Commonwealth Of Virginia’S Network Architecture Report

This document addresses network set ups tricks for Virginia's companies. The network architecture is part of Virginia's Enterprise-wide Tech Architecture (EWTA). The EWTA addresses the information technology requirements implied by the Commonwealth's business strategies and recommends related procedures, criteria, and best procedures for Virginia's agencies. The network architecture defines a communications infrastructure model for the Commonwealth. It identifies the various technologies required to permit connections among governments and the person and business sector issues. The network architecture addresses the networking requirements designed by the Commonwealth's business strategies. The Department of Technology Planning will that domain team guidelines, best practices, and recommended requirements included in this record will be reviewed and revised constantly to provide up-to-date information that firms can count after as they cover their future connectivity and communications needs. Vulnerability audit is conducted using network vulnerability scanner Netsparker and network architecture is defined and drawn.

Local Area Network

Local Area Network is a private network and generally controlled by Owner. The principle of LAN design should be neutral and LAN must provide the mechanism of QoS addressing. To come back in the 1980's to middle 1990's, state organizations were installing their first area network services. Ethernet (10BaseT, star born to hubs) emerged as the most widely applied solution. Today many businesses are replacing, reconfiguring, or upgrading their LANs to expand existing services, renovate services due to separation, improve throughput, supply or reliability of services, support a new mix of applications. To provide assistance appropriate to these business needs in state and local agencies, this statement will give attention to the most generally utilized LAN solutions and options for increasing them. The network domain team views services not explained here to be in the Obsolescent category. By far most of state and nearby offices are directly supporting blended 10Mbps and 100 Mbps Ethernet administrations (key). System directors are purchasing 10/100 Mbps competent Network Interface Cards (NICs) in new hardware and are supplanting old center points with switches as they gradually change to completely exchanged situations. Most organizations have a blend of old and new gear appended to their LANs. The more seasoned hardware may have 10 Mbps NICs and may not be upgradeable. The change from Fast Ethernet (100 Mbps) execution to Gigabit Ethernet execution isn't a solitary discrete advance, however a continuum. Utilization of exchanged full duplex connections can bring execution of a solitary association with as much as 200 Mbps, contingent upon activity symmetry.

Utilization of Ether Channel (conglomeration of different physical Ethernet joins into a solitary intelligent connection) can bring about throughputs of up to 800 Mbps on server associations and Inter-Switch Links (ISLs). Since most switch backplanes surpass a gigabit (1. 2 to 4 Gbps benefit is normal on low-to mid-run switches), these techniques can regularly be utilized to approach Gigabit Ethernet speeds while utilizing Fast Ethernet segments.

Wide Area Network

For WAN administrations, kingdom agencies are required by way of law month-to-month monthly contracts consulted by way of DIT. The administrations recorded are those administrations through and by using reachable as a month-to-month of the agreement month-to-month COVANET. for the reason that COVANET agreement offers degree prices (same fee paying little mind monthly location) and contracts, it manages nation and neighborhood authorities agencies extensive open door for adaptability and versatility; anyhow, beneficent lead time is required month-to-month impact the start of sure administration (e. g. , a month and a 1/2 monthly a 1/2 yr lead time might be required relying upon the administration, the provider, the geographic area, and office places of work). Conveyance of the community circle is probably the slowest connect in acquiring new extensive advantage. As COVANET is a fairly new contract, services offered are mainly rated as strategic. a few explanation is needed for those services indexed as Transitional or emerging. 56 Kbps frame Relay and 64-128 Kbps integrated services virtual network (ISDN) are listed as Transitional because they may be low-bandwidth solutions and comparatively costly. The crew believes that those offerings will no longer be available in the end. DSL offerings (i. e. , various digital subscriber line offerings including ADSL (asymmetric DSL) and others), however, have recently proven unsure marketplace support. Due to market assist troubles they're placed within the rising class. Cable modem offerings were used in faculty settings and are gaining in popularity in the domestic marketplace, but have now not been used widely for enterprise purposes.

Wireless Network

Wireless network are referred to network which are connected without cables. In this case only Wireless LAN is used. Wireless LAN is used less because of expensive cost and lower bandwidth.

Wireless WAN is a type of service used in connectivity of mobile users. Wireless WAN is not presently available in CONVANET contract. For all WAN offerings, corporations must contact a DIT COVANET consultant to talk enterprise requirements for bandwidth and QoS. WAN offerings will continue to evolve as bandwidth within the LAN environment increases in the direction of gigabit service. in line with Gartner Group, the price of supplying excessive bandwidth WAN and LAN offerings will drop so considerably that “throwing bandwidth on the hassle” will become a design principle. Gartner Group additionally notes that a few WAN premises equipment will migrate to the carrier provider aspect of the equation, leaving WAN managers to manage services.

Vulnerability Audit

The product quality or state of being subjected to the chance of being attacked or damaged, either physically or mentally. Vulnerability is a cyber-security term that refers to a flaw in a system that can let it stay open to attack. Vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in whatever that leaves information security exposed to a risk. Vulnerability audit is the defining, identifying, classifying and prioritizing vulnerabilities in personal mechanics, applications and join infrastructures and providing the factory doing the assessment by all of the mandatory development, acumen and spin of the roulette wheel background to recognize the threats to their environment and degenerate properly. Vulnerability audit has been done for the organization is the result is as follow. There are 37 vulnerability types in this organization’s network in which some are discussed and recommendations are given.

Types:

Cookie not marked as secured: This means cookie can be stolen by attacker who can easily intercept traffic. This cookie will be transmitted from one end to the other a HTTP relationship, appropriately if this cookie is pertinent, a quibbler might cut off it and appropriate a victim's session. If the quibbler can embrace a man-in-the-middle class, he/she can police the rodent to ratiocinate an HTTP urge to skulk the cookie. All cookies should be mark as secure within the application.

Missing X-frame Option header: The X-Frame-Options communications protocol header field indicates a policy that specifies whether or not the browser ought to render the transmitted resource inside a frame or associate frame. Servers will declare this policy within the header of their communications protocol responses to forestall click jacking attacks that ensures that their content isn't embedded into alternative pages or frames. Click jacking is once associate aggressor uses multiple clear or opaque layers to trick a user into clicking on a button or link on a framed page once they were meaning to click on the highest level page. Thus, the aggressor is "hijacking" clicks meant for his or her page and routing them to alternative another page, possibly in hand by another application, domain, or both. This can be fixed by using defensive code within the UI to confirm that the present frame is that the most prime level window.

Version disclosure: Netsparker known a version speech act (ASP. NET) in target internet server's communications protocol response. This data will facilitate associate degree wrongdoer gain a larger understanding of the systems in use and doubtless develop additional attacks targeted at the particular version of ASP. Associate degree wrongdoer would possibly use the disclosed data to reap specific security vulnerabilities for the version known. This may be fastened by applying the changes to internet. config file to stop data outflow by victimization custom error pages and removing X-Asp Net-Version from communications protocol responses.