User Account

All Pages

Identify the anomaly in the traffic organisation going

Assignment Help Computer Network Security
Reference no: EM13756420

Question 1

Note: for this question, you need to download a PCAP file located in the course Moodle web site.

 

Peter is the Network Security Manager for a small spare parts business. The organisation uses an e-sales application to provide a front-end for its e-sales business. Customers are complaining that in the last two or three days the system has become very slow, taking them longer than normal to place their orders. This information has been corroborated by staffcomplaining that they are not happy with the slow response of the system to complete their daily activities. Peter suspects that the system has been the target of criminal hands and before he starts responding to the attack,he decides to investigate the issue a little further. First, he reviews the firewall logs and notices something abnormal in the type of traffic directed to a number of internal hosts including the organisation's web server. Curious about this traffic, Peter usesWireshark to capture a trace of the traffic. [A section of this trace can be accessed from the course Moodle web site].

 

Based on the above fictional scenario and the provided PCAP:

 

(a) Identify the anomaly in the traffic this organisation is going through. What sort of evidence do you have to make this claim?

 

(b) What sort of utility or tool do you think the "attacker"is using to conduct this attack?

 

(c) Provide the IP address of the host used by the perpetrator (1/2 Mark). Based on thisinformation, what can you tell about the profile of this individual? Explain why

 

(d) What Wireshark filter do you think Peter used to produce the given PCAP? Explain why

 

Question 2

You are the system's administrator of Reliable Power Supplies (RPS), a medium sized company that builds UPSs and switched power supplies for the computing industry. Your task is the analysis, design and configuration of a Firewall System that secures the inbound and outbound traffic at RPS. After conducting the needs analysis you have a clear picture of the type of firewall system that best suits RPS.

 

In the internal network, there is a special host (192.168.1.253/28) running an application that would be disastrous if it was compromised. Therefore for your design, you opt for a dual firewall system that you believe is the best option for this specific case. You also go for a demilitarized zone (Network Address 10.0.0.0/24) containing the e-mail (10.0.0.20/24) and Web services (10.0.0.30/24)of the company.

 

Apart from providing NAT services and Packet Filtering, the first firewall (part of the dual configuration) acts as a Web and FTP Proxy server. This first firewall is connected to the Internet via 200.27.27.10/25 and to the DMZ via 10.0.0.10/24.

 

The second firewall is used to filter traffic between the internal network and the DMZ. It is connected via 10.0.0.254/24 to the DMZ and via 192.168.1.254/28 to the internal network.

 

The internal network address is 192.168.1.240/28. 

 

The security policy requirements used to configure the firewalls are outlined as follows.

 

RPS Web server contains public information including a product catalogue that is accessible to Internet users and it also provides secure online purchasing functionality using SSL/TLS. The internal users are also allowed to access all RPS WWW services; however they are allowed to access Internet WWW and FTP services only via the proxy located on the first firewall via port 3028.

 

As mentioned, the internal network has a special host (192.168.1.253/28) which has complete access to any host and any services without using proxy services configured in the first firewall system.The remaining internal hosts must go via proxy on first firewall.

 

The security policy requirements also dictatethe e-mail server to receive from and send messages to hosts on the Internet and the internal users; however these internal users are to retrieve their messages via IMAP.

 

Any other service which is not explicitly outlined in the security policy should be restricted from RPS network.

 

Your tasks:

 

 

A. Provide a network layout (network diagram) showing all the components of RPS network including both firewalls, the email and web servers, the DMZ, and all the internal hosts (Note that you should draw all the internal hosts. The number of internal hosts can be found from the internal network address given above). Ensure you label all hosts (servers, internal computers and firewalls) with appropriate names and write the IP addresses for each network interface.

 

B. You are required to develop two sets of rules for the dual firewall.  One will process traffic travelling between the Internet to the DMZ and Intranet. The other will process traffic travelling between the Intranet and the DMZ.  You need to also explain what each rule does.You should complete the following four (4) tables, adding rows where necessary.

 

 

Table 1 Internet Rules (Firewall 1)

Rule

Protocol

Transport protocol

Source IP

Source Port

Destination IP

Destination Port

Action

1

 

 

 

 

 

 

 

2

 

 

 

 

 

 

 

3

 

 

 

 

 

 

 

Table 2 Internet Rules Explanations (Firewall 1)

Rule Number

Explanation

1

 

2

 

3

 

Table 3 Intranet / DMZ rules (Firewall 2)

Rule

Protocol

Transport protocol

Source IP

Source Port

Destination IP

Destination Port

Action

1

 

 

 

 

 

 

 

2

 

 

 

 

 

 

 

3

 

 

 

 

 

 

 

Table 4 Intranet/DMZ Rule Explanations (Firewall 2)

Rule

 

Explanation

1

 

2

 

3

 

Question 3

DNS and ARP poisoning attacks are similar; however there are fundamental differences between the two. You are to researchthesespecific differences contrasting the way the attacks are conducted and some of the countermeasures available. Ensure you use at least three in-text academic references to contrast these attacks (include neither your textbook nor Wikipedia in these references. Failure to do so may not give you marks).

Remember that you are not to repeat in your researchwhat DNS and ARP poisoning attacks are. We already know that from our discussions in class. In writing about the differences between the two types of attacks, contrast for example the complexity of the attacks (which one is easy to conduct and why), the impact (consequences) of the attacks, which one is more common and the different mechanisms available to counter the attacks. Write no more than 300 words (about a page including in-text references).

Question 4

The use of client-side scripting languages like JavaScript has been crucial in the development of the semantic web. However, in terms of security, it has also given the opportunity to computer criminals to conduct a wide range of cross-site scripting attacks. Historically, the Same Origin Policy has been one of the many mechanisms introduced to counteract this problem. With this policy in place, scripts are allowed to run on webpages only when they originate from the same source or site. This means that for documents or webpages to be retrievable, they have to belong to the same origin: same scheme or application layer protocol, same host or server and same port of a URL.  Despite of its good intention, the SOP is seen as a nuisance by web developers. The claim is that the SOP is too restrictive and inflexible affecting the introduction of creative and innovate applications.  In order to alleviate this problem, the World Wide Web Consortium  (W3C) introduced the Cross-Origin Resource Sharing (CORS) as a mechanism to relax the SOP policy.

Based on this background information and your personal research, please address the following issues associated with the SOP and CORS policies.

a) Using the CQU domain (www.cqu.edu.au) explain and provide your own illustrative example of how the SOP policy works      

b) Assume that in the CQU server you have an html page (your_homePage.html)

Provide two examples of URLs (web links) found in your_homePage.html for which the retrieval of the documents is allowed. Similarly, provide two examples of URLs (web links) in your_homePage.html for which the retrieval of the documents is denied. Use the following table to provide the URLs and give the reasons for the outcome of the retrieval of the pages.

Your examples (URLs)

Retrieval Allow/Deny

Explain the reason

 

Allow

 

 

Allow

 

 

Deny

 

 

Deny

 

c) In your own words explain the concept behind the CORS policy                                                                                        

d) Using the two examples given above where the retrieval of the pages was denied, explain the interaction on how the access would be enabled using CORS. Make sure that in describing the interaction the Origin and the Access-Control-Allow-Origin are used in the HTTP headers.

Question 5:

In this hypothetical case study, you should use the Internet to assist you in developing responses to three questions.  Use of the text only is not sufficient to attract full marks.

SafeBank recently received a series of reports from customers concerning security breaches in online banking.  Customers reported having money transferred from their accounts, usually after they have found that their password has changed.  A full security audit revealed that the money transfers and changes to user passwords all originated from an Eastern European country on servers within the domain of crazyhackers.com - however - the question remained:  how did the hackers undertake the attack?

Given that legitimate account numbers and passwords were used, it was initially assumed that it could be some form of phishing attack.  However, no evidence of such emails was found.  The only commonality between the victims was that they all used the same ISP.

You are required to answer the following questions.  Please reference all sources  -do not copy directly from sources.

A. Based on the information provided, what type of attack has been performed?  Justify your answer.

Hint:  In order to capture account numbers and passwords, how would a hacker "redirect" users to their servers instead of SafeBank's?

B. Describe in detail how the attack occurred - you may wish to include one or more diagrams.  You will need to make assumptions about host names, domains and IP addresses - document these.  You need not concern yourself with the technical details of the capture and reuse of SafeBank's customer details (eg. Fake web sites/malware) - you are documenting how it was possible from a network perspective.

C. What steps would you advise to prevent such attacks?  What limitations does this form of attack have?

Hint: Would this attack only have to be performed once?

Reference no: EM13756420

Questions Cloud

Application of a taguchi experimental design : John Douglass and Shirley Coleman presented a case study of the application of a Taguchi experimental design at industrial Statistics in Action 2000. The specifications tolerance for static pressure was 2.7 to 3.5 bar and at tomes reject levels appro..
Write a memo on a state (not federal) level business dispute : Write a memo on a state (not federal) level business dispute. Describe as if you were writing a "white paper" for your boss who wants to know how a case like the one you have chosen would be processed throughout the various legal phases in a state co..
How did the maccabee victory affect the government of judah : How did the maccabee victory affect the government OF judah?
Interpretation of the significant ae interaction effect : Two former students of the author at Edinburgh Napier University carried out a designed experiment as part of their course on experimental design taught by Dr. Jeff Dodgson. The factors and levels considered are listed in Table 8.35.
Identify the anomaly in the traffic organisation going : Identify the anomaly in the traffic this organisation is going through. What sort of evidence do you have to make this claim. What sort of utility or tool do you think the "attacker"is using to conduct this attack
What significant causes of the civil war reconstruction plan : What are the three most significant causes, events, and policies that ultimately led to the failure of the Civil War Reconstruction plan?
Expected value and consumer choices : Consumers' choices are prey to subtle discrepancies that arise in cognitive accounting. Learning how and when you are prey to these discrepancies is an important step in improving your decision making.
Profit maximization theory of corporate objectives : Devron and Maxwell, investors in the Grand Corporation, are dissatisfied with their profit maximization theory of corporate objectives. These investors and others who look beyond dividends and profits may consider the triple bottom line, which does n..
Comparing it to brysons strategy change cycle : What are two (2) challenges in implementing an OPM plan? How can this plan be evaluated and information used to improve ongoing implementation of the plan? Comparing it to Bryson's Strategy Change Cycle?

Reviews

Write a Review

Computer Network Security Questions & Answers

  Nap to reduce security risks

You discover that many of your company's customers have been responsible for introducing viruses and malware into the company network via the Internet

  What is the encrypted message entropy

Consider the following plaintext message: FAIN 460 9043 IS A GRADUATE COURSE.

  Where do the spams come from

Do you know what email clients the spammers use to generate their spams?

  Each discussion question should be answered with about 200

each discussion question should be answered with about 200 words. no references should be used. responses should be

  Network threats

confidentiality, integrity and availability, trojan horse, Compress the data, Caesar cipher, rail fence cipher, PGP operation, network perimeter, MSFT, RSA cryptosystem

  Concept of privacy and security

For discussion, noting the extent to which we are connected to the internet, at home, while in class, even in flight, what is your approach to protecting your privacy when online? What measures do you take to safeguard your computer and other devi..

  Cluster architecture for the servers and databases

What type of OS to use along with the file system and why is this architecture is better than others? Will you use the same OS for servers and Desktops? Will your file system of choice provide security?

  Generates alternative message that has hash value

Generates an alternative message that has a hash value that collides with Bob's original hash value. Show a message that Alice may have spoofed, and demonstrate that its hash value collides with Bob's original hash."

  Security infrastructure and protocols

Compare and contrast the trust models for public keys used in PKI and PGP, and assess the statement that a PKI is a "top-down" approach to trust and PGP is a "bottom-up" approach to trust.

  What paperwork will be needed to reach eal7 certification

Essay Question:Secure software certification. Your present company (assignment#2) is at EAL4. You are the new program manager on this effort and your job is to bring your present software secure package to EAL7.

  Discuss the requirements for remote administration

Discuss the requirements for remote administration, resource management, SLA management and billing management of your chosen provider. It may be useful to consider Morad and Dalbhanjan's operational checklists here.

  Recall that a computer virus is malware

Recall that a computer virus is malware that relies on someone or something (other than itself) to propagate from one system to another. Write a computer virus that can be written to other empty text documents by running the batch program.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd