+91-9519066910
USA: +1(715)227-4880, UK: +44-7896988486, AU:+61-452503850

Assignment

Computing Skills Assignment Help

Matlab Assignment Help

Network Security Assessment

Rating:
Network Security Assessment

1.     Security requirements : e-sales business scenario

(a)   Anomaly trafficanalysis

Main problem noticed across the e-sales business based on the given case study is that, system performance is very low and killing a lot of time to accomplish the purchasing process and thus placing the required orders. From the basic analysis done by Peter, Network Security Manager identified that the entire system is under the attack of intruder or anomalies and thus the traffic over the organization is affected a lot in this context. Now the respective anomaly traffic over the web servers can be identified using the Wireshark and the required evidence can be gathered from various sources and few of them are as listed below

· All the packets can be captured using the Wireshark tools, where the VLAN Access Map is created and further the routers can be configured using the Mini Protocol analyzer. Now the traffic can be captured from a typical SPAN Session and all the affected packets can be stored to one of the local buffers and thus this approach will limit the packet capture and reduce the overall traffic anomalies as well. Required packet format will be captured using libpcap and further analyzed by Wireshark or any other protocol analyzer and the sample router configuration is as shown below

Router(config)# vlan access-map bmf 10 Router(config-access-map)# match ip address lab_10 Router(config-access-map)# action forward capture Router(config-access-map)# exit Router(config)# vlan filter bmfvlan-list 14-16 Router# show ip access-lists lab_10 Extended IP access list lab_10 permit ip 10.0.0.0 0.255.255.255 any

· Ettercap can also be used in this context to identify the anomalies over the traffic and create or simulate the MitM (Man in the Middle) attack. Now all the segments sent via the PC or Server can be monitored with the Wireshark execution and thus the ARP Spoofing attacks can be identified in this context.

· Once the respective anomalies over the traffic are identified by any of the existing tools and techniques using Wireshark and thus the associated risks can be mitigated as well.

(b)   Attacker utility

In general attackers can use wide number of tools, techniques or utilities to attack the network and some of the possible scenarios are as listed below

· Operating system can be hacked and thus all the firewall supported network services will be disabled

· Attackers can also attack the internet connection and a web browser

· Web hackers might have uses some of the tools like Buffer Overflow attacks, SQL Injection attacks, Input Validation attacks and URL interpretation attacks

· URL interpretation attacks will interprets all the communication among web client and web server, where the respective web server will be misconfigured in this context

· Input validation attacks will disable the functionality to check the user inputs and in general will be impose on web server

· Extended SQL statements might have affected with the SQL Query Poisoning

(c)    IP address used by preparator

IP address used by the preparator clearly indicates the attacks like IP Address Spoofing, where the IP packets are addressed with fake source IP address and thus their identity will be hidden across the receiver. Most of the DoS attacks will use the IP address spoofing, where the unwanted responses will be sent to the sender of the fake IP packets and the respective profile of the user clearly indicates that they are the attackers. In general hackers who use the IP spoofing will randomly choose the source IP address and thus always mislead the destination machine in sending the useful information

(d)   Wireshark filter

Wireshark tool can be used to identify the peer-to-peer traffic across the current network, where the Wireshark protocol’s column holds the key information required to view the protocol information of each and every packet. Now in this context, to identify the respective attacks like IP Spoofing and DoS as mentioned in the previous sections, http traffic can be filtered initially and then combining with the single IP address. Combined filtering can be done using the commands like http and ip.addr == [IP address] and thus all the HTTP traffic and IP associated attacked can be identified.

2.     ARP and DNS

Though ARP and DNS poisoning attacks are similar in terms of the nature of affect given on the network, still there are some of the key differences identified in this context and few of them are as discussed below

· ARP Spoofing attack can be considered to be imposed across the network, where it sends the ARP messages. In general these messages are sourced from the non-authoritative DHCP Server and changes the IP/Gateway and if it misses the target, DNS server will be considered as the victim (Ramilli, 2009)

· APR packets will be at layer 2 and will be never routed and DNS packets will be at layer 3 and are considered to be routable in case of attacks

· ARP spoofing is not required to impose the DNS spoofing and also DNS spoof attacks will not consider the ARP spoofing as DNS is executed on the top of UDP and the respective packets can be spoofed in this context. When the complexity of ARP is considered, only the application layer is considered and the IP state or stack is ignore while the attacks are impose over the network (Bruschi, 2011)

·  If ARP spoofing is used by the attacker to perform Man in the middle attack, DNS
 spoofing doesn’t help in this context, as the attacker will have the useful information about all the traffic

DNS cache poisoning attacks can be countered by maintaining both the primary and local DNS Servers against regular auditing and thus the usual security flaws can be reduced in this context. Required extra security for the DNS server can be provided by installing the bind-chroot package. ARP Poisoning MITM attack can be mitigated using the unified sniffing method, where the attacker virtual machine canbe identified.Ettercap attack tool can be used to investigate the ARP tickets across the layer 2 and thus the respective mitigation can be imposed (Nath, 2010). 



 DOWNLOAD SAMPLE ANSWER

Details

  • Number of views:
    325
  • PRICE :
    AU$ 0.00
Security Code  
Urgent Assignment Help

Our Top Experts


Karen Betty

Holding a PhD degree in Finance, Dr. John Adams is experienced in assisting students who are in dire need...

55 - Completed Orders


Daphne Lip

Canada, Toronto I have acquired my degree from Campion College at the University of Regina Occuption/Desi...

52 - Completed Orders


Mr Roberto Tuzii

Even since I was a student in Italy I had a passion for languages, in fact I love teaching Italian, and I...

102 - Completed Orders


Harsh Gupta

To work with an organization where I can optimally utilize my knowledge and skills for meeting challenges...

109 - Completed Orders


ARNAB BANERJEE

JOB OBJECTIVE Seeking entry level assignments in Marketing & Business Development with an organization...

202 - Completed Orders


KARAN BHANDARI

Current work profile Project manager- The Researchers Hub (2nd Jan 2016 to presently working) Researc...

20 - Completed Orders


Tan Kumar Ali

Sales Assistant, Mito Marina Assigned to the Stationery dept – assisted in merchandising, stock taking...

100 - Completed Orders


Wesenu Irko

Personal Profile Dedicated and highly experienced private chauffeur. High energy, hardworking, punctua...

200 - Completed Orders


Lizzy Darley

I'm Lizzy, full time education specialist in English, Essay Writing, Economics and Maths. Having Assi...

109 - Completed Orders


CRYSTAL

HSC PREPARATION I specialise in English coaching programs for HSC students. My personalised and results-...

202 - Completed Orders