Networking: Malicious Attacks, Social Engineering, Information Security Risks, Network Auditing, and Risk Assessment Management

Verified

Added on  2023/04/25

|10
|3587
|73
AI Summary
The given data seems to contain random letters and is not coherent or meaningful. It does not provide any information or context to summarize. If you have any specific information or content that you would like to be summarized, please provide it, and I'll be happy to assist you.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmrtyuiopasdfghjklzxcv
IT Networking Designing
Networking
3/7/2019

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Networking
Table of Contents
Answer 1...............................................................................................................................................2
Answer a............................................................................................................................................2
Answer b...........................................................................................................................................2
Answer c............................................................................................................................................3
Answer d...........................................................................................................................................3
Answer 2...............................................................................................................................................4
Answer 3...............................................................................................................................................5
Answer 4...............................................................................................................................................6
References.............................................................................................................................................8
1
Document Page
Networking
Answer 1
Answer a
Malicious attacks are the security attacks that make use of malicious codes to create system
vulnerabilities and potential damages to the files, systems, and the networks. These attacks
comprise of malicious codes and web scripts to exploit the security vulnerabilities. There are
different forms of malware that may be used by the attackers to give shape to these attacks.
Some of the primary forms may include viruses, worms, Trojan horses, spyware, logic
bombs, adware, and ransomware. The malicious attacks provide the malicious attackers with
the ability to get an unauthorized remote access to the system which is referred as backdoor
entry (Xiong et al., 2017). The confidential and sensitive application information may get
exposed and may be misused by these malicious entities. There are various threat agents that
may be used to carry out these attacks. Computer networks are the primary threat agents that
may be used as the malware may be passed on to the data packets over the network. The use
of emails or other web links may also be used (Nguyen et al., 2014). Apart from the
malware-based attacks, cybersquatting and botnets are also some of the examples of the
malicious attacks. In case of the botnets, a network of infected internet-connected devices is
used to spread the malware (Balasooriya and Fernando, 2013). Distributed Denial of Service
(DDoS) attacks may be carried out through the botnets. Cybersquatting is the malicious
practice of using a domain name on the Internet with the ill-intent. It is primarily carried out
to deceive the users for executing malicious activities over the network, such as acquiring
private user information.
Answer b
Social Engineering attacks are the ones that are accomplished through human interactions
with psychological manipulation of the users to trick them for obtaining sensitive
information. There are several steps that are involved in these attacks. The first and the
foremost is the investigation by identifying the victims and collecting background details to
set-up the modes of attack(s) (Cletus and Najim, 2018). The second is to deceive the victims
by engaging the targets and taking the control of the entire process. The third step is to
execute the attack by obtaining information from the victims. The last step is to remove all
the traces and close the interaction. There are different techniques that are used to execute the
social engineering attacks. Phishing is one of the most common techniques in which
2
Document Page
Networking
emails/text messages are sent to the users by impersonating as a legitimate entity and the
users are tricked to send confidential information. For instance, a policy violation email may
be sent asking for the user credentials. Spear phishing is a target-based phishing attack in
which specific individuals or enterprises are targeted by the attackers. Scareware is another
technique that is used to accomplish the attack (Haggag, 2017). The users are provided with
false threats and information to deceive them and the deception software is then installed on
the user’s machine to capture sensitive data and information. Pretexting and baiting are the
other forms that are used to carry out social engineering attacks by tricking the users through
impersonation, spam mails, or lies. The users share private information in return (Qin, 2014).
Answer c
Information security and privacy risks have become extremely common in the present times.
There are several security vulnerabilities that make it easier for the attackers to give shape to
the security attacks. Unsecured computers are one such example that may assist the attacks in
achieving their malicious goals. These are the computer systems that are not protected to
detect or prevent the security attacks and are connected with the networks that do not latest
security patches. There are certain basic security controls that must be integrated in the
computer systems. For instance, anti-malware protection and anti-denial tools have become
necessary for the computer systems in the present times. The presence of these tools provides
the system and the users with the ability to identify the malicious attempts to violate the
access control (Andrus, 2011). Also, the protection against the infected devices, such as
USBs and flash drives is also ensured. The installation of network and hardware firewalls is
also necessary to filter the network traffic. Authentication and access control using
credentials and biometric recognition is also common for the present age systems. However,
unsecured computers are the ones that are not enabled with such security controls. There are
network-based intrusion detection and prevention systems that have been developed to deal
with the network-based security risks and threats. These systems generate alerts and alarms in
the case of a malicious activity over the network. The unsecured systems do not have such
controls implemented making it easier for the attackers to carry out the attacks.
Answer d
Network auditing is a process in which a mix of activities is carried out to analyse and study
the performance and health of the network in terms of the organization requirements and
standards. There are different parameters that are studied and analysed in the process of
network auditing. The primary parameters include security of the networks, network
3

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Networking
availability, and implementation of control, management, and performance (Garg and Bawa,
2016). The purpose of network auditing is to ensure that there are no vulnerabilities or threats
over the networks. A formal report is prepared by the network auditors comprising of the
results and comments and the same is shared with the network administration to take the
necessary steps of action. However, the non-audited networks are the ones that do not go
through such a procedure. This leads to the enhanced probability of these networks to be
infected with the network-based vulnerabilities, threats, and attacks. Network auditing may
be a manual or automated process in which every node over the network is analysed to
validate and verify its performance and security (Hancock, 2012). The data sets are gathered
to determine the network monitoring and control processes. Such tasks and activities do not
occur for the networking channels and mediums that are non-audited. Therefore, it is often
observed that the malicious attackers look for non-audited networks in an organization or a
business enterprise as it becomes easier for them to carry out the network-based attacks in
such cases. Quality of service is another significant parameter that may be better in an audited
network as compared to the non-audited network.
Answer 2
Risk assessment and management is a process that comprises of several steps and phases. It is
essential that members of the risk assessment team have sufficient information to identify all
of the risks that a particular system or an organization may be exposed to. The first step in the
process of risk assessment and management is therefore, data collection. The techniques of
data collection may vary from one scenario to the other. Some of the common techniques that
may be used are interviews, surveys, observations, brainstorming, questionnaires, domain
analysis, and group discussions. Once the data sets are collected, the identification of the
risks is done (Momani, Takruri and Al-Hmouz, 2014). These are usually presented in the
form of a table comprising of a unique risk id, name of the risk, risk category, and a brief
description of the risk. The analysis and assessment of the risk may be done using a variety of
techniques and methodologies. These may be qualitative or quantitative in nature (Shamala,
Ahmad and Yusoff, 2013). Some of these techniques include cause and effect diagrams,
decision trees, SWOT (Strengths, Weaknesses, Opportunities, and Threats) analysis, value
chain analysis, etc. There is a risk register that is prepared at the end of this step that includes
the probability and consequence levels for each risk that is identified. The risk score is
obtained on the basis of the probability and impact levels of the risk. The higher the risk
4
Document Page
Networking
score, higher is the severity of the risk and vice versa. The risks that are identified and
assessed may be acceptable or non-acceptable to the system or the organization. The
evaluation of the acceptable and non-acceptable risks is done in the next step. The risks that
are non-acceptable are then mapped with the treatment strategies and the treatment of the
risks is done followed by control and closure (Mandal and Jana, 2018).
In spite of risk assessment and management done in advance, there are certain uncertainties
and disasters that may occur and impact the project or the organization as a whole. It is
necessary that there are plans prepared in advance to deal with such situations. Disaster
recovery planning is the business planning that includes the guidelines and methodologies to
follow in the event of a disaster to resume the business operations as quickly as possible. For
instance, there may be security attacks given shape by the attackers in spite of the security
controls in place. Backup of the data sets is one of the measures for disaster recovery so that
data is not lost at any instance. Encryption is another technique to make sure that the
attackers do not get to use the data sets. Business impact analysis is one of the most
significant steps in disaster recovery planning to determine the business functions that are
most critical in nature (Guster and Lee, 2011). The disaster recovery plans are prepared
accordingly. There may be natural disasters or hazards that may occur that cannot be
controlled by anyone. The readiness of the organization to deal with such situations and the
steps to control and minimize the damage is covered in the disaster recovery plans.
Answer 3
With the expansion of the data requirements, business needs, and network necessities,
hardware growth has become essential for the business firms. However, hardware growth for
historically implemented networks must be carefully done. This is because there may be
compatibility issues, technical errors, security loopholes, and similar errors that may come up
(Breugst and Magedanz, 2010).
There are certain strategies that may be used to manage the hardware growth in such cases.
Configuration Management shall be used to handle the configuration aspects of the
networking hardware. The historical network information in the area of configuration
management shall also be acquired and analysed to determine the existing and previous
versions. Configuration file management will also make sure that the software and
inventories are in in line with the hardware growth and the chances of failure will be reduced
5
Document Page
Networking
(Gonen, Gunduz and Yuksel, 2015). Performance management must be involved as an
essential activity during the hardware growth. It shall comprise of compatibility and
feasibility checks in the initial phases to make sure that the desired performance is achieved.
The conduction of regular reviews and audits shall be included as an essential task under
performance management to keep a track of the progress. The load balancing techniques,
response rate, and throughput time shall also be calculated to get an idea of the hardware and
the overall network performance (Heranz, 2010). Security is one of the essential areas that
need to be taken care of. This is because the presence of security loopholes and gaps may
lead to the occurrence of security risks and attacks. The hardware growth shall be integrated
with the compatible network security tools and applications. This will ensure that security
and privacy of the information and the networking channels is maintained at all times. Fault
detection and management must be included as a significant step. It shall include the
detection, notification, and correction of the faults over the network. It is often seen that the
historical network implementations are not compatible with the latest hardware equipment in
terms of technical and operational compatibility. The fault detection and performance
management activities will highlight such areas in the initial phases only and the alternate
tools and equipment will be identified in such cases. It is also recommended that the network
logs and usage information of the network resources is also tracked and maintained at all
times. This will make sure that the hardware growth required by a business firm on the
historical network implementations is successful. The possible changes in the network
layouts and topologies in the network architecture shall also be done to enhance the
scalability of the networking architecture. Such a practice will ensure that the network
expansion is done as per the latest technology and the probability of the security risks and
attacks is also avoided at the same time (Patel, 2015).
It is recommended that the entire process is done in a set of phases with certain goals attached
to each phase. In this manner, the chances of failure will be reduced and it will be easier to
keep a track of the entire procedure.
Answer 4
There are different factors and parameters that shall be analysed and considered while
choosing network media. Before the identification and selection process kick starts, it is
essential that the organization is aware of the requirements and needs from the networking
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Networking
architecture and infrastructure. Once the needs assessment is accomplished, the criteria for
choosing the network media shall be defined and utilized.
The primary factor that shall be considered is the distance that the media can successfully
cover. Different types of network media have different pros and cons associated with each
one of them. For example, the long distances can be best handled by the fibre optics cable as
these rely on the pulse of light for transmission (Esbensen, Geladi and Larsen, 2014). The
ability of each of the network media in terms of the distance and the requirements of the
organization shall be mapped to make the selection.
The second factor that shall be considered is the speed of transmission. The speed of
transmission varies from one form of network media to the other. For instance, coaxial cables
offer the speed of 10 Mbps to 100 Mbps while fibre optic cables offer transmission speed of
100 Mbps to 100 Gbps. It is not essential that every network set-up is required to offer the
speed as high as 100 Gbps. There may be certain organizations that may have an average
requirement of 50 Mbps or lesser. Therefore, the speed of transmission offered by different
network media shall be mapped with the requirements to make the selection.
Cost is another significant criterion that must be considered to choose the network media.
Unshielded twisted pair cable is the least expensive out of all followed by shielded twisted
pair cable and coaxial cable. Fibre optic cable is the most expensive out of all. The budget
constraints of the organization and the cost shall be mapped with each other for making
adequate selection (Huynh and Mohapatra, 2011).
Security is another significant parameter that is extremely essential in the present times. It is
because there are different forms of security risks and attacks that have been developed. The
network media must provide protection against such security risks. For example, fibre-optic
cannot be tapped and therefore, it offers better security than its counterparts. Similarly, ease
of installation is another significant factor that must be considered before making the
selection. Unshielded twisted pair cable is easier to install and is being widely used. Fibre
optic on the other hand can be installed without many complexities but is difficult to
terminate.
The analysis of all of these factors along with the pros and cons of each of the network media
shall be done. The comparison of the findings shall then be done and the results must be
mapped with the requirements of the organization. The selection of the network media shall
7
Document Page
Networking
be made as per the fulfilment of the criteria and the needs of the organization. The use of the
factors listed and described above will allow the organizations and networking team to make
correct selection.
References
Andrus, F. (2011). Beyond scan and block: an adaptive approach to network access control.
Network Security, 2011(11), pp.5-9.
Balasooriya, A. and Fernando, S. (2013). Next Generation Security Framework to Detect
Botnets on Computer Networks. International Journal of Engineering and Technology,
pp.257-261.
Breugst, M. and Magedanz, T. (2010). Mobile agents - enabling technology for active
intelligent network implementation. IEEE Network, 12(3), pp.53-60.
Cletus, A. and Najim, U. (2018). Towards Securing Organizational Data against Social
Engineering Attacks. International Journal of Computer Applications, 180(28), pp.28-34.
Esbensen, K., Geladi, P. and Larsen, A. (2014). Myth: Light Travels to and from the Sample
in a Fibre-Optic Cable without Problems. NIR news, 25(6), pp.25-26.
Garg, N. and Bawa, S. (2016). Comparative analysis of cloud data integrity auditing
protocols. Journal of Network and Computer Applications, 66, pp.17-32.
Gonen, B., Gunduz, G. and Yuksel, M. (2015). Automated network management and
configuration using Probabilistic Trans-Algorithmic Search. Computer Networks, 76, pp.275-
293.
Guster, D. and Lee, O. (2011). Enhancing the Disaster Recovery Plan Through Virtualization.
Journal of Information Technology Research, 4(4), pp.18-40.
Haggag, M. (2017). Social Engineering Attacks Detection Techniques: Survey Study.
International Journal Of Engineering And Computer Science.
Hancock, B. (2012). Auditing the network environment at a technical level: Why's, how's and
aha!'s. Network Security, 1999(10), pp.13-17.
Heranz, J. (2010). Network Performance and Coordination. Public Performance &
Management Review, 33(3), pp.311-341.
8
Document Page
Networking
Huynh, M. and Mohapatra, P. (2011). Metropolitan Ethernet Network: A move from LAN to
MAN. Computer Networks, 51(17), pp.4867-4894.
Mandal, T. and Jana, B. (2018). A Study on Risk Assessment in Information Security. SSRN
Electronic Journal.
Momani, M., Takruri, M. and Al-Hmouz, R. (2014). Risk Assessment Algorithm in Wireless
Sensor Networks Using Beta Distribution. International journal of Computer Networks &
Communications, 6(5), pp.157-166.
Nguyen, M., Chau, N., Jung, S. and Jung, S. (2014). A Demonstration of Malicious Insider
Attacks inside Cloud IaaS Vendor. International Journal of Information and Education
Technology, 4(6), pp.483-486.
Patel, A. (2015). Network performance without compromising security. Network Security,
2015(1), pp.9-12.
Qin, Y. (2014). Computer Network Attack Modeling and Network Attack Graph Study.
Advanced Materials Research, 1079-1080, pp.816-819.
Shamala, P., Ahmad, R. and Yusoff, M. (2013). A conceptual framework of info structure for
information security risk assessment (ISRA). Journal of Information Security and
Applications, 18(1), pp.45-52.
Xiong, B., Yang, K., Zhao, J. and Li, K. (2017). Robust dynamic network traffic partitioning
against malicious attacks. Journal of Network and Computer Applications, 87, pp.20-31.
9
1 out of 10
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]