1. Identify the various tools and techniques used by attackers and the types of attack that can be launched by using these tools or techniques.
2. Distinguish between the various types of attack and their consequences.
3. Compare and contrast the various tools and techniques that can be used to protect computer systems and networks from attack and to select appropriate tools or techniques for dealing with specific attacks.
4. Set up and configure a range of network security tools and devices.
5. Analyse a problem and devise one or more solutions to it.
Network security is the key issue for the computing generation, since the rate of attack by the hackers is increasing at a fast pace(Abbasi et al.2011)Network security is consist of policies and provisions adopted by the network administrators in order to prevent various kinds of attacks such as data misuse, unauthorized access, modification, malicious computer network, network-accessible resources. Network security follows a significant process in order to protect the digital information assets, security goals to protect the confidentiality, assure availability and maintain integrity.
Network hackers use a variety of tool and techniques to attack a system. The popular hacking tools are falls under the following categories.
Wireless attack tools have been developed to compromise the 802.11 networks. The widespread and popular use of Wi-Fi, offers a platform to the attacker based on which they cause the disruption (Balasundaram et al. 2011).
On intercepting over the wireless link, attackers attempt to gather private information. Eavesdropping, access point (AP), key cracking and phishing attacks are some of the attack techniques.
Eavesdropping- The commonly used tool of eavesdropping is Wireshark. It is basically a sniffing program that will display all the network traffic both wireless and wired. It is a multi-platform, multi protocol analyzer supporting hundreds of protocols and includes decryption support for various popular security protocols that include Wired Equivalent privacy (WEP), IP security, Wi-fi protected access, Kerberos, Key management Protocol, Internet security association, etc(Barberán et al.2012). Moreover, Wireshark display the captured data in an easy to read and easy to follow format. It has built in filters that is used to capture specific data i.e. Protocol, port number or IP address.
Sniffing- Apart from capturing and displaying the packets from physical layer, the sniffing programs possess installed plugins and filters enable to manipulate data creating a man in the middle attack.
Phishing- AP Phishing, renowned as “Evil Twin” is a confidentiality attack, where the users are misguided to logon to fake APs thus providing the credentials to the attacker. These fake logon pages are created to collect confidential data, credentials, credit card information, password of users (Canto-Perello et al. 2013). In process, the user is compelled to download a series of viruses i.e. Trojan horses.
Tools such as APsniff, APhunter, KNSGEM, Hotspotter scan the wireless AP beacon signals.
Here are some basic attacks launched by the above tools and techniques.
The key security threats include denial of services, unauthorized access to data and network resources, uncontrolled access to internet, accidental delete of confidential data, etc.
A computer virus is a small executable code, that when replicated or executed performs different harmful and unwanted functions in a computer network (Chen et al.2011). Viruses destroy the processors, hard disk, consumes large space memory and effect the overall system performance. Trojan is a malicious code that is not replicated, however, destroys critical data.
When hackers gain access to the data and network resources through the process of Eavesdropping or Sniffing.
It is another threat to network that causes loss of essential information.
Denial of services (DoS), is the explicit attempt by the hackers that prevents the legitimate user from using a service from the network resource (Cohen et al.2012). DoS attack execute the malware by consumption of computational resources, disk space, memory, disrupt the configuration information, physical network components, unsolicited reset of TCP sessions.
It is the installation of unauthorized software applications to the network servers and client computers. Installation of malicious program applications, causes a number of security threats in the form of songs, codec, gaming software, web-based applications, video programs, etc.
The attacker exploits the weakness in application layer i.e. faulty control in the while filtering input in the server side, security weakness in web server (Deng et al.2013). The examples of such attack include SQL injection, web server attack and malicious software attack.
Spoofing of IP address involves the creation of malicious TCP/IP packets by using various IP addresses as the source. This is intended to conceal the hacker’s identity and impersonate the identity of IP address owner (Ding, 2011). On spoofing of the source address, the recipient will reply to the source address, whereas the packet will be hard to trace back the attacker. IP spoofing gives rise to the following consequences.
A large number of packet is send by the attacker to the victim and all the replies from the user is directed towards the spoofed IP address thus preventing the legitimate user from service.
It involves the hijacking of an authenticated network session taking place between two hosts. The attacker utilize the spoofed IP address and between two hosts and use them to send and receive packets (Ghani et al.2013).
While the authentication takes place between two hosts, the attacker take advantage of this and send a reset to the client through which it kills the connection for the client and spoofs the client and continues session with the server using spoofed IP address(Hutchins et al.2011). It has the following consequences:
ICMP or Internet Control message Protocol is a protocol used in the internet layer of TCP/IP suite in order to send error messages and carryout unauthorized network management tasks(Jhaveri et al.2012).“Ping” tool is the familiar example of ICP that is used to send echo messages in reference to know the online status of destination. The consequences considers the following.
a) Application gateways
Closed port technique
The computer network is consist of various open port network by default such as FTP, UDP, TELNET, HTTP, SMTP, etc. Attackers use the following types of open ports to enter the network or system. Moreover, malicious hackers make use of port scanning software in order to detect open ports or “unfiltered” networks to gain unauthorized access. In contrast, utilization of “closed ports” ignores or rejects the connections and packets directed towards it. Ports are “closed” by the use of a firewall (Vu et al.2014).
Attackers who plans for unauthorized access to network and get access to internal network have to break through the bastion host, access router and choke router on Hybrid system tool for network security.
Ping service turn off is an essential tool to protect network security from cryptography attack and theft of information (Weninger et al. 2011).
Intrusion detection system
The DoS attack is treated with the IDS by utilizing traffic analysis and advanced services. It identifies the suspicious pattern of attack by investigating on outbound and inbound network who compromise the system and prevent legitimate user from the service.
The interaction between controller and workstation secured by using the Internet key exchange protocol (IKE) and Internet protocol security ( IPsec).
IPSec is a set of extensions to the IP protocol family that ensure integrity, data authentication and encryption, encryption and integrity of IP packets (Wrzus et al.2013).
IKE securely negotiate the property of security associations, of IPsec enabled peers, i.e. Andover Continuum controllers, workstations, etc. It takes place once all of the following tasks are addressed.
Setting up and configuration of network security includes the following steps:
Step 1: Determination if the network security is enabled for the controller
Step 2: Configuration of controller for secure communications
Step 3: Configuration of network security on the workstation (Zhu et al.2012).
Step 4: Activation of network security for the controller
|
Task |
Configuration |
Description |
|
Step 1 |
Cyber station software |
To determine whether or not the site has purchased the option of network security specifically for the net II 9680 and ACX 57×0 controller (Balasundaram et al.2011). |
|
Step 2 |
Controller |
Configuration of the network security settings within the controller |
|
Step 3 |
Workstation |
It edits, import, assign and export the local security policy of Schneider Electric network on the workstation (Barberán et al.2012). |
|
Step 4 |
Cyber station software |
It set up the network security attributes for a new controller or existing controller. |
Before starting the configuration of controllers and workstations, it is essential to ensure the required software and hardware in order to configure the network security successfully.
The required hardware and software in configuration setting:
|
The workstation software |
Windows 2000 SP4, windows server 2003, Windows XP SP2, Continuum cyber station v1.8 (and higher) |
|
The hardware controller |
ACX 57×0 series Netcontroller II 9680 |
|
Access privilege |
Administration privilege on the workstation is used to configure the Local security policy (Canto-Perello et al.2013). Administrative privileges make the controller login into web configuration pages and configure the properties of network security. |
|
Network IP address |
Identify the static IP address for each workstation to ensure security. Make sure each controller possess an available IP address. |
While setting up the controller of network security configuration, the following security options are used.
Analysis of a problem
Hackers can attack any network in a million of ways. Attackers can target a network without even connecting to it or using the same network for locating it. Attackers can exfiltrate the data without even compromising the ultimate target. Attackers tend to compromise the network devise and delete the log records, confuse network behavioral analysis by the generation of all sorts of traffic. However, on analysis, it has been concluded that, such type of hacking does not alter the packet stream while it is captured (Deng et al.2011).Thus, this becomes the key player of the data that has been collected to perform advanced analysis of network security.
Theft of data through network breach during communication between controller and workstation is analyzed, however, in order to figure out the root cause, the data have used to analyze and draw conclusions about what is happening in the environment (Ding, 2011). This analysis has been done by indexing the data, additional context has been used to supplement and enrich the data, alert on the data, and the last is to search through it in order to pursue an investigation on data theft. This can be done through significant technical horse power.
A purpose-built data store is required to capture the full network packet stream. It requires index network traffic at the sufficient speed to provide actionable and usable information in order to shorten the exploit window (Ghani et al.2013).In order to analyze the magnitude of this challenge, a number of SIEM platforms struggle in order to handle the 10,000-15,000 events per second. It helps to capture 10-100gbps network traffic.
Network analyzer
Virus or hacker attack typically generates an identifiable pattern or “signature” of packets. The network analyzer identifies the following packets and alert their presence on the network to the administrators. Most analyzers sets a alarm and that are triggered when a particular pattern is identified (Hutchins et al.2011). Some analyzers are programmed to send a page or email when these conditions are met. This assumes that the virus and its signature have been seen before and incorporated within the analyzers packet filter. The filter specifies a significant set of criteria based on which an analyzer will capture the packets or trigger alarm or some other specific pattern of action.
An intrusive detection system and anti-virus is designed to prevent the incursion of known attacks and viruses. Moreover, the “script kiddies” and hackers have the access to all threat bulletins and window patches that are continuously in search of new vulnerabilities (Jhaveri et al.2012). Operating systems and firewalls often do not identify the patch until the damage already has been done. Imported disks, deliberate actions and infected system network are some of the key weak spots of security system which cannot be answered by the parameter defense alone.
It performs all security functions required by the network such as it captures and decode the packets, analysis of the traffic levels in terms of application and active stations. Application analysis plays the key role due to the rapid increase in email volumes, which is a significant sign of virus attack. Probes are placed at the critical point of network (Jnanamurthy et al. 2013). This include default gateway, email servers and other servers that are critical and likely to be attacked.
Nessus is incorporated to scan the network vulnerability. It is an open source, commercial product that analyzes the network to find any hole in it. This hole can allow the attacker to launch an attack by exploitation of the vulnerability. The other way round, security administrators’ use the following solution to analyze the open vulnerabilities on the system network, so that the attack can be prevented (Kelling et al. 2012). Nessus is a cross-platform tool that works on the Linux, Microsoft windows, Mac OS X. Moreover, this specific software is configured with the Graphical user interface with an user friendly tool to detect the attack between controller and workstation network.
Conclusion
There are numerous ways to prevent attack and ensure safety and security of network. From the above study it has been concluded that, the design flaws of TCP/IP suite of protocols is responsible for major attacks that takes place through the internet. However, by incorporating concerted efforts and various loopholes have been plugged in order to reduce the attack surface considerably. This paper identifies various network attack and also focus on the tools and defense mechanism in order to point out the vulnerabilities that causes the attack and implement ways to plug in.
Reference List
Abbasi, A., Altmann, J., and Hossain, L. (2011). Identifying the effects of co-authorship networks on the performance of scholars: A correlation and regression analysis of performance measures and social network analysis measures. Journal of Informetrics, 5(4), 594-607.
Balasundaram, B., Butenko, S., and Hicks, I. V. (2011). Clique relaxations in social network analysis: The maximum k-plex problem. Operations Research,59(1), 133-142.
Barberán, A., Bates, S. T., Casamayor, E. O., and Fierer, N. (2012). Using network analysis to explore co-occurrence patterns in soil microbial communities. The ISME journal, 6(2), 343-351.
Canto-Perello, J., Curiel-Esparza, J., and Calvo, V. (2013). Criticality and threat analysis on utility tunnels for planning security policies of utilities in urban underground space. Expert Systems with Applications, 40(11), 4707-4714.
Chen, G., Ward, B. D., Xie, C., Li, W., Wu, Z., Jones, J. L., … and Li, S. J. (2011). Classification of Alzheimer disease, mild cognitive impairment, and normal cognitive status with large-scale network analysis based on resting-state functional MR imaging. Radiology, 259(1), 213-221.
Cohen, G., Meiseles, M., and Reshef, E. (2012). U.S. Patent No. 8,099,760. Washington, DC: U.S. Patent and Trademark Office.
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., and Joosen, W. (2011). A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering, 16(1), 3-32.
Ding, Y. (2011). Scientific collaboration and endorsement: Network analysis of coauthorship and citation networks. Journal of informetrics, 5(1), 187-203.
Ghani, S., Kwon, B. C., Lee, S., Yi, J. S., and Elmqvist, N. (2013). Visual analytics for multimodal social network analysis: A design study with social scientists. Visualization and Computer Graphics, IEEE Transactions on,19(12), 2032-2041.
Hutchins, E. M., Cloppert, M. J., and Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare and Security Research, 1, 80.
Jhaveri, R. H., Patel, S. J., and Jinwala, D. C. (2012). DoS attacks in mobile ad hoc networks: A survey. In Advanced Computing and Communication Technologies (ACCT), 2012 Second International Conference on (pp. 535-541). IEEE.
Jnanamurthy, H. K., Warty, C., and Singh, S. (2013). Threat analysis and malicious user detection in reputation systems using mean bisector analysis and cosine similarity (MBACS).
Kelling, S., Gerbracht, J., Fink, D., Lagoze, C., Wong, W. K., Yu, J., … and Gomes, C. P. (2012, July). eBird: A Human/Computer Learning Network for Biodiversity Conservation and Research. In IAAI.
Khan, S. A., and Engelbrecht, A. P. (2012). A fuzzy particle swarm optimization algorithm for computer communication network topology design. Applied Intelligence, 36(1), 161-177.
Kim, Y., Choi, T. Y., Yan, T., and Dooley, K. (2011). Structural investigation of supply networks: A social network analysis approach. Journal of Operations Management, 29(3), 194-211.
Kottaimalai, R., Rajasekaran, M. P., Selvam, V., and Kannapiran, B. (2013, March). EEG signal classification using principal component analysis with neural network in brain computer interface applications. In Emerging Trends in Computing, Communication and Nanotechnology (ICE-CCN), 2013 International Conference on (pp. 227-231). IEEE.
Marin, A., and Wellman, B. (2011). Social network analysis: An introduction. The SAGE handbook of social network analysis, 11-25.
Palonen, T., and Hakkarainen, K. (2013, April). Patterns of interaction in computersupported learning: A social network analysis. In Fourth International Conference of the Learning Sciences (pp. 334-339).
Rehg, J. A., and Kraebber, H. W. (2012). Computer-Integrated Manufacturing, 2005. Prentice Hall.
Valente, T. W. (2012). Network interventions. Science, 337(6090), 49-53.
Vu, H. L., Khaw, K. K., and Chen, T. Y. (2014). A new approach for network vulnerability analysis. The Computer Journal, bxt149.
Weninger, T., Danilevsky, M., Fumarola, F., Hailpern, J., Han, J., Johnston, T. J., … and Yu, X. (2011). Winacs: Construction and analysis of web-based computer science information networks. In Proceedings of the 2011 ACM SIGMOD International Conference on Management of data (pp. 1255-1258). ACM.
Wrzus, C., Hänel, M., Wagner, J., and Neyer, F. J. (2013). Social network changes and life events across the life span: A meta-analysis. Psychological Bulletin, 139(1), 53.
Zhu, Q., Yang, X., and Ren, J. (2012). Modeling and analysis of the spread of computer virus. Communications in Nonlinear Science and Numerical Simulation, 17(12), 5117-5124.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download