Herath HMAU
Assignment 1
ITE 3242
1.
I.
DHCP is a protocol that is based on a DHCP server and dynamically allocates an IP
address to each host connected to the network. various parameters such as subnet
mask, DNS, and so on default gateway, and so on
•
•
•
•
In this form of attack (Man in the Middle attack), the attacker creates and
installs a rogue DHCP server to the network that he controls. When a client
connects to the network (Myself, in this case), He sends request message in
order to communicate with the DHCP servers. The request is interpreted by
both the actual and rogue DHCP servers. But the client will be accepting the
server that responds the first, which will be the attackers rogue server.
Since the rogue server’s offer was received first, the client sends a DHCP
request accepting the attacker defined parameters from the rogue server. Both
the real and rogue server will receive the request.
Then the rogue server will reply to the client acknowledging the request. Real
server will cease to communicate with the client.
Therefore, attacker can intercept and manipulate client’s all network traffic &
communications.
II.
•
•
•
•
•
To mitigate these type of attacks, I can use DHCP snooping on trusted ports.
DHCP snooping can be used to exclude rogue DHCP servers and eliminate
malicious DHCP traffic. DHCP snooping builds and maintains a DHCP snooping
binding database to filter DHCP messages from untrusted sources. A DHCP
snooping binding table includes client MAC address, IP address, DHCP lease
time, binding type, VLAN number etc.
I can install a VPN to encrypt the clients web traffic. It will limit an attacker’s
ability to interpret client’s web traffic.
Also, I can prevent an attacker from compromising the DNS server by using a
secure router with a strong encryption mechanism and by changing the
router’s default password.
By enabling HTTPS encryption on every request.
Regularly analyze traffic logs to identify anomalies and unusual behavior.
2.
A next-gen firewall is a network security device that offers several security
features in addition to a traditional firewall such as including and IDS, intrusion prevention
1
Herath HMAU
Assignment 1
ITE 3242
system (IPS), a TLS/SSL proxy, web filtering, Bandwidth throttling, cloud-delivered threat
intelligence, VPN etc.
Traditional legacy firewall
Next-gen firewall
Provides partial application visibility and Provides full application visibility and
control
application control
Only works with layer 2-4
Doesn’t
support
awareness
application
Works with layer 2-7
level Supports application level awareness
Cannot decrypt and inspect SSL traffic
Can decrypt and inspect both inbound and
outbound SSL traffic
Integrated intrusion protection system IDS and IPS are fully integrated with the
(IPS) and intrusion detection system (IDS) next-gen firewalls
are separate.
Performance of NAT, VPN and stateful
protocol inspection
Proactive against internet threats
Restricting web and web application use
based on the reputation of the site
3.
•
Fencing and Barricades
Physical barriers are the outmost layer of security and they are publicly
visible. A perimeter system typically consists of perimeter fence system, security gate
system, Bollards, vehicle entry barriers, guard shelters. These type of security
systems need regular maintenance. Regular fence inspections are needed. It is
important that not to park vehicles too close to a fence system. It can assist an
intruder to climb over the fence. A typical fence system use following rules.
o 1 meter – only deter casual trespassers
o 2 meters – too high to climb by casual trespassers
o 2.5 meters – offer limited delay to a determined intruder
•
Biometrics
Biometrics are the automated methods of recognizing an individual based on
a physiological or behavioral characteristic. They include measurements of the face,
2
Herath HMAU
Assignment 1
ITE 3242
fingerprints, hand geometry, iris, retina, signature and voice. Biometrics provide
confidential financial transactions and personal data privacy. Accuracy, speed,
acceptability to users, resistance to counterfeiting, reliability, data storage
requirements, enrollment time etc. are some of the important factors to consider
when designing a biometric system.
•
Badges and Access Logs
An access badge allows an individual to gain access to an area with automated
entry points. An entry point can be a door, a turnstile, a gate or a barrier. They use
various technologies such as magnetic stripes, barcode or biometrics. A card reader
is used to read a number on an access badge then the system sends that number to a
computer where, it makes access control decisions based on the credentials provided.
The system logs each transaction and it can report entry details at later time.
•
Guards and Escorts
Security guards are the best solution for access control when a situation
requires immediate and appropriate responses. Guards control access to an
organization’s most sensitive areas like in highly secure information system facilities.
However, it is costly to use guards and not suitable for monitoring and recording high
volume of traffic because humans make errors often.
•
Video and Electronic Surveillance
These are a solid replacement for security guards in some cases. There are
several advantages of using video & surveillance systems such as the ability to
monitor places where no guard or personnel are present, they can record the data for
long periods and have the ability to incorporate motion detection and notification.
They are more accurate in capturing events after they have occurred. And it is
economical to implement compared to guards.
•
RFID (Radio Frequency Identification) and Wireless Surveillance
The use of RFID asset tags can be a great value to the security staff. An
organization can place RFID readers in the door frames of secure areas so that they
aren’t visible to individuals.
3