Exploration of the security management systems of the institute’s network and

how it can be improved

Presented By:C Satish Kumar

Dev AdityaPuneet Chawla

Raghav ChadhaRajat Lakhina

IT Security Architecture

IT Security

Application Security

Client Side

Server Side

Database Security

Network security

Wireless SecurityNetwork is secured using Wi-Fi Protected

Access (WPA)WPA is a security protocol developed by the

Wi-Fi AllianceWPA protocol implements much of the IEEE

802.11i standard.

How WPA works?WPA is secured using Advanced Encryption

Standard (AES) Encryption AlgorithmUses the Temporal Key Integrity

Protocol(TKIP)Includes a message integrity checkPrevents an attacker from capturing, altering

and/or resending data packetsAES with a fixed block size of 128 bits, and

a key size of 128 bits used in our college

AES AlgorithmAdvanced Encryption Standard (AES) is a

specification for the encryption of electronic data

It is a symmetric key algorithmOur college uses 128 bit key, for which AES has 10 rounds of encryptionConsidered to be quite safe even by National Security Agency for U.S. Government non-classified data

IIM Rohtak NetworkIt has dual level of Security

Wifi Security using WPA & AESFirewall based login Security for each user.

IIM Rohtak Network(Contd.)It has the facilities for making configurations

whichcan enable or disable users.Eliminate the communication between devices

Different SSIDs(Service Set Identifier) for different locations

UTMUnified Threat Management (UTM is the evolution of the

traditional firewall into an all-inclusive security product able to perform multiple security functions within one single appliance .

UT

Before UTM

After UTM

AdvantagesReduced complexity:

Single security solution.

Simplicity: Avoidance of multiple software

installation

Easy Management: Plug & Play Architecture,

Web-based GUI

Reduced technical training requirements

Regulatory compliance

Cost effective

Disadvantages

Single point of failure for network traffic

Single point of compromise if the UTM has vulnerabilities

Potential impact on latency and bandwidth when the UTM cannot keep up with

the traffic

Firewall

A firewall can help prevent hackers or malicious software (such as worms) from gaining access to the network.

A firewall can also help stop the local computer from sending malicious software to other computers.

The firewall is integrated with the UTM suite .

Firewall, VPN, and Traffic Shaping

Integrated Antispyware ,antimalware

Easily programmable

Application Control

Dedicated CPU and RAM

Comes with an FortiAnalyzer dashboard and log viewing

Limited Buffer size –cannot block/ quarantine large files

Heuristic filtering may block legitimate content

Not IPv6 certified

May be bypassed with third party tools

Lack of L2TP Support may be a potential problem if VPN is implemented

Windows Active Directory Services (ADS)ADS is a user account directory running on Windows

Server 2008 .It provides authentication and authorization

mechanisms .Integrity is maintained through authorization. File

transfer is done by using SFTP where the users are bound by it while transferring files.

Since all the data is stored on the central server, this by default forms a backup for the data stored. Even, if the independent computer terminal crashes, this prevents the data from being lost.

ASD provides secure, structured, hierarchical data storage for objects in a network such as users, computers, printers, and services .

AD Server-Authentication and Authorization

User Authentication• Interactive logon• Network authentication• Using certificates to

authenticate external users

User Authorization• User rights: Assigned to

groups• Access control permissions:

Attached to objects

Windows Client Security

Client security comprises of OS and software security .Apart from UTM ,client security can be enforced through

various built in and third party applications Compliance can be monitored and enforced by using UAC .Using free applications such as Microsoft Security

Essentials reduces costs and overhead of managing updates and compatibility

Patching can be manually deployed over the network or set to auto mode .

UAC example-Guest User

The guest user account allows a login without a user account to access a database.

User Access has been provided through the active directory services configured on Microsoft Windows 2008 Server.(username- pgp04.***, Password- email password)

Limited privileges in Computer Lab Desktops.Cannot control portable application installation and

monitoring .

Thank You!!!