Stephen Appraku 1330108
-
Upload
appraku-stephen -
Category
Documents
-
view
219 -
download
0
Transcript of Stephen Appraku 1330108
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 1/16
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 2/16
STEPHEN KOFI APPRAKUSTEPHEN KOFI APPRAKU
13301081330108
REGENT UNIVERSITY OF SCIENCEREGENT UNIVERSITY OF SCIENCE
AND TECHNOLOGYAND TECHNOLOGY
LEVEL 400LEVEL 400
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 3/16
ECOMMERCE SECURITYECOMMERCE SECURITY
ASSIGNMENTASSIGNMENT
Attached is a network setup of a bigcompany and because of how big thecompany is, the network has been divided
by four segments as follows :Dail up connection
Wiressless connection
Cable connection
VoIP connectionThe equipments used for the setup of thenetwork has been explained detailedbelow.
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 4/16
Cisco 10700 ROUTERCisco 10700 ROUTERCisco 10700 is a high-performance IP+Opticalaccess router and a principle building block innext-generation metro IP/Ethernet networks.The Cisco 10700 enables service providers tooffer innovative and differentiated IP services totheir customers at optical speeds. The Cisco
10700 allows service providers to offer IPservices closer to the user, enabling them tobetter control admission to network resources.reliable high-performance platform that notonly supports the full suite of IP routing
protocols such as IS-IS, OSPF and BGP, but alsoallows advanced IP features to be introducedefficiently, without compromising performance
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 5/16
ISA FirewallISA Firewall
y The first point of contact from the
internet router is ISA Firewall ,this
device is capable of performing IP
filtering in other to be able todischarge the majority of unwanted
in coming traffic. It also filters traffic
from Internet-facing systems to non-internet facing system.
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 6/16
Active IDSActive IDS
An active IDS will attempt to thwart
any kind of detected attacks without
user intervention
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 7/16
Internet DMZInternet DMZ
y A part of a network that is protected by a firewall,but may be accessed by external Internet clients. TheDMZ generally contains servers such as SMTPservers, remote access machines. or web servers.Client machines and internal servers that do notneed to be accessed by Internet clients are kept in amore protected segment of the network than theDMZ. Alternately, the internet DMZ can also used torefer to the media layer where route peering is doneamong multiple administrative regions with their own traffic policies.The systems in the Internet DMZhas not been configured with publicly routable IP
addresses. In other words IP masquerading has beenimplemented to prevent internal address from beingtranslated and revealed on the internet.
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 8/16
Web Proxy Web Proxy
y The main function of the web proxyis to focuses on World Wide Webtraffic. The web proxy is to also
serve as Web cache, provide ameans to deny access to URLsspecified in a blacklist, thus providingcontent filtering. This web proxy also
reformat web pages for a specificpurpose or audience, such as for cellphones and PDAs.
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 9/16
FTP Server FTP Server
The activities of the FTP server includes butnot limited to
Supports both implicit and explicit SSL
connection
Supports passive (PASV) mode dataconnections
Fully supports connections to and fromnetworks with NAT
Supports Windows NT authentication
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 10/16
Able to use a database as a source for user accounts
Able to set upload / download bandwidth limits
FXP - Allows data connections to go to different
IPs than that of the control connection
Configurable IP address and anti-hammer filters
Able to set upload / download ratios and quotas
View reports and statistics of all FTP activity
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 11/16
Email Proxy Server Email Proxy Server
y The function of the email proxy
server is to transport emails to and
from the email server located in the
internal network. This server alsoacts as the client access server for
Outlook Web Access (OWA) and
Remote Procedure calls (RPC) over https.
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 12/16
Network Network Intrusion DetectionIntrusion Detection
Systems (NIDS) and NIDSSystems (NIDS) and NIDSManagement DeviceManagement Device
y Network Intrusion Detection
System (NIDS) is also utilized to
monitor all the systems in the
Internet DMZs, whiles the NIDSManagement Device .
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 13/16
Wireless access point (WAP Wireless access point (WAP
y Wireless access point (WAP) is adevice that allows wirelesscommunication devices to connect
to a wireless network using Wi-Fi,Bluetooth or related standards. The WAP usually connects to a router ,and can relay data between the
wireless devices (such as computersor printers) and wired devices onthe network.
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 14/16
Modem ConnectionModem Connection
Concentrator Concentrator
The duties or functions of the Modem ConnectionConcentrator has been configured to perform the task listed below :
Ensure all system passwords are encrypted when storedon a device and the password meet the minimumrequirements
Ensure that generic logins are not used to authenticateto the devices administrative console
Ensure that all unused modem ports are disabled
Ensure that all users who are connecting to thenetwork through modem access are appropriately
authenticated before being granted accessEnsure appropriate filtering so that modem users canonly access systems they require .
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 15/16
Voice over IP GatewayVoice over IP Gateway
The Voice over IP Gateway has also beenconfigured to perform the below listed task :
The VoIP Gateway provides connection withthe telephone and fax machines through thetelephone networks, PBXs, and key systems.
VoIP gateways can end a call from thetelephone and can provide user admissioncontrol using IVR (Interactive Voice Response)system
help direct outbound calls to a specificdestination, or can end the call from another gateway and send the call to the PSTN(Localor long distance ).
8/8/2019 Stephen Appraku 1330108
http://slidepdf.com/reader/full/stephen-appraku-1330108 16/16
NETWORK DIAGRAMNETWORK DIAGRAM