Advanced Network Security Assignment

Advanced Network Security Assignment

This Advanced Network Security Assignment help is brief review for network protocol analysis and connection establishment. 

Question 1

Protocol Analysis with Wireshark

synchronization table in Advanced Network Security Assignmentacknowledgement table in Advanced Network Security Assignmentconnection establishment in Advanced Network Security Assignmentnext packet in Advanced Network Security Assignmentprotocol Advanced Network Security AssignmentTCP protocol Advanced Network Security Assignment

Question 2:Firewall and Proxy Services Configuration

Given that there is a small company connected to the internet via a Router with firewall and proxy services installed (139.77.5.210). Also,  3 server are  located in a DMZ(138.77.5.0 / 25).

The web server(138.77.5.89 can directly accept requests (HTTP/HTTPS) via Internet or intranet(192.168.1.0/25).

The DNS server(138.77.5.6) accepts request through  Internet. The DNS server directly accepts request through intranet(192.168.1.0/25). However, if the DNS server cannot resolve a domain name requested by the internal network (192.168.1.0/25) then it contacts  DNS server over Internet with the help of name resolution.  On ibehalf iof ithe iusers ion ithe iinternal inetwork i(192.168.1.0/25), ithe iemail iserver i(138.77.5.110) isends iemails ito iand ireceives iemails ifrom ithe iInternet. iThe iusers ion ithe iinternal inetwork i(192.168.1.0/25) iuse iIMAP i(Internet iE-mail iAccess iProtocol) ito iread iand iorganise itheir iemails ion ithe iemail iserver.

Network diagram:network diagram

B.The firewall service is install over router. Accordingly the firewall rule to simulate packet filter and permit only specif traffic. The firewall rule are created as per the give format.

applicaton Advanced Network Security Assignment tranceport Advanced Network Security Assignment

C. Brief explaination of each rule in the rule base that I have created.

The group of firewall rule is created with the object to deny the accesses that are not needed and permit that traffic that is the only one needed. Filter is applied only to those that are required or needed so as t opermit the traffic in wherein we have ver low chance of causing some attack. We have presumed that Application Protocol which can be used maye either TCP or UDP and there are a few transfer protocols used like FTP, HTTP and SMTP.

It is ensured through the firewall rule that no access for request for FTP may be given as it is the most hazardous activity. FTP protocol itself is notvery safe as compared to safe FTP protocol which is quite secure. Then for FTP denial is achievedui by cinfongigr by rules 2 & 5.

HTTP in and out requests should be allowed to access the web server 138.77.5.89. The requests originating from this server and to the server (In and Out ) traffic for default port 80 are allowed. This is taken care by the rules 1 and 4.

SMTP iprotocol iwhich ishould ibe ibasically iconcerned iwith ithe iemail iserver i138.77.5.110 iare iallowed. iThis itakes icare iof iboth iingoing iand ioutgoing iemails ifrom ithe iemail iserver ionly iand itaken icare iby ithe iRules i3 i& i6.

Any iFTP irequests ito idatabase iserver iis iexplicitly idenied i(Rule i2) iand iall iother itraffic iis ialso idenied iexcept iotherwise iexplicitly iallowed iby ithe iRule

D. Complete the table

destination IP Advanced Network Security Assignment

Question 3: Network Attack Research

  1. I researched a recent ransom type attack via the internet. It is a DNS Poisoning attack which is really malicious. It is created so as to send non authentic data that is cached within DNS servers. The data thus cached is actually done apparently to improve the performance but does produce a negative result as the cache provides non authentic data, due to this poisoning attack (Lau, 2011). A type of ransom attack is the ARP Poison Routing which is done to attack the Ethernet. Here the attacker gets to sniff the data packet, has it modified (the packet) and thus, makes an attempt to poison the Ethernet network traffic. The attack is done particularly on that network which uses ARP for the address resolutions. It may also be highlighted here that the DNS poisoning attack happens wherever the DNS is used. As DNS is used to resolve the hostnames, so DNS poison attack would result into resolving to the manipulated server rather than the authentic Name server. (Steinhoff, et al., 2012). Many times the attacker uses internet to hack into the resources and poisons the DNS or launches the ARP poison attack and the addresses are resolved to different servers. Thus, whole network is compromised as the traffic now goes to different hostname and the attacker gets to know all the information about the packets originating from the company’s intranet or LAN.
  2. As a default, there is no security whch is built-in the DNS configurations. Thus, this loophole in the security is exploited by the attacker to hold the whole network at ransom.  This makes the whole network security exposed to attacks and vulnerabilities and this makes it easy for the attacker to target DNS poisoning in the future attacks. This type of attacks have happened many times and one such popular type of attacks are the ARP attacks, often termed as Man-in-the-middle (MiTM) attack. Here the IP is resolved to a different computer IP which is actually the attacker computer IP or even MAC addresses. With this the actual sender or the correct receiver of the IP packet has no information or any idea of this attack that perhaps someone has intercepted the traffic or getting the access to the messages. DNs poisoning attacks merely configure incorrect authoritative zone, and has the names resolved to a false domain or server (Schuba, 2003).
  3. Although the ARP or DNS poisoning (MiTM) attacks are rather easier to launch due to some vulnerabilities as we discussed, but still the administrator prevent such attack. An administrator with the help of proper encryptions, can help to successfully prevent the DNS poisoning attack (Schuba, 2003). ARP attack can also be prevented by the administrator. In fact the network administrator should implement a secured system of authentication key and make sure that just the authentic users knowsthe key for the required decryption and the related information. Another way is to implement the packet filtering which can successfully prevent these types of poisoning attack. We also have few firewall & spoof detecting and diagnosing software which may be utilized by the administrator to prevent this attack. Secure protocol, for instance, HTTPS, Secure Shell or SSH & Transport layer security can also successfully prevent these types of poisoning attack..
  4. Limitations of this form of attack is that it utilizes the vulnerabilities, like one of them as we highlighted was the default configuration, which is exploted by the attaker. If the default configurations are changed or secured and the default software or tools used to encrypt then this attack can be warded off. So these are the limitations of the attack which are bwase on some or other vulnerability in the configuration. Once the vulnerability is ironed out, then these types of attacks cannot take place.

Question 4: The hypothetical case study

 We are given the case study as follows: “An online sales company Cheapies recently received a series of reports from customers concerning security breaches in online ordering.  Customers reported having fraudulent orders being made via their accounts, usually after they have found that their password has changed.  A full security audit revealed that the orders and changes to user passwords all originated from an Eastern European country on servers within the domain of freebies.com – however – the question remained:  how did the hackers accomplish this attack?”

  1. As we had earlier highlighted, this type of attack is known as DNS poisoning attack or commonly also referred to as MiTM attack. All the traffic is being directed to the domain freebies.com as the attacker managed to posion the DNS to resolve to the different ost rather than the authentic host.
  2. As a default, there is no security whch is built-in the DNS configurations. Thus, this loophole in the security is exploited by the attacker to hold the whole network at ransom.  This makes the whole network exposed to attacks and vulnerabilities and this makes it easy for the attacker to target DNS poisoning in the future attacks. As DNS is used to resolve the hostnames, so DNS poison attack would result into resolving to the manipulated server rather than the authentic Name server. (Steinhoff, et al., 2012). In this case the hostname resolved to freebies.com.  Many times the attacker used internet to hack into the resources and poisons the DNS and gets all the messages to the manipulated domain. Thus, whole network is compromised as the traffic now goes to different hostname and the attacker gets to know all the information system about the packets originating from the company’s intranet or LAN. This can be represented by the following diagram:
DNS Advanced Network Security Assignment

DNS server of the company Cheapies has the names resolved to the authentic domain as shown in the normal scenario in the figure. In DNS poisoned attack, the domain gets resolved to Freebie.com and all the network is compromised, resulting in to sever security breaches.

  1. The steps which the Network Administrator can take is as follows:
  2. An administrator with the help of proper encryptions, can help to successfully prevent the DNS poisoning attack (Schuba, 2003). In fact the network administrator should implement a secured system of authentication key and make sure that just the authentic users knows the key for the required decryption and the related information.
  3. Another way is to implement the packet filtering which can successfully prevent these types of poisoning attack.
  • There are few firewall & spoof detecting and diagnosing software which may be utilized by the administrator to prevent this attack.
  1. Secure protocol, for instance, HTTPS, Secure Shell or SSH & Transport layer security can also successfully prevent these types of poisoning attack.

References

Lau, M., 2011. White Paper: Type of Attacks , s.l.: Nasscomm. Schuba, C., 2003. Addressing Weaknesses in the DNS protocol, s.l.: Department of Computer Sciences, Purdue University. Steinhoff, U., Wiesmaier, A. & Araujo, R., 2012. The State of the Art in DNS Spoofing, s.l.: s.n.