Saturday, May 2, 2020

Securing the Mobile Enterprise with Network-Based Security and Cloud

Questions: 1. Using the university network, search the IEEE digital library to find: a) Provide a full reference to the paper in the Harvard referencing style. Provide a brief explanation on the process used to find the paper. b) Write a critical summary of the paper covering the following aspects: a. What the most significant points are b. Implications of this paper for networking professionals c. Implications for a small company d. How they have referenced the work of others e. How well the authors have presented their work 2. The law firm currently has two sites one in Durham (Remote Office) and the other in Sunderland (Main Office). Create IP addressing schemes for the Main and Remote Office sites: All departments need to be in separate subnets. The external IP address for Main is 97.1.2.0/24, and for the remote office is 32.11.41.0/24. Use IP version 4 private addressing ranges within your networks (your choice as to which ones) and show how Network Address Translation (NAT) and Port Addr ess Translation (PAT) could be used to enable the connection of the external sites. Head Office : Lawyers (16 users) PAs (16 users) Customer Services (2 users) IP phones (up to 42 users) Finance (2 users)  Remote Office : Admin (2 users) Technical support (2 users) IP phones (up to 42 users) Home based workers (up to 32 users) Answers: 1. a. De Los Reyes, G., Macwan, S., Chawla, D., Serban, C. (2012). Securing the Mobile Enterprise with Network-Based Security and Cloud Computing. IEEE Xplore, Sarnoff Symposium (SARNOFF).[Online] 35, pp.1-5. Retrieved from https://web2.research.att.com/techdocs/TD_100802.pdf [accessed 1 April 2015].b. a. What the most significant points are The most significant points discussed in this paper are dealing with the security of the company exclusive data over the wireless network. The paper focuses on the various aspects of using a Virtual Private Network for sharing the information between various levels of the organization. This allows faster communication of information within the organizational network, but this also poses threat to the information. Earlier complex LAN structures were in use to connect various systems in the organization, providing security features using the DMZ policies. But as the communication system started growing, complex LAN structure began losing its value , as most of the communication is now based on mobile network. Smartphones, tablets, PDAs are the new generation tools for communicating with the business network. Providing company secure data to these devices without posing any threat to the data is a challenging task, and is not possible to be achieved by using old LAN structure. So, the security analysts came up with new ideas to make this become a reality. Combining the Cloud system with modern day security protocols has the potential to deliver the data securely to any mobile device. Use of Virtual Private Gateways has strengthened the security parameter of Cloud security, as now by using VPG an organization can limit the access to the content according to usage permission. The security is now basically on the cloud, and VPG is used as a channel to reach their, so now only policies are need to be designed for various user levels, thus providing better security over mobile devices with less complex structure.b. Implications of this paper for networking professionalsThis paper focuses about the various security loopholes present in the earlier models of networking, when used with modern day technology. Complex LAN structures, DMZ policies, etc. are a tale of the past now, and have almost lost their value in present day communication world. Now most of the corporate work is done over mobile devices, where these policies of the past find no fit. There is a need for developing new security policies or measures to counter the data theft attack in the mobile network via use of third party applications. One possible and the most promising way is described in this paper, that is the use of cloud storage, coupled with security at gateway and tunnel level, to keep the data entry and exit secure. A Virtual Private Gateway is used to monitor the traffic coming over the companys network, it also acts as a firewall to route the traffic originating from any third party software installed on the mobile device to another location. Data is secure over cloud storage and could be accessed from anywhere, using the access level specified to an individual by the organization.Industry analyst has raised issues of privacy concerns as the important barrier in adapting cloud computing in an enterprise. Thus to gain trust of the organization the technology of cloud should be able to provide levels of security and privacy , make system capable to resist threats and thus provide reliable storage to data and information. Figure 1: intersection of privacy and security needed to build trust in cloud applications The benefits of using the network security model proposed are as follows: It shall increase the trust and Longevity in the Marketplace. Customer satisfaction over Quality Solution Streamlined process and ensuring privacy.c. Implications for a small company The security features demonstrated here are well suited for companies with big budget for their security concerns, and a huge workforce who needs to access the data of the company over the move. Such companies have huge amount to spend over cloud storage or maintaining data servers. Small companies find it difficult to manage funds for obtaining such a high level of security, and although it is also not of so good use to small organizations, as the company size is small so there is not much need of transferring confidential data over the net. Here previous technologies could be used to provide security of the network. To conclude, use of cloud storage and VPG is not an economically viable option for small companies. d. How they ha ve referenced the work of others [1] William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, Reading, MA,1st edition, 1994.[2] Steven M. Bellovin, Clouds from Both Sides, IEEE Security Privacy,vol. 9, no. 3, May--June, 2011.Referencing is good where in the writers have referred to needed authors with respect to security, internet and clouds. This referencing displays the confidence and originality of the writers.e. How well the authors have presented their workThe authors have presented the work very efficiently. The paper is divided into segments, dealing with specific information of that segment. Use of figures and tables is very effective to demonstrate the working of the previously popular network security protocols and their effects and drawbacks, and contrasting them with the newly developed model of network security using cloud and VPG, describing its effects and constraints. Table has been used to contrast the difference between the new and old technology. In short, data presentation is very effective in this paper, keeping the reader engrossed till end and providing specialist knowledge to the readers about the topic, keeping the language simple and easy to understand by a beginner too.Answer 2: The law firm currently has two sites one in Durham (Remote Office) and the other in Sunderland (Main Office). The external IP address for Main is 97.1.2.0/24, and for the remote office is 32.11.41.0/24.Now using IP version 4 private addressing ranges within networks following IP addresses can be described for the organization. Main Office (97.1.2.0/24) For Main Office here we are using a class B Address for networking Class B Address 192.168.1.0 Head Office Requirement No. Of Users Required Range of IP Address Used This network address Broadcast address Lawyers 16 192.168.1.2 - 192.168.1.19 192.168.1.0 192.168.1.20 PAs 16 192.168.2.1 - 192.168.2.19 192.168.2.0 192.168.1.20 Customer Service 2 192.168.3.1 -192.168.3.3 192.168.3.0 192.168.1.4 IP Phones 42 192.168.4.1 -192.168.4.43 192.168.4.0 192.168.1.44 Finance 2 192.168.5.1 -192.168.5.3 192.168.5.0 192.168.1.4 Remote Office (32.11.41.0/24) For Remote Office here we are using a class B Address for networking Class B Address 192.169.1.0 Remote Office Requirement No. Of Users Required Range of IP Address Used This network address Broadcast address Admin 2 192.169.1.1 -192. 169.1.3 192. 169.1.0 192. 169.1.4 Technical Support 2 192. 169.2.1 -192. 169.2.3 192. 169.2.0 192. 169.2.4 IP Phones 42 192. 169.3.1 -192. 169.3.43 192. 169.3.0 192. 169.3.44 Home Based Workers 32 192. 169.4.1 -192. 169.4.35 192. 169.4.0 192. 169.4.36 Following figure gives the required network layout for the organization References 1. De Los Reyes, G., Macwan, S., Chawla, D., Serban, C. (2012). Securing the Mobile Enterprise with Network-Based Security and Cloud Computing. IEEE Xplore, Sarnoff Symposium (SARNOFF).[Online] 35, pp.1-5. Retrieved from https://web2.research.att.com/techdocs/TD_100802.pdf [accessed 1 April 2015].2. Secure, private, and trustworthy:enterprise cloud computing with Force.com(2015),Retrieved from https://www.salesforce.com/assets/pdf/misc/WP_Forcedotcom-Security.pdf3. Figure1: Secure, private, and trustworthy:enterprise cloud computing with Force.com(2015),Retrieved from https://www.salesforce.com/assets/pdf/misc/WP_Forcedotcom-Security.pdf

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.