Differences in the Wireless Protocols. Free Essay Example.

This chapter has broadened my knowledge on the different types of wireless protocols that include IEEE 802.11 x, WEP, WAP, WPA, and WPA2. IEEE 802.11x comes as a family of wireless communication protocols that use radio frequency. The frequencies used in the frequency spectrum are the 2.4GHz and 5GHz. This family of the protocol has a range of standards that include 802.11, 802.11a, 802.11b, 802.11g, 802.11i, and 802.11n starting from the lowest to the highest respectively in terms of the frequency spectrum. All of them are compatible with each other except the 802.11a. On the other hand, Wireless Equivalent Privacy (WEP) is a basic wireless protocol that is vulnerable to an IV attack. It has a weakness in its RC4 encryption algorithms allowing it to be cracked in a short period. But, a Temporal Key Integrity Protocol (TKIP) is employed to strengthen the encryption but has also been broken. Additionally, the Wireless Application Protocol (WAP) is the most common data transmission standard for many manufacturers and is very secure. It uses the Wireless Markup Language (WML), can respond to WML scripts and communicates using a WAP gateway. Lastly, the Wi-Fi Protected Access 2 (WPA2), is the most secure implementing the full standard 802.11i using the Cipher Block Chaining Message Authentication Code Protocol (CCMP). It has a 48-bit initializing vector that makes it hard to crack minimizing the risk of a replay attack.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Networking and ensuring security in the wireless system

Earlier on I had learned of about a system networking layers but I have now come to know that the same is used in the technologies that provide networking services between wireless devices. They include the Wireless Session Protocol (WSP), Wireless Transaction Protocol (WTP), Wireless Transport Layer Security (WTLS) and the Wireless Datagram Protocol (WDP) each doing the session information, transportation, security and interface functions respectively. However, building a wireless network is just easy, all you need is a NIC interface card on the client side and a communication medium on the network side. Then using a wireless portal you connect the two. Wireless connection is the most prevalent due to cost although prone to attack so it is better to check and verify whether the Access points are securely encryption and change the default password. Additionally, for easier access, first use the proper antenna, then place it high enough, the center of a room to be served, far away from metal or the ground and in cases of far signal travel place them in a power level control. To know the intensity of the signal, install a strength meter on a workstation. If the signal is weak, you can add additional APs and repeaters to the network.

Types of Vulnerabilities in a wireless system

Wireless systems have more weaknesses than wired networks because of the use of radio frequency for data emanation which is easily intercepted by using a simple software that can capture the traffic in a wireless AP. Therefore to prevent it, disable, or turn off the SSID broadcast. But, this can be cracked using albeit which discovers the access point behind the SSID. Virtually, all wireless networks are vulnerable to site surveys that are listening in on an existing wireless network using commercially available technologies. Jamming is when intentional interference is caused on a communication network. One common method of vulnerability is Warchalking where people leave signals in a weak network for others to use. Rogue attacks happen an attacker takes advantage of a rogue access point added maybe by mistake. After, they open up the system for a man-in-the-middle or evil twin attack where a rogue access point poses as a legitimate wireless service provider to intercept information that is transmitted by the user. To solve this, change all the default settings on all wireless devices. Lastly, there is Bluejacking where annoying soliciting messages are sent and bluesnarfing where there is gaining of unauthorized access through a Bluetooth connection. To prevent, do not set the device attributes to Discoverable.

Elements and Components of a network design

One major concept of network design is Cloud computing providing a platform of service models defined in Special Publication 800-145 including SaaS (Software as a Service) - The consumer is given the capability to use the applications of the providers running on an infrastructure in the cloud. PaaS (Platform as a Service)- The consumer is given the deployment capability onto the cloud infrastructure to acquire consumer-created applications created using programming services, languages, tools and libraries supported by the provider., and (IaaS) Infrastructure as a Service - The consumer is given the capability to processing provision, networks, storage and other resources that are fundamental in computing where the consumer can run and deploy arbitrary software, including the applications and the operating system. Also, it provides Infrastructure Deployment Service grouped into private, public, community and hybrid cloud. Private cloud is owned, operated and managed by an organization or third party. The public is government, organization, business, academic owned, operated and managed. A community cloud is exclusively for a specific community, owned, operated and managed by organizations in a community. Finally, hybrid cloud delivery model combines two or more distinct infrastructures (private, public, community) remaining as unique entities but bound together by standardized or proprietary technology.

Establishing a host Security

To establish a host security there is a need for implementation of the following virtualization elements. One, Snapshots after taking the image at the exact time they will enable one to revert a machine to a saved state. They contain all the machine settings, virtual disks attached and memory state of the machine allowing machine cloning for testing purposes. Second, Patch Compatibility needs to be factored in before the update of the systems. Verifying the source of the patch by testing them on lab machines before applying them to production machines. Third, Host availability or elasticity should always be provisioned and released, scale, and appear to be unlimited. Having the lowest downtime 99.999 percent uptime. Fourth, ensure that a Security control testing (SCT) is done so that design does not overwhelm security. Lastly, conduct Sandboxing where apps are run in restricted memory areas limiting the possibility of an app crash allowing a user to access an app or data associated with it.

Ensuring data security

I have learned that there are data security issues in cloud computing emerging from multitenancy. Multitenancy ensures that there are cost efficiencies by ensuring that workloads from various clients are on the same machine, a flaw in implementation could compromise security. The law and regulation as per NIST state that the consumer retains the ultimate responsibility for compliance. Although, cloud computing holds great promise when it comes to scalability, rapid deployment, cost savings, and empowerment there are risks involved in security. Data segregation can reduce risks associated with multitenancy, Patches and firmware should be kept up to date. Log files should be monitored carefully and Software and services not necessary for the implementation should be removed or disabled. For effective data storage on the cloud, using VPN routing and forwarding can help. Also, encrypting of data and backups should be done regularly and stored in safe locations.

The concepts of hardening

It is important to secure a network, make sure that every system in the system is updated and the required protocols are enabled. However, this is not enough to secure the network, for those running application and services there need to be hardening to make them hard to exploit. There are various ways of hardening. One, use of the tiered system model to help solve the complexity of the databases. Also use of NoSQL database for scaling purposes. Second, in cases of Big data use of SAN a mini-network that ensures the secure flow of data. The best way to prevent fuzzing from occurring on your systems is to validate all input to ensure that input is of the expected type. Third, Secure coding can be the best in preventing attacks for instance Cross-site scripting and SQL injection. Fourth, doing application configuration baselining prior to configuration compares the performance to a metric. Also, keep the OS and application patches current. Other ways of application security and techniques are user permissions, use of access control lists and Antimalware

The best security practice

As a security administrator, the most fundamental practices are the use of data loss prevention (DLP) systems and hardware-based encryption devices. DLP monitor the system's contents to make sure that the key contents are not removed or deleted. They also monitor who is using the data, transmitting it. One example of DLP products is MyDLP and RSA. Hardware-Based Encryption devices can be used within advanced configuration settings on some BIOS menus. Using TPM (Trusted Platform Module) chip can store cryptographic keys, certificates, and passwords. Also, it can be used to generate values used for encryption of the whole disk like the BitLocker. It is used to protect smartphones, PCs among other devices. It is usually installed on the motherboard where it is set to go off in the BIOS by default. Lastly, Hardware Security Module (HSM) is also a cryptoprocessor that can be used to enhance the security of devices

Supporting activity: Using Cloud Computing for Disaster Recovery

45% of all businesses that experience 10 or more days of ongoing disruption in business continuity, never recover, and usually, go bankrupt. With cloud computing, your business can continue critical functions such as CRM, Financial, inventory, email, voice. Vulnerabilities on the systems can be Unauthorized access to the management interface, data recovery, and internet protocol. Use of SAS-70 or SAS-16 as cloud providers for backups can help. They are built in places that experience fewer national disaster so that they can tap on multiple redundancy bandwidths so that if one bandwidth is down they provide access to the other bandwidths. Co- providers can provide multiple layers of physical and logical securities including biometrics preventing unauthorized access of data and theft. They can also use (UPS)uninterrupted power supplies. You also get SLA- service level agreement that guarantees your IT systems are up and running within 2hrs of a disaster. If using hosted PBX one can resume connection via devices like mobile phones, tablets, virtual desktops. The mobile device and virtual windows only act as a portal to the secure data in the cloud. Therefore, by having a good disaster recovery plan, will ensure that the systems are up and running in no time.

Supporting Activity: Network Design Risks

A recent article by Johnnie (2016), highlighted the security challenges of cloud computing and the risks involved. She explains that VMWares ESX, Microsofts Hyper-V, and Citrix XEN are hypervisors that underpin virtualization server used in cloud computing. These hypervisors get infected causing security risks like the addition of complex infrastructural layers, the dynamic change of the virtualized environments and quick movements of workloads. In the private cloud configuration, the concerns are that the VM may become infected with malware and via the VMs movements through the data storage, they infect the other VMs that share its host. If the organization is using traditional security devices, it will not be able to detect it d...