maintain a trail of activity logs (syslogs) to identify configuration errors, understand past intrusions and reactions of the system to probes and scans.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
CVE IN LAN TO WAN 7 Routers must be configured to define DNS servers as a client resolver for name lookup. This will prevent an attacker from spoofing IP addresses to gain authentication or other sensitive data. Should the running and start up configurations of the router be unsynchronized and the router malfunctions, any recent changes would not be included at restart. This would leave the router vulnerable to an attack if the changes were security related. Lab 6.1f All firewalls must be configured to filter traffic from virtual private networks (VPNs) using organization defined rules. Firewalls must generate logs containing information to establish event occurrences. If an event occurs, the firewall must log the location within the network of the occurrence. Lab 6.1g An Intrusion Detection System (IDS) will be configured to produce an audit record of any an event occurrence. The log will include, at minimum, an event description, policy filter, port, protocol, and alert code. In the event of logging failure caused by lack of audit record storage capacity, the IDS must continue to create and store records by overwriting the oldest stored record. The IDS must be configured to have the capability to remove or disable all non-essential features and functions of the IDS application. Lab 6.1h As a network policy, all external connections to the network must be reviewed and the documentation of these connections be updated semi-annually.
CVE IN LAN TO WAN 8 Written approval must be obtained from the Chief Information Officer (CIO) before establishing a direct connection to the Internet via commercial ISP. All global address ranges used on unclassified and classified networks must be registered with the DoD. Lab 6.2 In summation, the LAN to WAN domain involves more moving parts than other domains. This also means that there are more theoretical weak points that could be exploited. It is, therefore, critical that best practices and rules be followed to secure data as much as possible. By maintaining a secure network and monitoring external connections most attacks can be prevented or at the very least mitigated.
CVE IN LAN TO WAN 9 References Breaking Defense (2020, February 24). CMMC 1.0 vs. NIST 800-171 -- Eight essential differences. Retrieved from https://go-gale- com.libraryresources.columbiasouthern.edu/ps/i.do?p=ITOF&u=oran95108&id=GALE| A615002252&v=2.1&it=r&sid=ebsco DISA (2007, October 25). Network Infrastructure Ver.7, Rel.1. Retrieved from https://www.slideshare.net/networkingcentral/networkstig-v7r1-20071108 DoD (2019, July 26). July 2019 Maintenance Release. Retrieved from https://dl.dod.cyber.mil/wp- content/uploads/stigs/pdf/JULY_2019_STIGs_to_Be_Released.pdf Hawley, M. (2004, October 29). Network security and the SMB. Retrieved from https://www.sans.org/reading-room/whitepapers/bestprac/network-security-smb-1542 STIG viewer, (2018). STIG library. Retrieved from https://www.stigviewer.com/stig/zos_tss/2019-12-12/finding/V-6949 Weiss, M. M., & Solomon, M. G. (2016). Auditing IT infrastructures for compliance (2nd ed.). Burlington, MA: Jones & Bartlett Learning
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Unit 7 powerpoint.pptx
unit 4 assignment.docx
Unit 5 powerpoint.pptx
unit 4 homework.docx
unit 7 homework.docx
unit 8 essay.docx
unit 2 homework.docx
unit 5 homework.docx
unit 3 homework.docx
Untitled 2.pdf
ACC 531 Final Exam-8.docx
Unit3casestudy.docx