IS3220 Project Network Survey Chris Wig
IS3220 Project Network Survey
Chris Wiginton, Jose Rosado
ITT Technical Institute, Tampa FL
Instructor: Sherman Moody
10 October, 2014
Besides the basic physical security of a site, the next most important aspect is controlling digital access into and out of the organization’s network. In most cases this means controlling the points of connectivity to the outside world, typically the Internet. Partitioning the boundary between the outside Internet and the internal intranet is a critical security piece. Any services not actually needed should be turned off so that they will not become avenues of attack for security threats. Different systems will have different services running by default. The firewall process can tightly control what is allowed to traverse from one side to the other. As with most aspects of security, deciding what type of firewall to use will depend upon factors such as traffic levels, services needing protection and the complexity of rules required. The difficulty for firewalls is distinguishing between legitimate and illegitimate traffic. Firewalls, if configured correctly, can be a reasonable form of protection from external threats including some denial of service (DOS) attacks. If not configured correctly they can be major security holes in an organization. The most basic protection a firewall provides is the ability to block network traffic to certain destinations. This includes both IP addresses and particular network service ports. Many network devices and computer hosts startup network services by default, each of these services could represent an opportunity for attackers, worms and Trojans. Very often all of these default services are not needed. Doing port lockdown by turning off services reduces this exposure. A port scan of Corporation Tech’s network provided the results listed in the table below.
PORT
PROTOCOL
STATE
SERVICE
25
TCP
CLOSED
SMTP
80
TCP
OPEN
TCP Wrapped
139
TCP
OPEN
netbios-ssn
1900
TCP
OPEN
TCP
Chris Wiginton, Jose Rosado
ITT Technical Institute, Tampa FL
Instructor: Sherman Moody
10 October, 2014
Besides the basic physical security of a site, the next most important aspect is controlling digital access into and out of the organization’s network. In most cases this means controlling the points of connectivity to the outside world, typically the Internet. Partitioning the boundary between the outside Internet and the internal intranet is a critical security piece. Any services not actually needed should be turned off so that they will not become avenues of attack for security threats. Different systems will have different services running by default. The firewall process can tightly control what is allowed to traverse from one side to the other. As with most aspects of security, deciding what type of firewall to use will depend upon factors such as traffic levels, services needing protection and the complexity of rules required. The difficulty for firewalls is distinguishing between legitimate and illegitimate traffic. Firewalls, if configured correctly, can be a reasonable form of protection from external threats including some denial of service (DOS) attacks. If not configured correctly they can be major security holes in an organization. The most basic protection a firewall provides is the ability to block network traffic to certain destinations. This includes both IP addresses and particular network service ports. Many network devices and computer hosts startup network services by default, each of these services could represent an opportunity for attackers, worms and Trojans. Very often all of these default services are not needed. Doing port lockdown by turning off services reduces this exposure. A port scan of Corporation Tech’s network provided the results listed in the table below.
PORT
PROTOCOL
STATE
SERVICE
25
TCP
CLOSED
SMTP
80
TCP
OPEN
TCP Wrapped
139
TCP
OPEN
netbios-ssn
1900
TCP
OPEN
TCP
References: Gibson, S. (n.d.). GRC | Port Authority, for Internet Port 139 . Retrieved October 10, 2014, from https://www.grc.com/port_139.htm Gibson, S Gibson, S. (n.d.). GRC | Port Authority, for Internet Port 80 . Retrieved October 10, 2014, from https://www.grc.com/port_80.htm Gibson, S Network Printer Ports. (2003, March 28). Retrieved October 10, 2014, from http://technet.microsoft.com/en-us/library/cc728404(v=ws.10).aspx networking - Is port 139 still vulnerable? - Server Fault Port 5357 TCP on Windows 7 professional 64 bit? - Super User. (2009, October 18). Retrieved October 10, 2014, from http://superuser.com/questions/56781/port-5357-tcp-on-windows-7-professional-64-bit Port 62078 (tcp/udp) :: SpeedGuide.net Port 6839 (tcp/udp) - Online TCP UDP port finder - adminsub.net. (2014, August 26). Retrieved October 10, 2014, from http://www.adminsubnet.net/tcp-udp-port-finder/6839 Port 7435 (tcp/udp) - Online TCP UDP port finder - adminsub.net Port 9110 (tcp/udp) :: SpeedGuide.net. (n.d.). Retrieved October 10, 2014, from http://www.speedguide.net/port.php?port=9110 TCP 9500 - Port Protocol Information and Warning! (n.d.) Vaughan-Nichols, S. (2013, January 30). How to fix the UPnP security holes | ZDNet. Retrieved from http://www.zdnet.com/how-to-fix-the-upnp-security-holes-7000010584/ Wilson, C