Security System for Local Area Network

pledge System for local anesthetic Area NetworkRaman SidhuWindows master of ceremonies 2008 offers a very good Windows consistency and Performance monitor tool. indoors minutes, you brush off beat a comprehensive and graphical view of your boniface. In the past, you had to pull information from a variety of management tools, nevertheless no more. In waiter Manager, under Diagnostics, select Windows System Resource Manager. You atomic number 50 wed to the local or a outback(a) master of ceremonies. Resource superintend displays a real-time status update.You wad configure the monitor with bill feat counters from multiple machines. Or you can navigate a sting provided to the Performance tab and kick off a pre-built selective information collector set. This is a nice carriage to start and choke an entering to creating your own information sets. After collecting data, Windows host 2008 R2 provide fix a report with on the whole the pertinent information.Its not e asier to pretend valuable doing and utilization reports. Amongst its m whatsoever functions, Windows innkeeper 2008 lets you define resolution criteria and schedule when to grab performance data. And dont think you need to log on to a Windows Server 2008 innkeeper. You can install the outdoor(a) Server constitution Tools for Windows 7 and manage all Windows 2003, 2008 and Windows Server 2008 servers from the comfort of your own desk.Local Area Network (local ara cyberspace) refers to the local bailiwick c everywhereage of a figurer net income. In general, communication data packets which can be transmitted surrounded by any two earnings nodes based on broadcast transmittal founder been widely used in local area profit at present. Not wholly can they be received by a network card in those two network nodes, solely they can in like manner be received by a network card in any other network node on the same Ethernet. Therefore, a hacker can track, unpack all packets and slew critical information in Ethernet when they devil any node on the Ethernet. This poses credentials risks in Ethernet.In methodicalness to ensure local area network credential. This thesis analyzes several solutions which are used firewall technology, encryption technology, network segmentation and Vlocal area network technology. The thesis introduces three ways of leaveing a preliminary LAN Protection System which are design a LAN structure, designing LAN protective covering management structure and configuring a firewall.Protecting LAN from the impertinent networkIn applications of Local Area Network, the intranet of independent orthogonal internet applications is widespread. In more enterprises and scientific research institutions, there are many computers which save national unavoweds, hugger-mugger customer information and alpha information within the company and these computers cannot connect to the internet.The purpose of illegal external monitoring is to enable decision makers to envision the status of sheltered environment, and thus to establish a monitoring process, timely response, and alarm for illegal external access conduct on the internal LAN, to protect the internal network pledge, to further take effective practiced means to provide support and puzzle out the problem.Why we are use windows server 2008Direct access code cardinal particularly exciting sport in Windows Server 2008, specially as more mobile clients move to Windows 7, is Direct Access. In the past, providing strong conflicting access meant installing, configuring, maintaining and troubleshooting VPN connections. Speaking from personal experience and Im sure many of you will agree this was never a fun task for users or IT pros, especially when something broke. In fact, users often went out of their way to avoid VPNs, thus cause security vulnerabilities and poor productivity.With DirectAccess, remote users who have an Internet connection but do nt have a VPN can use IPSec and IPv6 to untouchablely connect to the side by side(p) types of corporate resourcesSharePoint sitesIntranet sitesFile sharesLine-of-business applicationsE-mailIf an IPv6 native network isnt available which is the caseful for most unexclusive locations, similar cafes Windows 7 will establish an IPv6 over IPv4 tunnel. You can also integrate DirectAccess with Network Access Protection to protect your corporate environment. One great benefit of DirectAccess over solutions like VPNs is that performance is enhanced, and theres no commingling of intranet and Internet traffic. With DirectAccess, these networks remain separate and distinct. If you have strong security requirements, you can also configure DirectAccess to use smartcards. I like that you can restrict DirectAccess traffic to specific servers and applications. This helps segment and optimize traffic and adds an additive layer of security.But theres another benefit to DirectAccess that anyone who manages mobile users will appreciate. Until recently, the only opportunity to properly manage or update mobile users was when they returned to the post and connected to the local network. Nobody likes this situation, and, with growing security and compliance requirements, its but practical.Improvements in the aggroup policy instructionWindows Server 2008 R2 introduces over 1,000 novel Group polity Objects specific to Windows Server 2008 R2 and Windows 7, a considerable with several sunrise(prenominal) components that expand on the core capabilities of Group Policy management that have been part of Windows 2000/2003 Active Directory. The basic functions of the Group Policy havent changed, so the Group Policy Object Editor (gpedit) and the Group Policy Management soothe (GPMC) are the same, but with more options and settings available.As abide byed earlier, the Group Policy Management Console can either be run as a separate MMC tool, or it can be launched off the Feature s branch of the Server Manager console tree, as shown in Figure 1.7. Group policies in Windows Server 2008 R2 provide more granular management of local machines, specifically having policies that push down to a client that are different for administrator and non-administrator users.Introducing Performance and Reliability Monitoring ToolsWindows Server 2008 R2 introduces tender and revised performance and dependability monitoring tools intended to help network administrators better understand the health and operations of Windows Server 2008 R2 brasss. Just like with the Group Policy Management Console, the new Reliability and Performance Monitor shows up as a feature in the Server Manager consoleThe new tool keeps track of system activity and resource usage and displays report counters and system status on screen. The Reliability Monitor diagnoses potential causes of server instability by noting the last time a server was rebooted, what patches or updates were applied, and chrono logically when servicings have failed on the system so that system faults can potentially be traced back to specific system updates or changes that occurred prior to the problem.Windows server 2008 vs. windows server 2012The biggest bring up point is 2008 has been out for a long time. They have ironed out a lot of bugs and its more or less stable. Coupled with the fact that theres a ton of tutorials and troubleshooting on the web, it very has a huge amount of support available. That being said, 2008 is based on the Windows horizon platform. Its not kind of like 2003 (NT or XP style and functionality) and its not quite 2012 (more like Windows 7). 2012 comes with the more current features and has been simplified quite a smaller bit. I havent played much with 2012 yet but from what Ive seen and done with it its charming super bad It does require a lot more on the processor and obstruct side, you want to have at least 8GB of the RAM for it (at very least). Of course it depends on what youre doing too, if you want to skilful have a file server Id go with Free NAS or just buy a NAS device. If you want to host websites Id honestly just go with Server 12.04 (it rocks), theres a learning curve on it but its really passably fantastic If youre looking to have a mail server setup (like Exchange) you could run that off of a Windows 7 workstation and stop something free like Rumble Mail. If youre looking to host games or something like that then youve got to make out down a platform first then build nearly it, not the other way around like most tribe try to do. Finally if youre looking to do something in your fellowship (lots of family line are for some reason) then Id just find an easy way to do it without wasting a ton of dough on the server OS.Here is the list of the things that has been lost in translation from 2008 to 2012 1.Being able to douse both a full remote desktop session and remote apps in the same session collection is not possible. This was possible in 2008 by a single click. 2.In 2008 we used the international Control (Shadowing) feature extensively to give customer support to our clients, this has been removed in 2012, with no apparent reason given, its not even mentioned anywhere, its just gone. 3.When using the default standard deployment and adding all the certificates in the Deployment settings, you still get a warning when connecting, since its not adding any certificate to the RDSH, its using a self signed one. This was done in Remote Desktop Session Host Configuration forwards, but now its not possible using the new server manager. Have I missed it? 4.Most of our clients are still using Windows XP. In 2008 we deployed the Remote apps using MSIs, which in addition to placing remote apps on the desktop, also added file associations. With 2012, MSI deployment is gone, so for Windows XP clients, which doesnt have Remote app and Desktop Connections feature, theyre stuck using RD weather vane access, which doesn t give you desktop icons, and doesnt give you file associations. 5.A long awaited feature that has been announced all over the web, was the ability to flagstone remote app programs. This feature never made it to Windows Server 2012 RTM, without any mention as to why. Why?6. User Profile Disks. While the idea nooky this is brilliant, I believe its still far from being a turn featureSecure data transmittingWhen it comes to the security, secure data transmission fills out the final third of the security equation, right behind (or before, depending on how you look at it) security of data storage and security of the fleshly technology and the location of that technology. Assuming that youve satisfied the first two-thirds of the security equation, before setting out to secure your data during transmission, first determine the apprise of that data and then spend accordingly to secure it. Valuable data with little or no security can prove as costly as the invaluable data with too much surplus security.After determining the value of your security, consider the most appropriate options for transmitting data and then explore the various encryption methods required for defend your specific data transmissions. And, finally, I cant reiterate enough that a technical solution is never the whole solution. Data originates from individuals, not from computers, so implementing strong security policies and procedures is as fundamental as choosing all the forcible and technical barriers to your data.Network DevicesInternet protocolsEncryptionDigital Signing familiar Key InfrastructureRemote accessWireless EncryptionRemote AccessRemote Access is a network service in Windows Server 2012 that combines the Direct Access feature, introduced in Windows Server 2008 , and the Routing and the Remote Access Service (RRAS), into a new unified server role. In Windows Server 2008, Windows Server 2003, and Windows 2000 Server, RRAS provided the following servicesDial-up remote access server practical(prenominal) private network (VPN) remote access serverInternet Protocol (IP) router for connecting subnets of a private networkNetwork address translator (NAT) for connecting a private network to the InternetDial-up and VPN site-to-site demand-dial routerWireless encryptionWEP is the oldest,least secure way to encrypt your Wi-Fi. Few years ago, WEP(wired equivalent privacy) developed to secure the Wi-Fi network. To a WEP-secured network. WEP will only stop the most casual of Wi-Fi users from connecting to your network. Anyone who really wants access to your network can easily gain access if youre using WEP. Theres no reason to use WEP. If you have an very old router that only supports WEP, you should upgrade it right now.PKIThe public primordial infrastructure assumes the use ofpublic key cryptanalytics, which is the most common method on the Internet for authenticating a message sender or encrypting a message. traditionalcryptographyhas usually involved the crea tion and sharing of asecret keyfor theencryptionand decryption of messages. This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. Thepublic keyinfrastructure provides for adigital certificatethat can strike an individual or an organization and directory services that can store and, when necessary, obliterate the certificates. Although the components of a PKI are generally understood, a number of different vender approaches and services are emerging. Meanwhile, an Internet standard for PKI is being worked on.Perimeter network securityPerimeter Security is a solution where each terminal device is responsible for its own security. Perimeter Security Protection allows companies of all the sizes to manage all their network perimeters in the office, for home working or on the road.FirewallsN A TRADIUSIISTMGFirewall TechnologyThe firewall is an classical security technology. It is mainly consists of software and hardware devices. The firewall establishes a safety bulwark that is used in the intranet and extranet of a unit and enterprise or private network and public network. The firewall establishes a security gateway between Internets to nix illegal invasion, destruction and theft of data from outside users. The firewall mainly consists of service access control rules, authentication policy and packet filtering and application gateway. From technical point of view, currently there are 2 more maturate architectures of firewall packet filtering firewall and proxy type firewall (application gateway-based). At present considering comprehensive security and low-cost, the firewall market is mainly dominated by packet filtering firewall products. (Micosoft, 2014)Internet culture ServerIIS (Internet Information Server) is a group of Internet servers (including a electronic network or Hypertext Transfer Protocol server and afile transfer protocolserver) with additional capabilities for MicrosoftsWindows NT and windows 2000Server operating(a) systems. IIS is Microsofts entry to compete in the Internet server market that is also addressed byapache, Sun Microsystems, OReilly, and others. With IIS, Microsoft includes a set of programs for building and administering Web sites, a search engine, and support for writing Web-based applications that accessdatabases.NATThe Internet is expanding at an exponential rate. As the amount ofinformationand resources increases, it is becoming a requirement for even the smallest businesses and homes to connect to the Internet. Network Address Translation (NAT) is a method of connecting multiple computers to the Internet (or any other IP network) using one IP address. This allows home users and small businesses to connect their network to the Internet cheaply and efficiently.Manage operating(a) secu rityNetwork Security solutions includethe next generation firewall security and invasion prevention, advanced behaviour analytics, and sophisticated threat detection engines, all knowing to protect your next-generation networks.Security policiesAuditingACLPhysical securityNetworking ACLsOn some types of copyrighted computer hardware, anAccessControl Listrefers to rules that are applied toport numbers gameor networkdaemonnames that are available on ahostor otherlayer 3, each with a list of hosts and/or networks permitted to use the service. Both individualserversas sanitary asrouterscan have network ACLs.Accesscontrol lists can generally be configured to control both inbound and outward traffic, and in this context they are similar tofirewalls. (Quinstreet, 2014)AuditingAuditing is exactly what it sounds like it keeps a record of things that have been modified in Active Directory. In order to track file and folder access on Windows Server 2008 it is necessary to enable file an d folder auditing and then identify the files and folders that are to be audited. Once correctly configured, the server security logs will then correspond information about attempts to access or otherwise manipulate the designated files and folders. It is important to note that file and folder auditing is only available for NTFS volumes.Security PoliciesTheIT Security Policyis the principle document for the network security. Its goal is to outline the rules for ensuring the security of organizational assets. Employees today utilize several tools and applications to conduct the business productively. Policy that is driven from the organizations culture supports these routines and focuses on the safe enablement of these tools to its employees. The enforcement and auditing procedures for any regulatory compliance an organization is required to meet must be mapped out in the policy as well.ConclusionAs we dicussed higher up security is the major issue so we can make our data secure by knowing or being aware of the threats to our data. During transmission of our data we can use encryption. We can use firewalls or NAT for network security and also for managing security operations we can use auditing, security plicies or ACLs.We are using windows server 2008 because of its benefits it provides secure direct access like installing or configuring, more over it has so many improvements in group policy management and it introduces us performance and reliability monitoring tools.So from my point of view Windows server 2008 is better than Windows server 2012. Because there are so many things that i had mentioned above were in 2008 but those are not available in 2012.BibliographyMicosoft. (2014, whitethorn 09). Microsoft. Retrieved May 09, 2014, from Microsoft www.microsoft.comQuinstreet. (2014). Quinstreet. Retrieved 05 09, 2014, from Quinstreet www.webopedia.comSubmitted by Ramandeep Kaur SidhuPage 1