Secure Wired Local Area Network(LAN)

By Sentuya Francis Derrick

ID 08051602Module code:CT3P50N

BSc Computer Networking

London Metropolitan University03/02/12

Supervisor: Dr. Shahram Salekzamankhani

LAN : A group of computers and devices interconnected together in a limited geographical area such as computer laboratory, etc to enable the sharing of resources like printers, files, amongst users .

LAN security provides confidentiality, data Integrity, and availability to network users. (Protection: information, systems, hardware that store, and transmit information.)

OSI Model is used as a basis for a systematic approach to secure LAN Vulnerabilities.

A Virtual topology is used to show how to have a secured wired LAN solution.

Introduction

LAN Security? Network security solutions started coming up as the early 1960 but didn’t have a

big impact not until the 2000s. Last 13 years measures to mitigate LAN security threats and cryptography security

technology(encryption and hashing mechanisms) been developed.

Categories of Network threats

Reconnaissance attacks Packet sniffers, Ping sweeps, Port Scans, Internet information queries,

Denial-of-service Ping of Death, Smurf Attack, TCP SYN Flood attack Worm. Virus, Trojan horse,

Project background

Access attacks Man-in-the-middle, Buffer overflow, Port Redirection, Password attacks, Trust exploitation

Other categories that exploit LAN switches vulnerabilities. MAC address spoofing, Spanning Tree Protocol manipulation attack, MAC address table overflows, LAN storms, VLAN attacks,

Cont: Project background

Aims

1: To investigate which OSI model layer is most vulnerable to attacks.

2: To investigate, analyse the available tools and methods to secure a wired LAN.

Objectives To secure the physical layer devices i.e. Routers, Switches, PCs, servers, etc.

To secure layer 2 protocols i.e. Ethernet/IEEE 802.3, token ring / IEEE 802.5.

To secure the addressing structure and routing protocols at the network layer.

To have a secure and reliable transport mechanism between two communicating devices.

To provide a secure way for applications to translate data formats, encrypt and decryption of the data using authentication methods, SSH, passwords, encryption etc.

Aims and objectives

Cont: Objectives

To provide a secure platform for users to interact with applications by securing application layer protocols such as HTTP, FTP, TELNET, FTP-DATA.

To prevent un-trusted traffic to access the network resources. To provide a cost effective but efficient and reliable LAN.

Personal and Academic objectives

To learn how to secure LAN. To learn to organise my time meaningfully to meet deadlines. To learn research technique and writing well-structured report. To improve my presentation skills, confidence ,and prepare for a career in

Computer and Network Security.

Aims and objectives

Scenario: Secured LAN Topology

Developments

End users

Host- Based Intrusion Detection Systems(London Met labs)

Cisco catalyst Switches Message of the day / login Banner Port level Port Security BPDU Guard Storm Control Root Guard High Availability with Hot Standby Routing Protocol

(HSRP) VLANs VLAN Trunk Security Root Bridge Spanning Tree Protocol feature – PortFast

Cont: Developments

Cisco Router security

Password requirement (router access). Secure remote routers access . Secure unused router network services & interfaces.

Authentication, Authorization, Accounting protocol. Syslog server – LAN activities.IPS software firewall.Secure EIGRP routing protocol authentication

Secure router IOS imageAccess ListsNetwork Address Translation/PAT

Analysis

Inspection rule/Audit-trail process

CBAC rule

Secure DHCP server: DHCP Snooping , Dynamic ARP inspection, IP source

guard

Cont: Analysis

Public users access internal web server

Public denied access to private VLAN 2, and 3 subnets

Cont: Analysis

Inter- VLAN routing :

VLAN 2 accesses VLAN 3 & DMZ VLAN 3 accesses VLAN 2 & DMZ

Cont: Analysis

ISP/WEB server pings successfully the Company DMZ Web server

NAT Transactions

Cont: Analysis

In-line IPS software firewall inspection Syslog server activity

Cont: Analysis

Secure line VTY: SSH Vlan 2 & 3 access internet

London Met Cisco laboratory enabled me achieve a secured environment of the physical layer devices.

layer 2 is the LAN’s most vulnerable layer

Secured layer 2 to 7 of the OSI model layers.

Secured the private network from receiving un-trusted traffic from public network/internet .

LANs redundancy, reliability and cost effectiveness achieved by;

Implement Network Security Policies & employ Network Security Professionals.

Skills learnt: LAN security threats,& mitigation technology , Time management, report writing , information research and presentation skills.

Conclusion

QUESTIONS ARE WELLCOME

THE END