18
Network Security Assessment 1

NetworkSecurityAnswers_3rdCopy

  • Upload
    st57143

  • View
    215

  • Download
    1

Embed Size (px)

DESCRIPTION

Network security Q&A

Citation preview

Network Security Assessment

Table of Contents1.E-sales network analysis3(a)Anomaly actions3(b)Attacker utility based tools and techniques4(c)Role of preparator against IP address evaluation4(d)Wireshark filtering tools and techniques42.Network diagram and Firewall rules for Reliable Power Suppliers (RPS)5(a)Network diagram proposed for RPS5(b)Internet-Firewall rules and policies53.Comparison of ARP and DNS attacks84.SOP and CORS Policies over CQU Domain web server9(a)SOP policy9(b)CQU Server level permissions against SOP policy9(c)CORS Policy10(d)Origin and Access-Control-Allow-Origin policies105.Safe Bank network and attacks analysis11(a)Various attacks across Safe bank11(b)Attack prone network diagram of Safe Bank11(c)Attack prevention techniques12References13

1. E-sales network analysis

(a) Anomaly actions

In general business network is prone to number of attacks and when the case with the e-business and sales is considered, it is noticed that overall performance of making the operations have become very low and users cant finish the transactions quickly. This type of situation is mainly noticed over a attacked network and from the primary analysis, some of the threats and attacks are recognized and as listed below Session tracking might be disabled by the attacker, as the regular user logins will be monitored and controlled by the attackers by establishing the VLAN map access attributes at this level. Mail and chat configuration files will be corrupted due to the unanimous anomaly traffic over the network and thus the overall performance of the network is degraded in this context. Separating mapping technique will be adopted by using the tools and techniques of Wireshark, where the local sessions and buffers will be cleared prior to applying the respective techniques. All the packets those were considered against Wireshark tools analysis will be separately mapped over the local buffers and thus further analysis is possible at this level. Traffic anomalies will be imposed due to the minimal protocol level like libpcap and the required configurations are done to reduce the volume of the traffic DNS and ARP based networks will mainly prone to the corresponding attacks, where the role of Man in the Middle attacks is also crucial here. Both the Wireshark and Ettercap can be used at this level to record all the anomaly traffic patterns that usually corrupts the application servers and clients as well Once the respective anomalies over the traffic are identified by any of the existing tools and techniques using Wireshark and thus the associated risks can be mitigated as well. .

(b) Attacker utility based tools and techniques

There are multiple options available to mitigate the attacks over the e-sales network and some of real scenarios are as discussed below When the OS of the server and firewall policies are hacked, they can work properly again, they need to be reconfigured to enable the respective services Both the web browsers of various types and internet connections from various internet service providers are an open place for the attacker to impose various attacks like Interpretation attacks, validation attacks and IP spoofing etc. Web attacks might also include XPath injections, XML injections and SQL injections where the customers and key business information like sales and warehouse will be under the control of attackers. Entire communication over the client and server architecture of the current web servers will be hacked with the URL interpretation attacks, where the entire configuration process adopted will be replaced with unwanted configuration (c) Role of preparator against IP address evaluation

IP address spoofing is the main attacks possible with the role of IP preparator, where the IP address will be used to create multiple similar and false addresses. Now whenever there is some request from any of the sources, it will be treated as a normal client by the preparator and the respective resources will be provided and thus the attacker will hide the actual identity in this context. DoS attacks will integrate the data from the regular IP spoofing attacks to explore further and thus reduce the overall performance of the network and this situation is also noticed over the given case study of e-sales scenario.

(d) Wireshark filtering tools and techniques

All the scenarios associated with Wireshark tool will be helpful in filtering and blocking block of data and other cases like HTTP, SMTP and XMLHTT requests and the columns of the Wireshark tool can be used to impose the required filtering technique. Both the IP spoofing and DoS attacks can be prevented by imposing the filtering technique while considering the http and IP address into the required context.

2. Network diagram and Firewall rules for Reliable Power Suppliers (RPS)

(a) Network diagram proposed for RPSReliable Power Supplier (RPS) and the respective network diagram is as given below

(b) Internet-Firewall rules and policies

RuleProtocolTransport protocolSource IPSource PortDestination IPDestination PortAction

1InwardTCP/IP198.142.15.2>1010165.23.4.156Allow

2OutwardHTTP/TCP165.23.4.165198.142.15.25050Allow

3Inward/OutwardAllAllAllAllAllDeny

4InwardTCP/HTTP198.142.15.265165.23.4.11221Allow

Table 1: Internet rules

Rule NumberExplanation

1Execution of TCP traffic is allowed within the source and destination IP addresses and port ranges accordingly as given in the previous table

2Execution of TCP traffic is allowed within the source and destination IP addresses and port ranges accordingly as given in the previous table

3Either of the inward or outward TCP traffic will be blocked if there is no specific mention regarding source and destination IP addresses and ports respectively

4Execution of TCP traffic is allowed within the source and destination IP addresses and port ranges accordingly as given in the previous table

Table 2: Internet Rules Explanation

RuleProtocolTransport protocolSource IPSource PortDestination IPDestination PortAction

1Stealth ProtocolAllAllAllAllAllDeny

2Web mail and server accessSMTP/HTTP/HTTPS143.32.9.10>30165.23.16.81010Permit

3Remote accessIP / DMZAllAllAllAllPermit

4EmailSMTP143.32.9.10>42165.23.16.8>2020Permit

Table 3: Internet / DMZ rules

Rule

Explanation

1Stealth protocol is not at all allowed over the range of source and destination IP addresses specified over the firewall rules set for both the DMZ and Internet access

2HTTPS/SMTP/HTTP protocol access is permitted here, where the possible range of IP addresses for both the server and destination are given in the previous table

3DMZ and IP are permitted within the range of source and destination IP address and port range against the firewall rules set

4SMTP protocol is allowed over the range of source and destination IP addresses specified over the firewall rules set for both the DMZ and Internet access

3. Comparison of ARP and DNS attacks

Both the DNS and ARP caching and poisoning attacks will act similar on the network in term of imposing the attacks, still there are quire implementation level variations and few of them are as found and listed as below ARP poisoning attacks are targeted over the entire network in form of ARP messages, where the DNS attacks targets only few victims by sending the messages to the DHCP servers, which are marked as unauthorized. Layer 3 holds the DNS packets affected and Layer 2 holds the APR packets affected and they are analyzed at the routing table entries as well (Wang, 2014). DNS spoofing is done without any additional requirement of ARP spoofing, where ARP attacks always need the DNS attacks to be imposed in prior at the UDP level and TCP level attacks are not given ample priority here. DNS attacks have no much role with the case of Main in middle attacks, where ARP packets are considered across the respective MitM attacks (Issac, 2009). By maintaining the local and primary buffers to handle the DNS server request, impact of DNS cache poisoning attacks can be reduced a lot. DNS servers can be patched with additional security mechanism with the configuration of bind-chroot package installer. MitM attacks associated with ARP poisoning attacks can be reduced with the help of tools and techniques like Wireshark and ARP tickets, when they are implicated over the layer 2 attacks with the help of Ettercap techniques (Tripathy, 2011).

4. SOP and CORS Policies over CQU Domain web server

(a) SOP policy

In general SOP policy will ensure that, none of the web pages apart from the websites home page will be loaded. Basically all the requests associated with the java scripting like HTTP request and response object will be considered while imposing these policies, where all the external websites to the CQU DNS will be permanently blocked and the best example is www.wikileaks.org, where it can be loaded over the university servers, as a part of SOP policy

(b) CQU Server level permissions against SOP policy

Your examples (URLs)Retrieval Allow/DenyExplain the reason

http://scholar.google.co.in/PermitCQU DNS server has the SOP policy to allow the Google Scholar as it enables the users to access regular articles and journals

www.gliffy.comPermitCQU DNS server has the SOP policy to allow the Gliffy as it enables the users to access regular software and network modeling diagrams online

www.gmail.comDenyCQU DNS server will not allow the public emails and also its not a part of the SOP policy set across the domain

www.snapdeal.comDenyCQU DNS server will not allow the public shopping portals and also its not a part of the SOP policy set across the domain

(c) CORS Policy

Cross Origin Resource Sharing (CORS) policy allows the users to use the limited and constraints and has some loosely imposed restrictions when compared to SOP policies. Both the http and xmlhttp requests will be forwarded to some of the websites, such the java script will allow the user to gain the required access and the examples are as listed below (d) Origin and Access-Control-Allow-Origin policies

It is assumed that www.gmail.com is a part of the SOP policy over CQU DNS server, where with the advent of Origin and Access Control Allow Origin policies, few of the pages like www.gmail.com/CQU can be given the access as Gmail group within the university can be accessed. It is assumed that www.snapdeal is a part of the SOP policy over the CQU DNS server and with the help of CORS policy implementation, web pages like www.snapdeal/engineering will be made accessible as they contains useful tolls, books and products for the engineering students.

5. Safe Bank network and attacks analysis

(a) Various attacks across Safe bank

Useful information of the users like their passwords, login ids and user profiles will be hacked with the level of DNS Spoofing and poisoning attacks implied over the safe bank network Scripting based attacks like validation attacks, user input attacks and interpretation attacks can be implemented over the web browsers and application servers, such that all the data entered by the user across both the clients and servers will be stolen and misinterpreted. ARP flooding and TCP Spoofing attacks will corrupt the normal traffic flow across the network and thus the application behavior will be affected and changed a lot in this context All the external and internal internet requests and response objects will be blocked by attacking the firewall based internet and DMZ rules respectively(b) Attack prone network diagram of Safe Bank

Attack prone network diagram of Safe bank is as shown below

(c) Attack prevention techniques

Once the attacks on the Safe bank network are identified, they are mitigated using the below techniques Proper session and login management using the tools will improve the authentication patterns of the verified users and thus the hackers might not fetch the desired information DMZ/Internet rules like allow and deny can be imposed over the firewall configurations such that only authorized users, traffic and protocols will access the network of Safe bank One more firewall with extra configuration and rules can be defined and deployed to block the unwanted anomaly and intruder traffic over the networkStill there could be chances of some potential limitations and they are as listed below Database attacks might be imposed on the network and in general they will corrupt the data over SQL and XMLL files in the form of SQL Injection and XML injection attacks respectively Few of the web services, WSDL files and SAOP messages might be attacked as a part of the potential XML and XPath injection attacks ARP, DoS, MitM and DNS spoofing attacks might corrupt the few of the key banking services which were executed from the remote or VPN servers

References

Issac, B. (2009). Secure ARP and Secure DHCP Protocols to Mitigate Security Attacks.Cryptography and Security,8(1), 102-114. Tripathy, R. (2011). An Efficient Solution to the ARP Cache Poisoning Problem.Information Security and Privacy,35(7), 16-23 Wang, Z. (2014). Monitoring ARP Attack Using Responding Time and State ARP Cache.The Sixth International Symposium on Neural Networks (ISNN 2009) Advances in Intelligent and Soft Computing,56(3), 116-123.

13


Iron Mills Essay

Iron Mills Essay

Documents
Introduction to Six Sigma

Introduction to Six Sigma

Documents
Heidegger Kritik

Heidegger Kritik

Documents
Bhagavad Gita

Bhagavad Gita

Documents
Barclays1

Barclays1

Documents
Effective Parenting: Establishing Boundaries

Effective Parenting: Establishing Boundaries

Documents
Star Wars Trivia!

Star Wars Trivia!

Documents
1 시스템분석입문

1 시스템분석입문

Documents
Physical Modelling Synthesis Overview

Physical Modelling Synthesis Overview

Documents
Acetone Peroxide

Acetone Peroxide

Documents
Explore The Levels of Creation

Explore The Levels of Creation

Documents
Oedipus The King: The Ideal Tragic Play

Oedipus The King: The Ideal Tragic Play

Documents
Algorithms

Algorithms

Documents
Who Killed God

Who Killed God

Documents
Star Wars Prequel Trilogy Trivia (Episodes I-III)

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Documents
Chapter 24

Chapter 24

Documents
Simple Functions in Haskell

Simple Functions in Haskell

Documents
Aesops Fables

Aesops Fables

Documents
Life Is Just A Dream - Or Is It?

Life Is Just A Dream - Or Is It?

Documents
Plato - Symposium

Plato - Symposium

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
Minne hävisivät soneran rahat

Minne hävisivät soneran rahat

Documents
Cakes Recipes

Cakes Recipes

Documents
Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

Documents
Venture Capital

Venture Capital

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
The Dutch Republic In International Trade

The Dutch Republic In International Trade

Documents
United States Constitution

United States Constitution

Documents
Fortran

Fortran

Documents
xCDC14a

xCDC14a

Documents