VaryNet Inc. wants to create four separate offices across the globe. They want to be able to connect these offices over the internet, and they want to make sure that each network is available to each other, i.e., they want the routing information of all four networks to be available at each site, so that any employee can go to any site, and work from them, and they are worried about passing traffic over the internet. What would you offer as a network suggestion?
- Identify various hardware components and network topologies
- Describe basic network security concepts
- Discuss the characteristics of internet, wireless, and local area networks
- Compare circuit switching and packet switching
- Create internet ready connections to four separate offices.
Secure a Virtual Private Network
Linking offsite users to your company's network over the Internet enables them to check e-mail and access shared files. A Virtual Private Network (VPN) lets you do this more securely.
A VPN is basically a private network that takes advantage of a public network -- typically the Internet -- to connect remote users and/or distant offices with each other.
Some server products, including Windows Server 2003, offer extensive support for VPN technologies. At any rate, there are four basic tasks involved in setting up a VPN :
1. Set up a VPN server on your company's network. An existing computer can be used for this purpose.
2. Make sure your firewall is configured to allow VPN traffic.
3. Set the remote user's computer to connect through the Internet to the VPN server. The Connection Wizard in Windows XP makes it easy, taking you step-by-step through the set-up process.
4. Implement strong passwords -- or better yet -- biometric or token-based authentication to confirm the identity of users connecting to your network over the Internet.
Describe basic network security concepts
* Implementing user authentication,
* Using proxy servers and firewalls,
* Setting up demilitarized zones, and
* Taking advantage of port- and packet-filtering technologies.
User authentication, is the most basic component of network security, and its success depends on the method used (encrypted, plain text, and so forth), and on the ability to keep this information from unauthorized personnel. Some of the more popular versions of user authentication include the Password Authentication Protocol (PAP) and the Challenge Handshake Authentication Protocol (CHAP).
Discuss the characteristics of Internet, wireless, and local area networks ...
In a solution of over 1000 words, various hardware components and network topologies are identified, and basic network security concepts are described. The characteristics of the Internet, wireless, and local area networks are discussed. Circuit and packet switching methods are also compared.
Computer network security question discussion.
When you learned about the various technology products needed to secure an Internet perimeter, what differentiates one product from another in the marketplace? Why would a Cisco firewall be better than a SONICWall firewall, or is it? As you think about these questions, what might be some questions you'd ask a security product vendor when selecting firewalls, routers, and IDSs?
2-Please answer this post like discussion if you agree or disagree, and why? Please explain it. This post is the answer from somebody else about question #1.
When choosing firewall for network implementation, many things can differentiate one firewall from another. Firewalls can be different from each other according to what they offer. These are services that most firewalls offer today:
1.0 Full State Awareness, which has access to the "raw message," and can examine data from all packet layers. In addition, FireWall-1 analyzes state information from previous communications and other applications. The Inspection Module examines IP addresses, port numbers, and any other information required in order to determine whether packets comply with the enterprise security policy. It also stores and updates state and context information in dynamic connections tables.
2.0 Securing "Stateless" Protocols allows the firewall to understand the internal structures of the IP protocol family and applications built on top of them. For stateless protocols such as UDP aand RPC, the Inspection Module extracts data from a packet's application content and stores it in the state connections tables, providing context in cases where the application does not provide it. In addition, it can dynamically allow or disallow connections as necessary. These capabilities provide the highest level of security for complex protocols.
3.0 The Inspect language is based on using a checkpoint language for inspection of packets
4.0 Stateful Inspection: Under the hood to the firewall is able to ensure highest level of security, a firewall must be capable of accessing, analyzing and utilizing the following. The following functions are performed by stateful firewall: Communication Information - information from all seven layers in the packet
Communication-derived State - the state derived from previous communications. For example, the outgoing PORT command of an FTP session could be saved so that an incoming FTP data connection can be verified against it.
Application-derived State - the state information derived from other applications. For example, a previously authenticated user would be allowed access through the firewall for authorized services only.
Information Manipulation - the evaluation of flexible expressions based on all the above factors.
Check Point's Stateful Inspection is able to meet all the security requirements defined above.
Personally when designing network for a small or medium company I will choose Sonicwall over Cisco because of easy to configure that its firewalls offer, and the price that is much cheaper than Cisco's. In the opposite if I have to design a network for large company I will choose Cisco firewall because of the complexity of their system design, also because the name of Cisco which will give them more assurance than Sonicwall will do. The best thing to do is also mix both firewalls in the design since their interoperability is guaranteed.