Essay On IT Security

Essay on IT Security
Denial of service (DoS)– This type of attack occurs when a hacker overloads a server or network device with numerous IMCP (Internet Control
Message Protocol) ping requests, such that it is unable to respond to valid requests. By updating to the latest service pack and applying security
patches, you can minimize the threat of DoS attacks by reducing the vulnerabilities in the TCP/IP network protocol. Although disabling ICMP can
remove valuable troubleshooting tools, it can effectively remove the possibility of DoS attacks. Also, any firewall or security software should be
configured to recognize and block these attempts if possible. Back door– In a back door attack, a hacker exploits a coded "opening" in an application
that allows them... Show more content on Helpwriting.net ...
TCP/IP hijacking– Through the use of IPSec or a similar encryption method, you can eliminate instances of TCP/IP hijacking on your network. This
incident occurs when an unauthorized user has knowledge of a legitimate IP address on the network, performs a DoS attack to remove the connection,
and the spoofs the known address as their own to establish connection with another authorized user on the network. Man–in–the–middle– The use of
Public Key Infrastructure (PKI), verified by a Certificate Authority, can prevent the instance of Man–in–the–Middle (MITM) attacks. MITM attacks
occur when unauthorized users eavesdrop on communications between authorized users via packet sniffing. This requires an authorized user to present
a unique key that can be authenticated by another authorized user before the connection can occur. Replay– Timestamps or sequence numbers on
packet transmission can eliminate replay attacks. Replay attacks occur when an unauthorized user intercepts transmissions between authorized users,
and forwards the packets to the destination as if he were the original sender. DNS poisoning– This type of attack can be prevented by only updating
DNS server entries by authenticated sources and by maintaining up–to–date DNS software. This attack occurs when an attacker updates an IP address
entry in a DNS server
... Get more on HelpWriting.net ...

Installing Multiple Services On A Single Red Hat...
1. Goal This lab included installing multiple services on a single Red Hat Enterprise Linux 7 Server box, which included DNS, DHCP, openLDAP,
NTP, and rsyslog. I have familiarity with installing and managing DNS, DHCP, and NTP, while just learning about openLDAP and ryslog, which are
a new concept to me. The installation and configuration of openLDAP allowed me to get a basic general look at the operation of openLDAP, without
going too in–depth. I was able to learn how to correctly and efficiently configure both the openLDAP server and client, add users, install schemas,
and modify configuration files. Rsyslog was also a new concept to me which brought be a greater sense of local logging using Red Hat Enterprise
Linux 7. This lab focused on deploying a DNS server, a NTP server, and a DHCP server to handle things such asIP address pools, hostname resolution,
and a systematic time sync to keep all of the nodes on the network on the same page. Rsyslog allows us to remotely access log files from our servers,
allowing us to determine issues from a node without actually being on that node, which is good when dealing with a client computer that is having
issues. OpenLDAP allows us to create a directory in a similar manner as Windows Active Directory, to store information in an easily accessible
lightweight database.
2. Procedural and Informational Documentation All information pertaining to my virtual network can be found at the address http://10.0.15.1/wiki or

Dns, A Domain Name System
2.1.2 DNS SPOOFING: DNS is a Domain Name System. DNS contains all IP addresses and name of the websites in its database in the form of records
called resource records and are placed in the hierarchal manner. DNS spoofing is a similar type of MITMA when compared to ARP cache poisoning.
DNS spoofing is a technique used by hackers to provide false DNS information to the host while accessing a website. When users try to gain access
to a particular website, a request will be first sent out the local DNS server for the IP address of the website which the user wants to access. Once it
receives the request the DNS server does a search in the database to find the particular IP address of the website, once if identifies the ip address of
the website it immediately send a response to the user browser regarding the IP information.
FIGURE 2: DNS Request Query If the requested IP address is not found in the database of the DNS server, it will then forward the request to a
higher level DNS server in the hierarchy. It is due the hierarchical nature of the DNS structure of the internet, DNS server need the ability to
communicate with each other in order to find the ip addresses of the websites requested by the users. It is reasonable to expect the local DNS server
to know the name mapping to the local intranet server. It is termed as Recursion, the request from one local DNS

Mobile Ipv4 And Ipv6 Problems And Implementation
Mobile IPv4 and IPv6 Problems and Implementation Mobile IPv4 and IPv6 are the future of mobile communications wirelessly and can help
greatly in the infrastructure and combination of mobile systems and internet. This usage of IP addresses in mobile would increase the need for
implementation of IPv6 as the new standard to replace IPv4 and increase the number of available addresses. However IP based mobile isn't perfect
and has its own host of problems and those will be discussed as well later as well as possible fixes in short and long term to these problems. The
main need to implement mobile IP is the fact that it can support more users and keep those users closer to the internet, meaning that the internet is
integrated into the system. ... Show more content on Helpwriting.net ...
This can be a problem as more devices connect to and use a network the more data they use and can cause a network to become congested. A
solution to reduce congestion is to use many small wireless receivers within the range of a large tower to spread out the devices upon smaller
more confined networks when within cities and high density areas. And simply using long range low capacity towers when in the country side and
places where fewer devices will be on a network at any given time, this is a combination of macro cells and micro cells to ensure network stability.
At layer 2 comes the need to differentiate between devices on the network and needs a standard to work in place usually used at layer 2 in IP based
communications over the internet is Ethernet II and uses MAC addresses differentiating between devices by using a hexadecimal format. This is done
by burning a unique ID into a network card by a manufacturer, however rather than the normal Wi–Fi a better option for long range communications is
WiMAX. The differences in Wi–Fi and WiMAX is that WiMAX has an effective distance of up to 90km while Wi–Fi only has a range of up to 100m
and data rates on WiMAX is up to 40mbps compared to Wi–Fi with up to 54mbps. Next layer 3 the Network layer is where the Internet Protocol (IP)
will take place and be defined. There are two options to use here IPv4 or IPv6.

Write A Research Paper On DNS Services
IV.DISABLING THE RECURSION ON THE DNS SERVER
The DNS is a hierarchical organized system which offers the essential mapping between human names and their IP addresses so that it can provide
appropriate access to internet. DNS does so by two essential methods; the first one is authoritative DNS which gives original, actual and complete data
to your DNS queries and those data are installed in its configuration system not data that are cached in other servers.
The other method that DNS provide mapping through it, is the recursive method, this type of service is done when the DNS server does not find the
data or the related IP address in its memory so it will ask the authoritative DNS about the data and return it back to the user and store this ... Show more
content on Helpwriting.net ...
Disabling the recursion and restricting the capability to process delegation data can stop the DoS attacks and cache poisoning, there are several
methods which can be done to protect the DNS as explained below. Disabling the recursion in your system is the main method that can be done to
protect the DNS, it means that your name server will be put in the passive mode so that no queries on behalf of other servers will be sent to it that
will save the server and the cache memory since it will process requests which are directed to it only.
The other method is restricting the requests, depending on that it will suggested that sites use distinct name servers for offering authoritative responses
for their zones and offering recursive services to the internal system, this makes recursive be completely disabled on the authoritative zone while in the
same time offering the recursive service for the internal system.
The third method is restricting the recursion, so that in those structures where it is not possible to totally disable the recursion, it is suggested that the
server be limited to offer recursive processes only to a limited set of addresses, when this option is used, requests from other IP addresses out this set
will be processed as non–recursive, nevertheless of

Cyber Attack Source Analysis
Results
At п¬Ѓrst, we will take a look at some statistical numbers we have collected in the past months. We the help of the web interface, we can easily query
the database to get a quick overview of peaks in the data set that we have collected:
Average number of attack sources per day is 184.94
Maximum number of attack sources per day was 2022 and happened at November
15, 2004.
The two number show that there is a high variation in the collected data about the number of unique attack sources per day. To take a closer look at this
phenomenon, we present in Table 1 the number of unique sources for six different platforms. In addition, the ta– ble presents the average number of
sources per day, which shows a high variation across different platforms as well.
Currently it is unclear why we have this high variation in the number of average source per day. One possible explanation for the high number of
average sources for the п¬Ѓrst platform is the following: since this system is deployed within the network with the п¬Ѓrst octet 192, it presumably
receives many packets from broken systems which use Network Address
Translation (NAT). Such a system often use the IP range 192.168.0.0/16 (deп¬Ѓned in RFCWindows Others Unknown
Week 1 7235 18 10
Week 2 6839 26 5
Week 3 6475 38 –
Week 4 7766 89 –
Week 5 6594 24 64
Week 6 3599 5 58
Week 7 4640 11 92
Week 8 6247 20 83
Table 2: Operating system of attack source on weekly basis between January and February 2005
1918). If this system is infected

What Are The Advantages And Disadvantages Of I-Voting System
Anti–phishing I–voting system using Visual Cryptography (VC) aims at providing a facility to cast vote for critical and confidential internal corporate
decisions. The user or the employee is allowed to cast his or her vote from any remote place. The election is held in full confidentiality where the user is
allowed to vote only if he logs into the system by entering the correct password. The password is generated by merging two shares using VC scheme.
Before the election administrator sends share 1 to the voter's e–mail id and share 2 will be available in the voting system for his login during election.
Voter then combines share 1 and share 2 using VC to get the secret password. No information can be revealed by observing any one share. Phishing...
Show more content on Helpwriting.net ...
There are different kinds of applications based on the Internet. One of them is online voting system. The use of new technologies to support voting is
the subject of great debate. Several people advocate the benefits it can bring such as improved speed and accuracy in counting, accessibility, voting
from home and it is also concerned with the risk it poses, such as unequal access, violation to secrecy, anonymity and alteration of the results of an
election.
Phishing attack is identified as a major attack among all online attacks. Phishing is the attempt to obtain sensitive information such as usernames,
passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic
communication. Attacker creates a replica of original website or attacker sends a lot of email to the user asking him to change certain confidential
data as shown in Fig 1. User then fills and submits the sensitive and useful information into the fake website which allows the attacker to pull the
information and save the data for his or her own illegal use. So, by using visual cryptography technique the problems of online voting system such as
security risk and phishing attacks can be prevented. It provides secured authentication for Internet voting

Mim Attack Essay
What series of malicious events led up to the incident?
The following events led up to the reported incident. First, an attacker spoofed his IP address to eavesdrop on the network to find the finance and HR
information systems. Second, the employee hacked into the HR database and increased his salary in the records system. This resulted in the employee
receiving two paychecks with the altered amounts. Third, the employee sniffed the network to intercept and alter emails about the checks between an
auditor and management. Fourth, the employee impersonated a person who has access to financial records to gain more access to other financial
records. Finally, the employee decreased the company President's paycheck while increasing his paycheck by ... Show more content on Helpwriting.net
...
Account hijacking – again, this attack's severity is high because the attacker had access to finance record accounts on the finance information systems.
Email spoofing attack – email spoofing is a medium severity attack because it is an easily mitigated attack; it is mostly a nuisance to most organizations.
MITM attack – the severity of an MITM attack is medium since the attacker used it to intercept messages between the auditor and the finance
department; it can be easily mitigated with network and VLAN segmentation accompanied by access control lists; often times, using a layer two switch
mitigates the issue.
Describe how these additional attacks can be prevented in the future.
Mitigate the attacks by using the following techniques:
Encryption – apply encryption to the network with software and hardware solutions. For instance, software can be used to encrypt the financial records
for anyone unauthorized to see the information, and a hardware solution can be used to build a VPN from any remote

Database Management Systems : Role Of Database
Chapter 5
Topic 1
DATABASE MANAGEMENT SYSTEMS:
ROLE OF DATABASE IN SQL SERVER:
A database management system (DBMS) is a collection of programs that enables you to store, modify, and extract information from a database. There
are many different types of database management systems, ranging from small systems that run on personal computers to huge systems that run on
mainframes
1)It is a suite of programs for constructing and maintaining the database.
2)Offering ad hoc query facilities to multiple users and applications.
3)A query language provides a uniform interface to the database for users and multiplications.
4)Database systems provide efficient access to large volumes of data and are vital to the operation of many organizations.
It also usually enables access controls to be specified over a wider range of commands, such as to select, insert, update, or delete specified items in the
database. Thus, security services and mechanisms are needed that are designed specifically for, and integrated with database systems.
Statements from database management systems generally plays protecting role for the digital assets. In this the operating systems mechanisms
typically control read and write access to entire files So they could be used to allow a user to read or to write any information.
TOPIC 2:

PRIMARY KEY AND FOREIGN KEY:
PRIMARY KEY:
A table typically has a column or combination of columns that contain values that uniquely identify each row in the

S-ARP is a Permanent Solution to ARP Spoofing Attacks
1.How can ARP spoofing attack be controlled permanently? What are the drawbacks of S–ARP protocol, Static MAC Entries, Kernel based patches?
Answer:
1.1.1 Secure ARP Protocol (S–ARP)
This has been proposed as a replacement for the ARP protocol in [10]. The S–ARP protocol is definitely a permanent solution to ARP spoofing but the
biggest drawback is that we will have to make changes to the network stack of all the hosts. This is not very scalable as going for a stack upgrade
across all available operating systems is something both vendors and customers will not be happy about. As S–ARP uses Digital Signature Algorithm
(DSA) we have the additional overhead of cryptographic calculations though the authors of the paper have claimed that this overhead is not significant.
1.1.2 Static MAC Entries Adding static MAC addresses on every host for all other hosts will not allow spoofing but is not a scalable solution at all
and managing all these entries is a full time job by itself. This can fail miserably if mobile hosts such as laptops are periodically introduced into the
network. Also some operating systems are known to overwrite static ARP entries if they receive Gratuitous ARP packets (GARP).
1.1.3 Kernel Based Patches Kernel based patches such as Anticap[11] and Antidote[12] have made an at– tempt to protect from ARP spoofing at a
individual host level. Anticap[11] does not allow updating of the host ARP cache by an ARP reply that carries a differ
– ent MAC address then

Network Security : Attack And Protection
Network Security; Attack and Protection
DeKenth Davidson
ISSC 461, IT Security: Countermeasures
23 November 2014
American Military University
Professor Christopher Weppler
Abstract: Networks have worked their way into the everyday lifestyle of most individuals in the world, businesses especially rely on the networks for
efficiency and globally reach. With the huge demand for network usage it is easy to recognize why these systems are a huge target for hackers and
other ill intenders. Securing these popular networks should be a top concern for anyone or organization that maintains one, additionally anyone using a
network has to be able to traverse the dangerous virtual roadway and be able to identify common concerns that may arise should some suspicious
activity arise.
Keywords: computer, networks, security, network security
Table of Contents
Attention Material
A.Describe the vital nature of Network Security.
1. Individuals and households rely on personal computers for school and work.
2. Computer networks have become the life blood of international business.
B. Malware and malicious intenders are ever present.
1. Recent cyber–attacks on prominent organizations.
BODY
I. Home Computer Networks Attacks
A. Growing number home computer networks.

B. Potential risks.
1. Malware.
2. Inadvertent disclosure of data.
3. Potential for hackers. C. Security controls. 1. Router controls. 2. System Controls. 3. Personal responsibilities. D.

Security Issues With Dynamic Host Configuration Protocol
Abstract– The paper discusses security issues with Dynamic Host Configuration Protocol (DHCP) and four different approaches proposed to secure
DHCP. DHCP assigns network parameters to existing and new clients. A misconfigured client is a big security breach as the traffic from and to such
client can be intercepted. The two main issues with DHCP are rogue server and Media Access Control (MAC) address spoofing. The techniques
discussed in the paper attempt at solving these problems by encrypting the plain text send in DHCP, using digital signatures and key exchange
algorithms to maintain data integrity and security.
1. Introduction–
Internet grew rapidly over the last few decades. This has led to increase in the size of networks and number of network devices. The network
infrastructure today needs improvement and changes daily, so adding new devices to network is very essential. The traditional way of assigning
network configuration to clients with the help of a network administrator is difficult. DHCP has now owned the responsibility to perform this task.
DHCP has its security issues because at the time of its development internet security was not as important as dynamic allocation of the network
parameters were [2]. The major security concern in DHCP is interception of plaintext messages and illegitimate client or server that compromises the
network.
In section 4 of the paper, four different techniques to secure DHCP have been discussed. The first approach makes use of

Malicious Traffic For Network Security Essay
MALICIOUS TRAFFIC FOR NETWORK SECURITY
3.1 Intoduction
Malware depends on its communication network to receive commands, extract information and infect systems.
Due to this reliance on networked resources, traffic analysis becomes a valuable and effective method for detecting malware on host machines.Despite
the frequency of malware traffic, net– work administrators and incident responders may not be aware of what characteristics are common to
malware.By looking at traffic generated while malicious samples are executed the characteristics of the traffic can be recorded and investigated.
Disclosing malicious traffic for network security
3.2 Intoduction To Network Anomaly Detection
Network anomaly detection is a broad area of research. The use of entropy and distributions of traffic features has received a lot of attention in the
research community. While previous work has demonstrated the benefits of using the entropy of different traffic distributions in isolation to detect
generalized anomalies,there has been little effort in unconditionally understanding the detection power provided by entropy–based analysis of multiple
traffic distribution used in affiliation with each other.We have demonstrated the entropy based approach to disclose malicious traffic for network
security.
To calculate entropy features like source and destination IP address, port numbers, packet size, connection time and the total number of packets flowing
are considered. A

P1 : The First Methods In Network Addressing
P1: The first method in network addressing is, Fully Qualified Domain Name which is known as FQDN for short. FQDN is used as the domain name
for a specific host or computer name on the internet. FQDN consists of two main parts, the domain name and the hostname. For example, Belfast Met
is the hostname, but the domain name is belfastmet.ac.uk. IPv4 addressing is the next method, it's is split up into two main parts as well Network I.D
and Host I.D which are split over four octets which are written as four decimal numbers which have 32 bits, it only contains 4.3billion different IPs.
For example, you sent an IP to a website and it sends its IP back, which means you can communicate. Whereas IPv6 addressing has 128 bits and is
written as ... Show more content on Helpwriting.net ...
The second is Class B was designed for medium and large networks; the two main bits in Class B are always 10 which makes up the address. The next
14 bits are used to gather Class B I.Ds and instead they are set a length of 16–bit. The last 16 bits are used for the Host I.D. This allows for 16,384
networks and also 65,534 hosts to the network. Finally Class C which was designed for small networks. The three mains bits in Class C addresses
are 110; the next 21 bits are used to gather Class C network I.Ds and Class C has a length of 24. Meaning the last 8 bits are for the Host I.Ds which
means that Class C has 2,097,152 networks and 254 hosts.
IP address are automatically assigned to the devices upon boot up which is known as dynamic IP but they are only semi–permanent whereas you can
assign a device with a permanent IP so it will always stay the same which is called a static IP address, But having a static address means if a hacker
tries to affect your network he can do it with the same IP whereas if you had a dynamic IP it would be harder for the hacker to keep track of your IP
address. DHCP is a service function that automatically assigns devices with IP addresses but only for DHCP clients. DHCP assigns Dynamic IP which
means that they aren't permanent IP addresses. Whereas APIPA (Automatic Private IP Addressing) automatically obtains an IP from the DHCP server
to give to the clients, but the client can't contact the

The Media Access Control Address
1. Introduction
Media Access control address is a permanent/fixed address which is assigned to every hardware device connected to a network (wireless adapter,
network interface card etc.) by the hardware manufacturer. Every device on a network has an ip address, IP is an internet protocol which give unique
identity to the devices at network layer. IP address can be frequently changed. One the other side, MAC addresses are permanent and they work at
layer 2 (data link layer). MAC Address is also known as hardware address or physical address of a device. Changing of MAC address may allow the
bypassing of access control list of router/servers by hiding the computer/device on a network or allowing it to deceive another network devices.
This is called the spoofing of MAC Address. The media address control spoofing does not mean that we can write the new Mac on the chipset of
network interface card but the Mac spoofing is the way to change MAC details of physical configuration of the operating system. Spoofing is used
to hiding the original machine which sent the data, this can be done to avoid original machine address or to make it undetectable. For the safety
reasons we don't want to show the original address of the machine which send the data , because hackers ,viruses etc. can target our machines by
knowing the original MAC addresses. MAC spoofing is one of the biggest threat for cybercrime investigation agencies, in this today's world there is no
physical evidence where the

Homeland Security: Air-Gapped Computers
For only physically representing two states: off and on, the transistor has done much more than perhaps initially imagined. The transistor enabled the
information age: interconnectivity, intricate analysis, the internet, data storage. Currently, thousands and millions of transistors are rarely more than a
meter away; minute processors run many products. Commonplace computing is incredibly successful, and, consequently, corporations are constantly
looking for new, ingenious, and assistive applications for the technology. Having conquered typical computers, phones, cars, cameras, and notebooks,
companies are experimenting with injecting processing chips into everyday objects and with connecting those objects to the internet. The term for this
... Show more content on Helpwriting.net ...
In the test, "the U.S. government showed how hackers could take down a power plant by physically destroying a generator using just a few lines of
code." The attack works "when a circuit breaker or breakers are opened or closed [automatically], resulting in an out–of–phase condition which
damages alternating current (AC) equipment connected to the grid" (Swearingen). The belligerent party had to simply disable the system's
self–regulation. While small, consumer–style devices connected to the internet are not prone to such widespread effect, both are, ultimately, susceptible
to breaches as per their connection to the

Assignment 1 Nt13p 9. 1
9.1 DHCP SNOOPING
What Is DHCP?
Hosts communicate with each other through addressing in a network. At first devices used to be assigned unique static IP addresses. But, this system
could not be scaled up when mobile devices became more common. Modifying each device's address, such as that of a mobile phone or laptop, each
time it moved from one location to another became very complex.
To resolve this issue, dynamic address configuration was developed, and soon became the standard addressing system for most networks around the
world. All kinds of networks, from coffee shops to corporate networks, use the Dynamic Host Configuration Protocol (DHCP) to connect a multitude of
devices to the internal networks as well as the Internet. However, ... Show more content on Helpwriting.net ...
When DHCP snooping is enabled, a database called the DHCP snooping table or binding table is created. This database stores the lease information
from the switching device. This includes the IP–MAC address binding, the lease time for the IP address, the type of binding, VLAN name, and interface
for each host.
The entries in the binding table are updated when significant changes occur in the network. For example, when a client sends a DHCPRELEASE
message to release an IP address, the corresponding entry in the table is deleted. The entry associated with a device is also deleted if the timeout value
or lease time of the IP address assigned by the DHCP server expires. However, if you move a network device from one VLAN to another, the device
acquires a new IP address. In this case, the corresponding entry, including its VLAN ID, is updated in the table. DHCP Snooping Process
Here's what happens when DHCP snooping is enabled on a switching device:
A network host requests for an IP address by sending a DHCPDISCOVER packet to the switching device.
The switching device sends the packet to the DHCP server.
The server in turn offers the host an IP address by returning a DHCPOFFER packet to the switching device.
The switching device confirms that the offer is from a trusted interface, and sends the packet to the host.
The host then accepts the address through a DHCPREQUEST packet.
The switching device adds a placeholder entry for the

Limiting Ip Spoofing Through Bgp & Idpf Essay
Limiting IP Spoofing through BGP & IDPF
Mr. A.K.Kadam, Devadkar Kirti Rajaram, Ankita Kumari,Arunima
Mr. A.K.Kadam, Professor, Dept. Of Computer Engineering,BVPCOE Pune,Maharashtara,India
Devadkar Kirti Rajaram,Student, Dept. Of Computer Engineering,BVPCOE Pune,Maharashtara,India
Ankita Kumari, Student, Dept. Of Computer Engineering,BVPCOE Pune,Maharashtara,India
Arunima,student, Dept. Of Computer Engineering,BVPCOE Pune,Maharashtara,India
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––***––––––––––––––––––––––––––––––––––––––––––––––––––––
Abstract – IP Spoofing is a serious threat to the legitimate use of the Internet. By employing IP spoofing, attackers can overload the destination network
thus preventing it from providing service to legitimate user. In this paper, we propose an inter domain packet filter (IDPF) architecture that can
minimize the level of IP spoofing on the Internet. A key feature of our scheme is that it does not require globalrouting information. IDPFs are
constructed from the information implicit in Border Gateway Protocol (BGP) route updates and are deployed in network border routers. We establish
the conditions under which the IDPF framework correctly works in that it does not discard packets with valid source addresses. We show that, even
with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers. In addition, they can help localize the origin
of an attack

Cyber Security Essay
CYBER SECURITY:
Cyber Security also called computer security and IT security, is the assurance of data from theft or any harm to the gadget, the product and
information stored on hardware. It incorporates controlling physical access to the equipment and additionally ensuring against code or data injection
or via network access. The field is of developing significance because of the expanding dependence of PC frameworks in most societies. Computer
frameworks now incorporate a wide assortment of "keen" gadgets, including cell phones, TVs and little gadgets as a major aspect of the Internet of
Things – and systems incorporate the Internet and private information systems, as well as Bluetooth, Wi–Fi and different remote system. ... Show more
Distributed denial of service is hard to block. Due to much traffic, system could not tolerate the unacceptable requests from different machines. A
single user is attacked from the number of attackers. The millions of requests force the computer to shut down. The main purpose of denial of service
is to disturb business of specific organization. The normal work is effected such as make server unavailable to its regular users. A single blockage of
an IP address could not stop the attack.
Direct – access attacks:
If attacker have physical access to victim computer could easily copy information from it. An unauthorized user can change coding of operating system
to bypass the security check, they could install malware, worms, or harmful viruses. Though system is secured by standard security, they could be able
to boot computer using another working programs for boot the system using bootable USB drive or CD–ROM. Trusted platform module or disk
encryption are developed to prevent direct–access attacks.
Eavesdropping:
Eavesdropping is the unapproved real–time interception of a private transmission, for example, a telephone call, text, video conferencing and fax
transmission. The term eavesdrop gets from the act of really remaining under the roof of a house, listening to discussions inside. Eavesdropping is very
easy to perform with IP–based calls as compare to TDM–based

Designing My Second Rhel Vm
Goal In this lab the goal was to set up another RHEL server and install a few core services on the box such as DNS, DHCP, NTP, OpenLDAP and
RSysLog. By doing this lab I was able to have a deeper understanding of the configuration files for each of these services as well as understanding
the way each of these services store data on the server. Procedural and Informational Documentation When starting this lab, I had to make the decision
of how I wanted to create my second RHEL VM. I quickly threw away the idea of manually making a new VM, installing the OS, updating it and
re–securing it. Instead, I duplicated my VM that was already created for the Wiki server and then proceeded to roll back changes I made in the
firewall, SELinux... Show more content on Helpwriting.net ...
I realized my mistake after looking through the pre–made DNS file and I found that my DNS server was set to only allow queries from the IP it was
listening on (127.0.0.1). After removing that entry from the configuration file and restarting the service, I was able to query using DNS from my
clients. DNS Zone files created successfully The other issue that I had was with OpenLDAP and my inability to find proper documentation. With
the switch to RHEL7, many services and way you access OpenLDAP configuration files changed. For instance, you no longer are able to edit
certain configuration files directly, all edits must be done through new commands. Once I was able to find RHEL7 compatible documentation, the
process for creating new users, OUs and other OpenLDAP directories was a breeze. Finally was able to get OpenLDAP configured Security
Considerations There are many security concerns that are apparent when looking at this lab and all of the services that have been set up on the
devices on the network. I will be going through the devices one by one and go through the security issues apparent and will be going through how
they should be addressed in this environment and in an enterprise environment. The first service that I will be examining for security issues is the
BIND service. Zone transfers are done from a slave DNS to the

Advantages Of Malware Analysis
Assignment # 3 Q1. There are different techniques for malware analysis like static, dynamic and postmortem. Briefly discuss these malware analysis
techniques (or if any other than mentioned). Ans: Static analysis is the kind of analysis in which one can study a specific program or malware even
without its actual or real execution. From many advantages of Static analysis it is very interesting that this analysis can open up about how a malware
or a program would efficiently behave under the conditions which are not usual or not normal in behavior, it is just because the parts of the malware
can be analyzed separately which are not included in normal execution. In general and more real examples this analysis provides best results. It is...
From many advantages of dynamic analysis the best one is its speed and efficiency it can be faster than static or any other and the level of
accuracy of priceless. Meanwhile there is one con we shouldn't forget and that is dynamic analysis is just what it shows nothing more than the live
analysis and it is all one can get from this analysis. So this analysis cannot open up about how a malware or a program would efficiently behave
under the conditions which are not usual or not normal in behavior nor does it cover all paths and the nodes. Dynamic analysis has an important type
called black box where one can study the behavior of malware without knowing its system internals. One can only see the exterior I/O and the defined
relations of timing. There are some limitations but it can extraordinarily behave in exceptional conditions. Postmortem analysis is the kind of analysis
in which one can study the malware and its working behavior by seeing its effects afterword its full execution. The analysis through postmortem is
sometimes the last existing or only available tool or techniques after its final execution. There is one con of this analysis which is its information
hiding or the disappearance of evidence. But there are ways like memory–based after–effects and disk–based after–effects which can help in these kind
of

Detection Systems For The Network
As we know the computer network and communication has brought many sophisticated changes to the networking world, But it also made the network
systems vulnerable to attacks by hackers anywhere at a distance. These attacks usually start by interrupting the network through some host and
encouraging further more attacks on the network. The hackers usually use sophisticated techniques in interrupting the network, they use some
softwares which will hardly use some traditional techniques to hack the network. Therefore we need some detection systems to detect the unusual data
approaching the network. Therefore we discuss on two types of intrusion detection systems , their development, principal, working and its pros and
cons. In this... Show more content on Helpwriting.net ...
A littler framework can be setup for the single sensor to screen the movement by switch, passage or switch. These intrusion detection systems are need
in now a days on the grounds that it is difficult to dependably follow along on potential treats and vulnerabilities of the computer organizing framework.
Today 's reality is changing and advancing with new advances and the web. intrusion detection systems are tools which are situated in distinguishing the
attacks and vulnerabilities in this evolving environment. Therefore we need to curb these attacks by using intrusion detecting systems to detect the
attacks. Without these tools, it becomes very difficult and damage to the computer systems. FIGURE 1: Computer network with intrusion detection
systems Attacks can be partitioned into two classifications Pre–intrusion activities Intrusions 1.2 Pre– Intrusion activities: Pre intrusion activities are
utilized to plan for intruding into a system. These incorporate port checking and IP spoofing to identify the attacker or intruder. Port scans: A
program will be utilized by programmers to interface with the framework and figure out what TCP or UDP ports are open and vulnerable against
attack, which is called as scanner. These scanners will discover which PC on the system is vulnerable against attack and focus the services running
over the

Ipv4. Internet Protocol Version 4 ( Ipv4 )
IPV4
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP) and it is only protocol widely used for the communication
purpose in the computer networks and it works in the Internet layer of the OSI reference model. The IPv4 address is 32 bits long. The 32 bit is
divided into four groups. Each group has the eight bits which forms as an octet. Each IP address has two parts called the network id and the host id.
This IP address is used as a unique identification address for the hosts in the networks. Network ID also known as network address used to identify
the network from the large internetwork. All the computers in the same network will have the same network ID. Host ID is also known as host
address used to identify the host in the same network. There are five classes of IPv4 address. They are Class A, Class B, Class C, Class D and Class E.
Class A, Class B and Class C are most commonly used, Class D is multicast and Class E is for the research and the development purpose. These
classes of IP addresses are used in different location based on the network infrastructure.
The first octet in the class A IP address belong to the network part and the remaining three octets represents the host part of the IP address. Class A
can be written as N.H.H.H, N refers the network identifier and the H refers the host identifier, The number of available hosts is 16,77,214 in each
network, number of networks available is 128 and the default mask is

Physical Layer Essay
COMP247 Assignment 1 Van Vu 42872480 1) QueStiOn oNe Physical Layer, IEEE.802.3 The physical layer, inclusive of the cables that transport
data are exposed to the environments and various other external factors making its reliability difficult to guarantee. Despite this, the physical layer has
several of its own contributions to making a quality network. The Institute of Electrical and Electronics Engineers (IEEE) has developed standards for
physical ports and cables that have been generally accepted globally. This greatly simplifies the physical connection work required with only one type
of cable needed that will fit any machine's ports. This further extends to the scalability of a network, allowing additional machines to be connected...
By having the finer internal cables intertwining and twisting, it reduces the effect of electrical or magnetic interference on the signals By nature of
how electrical work, more than once signal cannot be transmitted as they interfere with each other and data can be corrupted and be recoverable. A
system of allocating time or sharing of the resource avoids this problem. There are options such as passing a token where only the token holder may
transmit or time reservations. Though these methods work, they are inefficient as time is lost during token passing, or when resources are urgently
needed. CSMA/CD and CSMA/CA protocols are designed to overcome is issue. CSMA/CA taps into and listens in on a line to check that not data is
currently being transmitted. In the case that the line is unused the device may transmit its data allowing for the line to be used dynamically. This
method has a blind spot, in the case two or more devices are listening on an idle line simultaneously, they will send simultaneously and each signal will
interfere with the other. Though there are protocols to avoid this from happening again when each node resends their data, time lost can vary
depending on the quantity of data sent. CSMA/CA resolves this by listening while transmitting, if a collision is detected the data stream is cut off and
stopping data that will be corrupted being sent. This avoids wasted time, during which a resource is in use but nothing productive is achieved. Data

An Essay on Denial of Service Attack
DENIAL OF SERVICE ATTACK: SIMPLE BUT DESTRUCTIVE
In last several years, Daniel of Service attack (DoS)/ Distributed Daniel of Service attack (DDoS) has become one of the most critical threats for
internet security, though it's easily accomplished by the intruders. Even, proven and practicable attacking software are also available on the Internet. To
get rid of this attack, first of all we have to know its consequences.
Typically, an internet connection is established using a methodology named 'THREE WAY HANDSHAKING'. Following this protocol, at first client
pc sends request (SYN) for connection establishment and then receiving this request server pc response to it sending an acknowledgement of approval
(SYN_ACK) message to the client ... Show more content on Helpwriting.net ...
It just sends UDP echo packet in place of ICMP. This invasion can be very serious because of the 'stateless' property of UDP. This means there is no
acknowledgement mechanism in this protocol, which makes UDP favorable for DoS attack. Attacker swallows up the network by UDP packets.
Because of there is no mechanism, receiver can't identify the fake requests.
Ping of death attack follows the same mechanism but from a new angel. It sends ping request using over–sized packets. Normally, TCP/IP's Maximum
Transmission Unit (MTU) i.e. maximum packet size is 65,536 octets (as per CISCO). As a result of over–sized pings, the routing device keeps
rebooting perpetually or may be freezes up causing a total crash.
'Tribe Flood network'/'Tribe Flood network 2000' (TFN/TFN2K) is more complicated than previous DoS attacks. Alternately it is named as 'IP
Spoofing'. It is capable of initiating synchronized DoS attacks from multiple sources to multiple target devices. It accomplishes the violation by
imitating itself as an IP address of a network to other IP addresses, which are in the scope of it. In this manner, it misleads the network system by using
an approved or trusted internal/external IP address and does massive destruction.
Stacheldraht is a Distributed DoS program (DDoS), which is actually an assortment of DoS methodologies. It integrates TFN irruption processes along
with UDP, TCP/IP, ICMP overflow, Smurf attack. Starting with a huge

Network Security Is Important For Protecting Your Computer
Network Security
EET 5720
Daljot Rai
Have you ever surfed the web and received a popup alerting you a threat is detected? If so, you are not alone. This is a very common issue web
browsers and organizations face. In order to resolve or prevent such issues, it is key to learn about the security of your network. Network security is
the protection of networks that help secure files and directories of a computer. It helps protect the user from hackers, virus attacks, misuse and prevents
unauthorized access. The importance of learning and becoming aware of network security is important for protecting yourself and others around you. I
will be discussing the common type of attacks, methods to protect your computer from harm and discuss what the future may hold for network security.
There are many attacks that can be associated with network security, eavesdropping, viruses/malware and Trojans, phishing, IPspoofing attack and
lastly denial of service. Eavesdropping, has two subcategories passive and active. Passive eavesdropping refers to someone listening to a phone call,
or reading a chat email (Daya, Bhavya). Active eavesdropping refers to the hacker physically going in and distressing the conversation (Daya, Bhavya).
This type of attack allows the hacker to steal confidential information. In this circumstance, it is important to have some sort of network security
because having someone listening in on a personal conversation can be detrimental. This can be solved

Computer Forensics : An Analysis Of Network Capture And Logs
Computer Forensics:
An Analysis of Network Capture and Logs
By:
Presented to
Presence of online infiltration and hacking tools has proliferated to a thorough necessity to employ effective Intrusion Detection Systems (IDS) and
firewalls to keep attackers at bay. These tools however can be circumvented and are not very effective. A thorough computer forensics analysis into
network traffic thus becomes critical in aid in examining and establishing the nature of attacks that in retrospect assist in deploying more safety
measures. To ascertain this claim, we will deploy a case scenario involving a friend who runs a website using a Content Management System platform,
PhpMySport, for a hacking club. He suspects his site has ... Show more content on Helpwriting.net ...
The other major reason to establish the presence of an attack is due to the fact that the attackers used different IP address to access the system, at
distinct times. This trend is commonly used by attackers to avoid trace back (Vacca 2013, p. 318). The other evidence to ascertain this is presence of
different Source Port (SRC) and Destination Port (DPT). From the firewall logs, it is quite evident that the attacker kept interchanging their destination
and source IP addresses to avoid being detected. At certain points, evidence collected from website logins shows the site returned an 'Error 404'
message. This error occurs when the server cannot establish the requested connection (Fisher 2015). This clearly depicts the user was trying to establish
an unauthorized access. The server logins also indicate multiple logins from the same address in quick succession.
2. What software's or attack tools did the attackers use? From deeply examining the trend in the network intrusion, the attacker might have applied
port scan and IP address spoofing method of attack. Forensic evidence gathered from the firewall logins indicated that the attacker used varying IP
address to access the network system. This clearly proves IP address spoofing, which occurs when an attacker impersonates a firewall's trusted IP
address. Attackers can henceforth get access to the system and manipulate malicious content (Thomas & Stoddard

Firewall Essay
TABLE OF CONTENT
ABSTRACT/SYNOPSIS
A firewall is a product that sets up a security border whose primary undertaking is to piece or limit both approaching and active data over a system.
These firewalls are fundamentally not compelling and suitable for professional workplaces to keep up security of data while it bolsters the free trade
of perspectives. In this paper, i think about system firewall that helps the professional workplace and alternate systems that need to trade data over the
system. A firewall ensures the stream of activity over web and is less prohibitive of outward and internal data and furthermore give inward client the
fantasy of unknown FTP and www availability to web.
1. ... Show more content on Helpwriting.net ...
It ensures protection by standing amongst system and the outside world. The information move in any direction must go through the firewall.
3.0 TYPES OF FIREWALLS :
There are various types of technique which might be executed by a firewall. Some of them are as per the following:
Packet channel
Application gateway
Circuit level gateway
Proxy server
3.1 PACKET FILTER:
It focuses at one packet at once and after that it applies some set of guidelines to every packet and afterwards it chooses to either forward the packet
or dispose the packet. The standards depend on various fields in the IP and TCP/UDP headers i.e. Source and destination address, IP protocol field,
TCP/UDP port number.
Attackers can break the security with the assistance of following techniques:
IP ADDRESS SPOOFING : In this kind of attack, attackers send a packet to inside network, by setting source
IP address equals to IP address of inside client.
SOURCE ROUTING ATTACKS: Here attackers determine the route that is trailed by the packet to move along the web with the goal that packet filter

can be tricked to sidestep its normal checks.
Solution: The solution of this attack is disposed of all packets that use this alternative.
Advantages:
It is Simple to execute.
Low hardware cost, shabby boxes can do packet filtering.
Rules set are less complex.
3.2 APPLICATION GATEWAYS
With a specific end goal to control dangers when internal server permits connections

Network Security : Is It Protected Or Not Important?
Networking and Security
What is Networking and Security? you may think network security is worthless or not important, but network security allows you to have usability,
reliability, integrity, and safety of your data ("What Is Network Security" np). Without network security you would be opening yourself to many
different threats such as: Viruses, Worms, Hacker Attacks, Denial of Service Attacks, Identity Theft, and more ("What Is Network Security and How
Does It Protect You?" np). Network Security is important because it protects your personal information on theinternet, keeps small and large business
networks up and running as well as protects their private information, and speeds up the transfer rate of data because network security ... Show more
With Network Security, networking technicians use multiple layers of security, so that if one layer fails the others are there to pick up the slack until
the first layer is fix. Some parts of the security of a network involve these items: Antivirus and Antispyware, Firewalls, Intrusion Prevention
Systems(IPS), and Virtual Private Networks(VPNs) ("How Does Network Security Work?" np). With this layer system that is used the ability to
maintain the integrity of the network.
How Does Network Security Protect You As A Common User of The Internet? Network Security helps protect you from many times of attacks every
time you go on the internet some of those attacks being: Viruses, Worms, Trojan Horses,Spyware, Adware, Zero day Attacks, Hacker Attacks, Denial
of Service Attack, and Identity Theft ("What Is Network Security and How Does it Protect You?" np). Most of these attacks or software target the vital
parts of your computer and renders them nearly viable or complete unusable. Without network security you would be unprotected from these attacks
which would make the internet an unsafe place.
How Easy Is It To Break Into My Computer? Even though hackers are trying everyday to make more complex software or files to get into computers
and network. The companies creating the network security softwares are constantly updating their software so that they catch the majority of the new
software that the

Ipv4 vs Ipv6
The IPv4 came before the IPv6 and these datagrams are similar in many ways but also differ in more ways than one. IPv6 came out in the year
2004 and still uses many of the features that made IPv4 so successful. IPv6 is supposed to become the new standard over the older version of IPv6,
but it is tough for v6 to take its spot when v6 cannot support everything v4 does, basically v6 cannot connect to a v4 system. Some differences are that
it is stated that the IPv6 is more secure than the IPv4, the address size went from 32 bits in the IPv4 to 128 bits in the IPv6, extensible protocols are
more flexible in the IPv6, IPv4 and IPv6 are not compatible, the IPv4 will not be able to support additional nodes or support for applications, and the ...
The reason why the address is longer in v6 is because it can support over 340 undecillion IP addresses. Mainly because the IPv6 has potential to
have problems just like the IPv4 address problems. Also, the IPv6 has been broken down into geographical locations, meaning that the address can
be tracked to a specific location in the world. The downfall in this part, in my opinion, in a hacker's point of view, is that you can breakdown a
specific location where you would want to attack, if you know the geographic location of the hexadecimal in the address. What I mean is that you
can know the country code in the IPv6 address and focus your attack in that specific location. Having a random order of the v6 address would make
it more reliable and more secure but also would allow disorder, not knowing where specific address might be located.
IPv6 is more flexible in using protocols which, are mainly defined as the Request for Comment (RFC) that we discussed in the discussions. Protocols
are defined in the RFC, but the name of the protocol will be something like Internet Protocol, Internet Control Message Protocol, Telnet Protocol, and
many more. The reason why these Protocols are more flexible in the IPv6 is for one, the IPv6 is a newer technology than the IPv4, and the IPv6 also
has more functionality and allows more flexibility in the protocols, whereas the

VoIP: A New Frontier for Security and Vulnerabilities Essay
VoIP: A New Frontier for Security and Vulnerabilities
Introduction to Voice over IP Technology
The promise of extremely cheap telephone service, utilizing the Internet to transmit voice, has made voice over IP an attractive and profitable idea.
Vonage (http://www.vonage.com/) and other service providers entice consumers by charging a flat, monthly rate for unlimited long distance in the U.S.
and Canada; the rate is often less than it would cost for a regular phone line without any long distance charges. An entity with an enormous call volume,
such as a worldwide retail corporation, could benefit from tremendous cost savings by transitioning all of its telephony networks to VoIP.... Show more
H.323 utilizes unicast and multicast on UDP port 1718 to locate the gateway; then remote access service (RAS) is started on UDP port 1719. H.225
and H.245 are also used for call signaling over TCP port 1720 and data transmission over TCP ports 1000 through 65535 (Mullins, 2005).
Security Concerns
As with any new technology of the Information Age which has had groundbreaking implications for the way we communicate electronically, IT
managers have been wise to greet voice over IP with some skepticism. After all, VoIP is a service that utilizes theInternet to transmit data, much like
web browsers, email, or any other networked application. In that case, security should definitely be a major concern for anyone who is considering the
adoption of VoIPtelephone service. As Korzeniowski (2005) writes, "VoIP features all of the security problems inherent with IP communications and
adds a few new items to the mix."
The Internet
The benefits that voice over IP offer must be acknowledged with these security concerns in mind. Unfortunately for simplicity's sake, VoIP is not just a
replacement for traditional phone systems operating on the PSTN (Public Switched Telephone Network). Indeed, we often take for granted the security
we enjoy on the PSTN, which is by nature more secluded than Internet transmissions. A dedicated circuit handles only the

Discuss the Roles and Motivations for Separately Filtering...
Discuss the roles and motivations for separately filtering ingress and egress traffic in the enterprise network. Describe separate conditions for both
ingress and egress traffic as they transit the network. Discuss: What roles do ingress and egress filtering play in protecting a network? How do
protective isolations help to protect a network? Why do we need to separate and isolate the types of traffic?
Ingress filtering is the filtering of any IP packets with untrusted source addresses before they have a chance to enter and affect your system or
network. It can protect users from malicious attacks based on spoofing, where a hacker attempts to make a packet look like it originated from
somewhere else. Internet service providers (ISPs) ... Show more content on Helpwriting.net ...
Especially communication between servers has very predefined patterns of communications. By only allowing this traffic you are sure that no one wills
accidently compromise the server by adding new software, and thus raise the security.
.
The main purpose of egress filtering is to ensure that unwanted or destructive traffic (such as malware, unauthorized e–mail messages, or requests to
Web sites). To create an isolated network, you need to separate the various types of computers on the organization network according to the type of
access you want the computers to have. The communication requirements are the following:
Computers on the isolated network can initiate communications with all of the computers on the organization network, including those that are not
located on the isolated network.
Computers that are not on the isolated network can initiate communications only with other computers that are not on the isolated network. They
cannot initiate communications with computers on the isolated network.
REFERENCE
http://msdn.microsoft.com/en–us/library/ff648651.aspx
http://whatis.techtarget.com/definition/egress–filtering

Nt1330 Unit 3 Network Analysis Paper
Schaffer needs to create a layout with a specialized team that has these: DMZ, Intranet, Internal Network, Proxies, Firewall Configuration, and mobile
users The DMZ is needed to separate the company from the internet. This is a secured area into which the company should place servers providing
Internet services and facilities (for example, web servers). It is also good to have because if anyone attacks the machine is hardened to defend from
attacks. These servers don't have any information in the internal network.
The firewall providing the DMZ segmentation should allow only inbound packets destined to the corresponding service ports and hosts offering the
services within the DMZ. Also, limit outbound initiated traffic to the Internet to those machines requiring access to the Internet to carry out the service
they are ... Show more content on Helpwriting.net ...
Jay might want to segment an inbound–only DMZ and an outbound–only DMZ, with respect to the type of connection requests. However, given the
potential of a DoS attack interrupting DNS or email, consider creating separate inbound and outbound servers to provide these services.
The intranet helps protects your internal hosts, but it is not in the same place as the host. Internally, the company also has similar services to offer
(Web, mail, file serving, internal DNS, and so on) that are meant solely for internal users which will allow tighter controls to be placed for router
filtering. Next is the internal network, where everything else remaining is in this segment. The machines on the segment request information from the
host including the labs and other departments that Jay's company's working with. For each internal network, the company should place a firewall in
between each to filter the traffic to provide additional

Information Retrieval And Its Effects On The Server
Data is distributed to minimize the response time and request drop rates across all over the servers. A request for a particular data from the server
(vendor or set of mirrors) is sent by client and server responds back with the data that client requested. In this case server comes to know what data
is requested or needed by the client. Generally mirrors are the third party sites that may or may not be trustworthy. If in case if a client wants to update
a security patch for its system and the mirror that was chosen for the update is not trustworthy, then in this case it's a threat to the system as its
vulnerability is exposed to third party. Private Information Retrieval (PIR) is basically a protocol that allows client to retrieve the... Show more content
on Helpwriting.net ...
With manifest provided by server, client can determine which block to retrieve from mirrors and to validate their correctness. Vendor removes the
malicious mirror reported by the client. It also polls and removes the unresponsive mirror. Mirror: It basically uses 'rsync' to obtain files for a
release from vendor. Mirror stores all of the software update to be released in a contiguous memory. It uses manifest for the validation of each
block. Once the mirror is ready to serve the blocks to the clients, then it notifies the server for its readiness. Client: The first thing client will do is
will request vendor for manifest and list of mirrors. With the help of manifest, client will be able to determine which block of the release it will need
to retrieve in order to receive updates. The client has the value N that represents the number of mirrors that it would have to interact in order to keep
its privacy. To retrieve a single block for an instance, it generates cryptographically suitable N–1 and it derives the 'Nth' string by XORing the other
N–1 random string together to get the desired updates. As the mirror receives random bit string, it won't be able to identify which updates client is
looking for to retrieve. In order to protect against those who can monitor traffic, client can securely communicate with the mirror using encrypted
tunnel. The release provided by a vendor

Comparison Between Different Firewall and Their Abilities.
Packet filtering is the earliest technology developed to protect the network from dangers in the Internet. It works at network transport layer. A data
is split in to several packets and then reassembled back once it has reached its destination. Administrators creates a set of rules which will then be
configured to the router, router will then act as a security guard, will either deny or allow packets from passing through. However packet filtering
has only limited function, it can only analyze header information in IP packets. For an instance it can all allow or deny specific functions of FTP
such as the use of "GET" and "PUT" command (Ogletree, 2000). Packet filtering susceptible to IP Spoofing (Webopedia, 2011). IP Spoofing is used by
... Show more content on Helpwriting.net ...
Disadvantage of proxy server, low performance due to processing at application level and not so effective, due to protocol specific services.
Application gateway works on the application level and it is also connected proxy server; it is more complex version of a firewall, intercepting
traffic for a specific application is what it does mainly (Ogletree, 2000). When a connection is established, it is then brought to application gateway
first or proxy which then will proceed to destination. Compared to other firewall technologies it is very secure but also consumes large memory and a
good processor (Webopedia, 2011). Advantage of Application level gateway provides direct connection between external and internal hosts are
disallowed, besides that it also allows user–level authentication and finally application commands are analyzed inside the data packets. (Careerride,
2008–2010). Disadvantage of application gateway– detailed concentration is required to each individual application that uses the gateway and has a
very complicated and complex setup. Circuit Level Filtering is one step ahead than packet filtering, and it works at Transport Layer. Major duty would
be to check whether the connection between both sides is valid and only then will decide to allow the packet to be transmitted (Toolbox.com,
1998–2011). Once that is done it allows the traffic for a limited time from the valid source. To determine the validity of connection, it is based on certain

Task A Post Event Evaluation Essay
TASK A. Post–Event Evaluation
1.Malicious Events
Wanting a pay raise, an employee looked for a method to obtaining a raise without going through the proper channels, such as their manager. So,
instead of discussing the raise with a manager, the employee found a way to hack into the Human Resource (HR) records system at work. The
employee figured out to spoof an IP address and proceeded to eavesdrop on the business network until the employee records were located. Once the
employee obtain access to the records in the HR system the employee altered the records to receive a raise. Once the change was made, the employee
received two paychecks with the pay increase.
During an audit, an auditor discovered a problem with the employee's paycheck and contacted numerous employees within the company through email.
The employee who caused the hack was able to divert the auditor's messages. The employee then created phone messages and communicated with the
auditor. In time, the employee acquired access to other parts of the network including additional financial records. The employee changed the salary of
several additional employee, including the company president, lowering their pay and pocketing the different into the employee's own paycheck.
A lack of encryption controls and authentication, were determined by the IT department, to be what allowed the employee to hack into the HR system.
2.Notification
Different types of attacks required different processes and procedures. Due to

A Report On The Attack Automation Strategy
http://www.eecis.udel.edu/~sunshine/publications/ccr.pdf
1a) An DDoS(Distributed Denial of Service) Attack consists of several phases– firstly the attacker recruits multiple agent machines which will be later
on infected with the attack code and further exploited. The infected machines can be used to further recruit new agents. We can outline those phases as
Recruit, Exploit, Infect and Use.
ATTACKAUTOMATION STRATEGY
The attack automation strategy stands for how much of the DDoS attack does an attacker want to make automatic and how much to leave for manual
control. The strategy depends on the degree of automation of the phases of the attack. There are three general automation degrees – Manual, Automated
and Semi–Automated– which are explained as follows:
oManual
In that case, the hacker manually recruits machines by scanning remote ones for vulnerabilities, breaks their security mechanisms, installs the prepared
attack code and then directs the attack. This type of a DDoS Attack has become really outdated since lately all the recruitment phase has been
automated.
Weak design consideration in terms of functionality and productivity.
oSemi–Automated
In the Semi–Automated DDoS attacks the DDoS "network" is made of a handler and an agent machine. There is automation present for the Recruit,
Exploit and Infect phases. Through the communication between the handler and the agent, the attacker specifies the attack type, the onset, the duration
and the victims ID. The

Ip Address
TOPIC:IP ADDRESS
AUTHOR–Rameshwar Prasad Srivastava MS ( Cyber Law & Information Security) Indian Institute of Information Technology ,Allahabad
The address of a computer on the Internet is commonly referred to as the IP Address (Internet Protocol). It 's a 32 bit (4 bytes) number normally
written as follows: xxx.xxx.xxx.xxx Since a byte can represent any number from zero to 255, the least and the maximum IP address possible are:
0.0.0.0 to 255.255.255.255
Understanding IP Addresses
Understanding IP Addressing is necessary, since all applications on theInternet generate logs, wherein IP Addresses of all interacting computers are
recorded. The logs from a basis for investigation by investigating ... Show more content on Helpwriting.net ...
There is no relation between an IP address and the FQDN. They are somewhat related as the name of a person, and his telephone number. A list of IP
Addresses and their corresponding Domain names is kept in servers called the Domain name service Servers – DNS Server. A Domain name has four
parts:
1)Computer Name, or the host machine name
2)Organization Name
3)Internet Top Level Domain
a.This give information regarding the nature of the organization. gov, com, edu, mil, net etc representing Government, commercial, educational,
military, network provider organization respectively.
4)Countries name – usually the first two letters of the name of the country
A typical domain name appears as follows: adohare.svpnpa.gov.in indicating that the name of the host machine is adohare, on a network called svpnpa,
which is a government organization in India.
Universal Resource Locator URL

Programs on the computer are identified uniquely by URL 's. An URL specifies exactly where on a system to go. It has six parts:–
1. Protocol/Information service : type http, ftp, NNTP.
2. Domain name of the server
3. Port address : for http default is Port No. 80
4. Directory address
5. File or object name
6. Internal anchor only for http resources
A typical URL appears as follows
http://www.svpnpa.gov.in:80/cp18–whoiswho.html#dds
Translated into a command it translates: Use the

Dr Case Study
IV.DISABLING THE RECURSION ON THE DNS SERVER
The DNS is a hierarchical organized system which offers the essential mapping between human names and their IP addresses so that it can provide
appropriate access to internet. DNS does so by two essential methods; the first one is authoritative DNS which gives original, actual and complete data
to your DNS queries and those data are installed in its configuration system not data that are cached in other servers.
The other method that DNS provide mapping through it, is the recursive method, this type of service is done when the DNS server does not find the
data or the related IP address in its memory so it will ask the authoritative DNS about the data and return it back to the user and store ... Show more
Disabling the recursion and restricting the capability to process delegation data can stop the DoS attacks and cache poisoning, there are several
methods which can be done to protect the DNS as explained below. Disabling the recursion in your system is the main method that can be done to
protect the DNS, it means that your name server will be put in the passive mode so that no queries on behalf of other servers will be sent to it that
will save the server and the cache memory since it will process requests which are directed to it only.
The other method is restricting the requests, depending on that it will suggested that sites use distinct name servers for offering authoritative responses
for their zones and offering recursive services to the internal system, this makes recursive be completely disabled on the authoritative zone while in the
same time offering the recursive service for the internal system.
The third method is restricting the recursion, so that in those structures where it is not possible to totally disable the recursion, it is suggested that the
server be limited to offer recursive processes only to a limited set of addresses, when this option is used, requests from other IP addresses out this set
will be processed as non–recursive, nevertheless of

Essay On IT Security

Recommended

Recommended

More Related Content

Similar to Essay On IT Security

Similar to Essay On IT Security (20)

More from Victoria Dillard

More from Victoria Dillard (20)

Recently uploaded

Recently uploaded (20)

Essay On IT Security