Network Audit for Wi-Fi and LAN setup

with security provisions for CC2 building

ICL2017001
ICL2017005
ICL2017012
Conducting Network Security Audit
in CC2 building

Step 1: The Scope of the Security Perimeter

Step 2: Defining the Threats
Step 3: Prioritizing and Risk Scoring
Step 4: Assessing the Current Security Posture
Step 5: Formulating Automated Responses and Remediation
Action
 Scope
The scope of this project involved:
• Inventory: determining what kind of devices were
running on the network;
• Support: if any of those devices were obsolete;
• Architecture: how the devices were connected;
• Security: if there were any security concerns they
needed to address; and so on.
 Inventory
• Switch
• Router
• Networking Cables
• Main Server Room Devices
• Hostel Server Room Devices
• Laptops
• Desktop in Warden Room
• Patch Panel
Constituents of Tech-Infrastructure
• Hardware
– Computers
– Servers
– Peripheral Devices
• Software
– Operating Systems (System Software)
– Packages (Application Software)
• Network
– Topology (layout)
– Devices (functional)
– Services (operational)
 Hardware - Computers
• 1200 + (70% assembled)
• P-IV 2.0 – 3.4 GHz
• 512 MB – 1 GB RAM
• 80 - 160 GB HDD (ATA, SATA, SCSI)
• CDR/RW, DVDR/RW/smart media drives
• 17”, 19”, 21” TFT/CRT color monitors
• INTEL main board (with onboard ports)
• Internet/multimedia ready
• Maintenance friendly
 Hardware - Servers
• 55 + (branded as well as assembled)
• P-IV 1.6 – 3.0 GHz (dual Xeon Processor)
• 2 – 4 GB RAM (DDR2)
• 18 - 36 & 80 GB Hot swap 10/15K SCSI HDD
• Onboard Gigabit LAN Interface (dual)
• 15”/17” CRT/TFT color monitor
• INTEL main board (with onboard ports)
• Remote administration over network
• Learning (R & D) friendly
Hardware - Peripheral Devices
• Printers(approx. 100)
– LaserJet, Inkjet (color), Dot Matrix
• Scanners, Media Convertors, Connectors
• External Storage Units
• Web/Video Cameras
• Audio/Video Mixer
• Sensors, Speakers, MODEM
• NAS – 8 TB with RAID 0
• IP-SAN – 8 TB with RAID 6
 Software Packages
• All OS from Microsoft (Windows family)
• Linux (SuSE, Redhat, Fedora, Debian etc.)
• Solaris, Mac OS X
• All software products from Microsoft
• Oracle Database/Development tools
• Mathematica, Statistica, Matlab, C/C++
• Simulation Packages (Katia, IGRIP, SimLink,
Synopsys, Cadence etc.)
• Other Freeware tools
 Network Layout
• Topology – Hybrid (Star + Bus) (OFC route)
• Backbone (Implementation Layout)
– 6/12/24 core OFC (single mode)
– Gigabit bandwidth
– Redundant lines
• Network – B Class (easy to scale)
• Indoor Cabling – Structured Ethernet (CAT5)
• Subnets – 11 (logical sub grouping of network)
• IP Addressing – Static & Local (172.16-31.n.n)
• Domain Names – iiita.ac.in, rgiit.ac.in, iiita.net
 Network Services
• DNS (Domain Name Service), Gateway
• Firewall & Proxy (protection & sharing)
• Integrated Central Authentication (LDAP)
• WWW (www.iiita.ac.in, website.iiita.ac.in)
• Mail, Webmail & News (to be setup)
• Student Forum (IIITA chit-chat)
• Software Repository (myftp.iiita.ac.in)
• Profile Webpage (50 MB online space)
• FAQ (indem.iiita.ac.in)
 Intranet Connectivity
Server Room
Router Internet
BB Switch
OFC

GW GW

CC1
LT
MS Lab MBA Lab
 Internet Termination
• Leased Line (circuit termination)
– 50 Mbps from BSNL (over fiber)
– 1 MBPS from ERNET (over copper)
• MODEM & Media Converter (terminator)
• Router (CISCO 3600/1700 & DLink DI-2630)
• IP Range (210.212.48.1-62)
• DNS IP (210.212.48.30 & 210.212.48.62)
• Subnet Mask 255.255.255.192
• Gateway 210.212.48.1
• Round the clock Internet service at Campus LAN
 Network Switches
• CISCO 4000 Back Bone Switch (Layer 3)
– Manageable for packet routing and forwarding
– 12 Fiber ports (Gigabit)
– 24 Ethernet ports (Gigabit)
– Configured for 12 Virtual LANs on each Fiber ports
– Routing enabled amongst VLANs
– VLAN Traffic monitoring and controlling
• CISCO 2950 Distribution Switch (Layer 2)
– Manageable for packet forwarding
– 2 Fiber ports (Gigabit)
– 24 Ethernet ports (Gigabits)
• DLink 1024R+ (Local switch)
– Unmanageable (auto management)
– 24 Ethernet ports (10/100 Mbps)
 Virtual LANs
• Logical partitioning of LAN
• 172.16-31.n.n
– E.g. 172.18.1.2., 172.31.1.22
• 172.16-31.1.1 gateway to VLANs
• 172.16-31.1.2 gateway to building LAN
• IP Range – 172.16-31.n.11-55 (may vary)
• Netmask – 255.255.255.192
• DNS – 172.31.1.30 & 172.31.1.62
• Fly-over for Internet at CC1 and CC2
• Central Firewall at Server Room
 Server Room
• Central - in Lecture Theater
– Internet/Intranet/Intercom termination (CLAN)
– Internet/Intranet service hosting
– Central firewall, authentication & file storage
– Traffic monitoring and bandwidth management
– Proxy authenticated Internet service
– Web sites and mail service
– Software repository
• Regional - Local at each building
– Building LAN (BLAN) termination
– Internet/Intranet service hosting
– Fly-over (Firewall+Gateway+Proxy) at CC1 & CC2
• Intercom service (Telephone exchange)
• Managed by STUDENTS (INDEM)
 Network Configuration
• Computer Name (e.g. cc10210)
• Domain Name (iiita.ac.in)
• IP Address (must be in valid range)
• Subnet Mask (255.255.255.192)
• Gateway (172.n.1.1) (n = 16 to 31)
• Primary DNS (172.31.1.30 or 172.31.1.62)
• Secondary DNS (202.54.15.1)
• WINS (nothing)
• Computer name must be set
Basic Network Troubleshooting
• Status of NIC and patch cord
• Proxy setting
– Auto script (http://www.iiita.ac.in/proxy.pac)
– IP address and port number (172.31.1.4:8080)
• Gateway/DNS/host checking
– PING (ping 172.25.1.1)
– TRACEROUTE (tracert www.iiita.ac.in))
– NSLOOKUP (nslookup www.google.co.in)
– NET commands (net share)
• Status of switch port (green-100,orange-10Mbps)
• Enable/disable LAN connection
• Network utilization (using task manager)
 Network Classes
# Of
Netw
ork
IP Total # Of First ID Number of # Of Host
Addr Bits For Octet Bits Usable # Of Possibl IDs
ess Networ of IP Used Network ID e Per
Clas k ID / Addre To Bits Network Netwo
s Host ID ss Ident IDs rk ID
ify
Clas
s

224-2 =
Class A 8 / 24 0xxx xxxx 1 8-1 = 7 27-2 = 126 16,277,
214

216-2 =
Class B 16 / 16 10xx xxxx 2 16-2 = 14 214 = 16,384
65,534

221 =
Class C 24 / 8 110x xxxx 3 24-3 = 21 28-2 = 254
2,097,152
OFC Routes
Network Connectivity

Back
Internet Termination

Back
 Defining the Threats
The next step is to list potential threats to the security perimeter.
Common threats to include in this step would be:
•Malware – worms, Trojan horses, spyware and ransomware – the
most popular form of threats to any organization in the last few
years.
•Malicious Insiders – once onboarding has taken place- students,
staff members and guests – there is the risk of theft or misuse of
sensitive information.
•DDoS Attacks – Distributed Denial of Service attacks happen when
multiple systems flood a targeted system such as a web server,
overload it and destroy its functionality.
•BYOD – these devices tend to be somewhat easier to hack and
therefore must be completely visible on the network.
•Physical breaches, natural disasters – less common but extremely
harmful when they occur.
 Prioritizing and Risk Scoring
There are many factors that go into creating the priorities and
risk scoring.
• Cyber security trends – working with a network access
control system in place that factors in the most common and
current threats along with the less frequent, could save you
and your CISOs a lot of time and cut costs, while at the same
time defending the organization in an optimal framework.
• Compliance – includes the kind of data that is to be handled,
whether the Institute stores/transmits sensitive financial or
personal information, who specifically has access to which
systems.
• Organization history – If the Institute has experienced a
data breach or cyber-attack in the past.
 Assessing the Current Security Posture

At this point you should start to have an initial security

posture available for each item included in your initial
scope definition.
• Ideally, with the right access control systems in
place, no internal biases affect your initial audit or
any continuous risk assessments performed
automatically later on.
• Additionally, making sure that all connected devices
have the latest security patches, firewall
and malware protection will assure more accuracy in
your ongoing assessments.
 Formulating Automated
Responses and Remediation
Action
Establishing a corresponding set of processes designed to
eliminate the risks discussed in step 2 includes a few
solutions that should be included in this step:
• Network Monitoring :
• Software Updates
• Data Backups and Data Segmentation
• Student Education and Awareness
 Anti Virus
• Software versions do not matter
• Virus definition files should be up to date
• Auto updation of virus definition is possible
• Scheduled scanning and monitoring
• Avoid use of external storage media
• Central solution is also available (clients)
• Single solution is enough
• Fix-tools for worms are available online for
downloads
 Performance Tuning
• Disc scanning, Defragmentation
• Virtual memory on multiple partitions
• Portable registry database (regular watch)
• Remove TEMPORARY files (must)
• Proper un-installation of software (must)
• Avoid installation of online software tools (e.g.
musical desktop, fancy watch etc.)
• Proper shutdown of programs as well as system
(must)
• Remote desktop is handy but slow (avoid)
 INDEM – Role
• In-house experimentation, implementation,
maintenance the network resources
• Competent guidance & faith of authorities
• Students volunteer as active member
• High-tech implementations (open source)
• Reliable and secure Internet/Intranet services
round the clock
• Technical challenge rather than problem
• Innovative and learning environment
• User/Management friendliness, IIITA flavor
 Precautions
• Each and every activity is under close monitoring
• Log files are generated at servers for critical and
unhealthy activities (auto feature)
• IP addresses and Login accounts are traceable
• Official withdrawal of technical services and/or
punishment for wrong practices over LAN
• Appreciation for reporting on system’s bug/flaw
• Download, chatting are discouraged in Labs
• Innovative ideas, algorithms are solicited
• Help line – [email protected]
 Network Security Audit Checklist
Recorded the audit details Yes
All procedures are well documented Yes
•
Reviewed the procedure management
system
Yes
Assessed training logs and processes Yes
Reviewed security patches for software Yes
used on the network

Checked the penetration testing process Yes

and policy

Tested software which deals with

sensitive information
No
Looked for holes in the firewall or Yes
intrusion prevention systems

Is sensitive data stored separately Yes

Checked wireless networks are secured Yes

Scanned for unauthorized access points No

Reviewed the process for monitoring Yes

event logs
THANK YOU