Security System for Local Area Network

Modified: 26th Mar 2018
Wordcount: 3683 words

Disclaimer: This is an example of a student written essay. Click here for sample essays written by our professional writers.
Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.ae.

Cite This

  • Raman Sidhu

 

Windows Server 2008 offers a very good Windows consistency and Performance monitor tool. Within minutes, you can have a comprehensive and graphical view of your server. In the past, you had to pull information from a variety of management tools, but no more. In Server Manager, under Diagnostics, select Windows System Resource Manager. You can connect to the local or a remote server. Resource Monitor displays a real-time status update.

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Essay Writing Service

You can configure the monitor with standard performance counters from multiple machines. Or you can navigate a bit further to the Performance tab and kick off a pre-built data collector set. This is a nice way to start and get an introduction to creating your own data sets. After collecting data, Windows Server 2008 R2 will prepare a report with all the pertinent information.

It’s not easier to create valuable performance and utilization reports. Amongst its many functions, Windows Server 2008 lets you define event criteria and schedule when to grab performance data. And don’t think you need to log on to a Windows Server 2008 server. You can install the Remote Server Administration Tools for Windows 7 and manage all Windows 2003, 2008 and Windows Server 2008 servers from the comfort of your own desk.

Local Area Network (LAN) refers to the local area coverage of a computer network. In general, communication data packets which can be transmitted between any two network nodes based on broadcast transmission have been widely used in local area network at present. Not only can they be received by a network card in those two network nodes, but they can also be received by a network card in any other network node on the same Ethernet. Therefore, a hacker can track, unpack all packets and steal critical information in Ethernet when they access any node on the Ethernet. This poses security risks in Ethernet.

In order to ensure local area network security. This thesis analyzes several solutions which are used firewall technology, encryption technology, network segmentation and VLAN technology. The thesis introduces three ways of establishing a preliminary LAN Protection System which are: designing a LAN structure, designing LAN security management structure and configuring a firewall.

Protecting LAN from the external network

In applications of Local Area Network, the intranet of independent external internet applications is widespread. In many enterprises and scientific research institutions, there are many computers which save national secrets, private customer information and important information within the company and these computers cannot connect to the Internet.

The purpose of illegal external monitoring is to enable administrators to understand the status of protected environment, and thus to establish a monitoring process, timely response, and alarm for illegal external access conduct on the internal LAN, to protect the internal network security, to further take effective technical means to provide support and resolve the problem.

Why we are using windows server 2008

Direct Access One particularly exciting feature in Windows Server 2008, especially as more mobile clients move to Windows 7, is Direct Access. In the past, providing secure remote access meant installing, configuring, maintaining and troubleshooting VPN connections. Speaking from personal experience — and I’m sure many of you will agree — this was never a fun task for users or IT pros, especially when something broke. In fact, users often went out of their way to avoid VPNs, thus causing security vulnerabilities and poor productivity.

With DirectAccess, remote users who have an Internet connection but don’t have a VPN can use IPSec and IPv6 to securely connect to the following types of corporate resources:

  • SharePoint sites
  • Intranet sites
  • File shares
  • Line-of-business applications
  • E-mail

If an IPv6 native network isn’t available — which is the case for most public locations, like cafes — Windows 7 will establish an IPv6 over IPv4 tunnel. You can also integrate DirectAccess with Network Access Protection to protect your corporate environment. One great benefit of DirectAccess over solutions like VPNs is that performance is enhanced, and there’s no commingling of intranet and Internet traffic. With DirectAccess, these networks remain separate and distinct. If you have strong security requirements, you can also configure DirectAccess to use smartcards. I like that you can restrict DirectAccess traffic to specific servers and applications. This helps segment and optimize traffic and adds an additional layer of security.

But there’s another benefit to DirectAccess that anyone who manages mobile users will appreciate. Until recently, the only opportunity to properly manage or update mobile users was when they returned to the office and connected to the local network. Nobody likes this situation, and, with growing security and compliance requirements, it’s hardly practical.

Improvements in the Group Policy Management

Windows Server 2008 R2 introduces over 1,000 new Group Policy Objects specific to Windows Server 2008 R2 and Windows 7, along with several new components that expand on the core capabilities of Group Policy management that have been part of Windows 2000/2003 Active Directory. The basic functions of the Group Policy haven’t changed, so the Group Policy Object Editor (gpedit) and the Group Policy Management Console (GPMC) are the same, but with more options and settings available.

As mentioned earlier, the Group Policy Management Console can either be run as a separate MMC tool, or it can be launched off the Features branch of the Server Manager console tree, as shown in Figure 1.7. Group policies in Windows Server 2008 R2 provide more granular management of local machines, specifically having policies that push down to a client that are different for administrator and non-administrator users.

Introducing Performance and Reliability Monitoring Tools

Windows Server 2008 R2 introduces new and revised performance and reliability monitoring tools intended to help network administrators better understand the health and operations of Windows Server 2008 R2 systems. Just like with the Group Policy Management Console, the new Reliability and Performance Monitor shows up as a feature in the Server Manager console

The new tool keeps track of system activity and resource usage and displays key counters and system status on screen. The Reliability Monitor diagnoses potential causes of server instability by noting the last time a server was rebooted, what patches or updates were applied, and chronologically when services have failed on the system so that system faults can potentially be traced back to specific system updates or changes that occurred prior to the problem.

Windows server 2008 vs. windows server 2012

The biggest key point is 2008 has been out for a long time. They have ironed out a lot of bugs and it’s pretty stable. Coupled with the fact that there’s a ton of tutorials and troubleshooting on the web, it really has a huge amount of support available. That being said, 2008 is based on the Windows Vista platform. It’s not quite like 2003 (NT or XP style and functionality) and it’s not quite 2012 (more like Windows 7). 2012 comes with the more current features and has been simplified quite a little bit. I haven’t played much with 2012 yet but from what I’ve seen and done with it its pretty super bad!!! It does require a lot more on the processor and RAM side, you want to have at least 8GB of the RAM for it (at very least). Of course it depends on what you’re doing too, if you want to just have a file server I’d go with Free NAS or just buy a NAS device. If you want to host websites I’d honestly just go with Server 12.04 (it rocks), there’s a learning curve on it but it’s really pretty fantastic! If you’re looking to have a mail server setup (like Exchange) you could run that off of a Windows 7 workstation and stop something free like Rumble Mail. If you’re looking to host games or something like that then you’ve got to nail down a platform first then build around it, not the other way around like most folks try to do. Finally if you’re looking to do something in your home (lots of folks are for some reason) then I’d just find an easy way to do it without wasting a ton of dough on the server OS.

Here is the list of the things that has been lost in translation from 2008 to 2012: 1.Being able to publish both a full remote desktop session and remote apps in the same session collection is not possible. This was possible in 2008 by a single click. 2.In 2008 we used the «Remote Control» (Shadowing) feature extensively to give customer support to our clients, this has been removed in 2012, with no apparent reason given, it’s not even mentioned anywhere, it’s just gone. 3.When using the default standard deployment and adding all the certificates in the Deployment settings, you still get a warning when connecting, since it’s not adding any certificate to the RDSH, it’s using a self signed one. This was done in «Remote Desktop Session Host Configuration» before, but now it’s not possible using the new server manager. Have I missed it? 4.Most of our clients are still using Windows XP. In 2008 we deployed the Remote apps using MSI’s, which in addition to placing remote apps on the desktop, also added file associations. With 2012, MSI deployment is gone, so for Windows XP clients, which doesn’t have Remote app and Desktop Connections feature, they’re stuck using RD Web access, which doesn’t give you desktop icons, and doesn’t give you file associations. 5.A long awaited feature that has been announced all over the web, was the ability to pin remote app programs. This feature never made it to Windows Server 2012 RTM, without any mention as to why. Why?

6. User Profile Disks. While the idea behind this is brilliant, I believe it’s still far from being a mature feature:

Secure data transmission

When it comes to the security, secure data transmission fills out the final third of the security equation, right behind (or before, depending on how you look at it) security of data storage and security of the physical technology and the location of that technology. Assuming that you’ve satisfied the first two-thirds of the security equation, before setting out to secure your data during transmission, first determine the value of that data and then spend accordingly to secure it. Valuable data with little or no security can prove as costly as the invaluable data with too much unnecessary security.

After determining the value of your security, consider the most appropriate options for transmitting data and then explore the various encryption methods necessary for protecting your specific data transmissions. And, finally, I can’t reiterate enough that a technical solution is never the whole solution. Data originates from individuals, not from computers, so implementing strong security policies and procedures is as important as choosing all the physical and technical barriers to your data.

  1. Network Devices
  2. Internet Protocols
  3. Encryption
  4. Digital Signing
  5. Public Key Infrastructure
  6. Remote access
  7. Wireless Encryption

Remote Access

Remote Access is a network service in Windows Server 2012 that combines the Direct Access feature, introduced in Windows Server 2008 , and the Routing and the Remote Access Service (RRAS), into a new unified server role. In Windows Server 2008, Windows Server 2003, and Windows 2000 Server, RRAS provided the following services:

  • Dial-up remote access server
  • Virtual private network (VPN) remote access server
  • Internet Protocol (IP) router for connecting subnets of a private network
  • Network address translator (NAT) for connecting a private network to the Internet
  • Dial-up and VPN site-to-site demand-dial router

Wireless encryption

WEP is the oldest, least secure way to encrypt your Wi-Fi. Few years ago, WEP(wired equivalent privacy) developed to secure the Wi-Fi network. To a WEP-secured network. WEP will only stop the most casual of Wi-Fi users from connecting to your network. Anyone who really wants access to your network can easily gain access if you’re using WEP. There’s no reason to use WEP. If you have an very old router that only supports WEP, you should upgrade it right now.

PKI

The public key infrastructure assumes the use ofpublic key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message. Traditional cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages. This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. Meanwhile, an Internet standard for PKI is being worked on.

Perimeter network security

Perimeter Security is a solution where each endpoint device is responsible for its own security. Perimeter Security Protection allows companies of all the sizes to manage all their network perimeters in the office, for home working or on the road.

  1. Firewalls
  2. N A T
  3. RADIUS
  4. IIS
  5. TMG

Firewall Technology

The firewall is an important security technology. It is mainly consists of software and hardware devices. The firewall establishes a safety shield that is used in the intranet and extranet of a unit and enterprise or private network and public network. The firewall establishes a security gateway between Internets to prevent illegal invasion, destruction and theft of data from outside users. The firewall mainly consists of service access control rules, authentication policy and packet filtering and application gateway. From technical point of view, currently there are 2 more mature architectures of firewall: packet filtering firewall and proxy type firewall (application gateway-based). At present considering comprehensive security and low-cost, the firewall market is mainly dominated by packet filtering firewall products. (Micosoft, 2014)

Internet Information Server

IIS (Internet Information Server) is a group of Internet servers (including a Web or Hypertext Transfer Protocol server and afile transfer protocolserver) with additional capabilities for Microsoft’sWindows NT and windows 2000Server operating systems. IIS is Microsoft’s entry to compete in the Internet server market that is also addressed byapache, Sun Microsystems, O’Reilly, and others. With IIS, Microsoft includes a set of programs for building and administering Web sites, a search engine, and support for writing Web-based applications that accessdatabases.

NAT

The Internet is expanding at an exponential rate. As the amount of information and resources increases, it is becoming a requirement for even the smallest businesses and homes to connect to the Internet. Network Address Translation (NAT) is a method of connecting multiple computers to the Internet (or any other IP network) using one IP address. This allows home users and small businesses to connect their network to the Internet cheaply and efficiently.

Manage operational security

Network Security solutions includethe next generation firewall security and intrusion prevention, advanced behaviour analytics, and sophisticated threat detection engines, all designed to protect your next-generation networks.

  1. Security policies
  2. Auditing
  3. ACL
  4. Physical security

Networking ACLs:

On some types of proprietary computer hardware, an Access Control Listrefers to rules that are applied to port numbers or network daemon names that are available on a host or other layer 3, each with a list of hosts and/or networks permitted to use the service. Both individual servers as well as routers can have network ACLs. Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls. (Quinstreet, 2014)

Auditing

Auditing is exactly what it sounds like — it keeps a record of things that have been modified in Active Directory. In order to track file and folder access on Windows Server 2008 it is necessary to enable file and folder auditing and then identify the files and folders that are to be audited. Once correctly configured, the server security logs will then contain information about attempts to access or otherwise manipulate the designated files and folders. It is important to note that file and folder auditing is only available for NTFS volumes.

Security Policies

The IT Security Policy is the principle document for the network security. Its goal is to outline the rules for ensuring the security of organizational assets. Employees today utilize several tools and applications to conduct the business productively. Policy that is driven from the organization’s culture supports these routines and focuses on the safe enablement of these tools to its employees. The enforcement and auditing procedures for any regulatory compliance an organization is required to meet must be mapped out in the policy as well.

Conclusion

As we dicussed above security is the major issue so we can make our data secure by knowing or being aware of the threats to our data. During transmission of our data we can use encryption. We can use firewalls or NAT for network security and also for managing security operations we can use auditing, security plicies or ACLs.

We are using windows server 2008 because of its benefits it provides secure direct access like installing or configuring, more over it has so many improvements in group policy management and it introduces us performance and reliability monitoring tools.

So from my point of view Windows server 2008 is better than Windows server 2012. Because there are so many things that i had mentioned above were in 2008 but those are not available in 2012.

Bibliography

Micosoft. (2014, May 09). Microsoft. Retrieved May 09, 2014, from Microsoft: www.microsoft.com

Quinstreet. (2014). Quinstreet. Retrieved 05 09, 2014, from Quinstreet: www.webopedia.com

Submitted by Ramandeep Kaur SidhuPage 1

 

Cite This Work

To export a reference to this article please select a referencing style below:

Give Yourself The Academic Edge Today

  • On-time delivery or your money back
  • A fully qualified writer in your subject
  • In-depth proofreading by our Quality Control Team
  • 100% confidentiality, the work is never re-sold or published
  • Standard 7-day amendment period
  • A paper written to the standard ordered
  • A detailed plagiarism report
  • A comprehensive quality report
Discover more about our
Essay Writing Service

Essay Writing
Service

AED558.00

Approximate costs for Undergraduate 2:2

1000 words

7 day delivery

Order An Essay Today

Delivered on-time or your money back

Reviews.io logo

1858 reviews

Get Academic Help Today!

Encrypted with a 256-bit secure payment provider