Computer and Network security TA Management

Questions: 1. Identify the various tools and techniques used by attackers and the types of attack that can be launched by using these tools or techniques. 2. Distinguish between the various types of attack and their consequences. 3. Compare and contrast the various tools and techniques that can be used to protect computer systems and networks from attack and to select appropriate tools or techniques for dealing with specific attacks. 4. Set up and configure a range of network security tools and devices. 5. Analyse a problem and devise one or more solutions to it. Answer: Introduction Network security is the key issue for the computing generation, since the rate of attack by the hackers is increasing at a fast pace(Abbasi et al.2011)Network security is consist of policies and provisions adopted by the network administrators in order to prevent various kinds of attacks such as data misuse, unauthorized access, modification, malicious computer network, network-accessible resources. Network security follows a significant process in order to protect the digital information assets, security goals to protect the confidentiality, assure availability and maintain integrity. 1. Identification of various tools and techniques used by the attacker Network hackers use a variety of tool and techniques to attack a system. The popular hacking tools are falls under the following categories. Wireless attack tool Wireless attack tools have been developed to compromise the 802.11 networks. The widespread and popular use of Wi-Fi, offers a platform to the attacker based on which they cause the disruption (Balasundaram et al. 2011). Confidentiality attack tools On intercepting over the wireless link, attackers attempt to gather private information. Eavesdropping, access point (AP), key cracking and phishing attacks are some of the attack techniques. Eavesdropping- The commonly used tool of eavesdropping is Wireshark. It is basically a sniffing program that will display all the network traffic both wireless and wired. It is a multi-platform, multi protocol analyzer supporting hundreds of protocols and includes decryption support for various popular security protocols that include Wired Equivalent privacy (WEP), IP security, Wi-fi protected access, Kerberos, Key management Protocol, Internet security association, etc(Barbern et al.2012). Moreover, Wireshark display the captured data in an easy to read and easy to follow format. It has built in filters that is used to capture specific data i.e. Protocol, port number or IP address. Sniffing- Apart from capturing and displaying the packets from physical layer, the sniffing programs possess installed plugins and filters enable to manipulate data creating a man in the middle attack. Phishing- AP Phishing, renowned as Evil Twin is a confidentiality attack, where the users are misguided to logon to fake APs thus providing the credentials to the attacker. These fake logon pages are created to collect confidential data, credentials, credit card information, password of users (Canto-Perello et al. 2013). In process, the user is compelled to download a series of viruses i.e. Trojan horses. Tools such as APsniff, APhunter, KNSGEM, Hotspotter scan the wireless AP beacon signals. Types of attack launched by these tools Here are some basic attacks launched by the above tools and techniques. Security threat The key security threats include denial of services, unauthorized access to data and network resources, uncontrolled access to internet, accidental delete of confidential data, etc. Virus attack A computer virus is a small executable code, that when replicated or executed performs different harmful and unwanted functions in a computer network (Chen et al.2011). Viruses destroy the processors, hard disk, consumes large space memory and effect the overall system performance. Trojan is a malicious code that is not replicated, however, destroys critical data. Unauthorized access to data When hackers gain access to the data and network resources through the process of Eavesdropping or Sniffing. Cryptography attack and theft of information It is another threat to network that causes loss of essential information. DoS Denial of services (DoS), is the explicit attempt by the hackers that prevents the legitimate user from using a service from the network resource (Cohen et al.2012). DoS attack execute the malware by consumption of computational resources, disk space, memory, disrupt the configuration information, physical network components, unsolicited reset of TCP sessions. Installation of unauthorized applications It is the installation of unauthorized software applications to the network servers and client computers. Installation of malicious program applications, causes a number of security threats in the form of songs, codec, gaming software, web-based applications, video programs, etc. Application level attack The attacker exploits the weakness in application layer i.e. faulty control in the while filtering input in the server side, security weakness in web server (Deng et al.2013). The examples of such attack include SQL injection, web server attack and malicious software attack. 2. Distinguish between various types of attack and their consequences IP spoofing Spoofing of IP address involves the creation of malicious TCP/IP packets by using various IP addresses as the source. This is intended to conceal the hackers identity and impersonate the identity of IP address owner (Ding, 2011). On spoofing of the source address, the recipient will reply to the source address, whereas the packet will be hard to trace back the attacker. IP spoofing gives rise to the following consequences. Denial of Service attack(DoS) A large number of packet is send by the attacker to the victim and all the replies from the user is directed towards the spoofed IP address thus preventing the legitimate user from service. Man in the middle It involves the hijacking of an authenticated network session taking place between two hosts. The attacker utilize the spoofed IP address and between two hosts and use them to send and receive packets (Ghani et al.2013). Hijacking of connection While the authentication takes place between two hosts, the attacker take advantage of this and send a reset to the client through which it kills the connection for the client and spoofs the client and continues session with the server using spoofed IP address(Hutchins et al.2011). It has the following consequences: Session or connection hijacking exploits the authenticated machine by stealing cookies stored on the system or machine. Cookies are also stolen by sniffing the encrypted network traffic. These cookies are used within the web server in order to establish an unauthenticated session. ICMP attack ICMP or Internet Control message Protocol is a protocol used in the internet layer of TCP/IP suite in order to send error messages and carryout unauthorized network management tasks(Jhaveri et al.2012).Ping tool is the familiar example of ICP that is used to send echo messages in reference to know the online status of destination. The consequences considers the following. The ICMP protocol does not possess any built-in authentication and the attacker intercept the ICMP packets. Ping is used to launch the DoS attacks to the legitimate users. 3. Comparison and contrast between the various tools of computer network protection a) Application gateways These are also as proxy gateways made up of bastion software and act as a proxy software to run special software. Traditionally, it is the most secure tool that does not allow packets to pass by default (Jnanamurthy et al.2013). However, the proxy server is consist of significant application programs in order to initiate the passage of traffic. This application runs at the Application layer of ISO/OSI reference model. b) Packet filtering It is a technique through which the routers with ACLs are turned on, and by default the router passes all sorts of traffic without any restrictions. The employment of ACLs enforce the security policies in respect to the sort of access to the internal network allowed to the outside world (Kelling et al.2012). In packet filtering, the number of overheads is less than that of an application gateway, since the feature of access control is performed at the lower ISO/OSI layer. Packet filtering has significant problem when compared with Application gateways and Hybrid system. TCP/IP has no means of absolute source address, hence make use of layers of packet filters to localize the traffic(Khan and Engelbrecht, 2012). The two layers of packet filters are used to differentiate between packers that came from internal network and internet, however, it does not make way to find the actual host. c) Hybrid It is the attempt to amalgamate security applications of layer gateways with the speed and feasibility of packet filtering. The new connections are authenticated and approved at the physical layer whereas the remainder is received at the session layer, where the packet filter and passed on (Kim et al. 2011). Unlike packet filtering that identifies the network from which the packet came with certainty, but fails to get more specific than that, however, Hybrid system, provides a measure of protection against the computer network d) Closed Ports A closed port keeps the system and computer network safe from outside communication and attack. In security domain, an open port refers to the UDP and TCP ports, i.e. configured to accept the packets (Kottaimalai et al.2013). The ping request primarily identifies the hosts that are active currently. It is often used as a part of inspection activity in order to prevent a larger and coordinated attack. By removing the ability remote users so that they do not receive a ping request, the user will likely to pass over from unattended scans and script kiddies who search for easier target (Marin and Wellman, 2011). Such a system does not actually protect the user from an attack, as in packer filtering, application gateways, Hybrid system and close port system, but it reduces the chance to become a target. e) Intrusion detection system IDS investigate all the outbound and inbound network activity in order to identify the suspicious patterns that indicate a system or network attack by a hacker who tries to compromise or break into a system(Palonen and Hakkarainen, 2013). IDSs utilize advanced algorithm and traffic analysis to determine whether the probe has been conducted. A number of IDSs have been designed to address the increased requirement of anti-hacking detection, protection on denial of services (DoS), security visibility, and business defenses on e-commerce(Rehg and Kraebber, 2012). g) Intrusion prevention system IPS is takes the activity of IDS one step further by taking immediate action without any human intervention (Valente, 2012). Unlike IDS, the IPS alarms are not based on the pre-defined rules. Appropriate techniques to deal with the attacks Closed port technique The computer network is consist of various open port network by default such as FTP, UDP, TELNET, HTTP, SMTP, etc. Attackers use the following types of open ports to enter the network or system. Moreover, malicious hackers make use of port scanning software in order to detect open ports or unfiltered networks to gain unauthorized access. In contrast, utilization of closed ports ignores or rejects the connections and packets directed towards it. Ports are closed by the use of a firewall (Vu et al.2014). Hybrid system Attackers who plans for unauthorized access to network and get access to internal network have to break through the bastion host, access router and choke router on Hybrid system tool for network security. Ping service turn off Ping service turn off is an essential tool to protect network security from cryptography attack and theft of information (Weninger et al. 2011). Intrusion detection system The DoS attack is treated with the IDS by utilizing traffic analysis and advanced services. It identifies the suspicious pattern of attack by investigating on outbound and inbound network who compromise the system and prevent legitimate user from the service. 4. Set up and configuration of network security tools The interaction between controller and workstation secured by using the Internet key exchange protocol (IKE) and Internet protocol security ( IPsec). IPSec is a set of extensions to the IP protocol family that ensure integrity, data authentication and encryption, encryption and integrity of IP packets (Wrzus et al.2013). IKE securely negotiate the property of security associations, of IPsec enabled peers, i.e. Andover Continuum controllers, workstations, etc. It takes place once all of the following tasks are addressed. Setting up and configuration of network security includes the following steps: Step 1: Determination if the network security is enabled for the controller Step 2: Configuration of controller for secure communications Step 3: Configuration of network security on the workstation (Zhu et al.2012). Step 4: Activation of network security for the controller Task Configuration Description Step 1 Cyber station software To determine whether or not the site has purchased the option of network security specifically for the net II 9680 and ACX 57x0 controller (Balasundaram et al.2011). Step 2 Controller Configuration of the network security settings within the controller Step 3 Workstation It edits, import, assign and export the local security policy of Schneider Electric network on the workstation (Barbern et al.2012). Step 4 Cyber station software It set up the network security attributes for a new controller or existing controller. Before starting the configuration of controllers and workstations, it is essential to ensure the required software and hardware in order to configure the network security successfully. The required hardware and software in configuration setting: The workstation software Windows 2000 SP4, windows server 2003, Windows XP SP2, Continuum cyber station v1.8 (and higher) The hardware controller ACX 57x0 series Netcontroller II 9680 Access privilege Administration privilege on the workstation is used to configure the Local security policy (Canto-Perello et al.2013). Administrative privileges make the controller login into web configuration pages and configure the properties of network security. Network IP address Identify the static IP address for each workstation to ensure security. Make sure each controller possess an available IP address. While setting up the controller of network security configuration, the following security options are used. Network security configuration- This option allows different levels of network security that include factory default, a network security policy that require authentication of Andover continuum traffic and its encryption (Chen et al.2011). Peer to peer security configuration- This option allows the communication between each controller and workstation. It also authenticates the each others identity by utilizing the same shared authorization secret. Web server security options- This option allows the application of network security level that is selected under network security options to the web servers of controllers (Cohen et al.2012). The network security options are applied to all levels of web configuration of the following options is turned on. 5. Analysis of a problem and devising one or more solution to it Analysis of a problem Hackers can attack any network in a million of ways. Attackers can target a network without even connecting to it or using the same network for locating it. Attackers can exfiltrate the data without even compromising the ultimate target. Attackers tend to compromise the network devise and delete the log records, confuse network behavioral analysis by the generation of all sorts of traffic. However, on analysis, it has been concluded that, such type of hacking does not alter the packet stream while it is captured (Deng et al.2011).Thus, this becomes the key player of the data that has been collected to perform advanced analysis of network security. Theft of data through network breach during communication between controller and workstation is analyzed, however, in order to figure out the root cause, the data have used to analyze and draw conclusions about what is happening in the environment (Ding, 2011). This analysis has been done by indexing the data, additional context has been used to supplement and enrich the data, alert on the data, and the last is to search through it in order to pursue an investigation on data theft. This can be done through significant technical horse power. A purpose-built data store is required to capture the full network packet stream. It requires index network traffic at the sufficient speed to provide actionable and usable information in order to shorten the exploit window (Ghani et al.2013).In order to analyze the magnitude of this challenge, a number of SIEM platforms struggle in order to handle the 10,000-15,000 events per second. It helps to capture 10-100gbps network traffic. Solution Network analyzer Virus or hacker attack typically generates an identifiable pattern or signature of packets. The network analyzer identifies the following packets and alert their presence on the network to the administrators. Most analyzers sets a alarm and that are triggered when a particular pattern is identified (Hutchins et al.2011). Some analyzers are programmed to send a page or email when these conditions are met. This assumes that the virus and its signature have been seen before and incorporated within the analyzers packet filter. The filter specifies a significant set of criteria based on which an analyzer will capture the packets or trigger alarm or some other specific pattern of action. IDS and anti-virus system An intrusive detection system and anti-virus is designed to prevent the incursion of known attacks and viruses. Moreover, the script kiddies and hackers have the access to all threat bulletins and window patches that are continuously in search of new vulnerabilities (Jhaveri et al.2012). Operating systems and firewalls often do not identify the patch until the damage already has been done. Imported disks, deliberate actions and infected system network are some of the key weak spots of security system which cannot be answered by the parameter defense alone. Probe functionality It performs all security functions required by the network such as it captures and decode the packets, analysis of the traffic levels in terms of application and active stations. Application analysis plays the key role due to the rapid increase in email volumes, which is a significant sign of virus attack. Probes are placed at the critical point of network (Jnanamurthy et al. 2013). This include default gateway, email servers and other servers that are critical and likely to be attacked. Nessus Nessus is incorporated to scan the network vulnerability. It is an open source, commercial product that analyzes the network to find any hole in it. This hole can allow the attacker to launch an attack by exploitation of the vulnerability. The other way round, security administrators use the following solution to analyze the open vulnerabilities on the system network, so that the attack can be prevented (Kelling et al. 2012). Nessus is a cross-platform tool that works on the Linux, Microsoft windows, Mac OS X. Moreover, this specific software is configured with the Graphical user interface with an user friendly tool to detect the attack between controller and workstation network. Conclusion There are numerous ways to prevent attack and ensure safety and security of network. From the above study it has been concluded that, the design flaws of TCP/IP suite of protocols is responsible for major attacks that takes place through the internet. However, by incorporating concerted efforts and various loopholes have been plugged in order to reduce the attack surface considerably. This paper identifies various network attack and also focus on the tools and defense mechanism in order to point out the vulnerabilities that causes the attack and implement ways to plug in. Reference List Abbasi, A., Altmann, J., and Hossain, L. (2011). Identifying the effects of co-authorship networks on the performance of scholars: A correlation and regression analysis of performance measures and social network analysis measures.Journal of Informetrics,5(4), 594-607. Balasundaram, B., Butenko, S., and Hicks, I. V. (2011). Clique relaxations in social network analysis: The maximum k-plex problem.Operations Research,59(1), 133-142. Barbern, A., Bates, S. T., Casamayor, E. O., and Fierer, N. (2012). Using network analysis to explore co-occurrence patterns in soil microbial communities.The ISME journal,6(2), 343-351. Canto-Perello, J., Curiel-Esparza, J., and Calvo, V. (2013). Criticality and threat analysis on utility tunnels for planning security policies of utilities in urban underground space.Expert Systems with Applications,40(11), 4707-4714. Chen, G., Ward, B. D., Xie, C., Li, W., Wu, Z., Jones, J. L., ... and Li, S. J. (2011). Classification of Alzheimer disease, mild cognitive impairment, and normal cognitive status with large-scale network analysis based on resting-state functional MR imaging.Radiology,259(1), 213-221. Cohen, G., Meiseles, M., and Reshef, E. (2012).U.S. Patent No. 8,099,760. Washington, DC: U.S. Patent and Trademark Office. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., and Joosen, W. (2011). A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements.Requirements Engineering,16(1), 3-32. Ding, Y. (2011). Scientific collaboration and endorsement: Network analysis of coauthorship and citation networks.Journal of informetrics,5(1), 187-203. Ghani, S., Kwon, B. C., Lee, S., Yi, J. S., and Elmqvist, N. (2013). Visual analytics for multimodal social network analysis: A design study with social scientists.Visualization and Computer Graphics, IEEE Transactions on,19(12), 2032-2041. Hutchins, E. M., Cloppert, M. J., and Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains.Leading Issues in Information Warfare and Security Research,1, 80. Jhaveri, R. H., Patel, S. J., and Jinwala, D. C. (2012). DoS attacks in mobile ad hoc networks: A survey. InAdvanced Computing and Communication Technologies (ACCT), 2012 Second International Conference on(pp. 535-541). IEEE. Jnanamurthy, H. K., Warty, C., and Singh, S. (2013). Threat analysis and malicious user detection in reputation systems using mean bisector analysis and cosine similarity (MBACS). Kelling, S., Gerbracht, J., Fink, D., Lagoze, C., Wong, W. K., Yu, J., ... and Gomes, C. P. (2012, July). eBird: A Human/Computer Learning Network for Biodiversity Conservation and Research. InIAAI. Khan, S. A., and Engelbrecht, A. P. (2012). A fuzzy particle swarm optimization algorithm for computer communication network topology design.Applied Intelligence,36(1), 161-177. Kim, Y., Choi, T. Y., Yan, T., and Dooley, K. (2011). Structural investigation of supply networks: A social network analysis approach.Journal of Operations Management,29(3), 194-211. Kottaimalai, R., Rajasekaran, M. P., Selvam, V., and Kannapiran, B. (2013, March). EEG signal classification using principal component analysis with neural network in brain computer interface applications. InEmerging Trends in Computing, Communication and Nanotechnology (ICE-CCN), 2013 International Conference on(pp. 227-231). IEEE. Marin, A., and Wellman, B. (2011). Social network analysis: An introduction.The SAGE handbook of social network analysis, 11-25. Palonen, T., and Hakkarainen, K. (2013, April). Patterns of interaction in computersupported learning: A social network analysis. InFourth International Conference of the Learning Sciences(pp. 334-339). Rehg, J. A., and Kraebber, H. W. (2012).Computer-Integrated Manufacturing, 2005. Prentice Hall. Valente, T. W. (2012). Network interventions.Science,337(6090), 49-53. Vu, H. L., Khaw, K. K., and Chen, T. Y. (2014). A new approach for network vulnerability analysis.The Computer Journal, bxt149. Weninger, T., Danilevsky, M., Fumarola, F., Hailpern, J., Han, J., Johnston, T. J., ... and Yu, X. (2011). Winacs: Construction and analysis of web-based computer science information networks. InProceedings of the 2011 ACM SIGMOD International Conference on Management of data(pp. 1255-1258). ACM. Wrzus, C., Hnel, M., Wagner, J., and Neyer, F. J. (2013). Social network changes and life events across the life span: A meta-analysis.Psychological Bulletin,139(1), 53. Zhu, Q., Yang, X., and Ren, J. (2012). Modeling and analysis of the spread of computer virus.Communications in Nonlinear Science and Numerical Simulation,17(12), 5117-5124.