CyberSecurity Week 4

Assignment

 Identify and describe the key components of a typical network architecture. How do these components
contribute to the overall security of the network?

A typical network architecture consists of several key components, each playing an essential role in
the functioning, performance, and security of the network. These components include:

1. Network Devices
Routers: Routers direct data packets between different networks by analyzing headers and
forwarding them to their destination. They provide security by separating network segments and
implementing security protocols such as firewalls and access control lists (ACLs).
Switches: Switches connect devices within the same network (LAN). They facilitate efficient data
transmission by using MAC addresses to forward data to the correct destination. Security is
enhanced through VLANs (Virtual LANs) and features like port security.
Firewalls: A firewall monitors and controls incoming and outgoing network traffic based on
predetermined security rules. Firewalls are critical for network security as they block unauthorized
access and filter malicious traffic.
Access Points (APs): Wireless APs allow wireless devices to connect to the wired network.
Security can be ensured with encryption protocols (e.g., WPA3) and restricting access to authorized
devices.
Load Balancers: These devices distribute network traffic across multiple servers to ensure no
single server is overwhelmed. They contribute to security by mitigating DDoS (Distributed
DenialofService) attacks.

2. Network Infrastructure
Servers: Servers store data and provide services to clients. They must be secured with proper
access controls, encryption, and monitoring to prevent unauthorized access.
Clients/Endpoints: Endpoints like computers, smartphones, and IoT devices connect to the
network. Securing these devices with endpoint protection software, firewalls, and regular updates is
critical in preventing threats like malware and ransomware.
Data Storage: Centralized or cloudbased storage solutions where sensitive information is kept.
Security here focuses on encryption, access controls, and regular backups to prevent data breaches.

3. Security Mechanisms
Intrusion Detection and Prevention Systems (IDS/IPS): These systems monitor network traffic for
suspicious activity and either alert (IDS) or block (IPS) malicious traffic in realtime, enhancing
network security by identifying and responding to threats before they cause harm.
Virtual Private Networks (VPNs): VPNs allow secure remote access to the network by encrypting
data sent over the internet. This ensures confidentiality and protects against eavesdropping.
Encryption Protocols: Encrypting data in transit and at rest ensures that even if data is intercepted,
it cannot be read without the correct decryption keys.
Access Control Mechanisms: Access control includes authentication (e.g., usernames, passwords,
biometrics) and authorization (determining user permissions). Implementing strong access control
mechanisms ensures that only legitimate users can access network resources.

4. Topology and Design

 Network Segmentation: Segmenting the network into smaller, isolated parts limits the spread of
malware or unauthorized access. For example, separating a publicfacing web server from internal
systems reduces risk.
Redundancy and Failover Systems: Ensuring redundancy in the network design through backups,
failover devices, and alternate paths prevents downtime and enhances security by ensuring business
continuity even in the case of equipment failure or attacks.
Demilitarized Zone (DMZ): A DMZ is a network segment that provides an additional layer of
security for publicfacing services (e.g., web servers), keeping them isolated from the internal
network to reduce risk.

How These Components Contribute to Security:

1. Defense in Depth: Multiple layers of security mechanisms (e.g., firewalls, encryption, IDS/IPS)
ensure that even if one layer is breached, other defenses remain to protect the network.
2. Access Controls and Authentication: Strong authentication mechanisms and access control
policies ensure that only authorized users can access network resources, reducing insider threats and
unauthorized external access.
3. Network Monitoring and Threat Detection: Tools like IDS/IPS and firewalls continuously monitor
traffic for abnormal or malicious activity, ensuring quick detection and response to potential threats.
4. Segmentation and Isolation: By separating critical network segments (e.g., using VLANs or
DMZs), the impact of a security breach is limited, preventing widespread attacks or data theft.
5. Data Encryption: Encryption of data in transit and at rest protects sensitive information from
interception or theft by unauthorized parties.
6. Patch Management and Endpoint Security: Keeping network devices and endpoints updated with
security patches reduces vulnerabilities that attackers could exploit.

 Analyze a network architecture from a case study and identify potential vulnerabilities. What security
controls would you propose to prevent breaches and strengthen the network’s defenses?

To analyze a network architecture from a case study and identify potential vulnerabilities, we’ll
follow a structured approach. Let’s assume we are dealing with a midsized company’s network that
includes various components such as routers, switches, firewalls, servers, workstations, and wireless
access points. The network is connected to the internet and serves both internal employees and
external clients.

Hypothetical Case Study Network Architecture

Main Components:
Routers: Connecting to the internet and various segments of the internal network.
Switches: Interconnecting departments such as IT, finance, HR, and operations.
Firewalls: Protecting the internal network from external threats.
Servers: Hosting databases, email services, web applications, and file storage.
Wireless Access Points: Providing wireless access for employees and guests.
VPN: Allowing remote access to the network for employees working from home.
Endpoints: Including employee workstations, smartphones, and IoT devices.
DMZ: Hosting publicfacing services, including a company website and customer portal.

Identified Vulnerabilities
1. Outdated Firmware on Routers and Switches
 Risk: Devices running outdated firmware can have unpatched vulnerabilities, making them targets
for exploits that attackers can use to gain access to internal networks.
Potential Impact: Attackers could gain control over routing and switching paths, intercept data, or
launch maninthemiddle attacks.

2. Weak or Default Passwords on Network Devices

Risk: Many network devices ship with default passwords that are wellknown. If these passwords
are not changed, attackers can easily gain administrative access.
Potential Impact: Compromise of routers, switches, or firewalls could allow attackers to reroute
traffic, disable security settings, or create backdoors into the network.

3. Lack of Network Segmentation

Risk: If there is no segmentation between critical departments (e.g., finance) and less critical areas,
an attacker who compromises one device could move laterally across the entire network.
Potential Impact: A single compromised endpoint could lead to access to sensitive data (e.g.,
financial records, employee details).

4. Unsecured Wireless Networks

Risk: If the wireless network is poorly secured (e.g., using weak encryption like WPA or not
isolating guest networks), attackers could gain unauthorized access to the internal network.
Potential Impact: An attacker could eavesdrop on communications, inject malicious traffic, or
directly access sensitive systems.

5. No MultiFactor Authentication (MFA) for VPN Access

Risk: If employees can access the network remotely via VPN with only a username and password,
a leaked or weak password could allow attackers to breach the internal network.
Potential Impact: Unauthorized access to internal systems, databases, and critical services from a
remote location.

6. Unpatched Software and Servers

Risk: Servers hosting critical services (e.g., web, email, or database servers) could have known
vulnerabilities due to unpatched software.
Potential Impact: Exploiting these vulnerabilities could allow attackers to take control of the
servers, steal data, or launch malware attacks like ransomware.

7. Insufficient Monitoring and Logging

Risk: Without continuous monitoring and logging, network admins may not detect suspicious
activity, making it harder to respond quickly to security incidents.
Potential Impact: Security breaches may go unnoticed for extended periods, allowing attackers
more time to extract data or escalate privileges.

8. Weak Endpoint Security

Risk: Workstations, laptops, or IoT devices with weak or outdated security software (e.g., no
antivirus or outdated signatures) could be compromised.
Potential Impact: Compromised devices could become entry points for malware, ransomware, or
attackers seeking to move laterally within the network.

Proposed Security Controls

1. Firmware and Software Updates
Control: Regularly update the firmware on routers, switches, firewalls, and other network devices
to patch known vulnerabilities.
Benefit: Reduces the risk of attackers exploiting devicespecific vulnerabilities to gain
unauthorized access.

2. Strong Passwords and Access Control

Control: Implement strong password policies, require the use of complex passwords, and enforce
periodic password changes. Disable default accounts or change default passwords on network
devices.
Benefit: Prevents unauthorized access to network devices, reducing the likelihood of compromise
through weak or default passwords.

3. Network Segmentation
Control: Use VLANs and subnetting to separate different departments and services, ensuring that
critical systems (e.g., finance, HR) are isolated from less sensitive areas.
Benefit: Limits the ability of attackers to move laterally within the network if they compromise
one part, protecting sensitive data and systems.

4. Secure Wireless Networks

Control: Use strong encryption (e.g., WPA3) for wireless networks and implement a separate,
isolated guest network for nonemployee users.
Benefit: Prevents unauthorized access to internal systems through wireless networks, reducing the
risk of eavesdropping and malicious access.

5. Implement Multifactor Authentication (MFA)

Control: Require MFA for VPN and other remote access services to ensure that access is not
granted solely based on passwords.
Benefit: Even if a password is compromised, MFA adds an additional layer of security, preventing
unauthorized access to the network.

6. Patch Management and Vulnerability Scanning

Control: Establish a routine patch management process to keep servers, applications, and network
devices up to date with the latest security patches. Perform regular vulnerability scans to identify and
remediate weaknesses.
Benefit: Reduces the risk of exploitation through unpatched vulnerabilities, especially on critical
systems.

7. Enhanced Monitoring and Intrusion Detection

Control: Deploy Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) along
with Security Information and Event Management (SIEM) solutions to continuously monitor
network traffic and detect anomalies.
Benefit: Increases the ability to detect and respond to suspicious activities, mitigating the potential
damage from an attack.

8. Endpoint Security Solutions

 Control: Ensure all endpoints (e.g., workstations, laptops, mobile devices) are equipped with up-
to-date antivirus software, firewall protection, and encryption where necessary.
Benefit: Prevents malware infections and protects sensitive data stored on or accessed from
endpoints.

Conclusion

By analyzing the network architecture and identifying potential vulnerabilities, it is clear that a
combination of technical controls, updated policies, and ongoing monitoring is required to strengthen
the network’s security posture. Addressing these vulnerabilities through segmentation, patch
management, multifactor authentication, and proactive monitoring will significantly reduce the risk
of breaches and improve overall network defense.