Security Features Of Network Hardware Devices Computer Science Essay

Security Features Of Network Hardw atomic number 18 Devices Computer Science EssayDescribe the security features of interlock hardw atomic number 18 devices. All interlocking hardware devices need to have security functions which would pr regular(a)t unauthorised devil to systems and data and assistants stop vir expends malicious software from get ating the network.Network hardware devices includeWorkstationsModemsRouters radiocommunication Routers/WEP (Wireless Access points)Each network hardware device comes with its own security features.WorkstationWorkstations rely greatly on software to protect them from network threats. Anti-virus software programs help sustainment workstations safe and a software firewall is deployed to keep ports closed even if a program tries to open them. Keeping ports from being opened is like property a door closed nonhing slew go in or out. This reduces the threat from unauthorised access.RoutersTo access the security settings of a router, a us ername and countersignature is needed. If this is not configured anyone who gains access bequeath be able to administer the network as if it was owned by them. This is set buy the administrator or the ISP.Wireless Routers/WAP (Wireless Access point)Wireless routers are to a greater extent venerable to unauthorised access. This is because the LAN (Local Area Network) does not need to be accessed fleshlyly. If the telegramless functions of a router are not configured properly, the network ass be accessed and configured in administrative mode by anyone. This is a serious security risk.The radio set access can be controlled by configuring an encrypted password, setting a SSID (Service Set identifier) and choosing whether it is visible or not. If it is not visible, people will not be able to look for the access point they will have to know the SSID before hand. For password encryption WEP and WPA can be employ. WPA is more secure than WEP. Doing this stops unauthorised users from accessing the network.M2 assemble a networked device or specialist software to improve the security of the network.I have been asked to implement security to the plan below. This is the network security set-up of a till. I have been given the task of creating a detailed diagram coupled with a full write-up including any evidence of how the network security has been improved.I will analyse the potential risks of each asset in this network to find out what types of threats the business may face and what can be by dint of to defend or prevent these threats.Mainframe with customer accountsCustomers are able to log directly onto the extranet using their personal details. This means that they are essentially good-looking away their personal, confidential breeding. Although an extranet is a private network it uses the internet for its external access feature. When sending information across the internet without the right protection, information could be intercepted and taken for later use. Information can even be altered at the time of sending for example a hacker might interpolate the address that a customer wants to send money to in dictate to commit fraud. This is called the man-in-the-middle attack.If the website does not use encryption, people may start attempting to target the sites vulnerabilities. Depending on how popular the service is the likelihood of an attack can vary. The can be easily prevented by using a secure HTTPS connection on the website when traffic with personal and private information. This will also prevent the man-in-the-middle attack as time-stamps are used. This means if information transfer has been delayed, it may be altered so it is ignored.The network set-up can be made more secure by adding a dedicated firewall in between the extranet and the external customers. Although a firewall has already been installed, ersatz routes can be taken to avoid the firewall. An example of when this will happen is when the connection is cut be tween the firewall and extranet, an alternative route may be taken when accessing customer details.Internal Bank Systems and All other bank dataBecause there is not firewall installed between the internet and extranet, malware and/or spyware may make it through the network, through the Internal Bank Systems and into the server that holds all the other bank data. This data can range from customer accounts to the banks future strategies and projects. This makes the bank venerable to hackers and even competitors as this information can be used for fraud and blackmail or it can be taken secretly by another bank to give the competitor an extra edge in the market.If the internal bank systems are taken over externally, money transferred illegally and records deleted, this would cause a extensive problem for the banks as well as all of its customers and employees.Although it is not likely that other banks will hire hackers to attack the network, it is common for hackers to try to find info rmation or ruin a banks system. This is popular and is also often seen in films. This can be prevented by place anti-malware/spyware software on the server and facility a dedicated, properly configured firewall between the extranet and internet.External Access via CustomersAdvice can be given to customers to prevent Phishing and other threats. If the customer is knowledgeable in this demesne they will notice that it is a risk. This can be stopped by informing the customers that they should only go directly to the site before logging in and not to follow email based links.FirewallIts all good having lots of firewalls installed on the network blocking every possible entrance but if they are not configured correctly they may let in experienced hackers. In some cases the user cannot access the internet with a program they use often and so they open a bunch of ports on the firewall so they can access the internet. This is unprofessional and doing this greatly increases the risk of una uthorised access the network. A network administrator should be contacted in this type of situation to open the port needed and minimised network traffic.If unnecessary ports are open the bank will be extremely venerable to a Distributed Denial of Service Attack (DDoS). This type of attack in often aimed towards commercial websites that sell/provide goods and/or services.This attack involves a computer sending a virus to a large number of other computers. The virus will have a trigger off. When this trigger is set off (by time or by another computer,) all of the computers infected will flood the victim server(s) with network traffic in order to shut down the server and their service.Here is a diagram that shows how this process takes place.If the server was turned off for even 5-10 minutes a vast issue forth of customers would complain. This bank may be targeted because if it is popular and well known.This type of attack can also be prevented by using a dedicated firewall that exa mines network ports to determine whether it is from a reliable or safe source. If it is a malicious packet it is dropped immediately. After receiving a packet it will send in on to the main server only if the packet is safe.Wireless Access point with WEPWireless routers are more venerable to unauthorised access. This is because the LAN (Local Area Network) does not need to be accessed physically. This is done by using an encryption algorithm called Wired Equivalent Privacy (WEP). As this security measure has become used more, it has been examined by hackers and now had been cracked. For this reason the newer, more secure security method should be usedWi-Fi Protected Access (WPA/WPA2)If the wireless functions of a router are not configured properly, the network can be accessed and even configured in administrative mode by anyone. This is a serious security risk. The administrator ask to set an admin password and username in order to prevent this.I have produced an improved network d iagram using the countermeasures mentioned above. This new network had improved the network security in every aspect above. I have done this by configuring all devices, installing security software on relevant devices and installing two extra firewalls.M3Explain the similarities and differences between securing a wireless and wired network system.Wired and wireless networks are very similar in a logical diagram but physically can be very different. Wireless networks can go further than a wire, for example they can go through walls and building floors. Because of this wireless and wired network security is very different is some ways.Physical securitySecuring a traditional wired network, physical aspects of the network have to be looked at. For example servers have to be located in secure rooms with locked doors and wires have to be protected using wire covers. Below are examples of the kind of products that professional networks will have installed.Wire networks also need physical s ecurity but they can still be accessed wirelessly, because of this a password has to be used to restrict unauthorised access. This can be implemented using Wired Equivalent Privacy (WEP) or the more secure Wi-Fi Protected Access (WPA/WPA2). The network SSID (Service Set identifier) can be configured to an unsearchable setting. This prevents people even knowing that the wireless network exists. The SSID would have to be known in order to connect to the network in this case.SpeedOne of the main disadvantages to wireless networking is the reduced speed. Wireless Ethernet is either 11Mbps (802.11b) or 54Mbps (802.11a) or 160 Mbps (802.11n) whereas Wired Ethernet is can be from 100Mbps to 1Gbps (1000Mbps) or morePerformanceAlthough the speed of wireless has been greatly increased due to the introduction of 802.11n, it still cannot keep up with the demand for bandwidth in networks today. If multiple people are gaming over the internet, sharing/downloading files and using bandwidth the net work may be overloaded. With wired Ethernet 1Gbps can handle the large bandwidth demand and provide a good service to all users on the same network.ConnectionBoth wired networks and wireless networks can communicate across a peer-to-peer network. This can be used to store and share data, communicate privately or transfer files. Although with a wireless connection files over 100MB problems have been said to occur.Client servers are used to centrally store client data and programs on a server giving them access from multiple locations. This is not possible over a wireless connection as a high performance and high bandwidth is needed.ProtocolsFor communication wired and wireless systems have to use different protocols. Both use standard protocols such as HTTP, UDP and TCP. But for wireless connections encryption has to be used. This is because anyone can interrupt a wireless signal without being noticed.