INFOSECWIZARDS.

COM

Network Security and

Design
An Analysis and Security
Recommendations for A2Z Designs
Levi Welshans

NETWORK SECURITY

Introduction
This report provides detailed reconnaissance and recommendations pertaining to the requests
submitted by A2Z Designs. This report features a security analysis of the network currently utilized by
XYZ Invitation Printing. The analysis will discuss easily accessible information that could be used in
attacking the network, strength of the systems passwords, and provide a recommended architecture
redesign of the XYZ Invitation Printing network. Lastly, this report will discuss techniques that could be
implemented to harden the servers used within the XYZ network as well as recommended security
policies to ensure that the network used by A2Z Designs will continue to stay secure.
Public Information
There are many tools that can be used to find seemingly unimportant information on a company,
but this information is actually used as the first step for attackers to choose who to attack and how they
will go about doing so. The information listed below was acquired using free web tools and the main
company website.
Location
According to Venmo.com they have offices in San Francisco and New York City.
Venmo, Inc
159 W. 25th. St. Fl 9
New York, Ne 10001
URL
https://venmo.com
Staff
Venmo.com lists what appears to be their entire staff on their webpage - https://venmo.com/team/
WELSHANS 2 | P a g e

NETWORK SECURITY

Andrew Kortina Co-Founder and CFO

Iqram Magdon-Ismail Co-Founder and President
Michael Vaughn COO and Mangager
IP Address
54.225.133.162
Mail Server IP
aspmx.I.google.com - 74.125.194.27
aspmx2.googlemail.com 64.233.185.27
aspmx3.googlemail.com 173.194.68.27
Sites Linked
According to alexa.com there are 313 sites linking to venmo.com. This includes sites like yahoo.com,
reddit.com, and stackoverflow.com.
NMAP Scan
An NMAP scan was done on the XYZ Invitation Printing network. NMAP, or Network Mapper,
is a utility that can scan networks and divulge information on the devices connected to the network as
well as provide details about operating systems used, firewalls, packet filtering, and potential security
holes. (Bradley, 2015) An NMAP scan was performed on XYZ network and the results are in Table A.

WELSHANS 3 | P a g e

NETWORK SECURITY

Table A
IP Address

Server Name

Ports Open

State

Vulnerability

192.168.0.1

DomainController

Filtered

Secure

192.168.0.2

InviteDesign

Filtered

Secure

192.168.0.3

Acct

Filtered

Secure

192.168.0.4

Printing

Filtered

Secure

192.168.0.5

Websrv

Filtered

Secure

192.168.0.6

Chat

Closed

Potential Attack

Server XYZChat returned a closed state. This could suggest that server XYZChat does not reside
behind the firewall, and this would seem logical since XYZChat is not shown in the network diagram.
Closed ports are not the issue though. The closed port state signifies that the XYZChat server is not
filtered, and if one of the ports on XYZChat were to be opened this could potentially lead to an accessible
point on the server. It is recommended that all six of the servers used on the XYZ network reside behind
the firewall.
MD5/NTLM
Password strength plays an important role in defense measures. For this purpose an MD5 and
NTLM process was used to decrypt the password hashes obtained from the XYZ servers. Table B shows
the password hash, the decrypted value, process used, and security rating. This is followed by screen
shots for assurance purposes.

Table B

WELSHANS 4 | P a g e

NETWORK SECURITY

Password Hash

Value

Process

Rating

5f4dcc3b5aa765d61d8327deb882cf99

password

MD5

Weak

200ceb26807d6bf99fd6f4f0d1ca54d4

administrator

MD5

Weak

391d878fd5822858f49ddc3e891ad4b9

devry

NTLM

Weak

a2345375a47a92754e2505132aca194b

windows

NTLM

Weak

The passwords shown would not pass standard password strength testing. It is recommended that
the passwords used contain both upper and lowercase letters, and at least one number and one symbol,
and must not be shorter than eight characters. Password policy should be considered for the purpose of
constructing a more secure network.
Network Configuration Analysis
The current network for as pictured in Image 1a features a single router source behind a firewall.
The placement of the servers and workstations is logical, but the current design could be enhanced and
provide more security and better productivity with some simple additions. The redesign of the XYZ
network featured in Image 1b features an external Cisco router with strong firewall and hardware
encryption as well as Virtual Private Network capabilities. It also features a second Cisco router with
firewall capabilities to separate the servers and the IT departments functions. Last, it features the
addition of a Gigabit switch and multiple 24 port switches for the workstations to better direct data flow
as well as increase network performance.

Image 1a

WELSHANS 5 | P a g e

NETWORK SECURITY

Image 1b

WELSHANS 6 | P a g e

NETWORK SECURITY

Web Server Hardening Best Practices for Apache and IIS

Apache Server Hardening
o
o
o
o
o

Disable any unused and unnecessary modules

Disable directory browsing for users
Keep outgoing connections limited and only for used ports
Develop regular analysis and update schedule
Edit the Apache configuration to not disclose Operating System Information for error
occurrences

Windows IIS Hardening

o
o
o
o
o
o
o
o

Disable any and all unnecessary services that are not used
Run ISLockdown and configure URLscan
Services that are running should have the least privileged settings
Do not install or connect a printer
Ensure strong passwords for accounts
Disable and remove unused accounts
Do not allow remote logons to the server
Ensure updates and analysis regularly

Security Policy Recommendations and Template

The purpose of these policy recommendations for network security are to provide a clearly
defined set of guidelines that are required for each user and the devices connected to the network. It is
important to continually monitor and analyze the status of the network at all times. It is the responsibility
of the network user to maintain a complete understanding of the guidelines and to ensure proper usage of
the system. This policy covers the baseline security guidelines, but if the user is unsure of certain
procedures or functions pertaining to the use of the network and its systems then they should seek
assistance from an authorized IT department team member. The focus of the security policy will be
Malware, Spyware, and Viruses. It will define each of these threats, and provide the necessary procedures
to avoid these attacks.
Malware

WELSHANS 7 | P a g e

NETWORK SECURITY

Malware is software that is created with malicious intent. Malware is an umbrella term that
contains various forms of malicious software such as Worms, Adware, Trojan Horses and Hijackers as
well as including Spyware and Viruses. The main purpose of Malware is to disrupt function and to cause
damage. This may mean changing access functions or toolbar settings, slowing down service through pop
ups, and deleting or damaging important directory files which can cause complete disruption.
Spyware
The intent of Spyware is to lay hidden within the users system while collecting sensitive data.
This could be data that is sent or received, user activity along with the users private data, and system
access information.
Viruses
There are many forms of Viruses. Viruses self replicate, and this means it can continue to grow
within the system by spreading itself to other programs and workstations connected to the system.
Viruses are often initiated through the use of a trigger, and this is generally though user interaction by
running specific downloaded programs, opening files, or selecting email attachments. (NIST, 2005)

Security Policy Procedures

User Awareness Policy
Total awareness is an important factor for ensuring a secure system. It is the responsibility of
each individual user to understand how to properly use the system. It is the responsibility of each user to
understand normal system behavior. It is also the responsibility of the user to recognize and report any
WELSHANS 8 | P a g e

NETWORK SECURITY

behavior that seems suspicious or different. Awareness training is fundamental to ensuring proper use and
should be available to users in regular sessions that discuss topics of proper use and signs of malicious
attacks.
Being aware of what is entering the system or being added to the users workstation is vital in
stopping Malware threats. This includes;
o
o
o
o

Never opening or downloading emails and attachments from unknown users or persons
Never changing or deleting security settings for any software used.
Never sending private data such as passwords or access codes in response to requests.
Never clicking pop ups or banners.

Malware Protection Policy

Malware can find its way into the system in many ways. It is important for all users of the system to
understand that these policies are not meant to hinder performance but are rather ensure that required
security measures are met and that the data of both the users and the system are protected.
o

Any external devices that connect to the network must be approved. This includes and external

drive based devices such as mobile phones, hard drives, and flash drives.
Any software or user applications must be given approval before being downloaded. This

includes any add-ons, toolbars, social media, games, or software from unknown sources.
Never block or deny updates for software. Most of the time updates should be pushed out by the
IT department during a schedule based around non business hours, but in the event that an update

happens during business hours do not disrupt the update.

Software audits may be performed on users and any of their company supplied devices to ensure
that the devices or workstations that are connected to the system are properly protected. This is
only meant to log threats, ensure software compliance, and to make sure that only approved
software is on the device.

Antivirus Policy

WELSHANS 9 | P a g e

NETWORK SECURITY

Antivirus policy ensures that all of the devices and user are protected from possible virus attacks. It
is important that Antivirus policy is continually evaluated and made flexible for any changes to the
system and its users.
o
o
o
o

Any device connected to the network will be required to have the specified antivirus software.
The virus definitions catalog will be scheduled to update automatically.
If any device is found to contain a virus it will be immediately removed from the network.
Any infected device will not be connected to the network until it is verified clear of the virus.

Policy Template
For the purpose of future policy creation the following steps are recommended.
o
o
o
o

The policy should explain the purpose of its application.

The policy guidelines should be easily understood and clearly defined.
The policy should be category specific.
If needed the threats involved by not following the procedures should be outlined

Reference

Bradley, T. (2015). Profile: Nmap Scanner. Retrieved February 23, 2015, from
http://netsecurity.about.com/od/securitytoolprofiles/p/aaprnmap.htm

Cobb, M. (2007, June). Windows IIS server hardening checklist. Retrieved February 23, 2015, from
http://searchsecurity.techtarget.com/feature/Windows-IIS-server-hardening-checklist

Gulati, D. (2014, June). 7 Tips to Harden Your Apache Installation on Linux. Retrieved February 23,
2015, from www.iit-inc.com/blog/-7-tips-to-harden-your-apache-installation-on-linux

WELSHANS 10 | P a g e

NETWORK SECURITY

Microsoft Library. (2009, September). Creating a Strong Password Policy: Logon and Authentication.
Retrieved February 23, 2015, from https://technet.microsoft.com/enus/library/cc736605%28v=ws.10%29.aspx

NMap. (n.d.). Port Scanning Basics. Retrieved February 23, 2015, from http://nmap.org/book/man-portscanning-basics.html

WELSHANS 11 | P a g e