1

Building a Secure Network

Praveena Alukuru

The University of Cumberlands

BUILDING A SECURE NETWORK 2

Document Summary
This document is very important especially when it comes to the scope and the approach.

Therefore it is required make sure that the security at the Tech management is in better place.

Additionally, this document is responsible for all the people that are working within the

organization as well. Therefore, all the guidelines n that are used in tis document provide the

responsibilities for all the workers in the Tech management. Additionally, the testing and the

certification of this system is the full responsible of the technology associates.

Standard compliance-the system needs to show and provide the corporate security standards and

compiles with relevant corporate industry security unless it is specified.

Purpose-as per the requirements, the reason for this application is to provide an effective security

plan that will prevent unauthorized access. This means that there is need to have a secured server

that will be accessed.

System boundaries-in this case, it is important to note the hosts, the protocols associated with the

hosts and the services that are based on the findings from the various resources. This includes

Netwitness Investigator, Nessus, WireShark, Network Documentation and Nmap/Zenmap.

The Scope Limitations- this system is used to address the inside building at the reputable

Corporation Techs Management which will also be classified by the workers.

SECURITY PLAN

Overview

All the security pans are prepared by the technology associates as the basic system

security document and is proposed by the system. Additionally, this system should be able to

meet the company security program requirements. Furthermore, the security pan is used together
BUILDING A SECURE NETWORK 3

with the certification and accreditation process and serves for the Lifetime for the system as well.

This security plan is determined to contain very important and key information. Therefore, the

plan should be appropriately protected and marked as well.

System Security Document

The plan provides the operation of the system and the measure that are required to control

access. Additionally, the plan is used to protect the system and its information as well, for this to

be effective, there is need to make decisions with the responsible parties. The security needs to

outline the following

 Identify the hosts in the Corporation Tech system

 Note all the protocols in the Corporation Techs

 Develop the listing hots provided

Security Personnel

Here, the name location as well as the contact information should include all the major

people. This includes the system owner, the Architect, Maintenance Facilitator and the

emergency contact numbers as well.

Personnel Security

The range of security clearance levels and the set of the formal access approvals shouldbe

detailed so that the users can be addressed.

Physical Protection

When it comes to the documentation, it needs to be unique for the system. Additionally, it

should be enforced to be treated as a very vital and sensitive information.

BUILDING A SECURE NETWORK 4

1. Identified hosts at The Corporation Techs

HOSTS
172.30.0.86
172.30.0.99
172.30.0.87
172.30.0.93
172.30.0.86
172.30.0.112
172.30.0.116
172.30.0.119
172.30.0.88
172.30.0.10
172.30.0.65
172.30.0.75
172.30.0.77
172.30.0.102
172.30.0.81
172.30.0.89
172.30.0.91
172.30.0.84
172.30.0.100
172.30.0.96
172.30.0.111
172.30.0.115
172.30.0.90
172.30.0.01
172.30.0.56
172.30.0.74
172.30.0.99
172.30.0.76
172.30.0.80
BUILDING A SECURE NETWORK 5

172.30.0.83
2. Identified Protocols
Ftp Protocol for exchanging files over the Internet, which uses Internet’s TCP/IP to
enable data transfer.

Telnet A network protocol used on the Internet or local area network that provides
bidirectional
interactive text-oriented communications facility using a virtual terminal
connection.

Ntp This network protocol is a clean, simple, lightweight, and efficient protocol
allowing clients to query
servers for the current time ( including the date).

Tftp 69; It is a Trivil Transfer Protocol which is used by a number of attacks and
worms to
Download trans or other components of the attack or worn.

ARP A network layer protocol used to convert an IP into a physical address called DLC
address.

TCP A transmission control protocol, which is a set of rules (protocols), used along
with the IP to
Send data in the form of a message units between computers over the Internet.

ICMP Internet Control Message protocol which is a message control and error reporting
protocol
Between a host server and a gateway to the Internet.
BUILDING A SECURE NETWORK 6

BROWSER web browser; used to locate and display Webpages. The two most popular
browsers are Microsoft Internet Explorer andFirefox. Both of these are graphical
browsers, which means that they can display graphics as well as text.

CDP Send CDP announcements to the multicast destination address 01-00-0c-cc-cc-cc,

which is also used in other Cisco protocols such as VTP. By default, CDP
announcements are sent every 60 seconds on interfaces that support Subnetwork
Access Protocol(SNAP) headers, including Ethernet, Frame
Relay and Asynchronous Transfer Mode (ATM)

CLDAP CLDAP is most commonly encountered on Microsoft Active Directory networks

where clients use it to retrieve server information. This particular operation is
described in MS .

DHCP Dynamic Host Configuration Protocol;  An auto configuration protocol used on IP
networks. Computers that are connected to IP networks must be configured before
they can communicate with other computers on the network. DHCP allows a
computer to be configured automatically, eliminating the need for intervention by
a network administrator. It also provides a central database for keeping track of
computers that have been connected to the network. 

DNS Domain Name System (DNS) is a hierarchical naming system for computers,
services, or any resource connected to the Internet or a private network. It
associates various information with domain names assigned to each of the
participants.

DTP Dynamic Trunking Protocol (DTP) is a proprietary networking

protocol developed by Cisco Systems for the purpose of negotiating trunking on a
link between two VLAN-aware switches, and for negotiating the type of
trunking encapsulation to be used. It works on the Layer 2 of the OSI model. 
BUILDING A SECURE NETWORK 7

FTP-Data Information that can be given about a file is its data type, which dictates the
overall representation of the file. Types specified four different data in the FTP
standard:
ASCII: Defines an ASCII text file, with lines marked by some sort of end-of-line
marker as described above. 
EBCDIC: Conceptually the same as the ASCII type, but for files using IBM's
EBCDIC character set. 
Image: The file has no formal internal structure and is sent one byte at a time
without any processing; this is the “black box” mode I mentioned above. 
Local: This data type is used to handle files that may store data in logical bytes
containing a number of bits other than 8.
LLMNR Link Local Multicast Name Resolution (or LLMNR) is a protocol based on the
Domain Name System (DNS) packet format that allows both IPv4 and IPv6 hosts
to perform name resolution for hosts on the same local link. It is included in
Windows Vista, Windows Server 2008 and Windows 7
LOOP a network whose components are serially connected in such a way that the last
component that is connected to the first component.
NBNS A server that stores NetBIOS name-to-IPv4 address mappings and that resolves
NetBIOS names for NetBT-enabled hosts. The WINS Server service is the
Microsoft implementation of an NBNS.
SMB Server Message Block, a message format used by DOS andWindows to share
files, directories and devices. NetBIOS is based on the SMB format, and many
network products use SMB. These SMB-based networks include Lan Manager,
Windows for Workgroups, Windows NT, and Lan Server.
SRVLOC Service Location Protocol provides a scalable framework for the discovery and
selection of network services. Using this protocol, computers using the Internet
need little or no static configuration of network services for network based
applications. This is especially important as computers become more portable,
and users less tolerant or able to fulfill the demands of network system
administration.
BUILDING A SECURE NETWORK 8

SSDP Simple Service Discovery Protocol (SSDP) provides a mechanism where by

network clients, with little or no static configuration, can discover network
services. SSDP accomplishes this by providing for multicast discovery support as
well as server based notification and discovery routing.
STP Spanning Tree Protocol (STP) is a network protocol that ensures a loop-
free topology for anybridged Ethernet local area network. The basic function of
STP is to prevent bridge loops and ensuing broadcast radiation. 
3. List of hots and services provided by each
HOST Services
172.30.0.86 NONE

172.30.0.10 Domain – Microsoft DNS

Kerberos sec - Microsoft Windows Kerberos-sec
Msrpc – Microsoft Windows RPC
Netbios-ssn
Ldap
Microsoft-ds – Microsoft Windows 2003 or 2008 microsoft-ds
Ncacn_http - Microsoft Windows 2003 RPC over HTTP 1.0
Tcpwrapped

172.30.0.65 ftp – Microsoft ftpd

Smtp – Microsoft ESMTP 6.0.2600.2180
http – Microsoft IIS webserver 5.1
Msrpc – Microsoft Windows RPC
Netbios-ssn
Microsoft-ds – Microsoft Windows XP microsoft-ds

172.30.0.77 Msrpc – Microsoft Windows RPC

Netbios-ssn
http – national instruments LabVIEW service locator httpd 1.0.0

172.30.0.89 Msrpc – Microsoft Windows RPC

Netbios-ssn
Vmware-auth – Vmware authentication daemon 1.0 (uses VNC,SOAP)
Microsoft-rdp – Microsoft terminal service
http – national instruments LabVIEW service locator httpd 1.0.0
BUILDING A SECURE NETWORK 9

172.30.0.91 Netbios-ssn
Vmware-auth – Vmware authentication daemon 1.0 (uses VNC,SOAP)
Microsoft-rdp – Microsoft terminal service
http – national instruments LabVIEW service locator httpd 1.2

172.30.0119 ftp – fileZilla ftpd

Msrpc – Microsoft Windows RPC
Netbios-ssn
Microsoft-ds – Microsoft Windows 2003 or 2008 microsoft-ds

172.30.0.74 NONE

172.30.0.76 NONE

172.30.0.88 NONE

172.30.0.90 unknown

172.30.0.80 NONE

172.30.0.99 tcpmux compressnet priv-mail

Unknown echo smtp
Discard daytime rsftp
Qotd chargen dsp
ftp-data ftp time
ssh telnet nameserver
whois tacacs domain
gopher finger http
submission hosts2-ns fwl-secureremote
sco-dtmgr xfer esro-gen
apple-xsrvr-admin mit-nl-dev bgmp
ldapssl ctf http-mgmt
ipp mit-ml-dev odmr
idp doom corba-iiop
kerberos-sec ldap su-mit-tg
imsp kerberos-admin dnsix
timbuktu webster
BUILDING A SECURE NETWORK 10

metragram silverplatter spamassassin

dnsix esro-gen newacct
onmux icad-el
qsc pop3w svrloc
device pop2 https
ccproxy-http pop3
snpp rsync accessbuilder
rpcbind microsoft-ds sun-manageconsole
auth appleqtc kpasswds
nntp locus-map smtps
samba-swat msrpc dvs
ISS-realsecure netbios-ssn
retrospect
ISS-console-mgr imap isakmp
ftps news exec
telnets iso-tp0
login
Imaps snmp pnnter
cmip-man ncp garcon
cadlock bgp
uucp-rlogin windows-ifcw smux
kshell 914c-g ekshell
kdm anet
rtsp NFS-or-IIS rsh-spx
dfs snews LSA-or-
nterm coldfusion-auth landesk-cba iiimsf
http sophos
https_alt pds iua
napster isalplus gnutella
netop-rc bittorrent-tracker acmsoda
mythtv abyss btx
netbackup ajp12 Elite
sometimes-rpc 3-23flexlm0 afs3-fileserver
Vnc-1,2,3 blackice-icecap blackice-alerts
islistener jetdirect isalplus
compaqdiag netinfo
ms-lsa pptp wms
krb524 msql mailbox
serverxec
172.30.0.81 NONE
BUILDING A SECURE NETWORK 11

172.30.0.102 NONE

172.30.0.112 NONE

172.30.0.116 NONE

172.30.0.75 NONE

172.30.0.84 NONE

172.30.0.87 NONE

172.30.0.56 Vmware-auth – Vmware authentication daemon 1.0 (uses VNC,SOAP)

http – VNC server enterprise edition httpd E4.5.4.r41964
vnc – protocol 3

172.30.0.93 NONE

172.30.0.83 NONE

172.30.0.100 NONE

172.30.0.111 NONE

172.30.0.115 NONE

172.30.0.96 NONE

172.30.0.1 ssh – Cisco SSH 1.25 protocol 2.0

http – Cisco adaptive security appliance http config