Uploaded by c09d09f9c0

HW4

advertisement
1. How could a hacker use the following information to their advantage? Also provide a
possible method to obtain it.
• System administrators name
The attacker could pretend to be the system admin calling a service provider or a third party company
asking them to change information or forward some data that he can use to attack the company. He
could get the names from the company website or through job portal like Linkedin.
• Active services on a host
The attacker could find a back door to the host through one of the running services.
• Operating system on a host
The attacker could exploit one of the vulnerabilities in the OS managing to get access or escalate his
privileges.
• Personal web pages of employees
The attacker could use the employees personal info to impersonate the employees and for example call
the it department to reset their password.
• Company phone list
The attacker could call emplyees and try trick them to open an email or website where they can attack
them and get access to the company network.
• Router addresses
DNS Hijacking (changing the DNS servers that the router gives out to attached devices). A victim using
malicious DNS servers can think they are at website A, when they are really seeing a scam copy of it. Kiss
that password good-bye.
• Internet Service Provider
They could preform DDOS attack to bring the ISP down so bring my company down.
• IP Address range
Could be used in IP Spoofing attack and DDOS attacks.
2. Describe a method to stop a distributed denial of service (DDoS) attack.
On-premise appliances
The on-premise approach to DDoS protection uses hardware appliances deployed inside a network,
placed in front of protected servers.
Such appliances usually have advanced traffic filtering capabilities armed with a combination of geoblocking, rate limiting, IP reputation and signature identification.
Typical mitigation appliances can be effectively used to filter out malicious incoming traffic. This makes
them a viable option for stopping application layer attacks.
3.
Datagram Number
P1
P2
P3
P4
Desired Action
Deny
Permit
Permit
Deny
Datagram Number
P1
P2
P3
P4
Desired Action
Deny
Permit
Permit
Deny
R2, R1, R3
Deny(R2)
Deny(R2)
Deny(R2)
Deny(R3)
R1, R2, R3
Deny(R2)
Permit(R1)
Permit(R1)
Deny(R3)
R1, R3
Deny(R3)
Permit(R1)
Permit(R1)
Deny(R3)
4.
First we take instruction detection system to connect to engineering systems and we take Firewall and
or screening router system to connect to sales and marketing and also accounting then we take
External web and ftp server and Email server and to connect the engineering and marketing and
we take email services to connect to engineering college and marketing and mainly u know about
internet and ISP routers provide services. The given below we provide details about internet and ISP
routers and some above given scenarios.
Intrusion Detection System:
An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity
and issues alerts when such activity is discovered. It is a software application that scans a network
or a system for harmful activity or policy breaching.
Firewall:
In computing, a firewall is a network security system that monitors and controls incoming and
outgoing network traffic based on predetermined security rules. A firewall typically establishes a
barrier between a trusted internal network and untrusted external network, such as the Internet
external web:
In fact, an external or hyperlink is any link that was posted on another website but points to
your web resource. Same way, when you insert a link to another resource on your site – it is called
an external or outbound link. The hyperlink points to an external domain.
Email server:
A mail server (sometimes also referred to an e-mail server) is a server that handles and delivers email over a network, usually over the Internet. A mail server can receive e-mails from client
computers and deliver them to other mail servers. A mail server can also deliver e-mails to client
computers.
Admin server Internet:
A server administrator, or admin has the overall control of a server. This is usually in the context of a
business organization, where a server administrator oversees the performance and condition of
multiple servers in the business organization, or it can be in the context of a single person running a
game server.
Download