User Account

All Pages

Provide the ip address of the host used by the perpetrator

Assignment Help Computer Network Security
Reference no: EM13841032

Network Security

Assignment

Question 1: Firewall Rule Design

You are the system's administrator of Reliable Power Supplies (RPS), a medium sized company that builds UPSs and switched power supplies for the computing industry. Your task is the analysis, design and configuration of a Firewall System that secures the inbound and outbound traffic at RPS. After conducting the needs analysis you have a clear picture of the type of firewall system that best suits RPS.

In the internal network, there is a special host (192.168.1.253/28) running an application that would be disastrous if it was compromised. Therefore for your design, you opt for a dual firewall system that you believe is the best option for this specific case. You also go for a demilitarized zone (Network Address 10.0.0.0/24) containing the e-mail (10.0.0.20/24) and Web services (10.0.0.30/24) of the company.
Apart from providing NAT services and Packet Filtering, the first firewall (part of the dual configuration) acts as a Web and FTP Proxy server. This first firewall is connected to the Internet via 200.27.27.10/25 and to the DMZ via 10.0.0.10/24.

The second firewall is used to filter traffic between the internal network and the DMZ. It is connected via 10.0.0.254/24 to the DMZ and via 192.168.1.254/28 to the internal network.

The internal network address is 192.168.1.240/28.

The security policy requirements used to configure the firewalls are outlined as follows:

RPS Web server contains public information including a product catalogue that is accessible to Internet users and it also provides secure online purchasing functionality using SSL/TLS. The internal users are also allowed to access all RPS WWW services; however they are allowed to access Internet WWW and FTP services only via the proxy located on the first firewall via port 3028.

As mentioned, the internal network has a special host (192.168.1.253/28) which has complete access to any host and any services without using proxy services configured in the first firewall system. The remaining internal hosts must go via proxy on first firewall.

The security policy requirements also dictate the e-mail server to receive from and send messages to hosts on the Internet and the internal users; however these internal users are to retrieve their messages via IMAP.

Any other service which is not explicitly outlined in the security policy should be restricted from RPS network.

Your tasks:

A. Using a software-based drawing tool, provide a network layout (network diagram) showing all the components of RPS network including both firewalls, the email and web servers, the DMZ, and all the internal hosts (Note that you should draw all the internal hosts. The number of internal hosts can be found from the internal network address given above). Ensure you label all hosts (servers, internal computers and firewalls) with appropriate names and write the IP addresses for each network interface.

Question 1- Task A:

Including all components of the network

Labeling all hosts with names and respective IP addresses

B. You are required to develop two sets of rules for the dual firewall. One will process traffic travelling between the Internet to the DMZ and Intranet. The other will process traffic travelling between the Intranet and the DMZ. You need to also explain what each rule does. You should complete the following four (4) tables, adding rows where necessary.

Table 1 Internet Rules (Firewall 1)

Rule Protocol Transport protocol Source IP Source Port Destination IP Destination Port Action

1

2

3

4

5

6

Table 2 Internet Rules Explanations (Firewall 1)

Rule Number Explanation

1

2

3

4

5

6

Table 3 Intranet / DMZ rules (Firewall 2)

Rule Protocol Transport protocol Source IP Source Port Destination IP Destination Port Action

1

2
3

4

5

6

Table 4 Intranet/DMZ Rule Explanations (Firewall 2)

Rule

Explanation

1

2

3

4

5

6

You should aim for the minimum number of rules - this can be achieved in 16 rules or less including the two firewalls.

Question 1- Task B:

Meeting the requirements of the Internet rules

The descriptions of the Internet rules

Meeting the requirements of the Intranet/DMZ rules

The descriptions of the Intranet/DMZ rules

Question 2: PCAP Analysis

Note: for this question, you need to download a PCAP file located in the course Moodle web site.

Peter is the Network Security Manager for a small spare parts business. The organisation uses an e-sales application to provide a front-end for its e-sales business. Customers are complaining that in the last two or three days the system has become very slow, taking them longer than normal to place their orders. This information has been corroborated by staff complaining that they are not happy with the slow response of the system to complete their daily activities. Peter suspects that the system has been the target of criminal hands and before he starts responding to the attack, he decides to investigate a little further the issue. First, he reviews the firewall logs and notices something abnormal in the type of traffic directed to a number of internal hosts including the organisation's web server. Curious about this traffic, Peter uses Wireshark to capture a trace of the traffic. [A section of this trace can be accessed from the course Moodle web site].

Based on the above fictional scenario and the provided PCAP:

(a) Identify the anomaly in the traffic this organisation is going through. What sort of evidence do you have to make this claim?

(b) What sort of utility or tool do you think probably the "attacker" is using to conduct this attack?

(c) Provide the IP address of the host used by the perpetrator. Based on this information, what can you tell about the profile of this individual? Explain why.

(d) What Wireshark filter do you think Peter used to produce the given PCAP? Explain why.

Question 3: Attack and Defence Research

Professional network administrators have to keep themselves current with all possible threat possibilities. One way of doing this is by performing personal research. In this hypothetical case study, you should use the Internet to assist you in developing responses to three questions. Use of the course textbook and supplied resources only is not sufficient to award full marks. You should use your research skills and go beyond these resources.

PHP is a popular scripting language commonly used to implement dynamic web pages. Unlike JavaScript, which is a web client-side scripting language, PHP is a web server-side scripting language. At the web server, PHP scripts are used to dynamically generate the HTML pages that are then sent to the client. At the client end these HTML pages are displayed in the web browser.

James has just completed his first year at university in a Bachelor of Information Technology degree. One of the courses that James studied was Web Programming 101. In that course James learnt the basics of using HTML, CSS and PHP to create dynamic web pages.

As a favour to James' good friend Kirandeep, he designed and implemented a simple dynamic blog site using the skills he had gained in Web Programming 101. After testing the web site on a local secure network, and fixing a number of scripting errors. James delivered the implementation files to Kirandeep, who uploaded them to an ISP web hosting site. Both James and Kirandeep were ecstatic to see people from across the Globe using the web site to share their personal experiences.

Within a few hours of the blog site going live, Kirandeep received an urgent email from the ISP Manager informing her that the blog site had to be closed down because it had been used by unknown hackers to send spam emails to thousands of addresses around the world. The Manager told Kirandeep that she could only reactivate the blog site when the problem had been fixed and it could be guaranteed that it would not happen again.

Kirandeep quickly phoned James and told him of the dilemma. James spent the rest of the day and most of the next night examining his PHP scripts and doing research on the Internet to find out what might have caused the problem. After many hours James tracked the problem down to the simple web page contact form that he had used so that people could send emails to Kirandeep without letting them know what Kirandeep's email address was.

Users fill out the form by supplying their email addresses, a brief subject line, followed by the message to be sent to Kirandeep. When the submit button is clicked, the contents of the form fields are sent to the web server, where a PHP script receives the field information and uses it to initiate an email to Kirandeep. Kirandeep's email address is stored in the PHP script, so the form user never gets to see it. That way Kirandeep's email address is kept secret. Unknown to James, the use of simple contact forms is a well-known vulnerability that threat agents can exploit. He also discovered that it is not only PHP scripts that are vulnerable to this type of exploitation - all of the several available server-side scripting languages are vulnerable.

You are required to answer the following questions.

Please reference all sources - do not copy directly from sources.

a) Based on the information provided, what type of attack has been performed by the hackers using Kirandeep's blog? You need to fully justify your answer, not just state the type of attack.

b) Describe in detail how the attack may have occurred - you will need to provide sample form field data such as:

Message: Thank you for providing such a useful blog site for me to use. I have learnt a lot from reading the blogs left by other people.
You don't need to provide a detailed explanation of how PHP or other server-side scripting languages work; but you need to provide sufficient information to explain how malicious field data entered by a hacker could trick the web server into generating multiple spam emails.

c) How would James need to change the PHP script to prevent such attacks? You don't need to provide the actual PHP code - just describe what measures James would have to implement to ensure that malicious field data could not be used to generating multiple spam emails.

d) What limitations does this form of attack have?

Hint: Would this attack only have to be performed once to generate thousands of spam emails?

Reference no: EM13841032

Questions Cloud

Critically evaluate the main argument or arguments : In the Book "Looming Tower". 1. Critically evaluate the main argument or arguments in the book. Does Wright ? s basic argument about what Al Qaeda is, who Bin Laden and al - Zawahiri and other characters are and how Al Qaeda dev eloped present a fair..
What was happening in history just before : What was happening in history just before and at the time of the Apollo 13 mission?
Advantage and a disadvantage of external selection : advantage and a disadvantage of external selection
Explain the importance of a dupont analysis : Explain the importance of a Dupont Analysis. Write a conclusion about your organization's financial condition based on your ratio analysis. Use Industry benchmarks provided in Problem 17.4 of Gapenski.
Provide the ip address of the host used by the perpetrator : Provide the IP address of the host used by the perpetrator. Based on this information, what can you tell about the profile of this individual? Explain why.
What privacy and security issues are hindering the adoption : What privacy and security issues are hindering the adoption of EMR systems
The ethical implications of insider trading : Write a 3-5 page essay about the ethical implications of insider trading. Financial statements and information are very important to investors. If some of this information is used or shared before it is released to the public, this could cause substa..
Describe the process an outside auditor uses to analyze : Describe the process an outside auditor uses to analyze an organizations transactions to ensure accuracy.  Describe and discuss a reason for audits failure.  How does internal audit vary from an external audit? Why are internal audits so important/
Understanding of accounting standards and principles : Individual on the engagement team and on the management of YOUCPA - Determine if they are or are not independent.

Reviews

Write a Review

Computer Network Security Questions & Answers

  How their software is in fact not high assurance software

How would you explain to this company how their software is in fact not high assurance" software?

  Assignment on network security policy plan

Research and discuss the items that you would place in such a plan, and justify your reasoning for the items that you have decided to include.

  Examine the information security and other technology

analyze the information security and other technology issues discussed in the article. develop a security strategy that

  Overview on computer forensic

Computer Forensic Overview.Suppose you were recently hired for a new position as the computer forensics specialist at a medium- sized communications company.

  Choose a recent technical article from a referred journal

please choose a recent technical article from a referred journal or conference proceedings on the topic of threats and

  Prevent software upgrade problems

What precautions did the organizations in the case take to prevent software upgrade problems? To what extent do you believe those precautions helped?

  Describe how a hacker might go about cracking

Describe how a hacker might go about cracking a message encrypted with each type of algorithm -  algorithm where the advantages clearly outweigh the disadvantages.

  Security administrator of a major organization

You have just been hired as the security administrator of a major organization that was recently breached by a social engineer

  Combine the two disks into one logical volume

Illustrate your explanation by using the Linux Log- ical Volume Manager to combine the two spare disks available on the Virtual Debian distribution. Combine the two disks into one logical volume. Format the new logical disk and modify the /etc/fst..

  Uniform law for computer information transactions

After more than ten years of proposals, revisions and re-revisions, the National Conference of Commissioners on Uniform State Laws at long last voted to adopt the Uniform Computer Information Transactions Act on July 29.

  Explain in detail the security controls

Explain in detail the security controls (i.e., administrative, preventative, detective, and corrective) that could be implemented to protect from the five (5) selected logical threats. Determine the impact of at least five (5) potential logical thr..

  Malware introductions to the network

Determine the best practices that should be implemented by the security department to help reduce the risks of malware introductions to the network. Propose what users and systems administrators should do when a potential infection has been suspec..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd