This informational report will explain and guide you through the process and plan that will be implemented to prevent any unauthorized equipment (including external rogue switches) from entering the network. In addition we will be implementing the spanning tree protocol to eliminate any layer 2 loops and ultimately causing a network storm.
First I’d like to begin by going into detail about the VTP (VLAN Trunking Protocol) IEEE 802.1q. I will initially enable all the VLANs on the only designated VTP server mode, and then configure the trunking protocol 802.1q between the switches allowing all the VLANs on that trunk. All the other switches will be configured as clients so the network topology will be pushed through the VTP server mode. The VTP transparent mode is strictly going to be used for administrative purposes, only allowing that switch to pass updates/information onto the next switch. The commands for enabling the VTP trunking protocol, domain, and the mode are shown below.
Trunking mode
Switch(config)#int fa0/1
Switch(config)#switchport trunk encap dot1q
Switch(config)#switchport mode trunk
Switch(config)#switchport trunk allowed vlan 1-99
Trunking protocol
Switch(config)#ctp domain devrynet
Switch(config)#vtp mode server (client/transparent depending on switch and location)
To ensure the network stays secured to the point where no one or no device can alter the current configuration we are going to implement a few things. First we will password protect the local and terminal access on the five VTY ports on the switches (see below for the commands). Next we will enable switch port security which will disable a port if more than one MAC address is detected as being connected to that port. We will also re...
... middle of paper ...
...ne elect a root bridge, two elect root ports, and three elect designated and non-designated ports. The mode of the STP that will be used is called the Rapid Spanning Tree Protocol (RSTP) mode. This mode will allow the switches to hold an election process based on the switches Bridge ID (BID). With the root bridge you will have the root ports to the root bridge (the fastest port connected to the root bridge). Every switch has a designated (primary) and non-designated (secondary) path to the network bridge or root device. The spanning tree protocol algorithm will establish a designated and non-designated link based on cost. Cost is measured by how fast the connection is between the two switches, the faster the link speed the lower the number; the lowest number wins the designated link. To enable this mode the commands used will be in privileged mode (see below).
The deployed wireless network automatically disables rogue access points when required. In order to connect to the wireless network, all wireless laptops are required to be the current domain members. A group policy is enforced to all domain members so as to lock their system to SSID access point. For network layer protection, firewalls must be installed throughout the network. Wireless connections should always be WPA2 secured. All systems must have anti-virus software which provides protection from viruses. To ensure that only valid users access the network system, server certificates are installed in the
...work Security Article). With this given information in the essay, is a great start to learn how to keep your network secure. This is only a small part of the prevention of infiltration of your network and computer. If one desires to learn more, go above and beyond and continue to learn on how to keep your network secure.
Stewart, J. M. (2011). Network Security, Firewalls, and VPNs. Burlington: Jones & Bartlett Learning, LLC.
2. Once you have segregated the POS network, you need to apply rules on the networking device responsible for the
McGee, A. R., Vasireddy, S. R., & Xie, C. (2004). A Framework for Ensuring Network
In order to have a greater understanding of the terminology and descriptions offered in this paper, we must first understand what a network switch is. A brief definition of a network switch is a computer networking device that connects network segments. It uses the logic of a Network bridge, but allows a physical and logical star topology. It is often used to replace network hubs. A switch is also often referred to as an intelligent hub.
The security topology will determine what network devices are employed at what points in a network. At a minimum, the corporate connection to the Internet should pass through a firewall. This firewall should block all network traffic except that specifically authorized by the security policy. Blocking communications on a port is simple; just tell the firewall to close the port. The issue comes in deciding what services are needed and by whom, and thu...
A network topology in GNS3 (Graphical Network Simulator) is used in conjunction with Backtrack 5 to demonstrate the exploit tools of Cisco. The topology consists of three routers connected to one switch which is connected to a cloud. The cloud will act as Backtrack. The network address is 192.168.6.0/24. Each router is configured with separate IP addresses in the network. Backtrack is connected to the cloud on the same Vmnet custom network. (See Figure 3-1 below).
It has been demonstrated that a number of interoperable systems must be implemented to fully protect a network; a strategy known as Defense in Depth. Due to the multitude of security devices and device categories available, it can be very difficult to identify the correct tools for meeting security goals. Using the Defense in Depth strategy will require an understanding of the interactions between devices occuring within the network.
...llow the network traffic from secured networks. And Firewalls will also detect and block any intrusion attempts preventing any damage to the network.
Networks in organisation are dynamic and complex entities which can be quite challenging to configure and manage. (Kim & Feamster 2013). These corporate networks consist of multiple routers, switches, firewalls, middleboxes and a particular advantage of network management is the ability to monitor the entire business network. As all the devices are interconnected with many event occurring simultaneously, problems with once device can eventually lead and spread throughout...
The primary goal in routing multicast connections is to make efficient use of the network resources and to establish fast connections for data transmission. The network is often defined by a graph G(V,E) . Multicast routing protocols are been used in practical systems such as multicast backbone(M bone).M bone chooses the shortest path to each destination using the IP routing mechanism.Multicast routing in ATM Switch performs two basic functions such as switch and queuing.
Packet switching is used as an alternative choice for circuit switching which is used in PSTN or in ISDN for making or establishing voice telephone call connections
"ATM Network Security: Vulnerabilities and Risks." Javvin | Network Protocols Guide, Network Monitoring & Analysis Tools. Web. 02 Dec. 2009. >http://www.javvin.com/networksecurity/ATMNetworkSecurity.html>.
...d switches, which are lacking the capabilities to support management protocols or port mirroring, an alternative method was used, to capture the traffic and utilisation data of the network. A hub was used at the main office closed to the switch connecting to the internet machine.