4WNI Case Study Part 3

Task 1
Network Security threat A network security threat is something that
jeopardises the integrity of the network. Network security threats come in
many forms, varying what sort of threat they impose and what sort of
damage they can do. Some threats will simply watch your activities
where as others will steal information, upload malicious softwares or erase
important data. It is very important to know about network security
threats so you can protect your networks from them or repair and remove
any damage or intrusions that occur. Different types of threats include
viruses, eaves dropping (like wiretaps), DDoS, employees that put
information at risk whether it be through allowing unauthorised access to
information or compromising the network, unsecured vulnerabilities or
access points to name a few. When managing networks often privacy and
security is highly regarded as data can be of a sensitive nature or carry
value with it. Often unauthorised users try to piggyback on connections,
gaining free internet or network use for free, this causes network/internet
speeds to be effected as well as the network be at risk to the intruder.
Network function can also be important to the running of a business as a
whole if it is necessary to perform certain tasks. These are a few reasons
why network security threats should be understood and prevented
against.
Netwo Description of Why is it a How it effects How to
rk threat threat a reduce/mange this
Securit network threat
y
Threat
1. An attack in It bottle necks Network or Firewalls and some
DDoS which a access to connection routers can be
network/connecti networks or resources could configured to detect
on or server is connections or be vital for flooding traffic and not
sent an extreme interrupts them operations or allow it. Depending on
amount of fully making simply desired the network type the
packets. This is them unusable. to be used and connection can be
considered are not severed from the DDoS
illegal in a few accessible. source and started
countries. fresh with an
unaffected network.
2. A hacker tries to It can be to Private data is Have secure passwords
Hackin exploit network destroy data, at risk, so are for network access,
g weaknesses for steal data, any files etc on including encryption.
different simply intrude the network. Have physical locations
reasons. in a private The hacker can have security measures
network or affect how the implemented.
upload network runs
malicious too.
software
3. Monitoring of Some activities Data or Ensure no listening
Eaves network performed, activities software of the sort is
Droppin activities. such as storing performed are somehow installed in
 g data could be under the eye the network, checking
storing of of a watcher for this malicious
sensitive data and this could software occasionally.
which could be result in loss of
intercepted. information of
any sort.
4. Employees who Network data Network Train employees and
Careles dont follow or access to the functioning can enforce the training,
s guidelines and network can be be effected or monitor within reason.
Employ regulations or do lost or data can be Have limitations on
ee not know them compromised. lost or stolen. certain employees so
they dont put too
much at risk.

Task 2

Network vulnerabilities Network vulnerability is a weakness or opening

that allows attackers or other element to access, steal from or otherwise
compromise a networks integrity and performance. Ensuring that a
network is functioning fully to the required ability is a high priority as it
can be the backbone of an operation. Vulnerabilities are not just outside
influences but also inside influences, such as flaws in design, incorrect
implementation or materials used and unresolved bugs/issues on the
system. Vulnerabilities can be created by something like an unused
service or protocol being implemented that creates a potential opening
but is never used on the network, therefore being an unnecessary
potential attack surface. Both internal and external vulnerabilities can
require separate methods to ensure they are secure and no longer
vulnerable and as such should be looked at individually. Vulnerabilities to
the network should be assessed as soon as they arise and resolved within
a short time frame as well as measures taken to avoid future
vulnerabilities.

Network Description Why is it a How can it How can it be

Vulnerabili of Vulnerabili effect the reduced/man
ty Vulnerability ty network aged
1. Data is sent Plain text is Whether it is Encryption,
Transmittin across media readable by passwords or secured
g data in as plain text outside sensitive data, transmitting.
plain text users. they can be
seen by others
and used by
them.
2. Services or It increases The network Removing
Unnecessar protocols that the attack can become unnecessary
y services are surface or compromised if services or
and implemented vulnerable attacked. protocols or
protocols but unused or areas of the monitoring
not needed. network. them closely.
3. Weak Physical Certain The entire Physical
Physical access to the aspects of a network is security such
security network network vulnerable, the as locked
because there can be fully state of the rooms or
are no locked accessed in network, the cabinets.
gates, so to a physical data on the Secure areas of
speak, location network, the facilities.
preventing hardware and Guards
access the functioning. depending on
the scale of the
operation.
4. Bugs that Increased Can allow Using validated
Application occur within attack unwanted applications,
bugs an application surface. software or remaining up-
which provide Unknown access onto the to date and
a backdoor access and network. having strong
or attack exploitation security
surface. . settings such
as firewalls
configured.
Task 3

Network Hardening Techniques Network hardening is the process of

securing your network by reducing the ways it can be attacked or become
vulnerable. The purpose of it is to eliminate as many risks as possible so
that the network is secure as it can be; this is done a few ways such as
removing unused usernames/login details for user accounts that are no
longer needer or used, removing applications that could be a security risk
and arent needed on the network, removing services and closing
unnecessary ports so access to the network cannot be gained through
them. It is important to know about network hardening so that you can
secure a network to the best of your abilities as prevention is better than
fixing or eliminating a threat that has gained access. Some techniques are
more complicated than others so knowing about them beforehand can
provide you with time saved, knowledge of how they work and why they
are needed, and when to implement them. Often data on a network is
private or the network provides access to private systems, thus making
security pivotal and network hardening a necessity so that the network is
less susceptible to threats because of a smaller attack surface.

Network Description of the How it benefits the

Hardening technique
Techniques
1. Encryption A process of encoding data
so it is unreadable to
outside listeners or anyone
that intercepts it.
network
It makes data much more
secure so that if an
attack is launched,
transmitted data may be
lost or viewed, but
unreadable in its viewed
 state.
2. Strong firewall Configuring the firewall on Prevents attacks
configurations a network with strict and occurring. Such as on
highly defined settings. ports that were open for
no reason, by closing
them, and reducing the
number of entry points
for an attack.
Prevents certain types of
transmitted data from
gaining entry to the
network.
3. Strong user Complex usernames and Complex passwords help
authentication password rules along with prevent brute force
techniques password policies. attacks on weak entry
points. Password policies
such as password expiry
keep the passwords
changing from time to
time keeping the network
even more secure.
4. Intrusion Device or software that Can alert you to network
Detection System monitors a network for breaches or violations so
intruders, malicious that you can resolve
software or policy them whether manually
violations. or with another device or
software program.

Task 4
Microsoft System Center Configuration Manager Software that allows for
advanced system management. SCCM is designed to allow administrators of
systems to have greater control, ensure the network remains compliant with
policies, to protect the network by reducing vulnerabilities and protecting against
threats whilst allowing users to access everything they need to be productive.
It allows features such as software deployment, software updates deployment,
remote control, network access protection, network health monitoring, software
and hardware inventory (what software and hardware are on the network and
can be distributed through the services of SCCM), operating system deployment
and patch management, all in a secure setting. SCCM can manage all devices
that access a network and deploy policies, what assets the devices can access or
have distributed to them and compliance reporting. SCCM has a service called
Endpoint Protection, which as a service provides malware protection against
known and unknown threats. It also identifies and provides remediation for
network vulnerabilities. Endpoint combines previous services into one which
allows for easier management and less resource use for multiple services. SCCM
is a strong network security tool as well as a strong tool for administrating a
network, many of the services it provides reduce attack surfaces immensely
which keeps the network safe from many threats. Some of the things that SCCM
provides management over are seen as vulnerabilities and this helps manage
them safely too.
Compliance and Settings Management

SCCM simplifies and automates client compliance. What this means is

SCCM provides simplified compliance and policy options that can be
enforced. SCCM allows for a baseline to be created or templates to be
used, a baseline will include detail which operating system should be
installed and its configuration, what applications will be needed and if
they are installed and configured. This is pushed down to the client agent
which will detect if the client deviates from the baseline or is not
configured as specified, administrators can choose to have the client
agent automatically enforce the baseline. It also provides reporting
features for the network, reporting features: Comparison of configurations
between devices in the network, Identifies unauthorised users or device
configurations, Severity of non-compliance (4 different levels).

Operating System Deployment

Operating system deployment is semi-automated deployment of OSs to

new devices or devices that need reconfiguring. The device can be in any
state for the deployment to be possible. SCCM needs to be configured
with task sequences by an admin and the steps need to be grouped and
ordered. This makes deployment not only easier but more efficient.
Having a configured deployment also ensures a standard for all
instalments. This feature provides simplicity in planning for upgrading or
implementing new operating systems and reduces cost and time
deploying new operating systems.

How SCCM could reduce some of the network security threats and
network vulnerabilities.
SCCM can reduce threats from viruses and malware by detection and removal
through its features, its malware protection is reported as advanced and highly
efficient. SCCMs unique management tools allow for less outside network
interaction with its software deployment features, deploying the software and
updates internally after SCCM obtains them is better than each client accessing
outside network media. SCCMs monitoring tools provides discovery of/insight
into vulnerabilities which makes it easier to remedy them. SCCMs device
management and compliance settings make it easier to detect any unauthorised
users/devices and reports on them. SCCM overall reduces the attack surface of
the network through many of its management features and services.