What steps would you advise to prevent such attacks

Assignment Help Computer Network Security
Reference no: EM13824933

Question 1: Protocol Analysis with Wireshark

This assignment question requires that you analyse a packet capture dump file and provide comments explaining each packet. This pcap file contains a SMTP transaction between a client and server. Your task is to annotate each packet commenting on the following characteristics.

• Comment on any significant TCP flags and what they mean in the context of the packet capture. Significant flags include SYN, FIN, RST, and URG. You must explain why the flag has been set and what it means for this TCP connection.

• Comment on the direction of each packet (ie. client -> server or server -> client). Be clear to explain in which direction the interaction is occurring.

• Comment on each SMTP command and response between the client and the server. You must explain what each command does. You should also explain the data that is exchanged. This will require that you study the SMTP RFC or other Internet documents relating to SMTP to understand what the commands mean.

You should also comment on the 2 port numbers used in this connection and their significance. For example, is it an ephemeral or reserved port? If it is a reserved port, what protocol does it relate to?

On the following page is an example of the template to use to complete this question. It provides a brief summary of each packet and has been formatted to include an "explanation" field underneath each packet. You are to write your comments in this "explanation" field addressing the packet immediately above, based on your analysis of the packet using Wireshark. Be specific and detailed. Any vague or limited responses will not attract any marks. Note, that the table is only a summary of the information provided in the pcap file. Be sure to comment in relation to information provided in the pcap file using Wireshark, not just the summary table.

For examples of how to complete the table, be sure to have completed all 3 parts of the Packet Capture Exercises. They are available from the Lectures and Tutorials page of the course website. Your solution must of course be in your own words. Do not copy directly from any examples or you will get zero marks

Question 2: Firewall and Proxy Services Configurations

The following diagram shows the topology of the network of a small company. There are three servers located in a DMZ (Demilitarised Zone).

The web server can directly accept requests (HTTP or HTTPS) from the Internet or from the internal network (192.168.1.0/25).

The DNS server can directly accept requests from the Internet. The DNS server can also directly accept requests from the internal network (192.168.1.0/25). However, if the DNS server can not resolve a domain name requested by the internal network (192.168.1.0/25), it will contact the DNS servers on the Internet directly for the name resolution.

On behalf of the users on the internal network (192.168.1.0/25), the email server sends emails to and receives emails from the Internet. The users on the internal network (192.168.1.0/25) use IMAP (Internet E-mail Access Protocol) to read and organise their emails on the email server.

The users on the internal network (192.168.1.0/25) are allowed to access the Internet only for HTTP, HTTPS and FTP services. However, the users of the internal network are never allowed to connect to the Internet directly.

1154_What steps would you advise to prevent such attacks.png

Based on the above network configuration and application scenarios, answer the following three questions.

A. The firewall services are installed on the router. Create the firewall rules to implement the packet filtering and only allow the specified traffic. The firewall rules are to be created in the following format.

Rule No.

Application Protocol

Transport Protocol

Source IP

Source Port

Destination IP

Destination Port

Action

1

 

 

 

 

 

 

 

2

 

 

 

 

 

 

 

:

 

 

 

 

 

 

 

:

 

 

 

 

 

 

 

:

 

 

 

 

 

 

 

B. Briefly explain each rule in the rule base that you have created.

C. The proxy services are also installed on the router to conceal the users of the internal network (192.168.1.0/25) from the Internet. Suppose that users on the internal computers send the following requests to the Internet. The proxy services perform the Port Address Translation (PAT). Complete the following connection table to show how PAT is working for requests from the users on the internal network.

Packet Addressing on internal network

Packet Addressing on external network

Source IP

Source Port

Destination IP

Destination Port

Source IP

Source Port

Destination IP

Destination Port

192.168.1.2

1033

203.206.209.77

80

 

 

 

 

192.168.1.2

1035

210.10.102.196

443

 

 

 

 

192.168.1.5

2301

203.206.209.55

21

 

 

 

 

192.168.1.5

2302

202.2.59.40

443

 

 

 

 

192.168.1.5

4123

72.5.124.55

80

 

 

 

 

192.168.1.8

4128

72.5.124.35

21

 

 

 

 

192.168.1.8

1033

150.101.16.250

80

 

 

 

 

192.168.1.9

1035

150.101.16.250

443

 

 

 

 

Question 3: Network Attack Research

Although the course textbook and other resources discuss several specific network attack vulnerabilities, it is not feasible to cover all of them. New vulnerabilities are being discovered all of the time, and there are hundreds of currently known vulnerabilities. Professional network administrators have to keep themselves current with all possible threat possibilities. One way of doing this is by performing personal research. In this hypothetical case study, you should use the Internet to assist you in developing responses to the three questions. Use of the course textbook and supplied resources only is not sufficient to award full marks. You should use your research skills and go beyond these resources.

PHP is a popular scripting language commonly used to implement dynamic web pages. Unlike JavaScript, which is a web client-side scripting language, PHP is a web server-side scripting language. At the web server, PHP scripts are used to dynamically generate the HTML pages that are then sent to the client. At the client end these HTML pages are displayed in the web browser.

James has just completed his first year at university in a Bachelor of Information Technology degree. One of the courses that James studied was Web Programming 101. In that course James learnt the basics of using HTML, CSS and PHP to create dynamic web pages.

As a favour to James' good friend Kirandeep, he designed and implemented a simple dynamic blog site using the skills he had gained in Web Programming 101. After testing the web site on a local secure network, and fixing a number of scripting errors. James delivered the implementation files to Kirandeep, who uploaded them to an ISP web hosting site. Both James and Kirandeep were ecstatic to see people from across the Globe using the web site to share their personal experiences.

Within a few hours of the blog site going live, Kirandeep received an urgent email from the ISP Manager informing her that the blog site had to be closed down because it had been used by unknown hackers to send spam emails to thousands of addresses around the world. The Manager told Kirandeep that she could only reactivate the blog site when the problem had been fixed and it could be guaranteed that it would not happen again.

Kirandeep quickly phoned James and told him of the dilemma. James spent the rest of the day and most of the next night examining his PHP scripts and doing research on the Internet to find out what might have caused the problem. After many hours James tracked the problem down to the simple web page contact form that he had used so that people could send emails to Kirandeep without letting them know what Kirandeep's email address was.

Users fill out the form by supplying their email addresses, a brief subject line, followed by the message to be sent to Kirandeep. When the submit button is clicked, the contents of the form fields are sent to the web server, where a PHP script receives the field information and uses it to initiate an email to Kirandeep. Kirandeep's email address is stored in the PHP script, so the form user never gets to see it. That way Kirandeep's email address is kept secret. Unknown to James, the use of simple contact forms is a well-known vulnerability that threat agents can exploit. He also discovered that it is not only PHP scripts that are vulnerable to this type of exploitation - all of the several available server-side scripting languages are vulnerable.

You are required to answer the following questions. Please reference all sources - do not copy directly from sources.

a) Based on the information provided, what type of attack has been performed by the hackers using Kirandeep's blog? You need to fully justify your answer, not just state the type of attack.

b) Describe in detail how the attack may have occurred - you will need to provide sample form field data such as:

Your Email Address: M.Patel@hotmail .com

Subject: Thank you

Message: Thank you for providing such a useful blog site for me to use. I have learnt a lot from reading the blogs left by other people.

You don't need to provide a detailed explanation of how PHP or other server-side scripting languages work; but you need to provide sufficient information to explain how malicious field data entered by a hacker could trick the web server into generating multiple spam emails.

c) How would James need to change the PHP script to prevent such attacks? You don't need to provide the actual PHP code - just describe what measures James would have to implement to ensure that malicious field data could not be used to generating multiple spam emails.

d) What limitations does this form of attack have?

Question 4:

In this hypothetical case study, you should use the Internet to assist you in developing responses to three questions. Use of the text only is not sufficient to attract full marks.

SafeBank recently received a series of reports from customers concerning security breaches in online banking. Customers reported having money transferred from their accounts, usually after they have found that their password has changed. A full security audit revealed that the money transfers and changes to user passwords all originated from an Eastern European country on servers within the domain of crazyhackers.com - however - the question remained: how did the hackers undertake the attack?

Given that legitimate account numbers and passwords were used, it was initially assumed that it could be some form of phishing attack. However, no evidence of such emails was found. The only commonality between the victims was that they all used the same ISP.

You are required to answer the following questions. Please reference all sources - do not copy directly from sources.

A. Based on the information provided, what type of attack has been performed? Justify your answer.

Hint: In order to capture account numbers and passwords, how would a hacker "redirect" users to their servers instead of SafeBank's?

B. Describe in detail how the attack occurred - you may wish to include one or more diagrams. You will need to make assumptions about host names, domains and IP addresses - document these. You need not concern yourself with the technical details of the capture and reuse of SafeBank's customer details (eg. Fake web sites/malware) - you are documenting how it was possible from a network perspective.

C. What steps would you advise to prevent such attacks? What limitations does this form of attack have?

Reference no: EM13824933

Questions Cloud

Determine the number of units required for breakeven : A new firm, Sensor International, is preparing a plan based on its new device to be used in a security network. Determine the number of units required for breakeven
What level of sales to reach target profit : To make the project worthwhile, Toy Box, Inc., would require a $5,000 profit per month. What level of sales, in units and in dollars, would be required to reach this target profit. Show all computations completely, in a table inserted into your do..
Management perspective on increase in return on sales : This problem belongs to Accounting and it is about management's perspective on increase in return on sales
Explains about refusal of director employment : Bill is the managing director and a member of Biomed Ltd. The constitution of Biomed Ltd provides, as follows:  "Bill shall be employed as Biomed Ltd's Chief Medical Officer for a period of five years after incorporation at a salary of $150,000 pe..
What steps would you advise to prevent such attacks : What steps would you advise to prevent such attacks? What limitations does this form of attack have - explain why the flag has been set and what it means for TCP connection.
Questions about the performance of the company : New directors must ask questions about the performance of the company and its solvency. Explain with reference to relevant cases and statute.
Compute the cost to be assigned to ending inventory : Given the following information about purchases and sales during the year, compute the cost to be assigned to ending inventory under each of three methods: (a) average-cost, (b) FIFO, and (c) LIFO
Legal situation of a single person company : What is the legal situation of a single person company which has a constitution?
Statement review can the law pierce the corporate veil : It is possible for the corporate veil to be pierced by statute.' Explain.

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd