Network and Security

Verified

Added on  2023/01/19

|15
|3266
|22
AI Summary
This document discusses the concept of Internet of Things (IoT) and its challenges in terms of cryptography and secure device management. It also explores the cyber kill chain and provides a step-by-step guide on gathering basic information and learning about an exploit. The document includes an addressing table and answers to specific questions related to the topic.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: NETWORK AND SECURITY
Network and Security
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
NETWORK AND SECURITY
Answer to Question 1:
Introduction
Internet of thing (IOT) can be defined as an electronic community where any number of
devices can be interconnected with each other and to the Internet. It is a network giant which
connects devices and the users. The process involves creation, collection and sharing of data on
the network channel. A large number of smart devices are connected to the network, automated
devices and the devices can be controlled wirelessly from anywhere. It is a community of
intelligent devices interacting with one another to get numerous tasks done simultaneously. The
objects and device have sensors connected to the Internet of things platform. The sensor
integrates data from all the connected devices and uses programmed analytics to address the
needs. Wireless connection has made a shift to smart mobile IoT or M-IoT platforms. An
application on the mobile is used to remotely control the functionality of the all the devices
connected. The contemporary concerns of IoT are security threats and privacy concerns. IoT has
its significant because the digitally represented object morphes into something great than itself.
They interact with environment around them with ambient intelligence.
Discussion
Challenges of cryptography for Internet of things
Cyber security is a global issue as cyber crimes are alarmingly increasing. Cryptography
is a sound method to counter such threats and crimes. Iot is easily vulnerable to cyber threats and
an attack can cause lead to huge amount of sensitive data loss. IoT faces several challenges
regarding encryption and decryption of content. The devices connected on the IoT are secured by
cryptography to provide quick user identification (unique identifiers UID), authentication and
Document Page
2
NETWORK AND SECURITY
protection of user data. Devices with low availability of energy have many advantages yet causes
unique security threats (Chen 2015). The low energy environment constraints the cryptographic
protocols to address the performance and this leads to the slow performance of the device
connected. Limitation of energy storage cause delay in runtime for completion of operations. The
resources running the cryptographic protocol face additional constraints. Devices with low
RAM/ROM like fitness trackers, smart lighting and smart watches provides hurdles for
cryptographic protocols. The low storage does not provide enough memory space to run proper
cryptographic protocol (Conti, M., Dehghantanha, Franke, and Watson 2018). Cryptography
protocols are big in size and require sufficient memory space to execute the program. Each
platform of IoT requires different and complex cryptographic protocols to ensure complete
security of data (Liu 2017). Low memory is a threat as the protocol used for the particular
devices is simplified and thus reduces tightness of security of the device. Data leakage becomes
an issue. Several lightweight cryptography protocols are in the design process to counter such
problems and provide complete security to the devices connected.
Challenges of internet of Things in secure device management
The concept of Internet of Things is a vital part of the computer science that deals with
the connection of day-to-day physical object to the internet and make themselves identify to
other existing device (Gubbiet al. 2013). The significance of internet of things is noticeable as,
the object, which represent itself, become digitally larger than the object by itself. Device
management can be a part of the strategies of the internet of things from inspection (Leeand
Lee2015). However, the IoT can effectively perform only when the connected devices are
efficiently managed and monitored. The process of device management in the IoT is possible by
the device cloud that is the device cloud is responsible for collecting and integrating a series of
Document Page
3
NETWORK AND SECURITY
data from enabling operators and disparate device automatically and locking the valuable data
with the help of IoT. However, there exist some challenges that occurs in case of device
management using the IoT (Madakam, Ramaswam and Tripathi 2015). The key challenge that
encounter in case of the device management is the IoT security, which can create a numerous
dangerous vulnerabilities if the devices are not effectively protected. In case of most of the
enterprises, the compelling case of the IoT, comes with the ability of accessing the important,
else confidential data that will be generated by a number of field devices. This particular process
will happen, when the devices are delivering the data, along with the gateway, which will direct
those data into the enterprise system will perform coordinately in an effective manner as
expected. Any kind of miss happenings can lead to serious security issue affecting the security of
the entire device management system.
Cyber kill chain
Cyber kill chain is used to identify and describe the different stages of any kind of cyber
attack, which directly pertains to the concept of network security (Novo 2018). Beginning with
the reconnaissance to the process of completion of the attack, the cyber kill chain lays out every
stage efficiently. Moreover, when the vulnerability is detected in the IoT device and the attack is
progressed, braking the kill chain final stage become crucial, as the last stage of the cyber killing
chain provides the overview of the infector or attacker (Huh, Cho and Kim2017).Taking an
instance, the internet of things such as in case of the security cameras, wearable and smart
thermostats are considerably easy target for the intruders of the kill chain. However, the layered
methodology enhance the security approach by avoiding the dangerous attacks (Perumal, Datta
and Bonnet 2015). Apart from that, the IoT devices comprising both partially managed and
managed devices, the network discovery process assigned with it for understanding and

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
NETWORK AND SECURITY
evaluating the type of device, the operating system it is using and the acknowledgement of the
application as well as process, can be beneficial in providing additional advantages to the
adverse condition of cyber kill chain. Furthermore, the IoT devices, joining to the network
should clearly examined to ensure the network segmentation that is the devices need not be
available in the same network segmentation. This process can avoid the cyber killing chain and
become beneficial in several activities such as secure device management.
Conclusion
IoT will replace various services in the future. Every industry be it the health service
sector, both public and private sectors, factories and educational institutions will use IoT. IoT
will use ease out services and highly impact and improve user experience. Work can be
completed and monitored from remote location. Highly intelligent devices perform focused
work. Though IoT is vulnerable to various security threats as the devices are openly connected to
network channels, data is easily accessible. Several protocols are being designed to reduce
vulnerability.
Answer to Question 2:
Part A – CyberOps
Addressing Table
The following addresses are preconfigured on the network devices. Addresses are provided for
reference purposes.
Device Interface Network/Address Description
Security Onion VM eth0 192.168.0.1/24 Interface connected to the Internal Network
Document Page
5
NETWORK AND SECURITY
eth2 209.165.201.21/24
Interface connected to the External
Networks/Internet
Part 1: Gathering Basic Information
a. Log into Security Onion VM using with the username analyst and password cyberops.
b. Open a terminal window. Enter the sudo service nsm status command to verify that all the
services and sensors are ready.
Document Page
6
NETWORK AND SECURITY
c. When the nsm service is ready, log into SGUIL with the username analyst and password
cyberops. Click Select All to monitor all the networks. Click Start SQUIL to continue.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7
NETWORK AND SECURITY
d. In the SGUIL window, identify the group of events that are associated with exploit(s). This group
of events are related to a single multi-part exploit.
Document Page
8
NETWORK AND SECURITY
How many events were generated by the entire exploit?
A total number of 7 events were generated by the entire exploit
e. According to SGUIL, when did the exploit begin? When did it end? Approximately how long did it
take?
The exploit begins on 2017-09-07 15:31:12 and ends on 2017-09-07 15:31:29.
Approximately it takes 17 sec.
f. What is the IP address of the internal computer involved in the events?
The IP address of the internal computer involved in the event is 192.168.0.12.
g. What is the MAC address of the internal computer involved in the events? How did you find it?
The MAC address of the internal computer involved in the event is 00:1b:21:ca:fe:d7. This can be
found by righty clicking on the event and opening Wireshark from there.
h. What are some of the Source IDs of the rules that fire when the exploit occurs? Where are the
Source IDs from?
Some of the source IDs of the rule that fire during the occurrence of exploit is 192.168.0.1,
192.168.0.12. The source ID 192.168.0.1 is the default gateway of the host and the IDs may be
the next hop routers that are used to reach the destination address.
i. Do the events look suspicious to you? Does it seem like the internal computer was infected or
compromised? Explain.
Document Page
9
NETWORK AND SECURITY
The event looks suspicious since it mentions about the Trojan and we know that Trojan is a virus
or malware that is used as a disguised legitimate software.
It seems that the computer is infected or compromised with the presence of Trojan malware and
from the event Trojan Bedep it is confirmed that a backdoor has been opened for downloading
additional files. It has arrived in the system through the website hosting the angler exploit kit.
j. What is the operating system running on the internal computer in question?
Since it is a LG machine it is assumed that the host is running windows operating system.
Part 2: Learn About the Exploit
a. According to Snort, what is the exploit kit (EK) in use?
An exploit kit is used for delivering malicious payload with the help of landing page containing
heavily obfuscated JavaScript for the automation of delivering a sequence of attacks against the
victims.
b. What is an exploit kit?
It is an automated threat that is utilized for compromising websites for diverting web traffic,
scanning vulnerable applications for the browser and running malware.
c. Do a quick Google search on ‘Angler EK’ to learn a little about the fundamentals the exploit kit.
Summarize your findings and record them here.
Angler Ek is used for spreading the malware and specially designed to work behind without the
needs of the user action. It uses a sophisticated method of delivery of malware using a chain of
events for infecting the host with malware. The chain of events involves landing page -> Exploit ->
Payload
d. How does this exploit fit the definition on an exploit kit? Give examples from the events you see in
SGUIL.
An exploit kit acts as a package of exploit used for commonly transmitting the payload by
installing it on the targeted system. It exploits the security holes for spreading the malware and is
efficient for delivering different sort of threats.
We have seen this in SGUIL where a request is made to reach the landing page and the
vulnerability of the system is checked for exploitation and the Trojan Bedep gets downloaded into
the system.
e. What are the major stages in exploit kits?
The following are the major stages in exploit kits such as:
1. Contact – Spammed emails and social engineering tools are used for making the people click
on the exploit server link or in the another manner the user can click on a malicious
advertisement of a legitimate website.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10
NETWORK AND SECURITY
2. Redirect – A screen is generated for the targeted user and then filters the victim meeting the
requirement.
3. Exploit – The users are redirected to the landing page of the exploit kit and the landing page is
responsible for detecting the vulnerability for ensuring the attack.
4. Infect – After exploiting the vulnerability successfully the payload is downloaded and executed
in the victim machine.
Part 3: Determining the Source of the Malware
a. In the context of the events displayed by SGUIL for this exploit, record below the IP addresses
involved.
192.168.0.12
93.114.64.118
173.201.198.128
208.113.226.171
192.99.198.158
b. The first new event displayed by SGUIL contains the message “ET Policy Outdated Flash Version
M1”. The event refers to which host? What does that event imply?
The event is referred for the host 192.168.0.12 since it requests for login and the login failed.
The event implies that the system flash driver is outdated and it needs to download or update it.
c. According to SGUIL, what is the IP address of the host that appears to have delivered the
exploit?
The IP address of the host that appeared to deliver the exploit is 173.201.198.128
d. Pivoting from SGUIL, open the transcript of the transaction. What is the domain name associated
with the IP address of the host that appears to have delivered the exploit?
Document Page
11
NETWORK AND SECURITY
Secureserver.net is the domain name associated with the IP address.
e. This exploit kit typically targets vulnerabilities in which three software applications?
Adobe flash player, Java and Mozilla firefox are the three software application targeted by the
exploit kits.
f. Based on the SGUIL events, what vulnerability seems to have been used by the exploit kit?
The vulnerability of the outdated software application is used by the exploit kit for transferring
payloads.
g. What is the most common file type that is related to that vulnerable software?
The common file type related with the vulnerable software is .exe, */*
h. Use ELSA to gather more evidence to support the hypothesis that the host you identified above
delivered the malware. Launch ELSA and list all hosts that downloaded the type of file listed
above. Remember to adjust the timeframe accordingly.
Were you able to find more evidence? If so, record your findings here.
From the evidence from ELSA it is found that malware is downloaded from the IP address
208.113.226.171.
i. At this point you should know, with quite some level of certainty, whether the site listed in Part 3b
and Part 3c delivered the malware. Record your conclusions below.
The host 192.168.0.12 requests for login and the login failed due to the outdated flash player
version and the user visits a malicious page that exploits the vulnerability and infects the machine
with Trojan malware.
Document Page
12
NETWORK AND SECURITY
Part 4: Analyze Details of the Exploit
a. Exploit kits often rely on a landing page used to scan the victim’s system for vulnerabilities and
exfiltrate a list of them. Use ELSA to determine if the exploit kit in question used a landing page. If
so, what is the URL and IP address of it? What is the evidence?
Hint: The first two SGUIL events contain many clues.
Here the landing page is dreamhost.com
b. What is the domain name that delivered the exploit kit and malware payload?
The domain name that delivers the exploit kit is secureserver.net and the malware payload is
dreamhost.com
c. What is the IP address that delivered the exploit kit and malware payload?
The IP address that delivered the exploit kit is 173.201.198.128 and malware payload is
208.113.226.171.
d. Pivoting from events in SGUIL, launch Wireshark and export the files from the captured packets
as was done in a previous lab. What files or programs are you able to successfully export?
The packets with TCP and HTTP are only exported in wireshark from SGUIL and the rest of the
files cannot be exported.
Part B – CCNA-S

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13
NETWORK AND SECURITY
References
Gubbi, J., Buyya, R., Marusic, S. and Palaniswami, M., 2013. Internet of Things (IoT): A vision,
architectural elements, and future directions. Future generation computer systems, 29(7),
pp.1645-1660.
Lee, I. and Lee, K., 2015. The Internet of Things (IoT): Applications, investments, and
challenges for enterprises. Business Horizons, 58(4), pp.431-440.
Huh, S., Cho, S. and Kim, S., 2017, February. Managing IoT devices using blockchain platform.
In 2017 19th international conference on advanced communication technology (ICACT)(pp.
464-467). IEEE.
Madakam, S., Ramaswamy, R. and Tripathi, S., 2015. Internet of Things (IoT): A literature
review. Journal of Computer and Communications, 3(05), p.164.
Perumal, T., Datta, S.K. and Bonnet, C., 2015, October. IoT device management framework for
smart home scenarios. In 2015 IEEE 4th Global Conference on Consumer Electronics
(GCCE) (pp. 54-55). IEEE.
Novo, O., 2018. Blockchain meets IoT: An architecture for scalable access management in
IoT. IEEE Internet of Things Journal, 5(2), pp.1184-1195.
Lee, J.Y., Lin, W.C. and Huang, Y.H., 2014, May. A lightweight authentication protocol for
internet of things. In 2014 International Symposium on Next-Generation Electronics (ISNE) (pp.
1-2). IEEE.
Document Page
14
NETWORK AND SECURITY
Liu, Z., Großschädl, J., Hu, Z., Järvinen, K., Wang, H. and Verbauwhede, I., 2017. Elliptic curve
cryptography with efficiently computable endomorphisms and its hardware implementations for
the internet of things. IEEE Transactions on Computers, 66(5), pp.773-785.
Conti, M., Dehghantanha, A., Franke, K. and Watson, S., 2018. Internet of Things security and
forensics: Challenges and opportunities.
Chen, G., Huang, J., Cheng, B. and Chen, J., 2015, June. A social network based approach for
IoT device management and service composition. In 2015 IEEE World Congress on
Services (pp. 1-8). IEEE.
1 out of 15
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]