Task 2: This part evaluate students’ perceptive of Security Architecture.
It is becoming increasingly critical that financial institutions ensure their banking customers are able to access their accounts with the highest reasonable security, using a process that is very straightforward and approachable. Technology has made it possible for hackers to extend their reach to vast number of potential victims through a wide variety of attack vectors. Therefore, banks are required to use a secure architecture to provide convenient and secure online services. Secure architecture can be achieved by having layered security. Layered security is a defensive strategy featuring multiple types of security measures, each protecting against a different vector for attack.
Students are required to do the following tasks:
a. Provide a literature review on layered Security Architecture.
(Hint: This should include: the understanding of layered security concept, detailed description of security layers, advantages and disadvantages of using layered security architecture)
b. As a network security consultant, suggest a layered security architecture for a small company’s network.
(Hint: Your architecture should include five levels of IT infrastructure)
c. The concept of layered security is commonly applied by banking system to provide a secure mobile banking services. From user side, Explore and identify what are security controls in your mBanking application. Evaluate the efficiency of these controls.
(Hint: provide screen shoots for all security messages appears in your application)
You are the network administrator for 7colores Company. The company has implemented Microsoft Forefront TMG as the firewall. The company works 5 days a week (Sunday to Thursday) from 8am to 4pm. The company has the following requirements:
1. The Company management wants to implement Network Inspection System (NIS). The goal is to enable NIS to all networks except for servers located in the range 10.20.20.10 to 10.20.20.30. Those servers are considered administration servers, and do not require NIS traffic evaluation. TMG should check for updates every 25 minutes to obtain new signatures. The company wants to follow the default Microsoft policy when network traffic matches one of the active signatures.
2. The TMG intrusion detection should be able to detect Ping of death, UDP bomb and IP half scan attacks and all sorts of DNS attacks. TMG should filter the Time stamp and Loose Source Route during the IP options filtering. The Company management wants to block packets containing IP fragments, but wants to give the default settings for the SIP parameters.
You are required to complete the following configuration
a. Configure network Inspection System (NIS) as following :
Configure an exception named ‘admin’ for the NIS
Configure the address rule Element called ‘administration server’.
Configure the excepted IP addresses range to be 10.20.20.10 to 10.20.20.30. Configure the signature update to be every 25 minutes
b. Configure an intrusion detection System (IDS):
Enable detection for Ping of death, UDP bomb and IP half scan attacks
Enable detection for all types of DNS attack.
Configure Time stamp and Loose Source Route during the IP options filtering. Block packets containing IP fragments.
Students are required to write a report, not more than 3,000 words, the report should include:
• Understanding of layered security architecture.
• A layered security architecture for a small company network.
• Listing and evaluating of security controls in an mBanking application
Task 3: TMG configuration
• Configuration of NIS to satisfy the given requirements
• Configuration of IDS to satisfy the given requirements
Follow the guidelines mentioned below for your assignment:
ØThe document should not be more than 15 to 19 pages in (size A4) paper. ØThe document should be well presented and neatly done.
ØAssignment should be submitted through Moodle (Turnitin).
ØIt should have Table of Contents, references.
ØUse page numbers
ØUse Diagrams and Examples to explain your topic.
ØCopy paste from the Internet is strictly not acceptable.
ØIn-text citation and referencing using CU Harvard referencing Style.