University IT Security and Intrusion Detection Assignment
VerifiedAdded on 2022/12/20
|21
|5218
|63
Homework Assignment
AI Summary
This assignment focuses on Information Technology Security, addressing network vulnerabilities and protection strategies. The first section analyzes issues faced by a global IT organization expanding its network, including server non-responsiveness, file corruption, and limited network access. It then ...
Running head: INFORMATION TECHNOLOGY SECURITY
Information Technology Security
[Name of the Student]
[Name of the University]
[Author note]
Information Technology Security
[Name of the Student]
[Name of the University]
[Author note]
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1INFORMATION TECHNOLOGY SECURITY
Question 1:
The TIA software is one of the global IT organization which is associated with providing
of different IT related services throughout the entire world. Besides this the organization has also
been associated with expanding its business along with the consequences and for this reason they
are having the will of expanding their new office in Auckland so as to meet the business needs
mostly faced in the Trans-Tasman region.
However while connecting the Auckland Local Network with the global network certain
issues were faced. The problems which were faced by the organization has been listed below:
Non-response of the servers very often
The files which were sometimes shared were also seen to corrupted
Limited access is provided to the network access as well as to the email services which
runs in the servers.
There are number of way by which it is possible to secure a network. Protecting the
system is seen to challenging but still it is critical. In the section provided below few methods
have been described by which the company would be capable of protecting its assets from
different kind of vulnerabilities.
1. Use of firewalls along with monitoring its performance: firewall is generally considered
to be set of software or hardware which is designed with an aim of blocking any kind of
unauthorized access to the computers or networks. So firewall can be defied as a set of
rules which are associated with controlling the incoming and the outgoing traffic of the
network.
Question 1:
The TIA software is one of the global IT organization which is associated with providing
of different IT related services throughout the entire world. Besides this the organization has also
been associated with expanding its business along with the consequences and for this reason they
are having the will of expanding their new office in Auckland so as to meet the business needs
mostly faced in the Trans-Tasman region.
However while connecting the Auckland Local Network with the global network certain
issues were faced. The problems which were faced by the organization has been listed below:
Non-response of the servers very often
The files which were sometimes shared were also seen to corrupted
Limited access is provided to the network access as well as to the email services which
runs in the servers.
There are number of way by which it is possible to secure a network. Protecting the
system is seen to challenging but still it is critical. In the section provided below few methods
have been described by which the company would be capable of protecting its assets from
different kind of vulnerabilities.
1. Use of firewalls along with monitoring its performance: firewall is generally considered
to be set of software or hardware which is designed with an aim of blocking any kind of
unauthorized access to the computers or networks. So firewall can be defied as a set of
rules which are associated with controlling the incoming and the outgoing traffic of the
network.
2INFORMATION TECHNOLOGY SECURITY
2. Updating of the passwords on a regular basis: Along with the usage of complicated
passwords or usage of different password combinations it is also very essential to make
sure that the passwords are being changed on a regular basis so as to ensure an added
security. Passwords are to be changed in a regular time interval such as quarterly but the
more often it is the more it is better.
3. Maintenance of the Anti-virus software: Regular updates of the antivirus needs to be
done in case if not done then the chances of facing the risk increases. The reason behind
this is that the hacker is always associated finding out of ways of cracking into the system
so as to infect it with a virus. It is very critical to stay ahead and use the latest version of
the antivirus software.
4. Creation of VPN or Virtual private network: The VPNs are mostly created for the
purpose of providing a more secure connection between the remote computers and the
other computers or servers. These type of networks are essentially and only available to
those and the equipment which are associated with the system and this in turn is
associated with drastic reduction of the likelihood of getting hacked. Encryption of the
data along with authentication of the identity are very important for securing the VPN. It
is very important to review the documentation of the server and the VPN so as to be sure
about the protocols which are the strongest for the encryption and authentication.
Besides all this there exists the multi-authentication which are seen to be very important
for securing the methods related to identity authentication. It is also a good idea to make
use of the firewall which is associated with separating the VPN network from rest of the
network.
2. Updating of the passwords on a regular basis: Along with the usage of complicated
passwords or usage of different password combinations it is also very essential to make
sure that the passwords are being changed on a regular basis so as to ensure an added
security. Passwords are to be changed in a regular time interval such as quarterly but the
more often it is the more it is better.
3. Maintenance of the Anti-virus software: Regular updates of the antivirus needs to be
done in case if not done then the chances of facing the risk increases. The reason behind
this is that the hacker is always associated finding out of ways of cracking into the system
so as to infect it with a virus. It is very critical to stay ahead and use the latest version of
the antivirus software.
4. Creation of VPN or Virtual private network: The VPNs are mostly created for the
purpose of providing a more secure connection between the remote computers and the
other computers or servers. These type of networks are essentially and only available to
those and the equipment which are associated with the system and this in turn is
associated with drastic reduction of the likelihood of getting hacked. Encryption of the
data along with authentication of the identity are very important for securing the VPN. It
is very important to review the documentation of the server and the VPN so as to be sure
about the protocols which are the strongest for the encryption and authentication.
Besides all this there exists the multi-authentication which are seen to be very important
for securing the methods related to identity authentication. It is also a good idea to make
use of the firewall which is associated with separating the VPN network from rest of the
network.
3INFORMATION TECHNOLOGY SECURITY
5. Active managing of the user access privileges: A significant amount of security threat is
imposed because of the inappropriate user-privileges so it is suggested not to overlook
the process of managing the access of the employees to the data which are critical in
nature. Besides this whenever an employee is associated with changing their jobs it must
be must be necessarily made sure by the IT department that they are notified regarding
the access privileges which can be modified so as to make the duties well fitted in the
new positions.
6. Inactive accounts are to be cleared up: Hackers are seen to be associated with the usage
of the inactive accounts which were once assigned to the contractors or to the formal
employees for the purpose of gaining access and for disguising the activities. So software
are to be used in order to clean up the inactive accounts present in the large networks
along with many users.
Question 2:
IDS OR Intrusion detection system:
The intrusion detection system or the IDS generally refers to the system which is seen to
be associated with monitoring the network or the traffic for the purpose of detecting any kind of
suspicious activities or alerts related to the issues whenever an suspicious activity is detected.
There exists some IDS whose primary function is associated with including the anomaly
detection and alerting whereas some of IDS are there which are having the capability of taking
certain actions whenever any kind of anomalous traffic or malicious activity is detected and this
actions mainly includes the blocking of the traffic sent from any kind of suspicious IP addresses.
5. Active managing of the user access privileges: A significant amount of security threat is
imposed because of the inappropriate user-privileges so it is suggested not to overlook
the process of managing the access of the employees to the data which are critical in
nature. Besides this whenever an employee is associated with changing their jobs it must
be must be necessarily made sure by the IT department that they are notified regarding
the access privileges which can be modified so as to make the duties well fitted in the
new positions.
6. Inactive accounts are to be cleared up: Hackers are seen to be associated with the usage
of the inactive accounts which were once assigned to the contractors or to the formal
employees for the purpose of gaining access and for disguising the activities. So software
are to be used in order to clean up the inactive accounts present in the large networks
along with many users.
Question 2:
IDS OR Intrusion detection system:
The intrusion detection system or the IDS generally refers to the system which is seen to
be associated with monitoring the network or the traffic for the purpose of detecting any kind of
suspicious activities or alerts related to the issues whenever an suspicious activity is detected.
There exists some IDS whose primary function is associated with including the anomaly
detection and alerting whereas some of IDS are there which are having the capability of taking
certain actions whenever any kind of anomalous traffic or malicious activity is detected and this
actions mainly includes the blocking of the traffic sent from any kind of suspicious IP addresses.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4INFORMATION TECHNOLOGY SECURITY
Scams and Frauds on Online Transaction
Identified
Scam and
Fraud
Definition
Identity Theft This is payment fraud which is quite common and is associated with
including an imposter who would be associated with obtaining of the key
details related to the personally identifiable information so as to use then in
fraudulent purchases by usage of the internet.
Triangulation: This is the type of fraud method which generally refers to the implication of
the fact that there is an existence of three different participants while
purchasing an order which includes the unsuspecting customer, a fake
online store and the stolen data. So whenever a customer is associated with
moving towards purchasing the fake merchant would be immediately
associated with stealing the card details of the customer. The main aim of
the fraudster in this type of fraud is the gathering of the data and cancelling
the payment after the details of the card are received.
Clean Fraud The clean fraud is very difficult to detect along with being prevented and
the reason behind this is that the fraudster is seen to be associated with
using the real time data for the purpose of committing the different kind of
cybercrimes. Whereas the friendly frauds are seen to be associated with
hiding behind the fake identities of the data which has been stolen. In
addition to this the hackers are seen to be associated with the usage of clean
frauds and the reason is they are having a greater deal of knowledge related
Scams and Frauds on Online Transaction
Identified
Scam and
Fraud
Definition
Identity Theft This is payment fraud which is quite common and is associated with
including an imposter who would be associated with obtaining of the key
details related to the personally identifiable information so as to use then in
fraudulent purchases by usage of the internet.
Triangulation: This is the type of fraud method which generally refers to the implication of
the fact that there is an existence of three different participants while
purchasing an order which includes the unsuspecting customer, a fake
online store and the stolen data. So whenever a customer is associated with
moving towards purchasing the fake merchant would be immediately
associated with stealing the card details of the customer. The main aim of
the fraudster in this type of fraud is the gathering of the data and cancelling
the payment after the details of the card are received.
Clean Fraud The clean fraud is very difficult to detect along with being prevented and
the reason behind this is that the fraudster is seen to be associated with
using the real time data for the purpose of committing the different kind of
cybercrimes. Whereas the friendly frauds are seen to be associated with
hiding behind the fake identities of the data which has been stolen. In
addition to this the hackers are seen to be associated with the usage of clean
frauds and the reason is they are having a greater deal of knowledge related
5INFORMATION TECHNOLOGY SECURITY
to the cardholders and the details of the credit card and for this reason they
utilize the real-time customer data so as to fool the system. This type of
fraud is associated with making this look legitimate by stealing of all the
necessary real data.
Friendly Fraud This is the fraud which is considered to be friendly which seems to happen
when the customers are associated with making digital purchase by making
use of the credit cards which is followed by contacting the issuer of the
credit card so as to claim an dispute of the charge. These type of situation
would be responsible for making the customers to contact the issuer so as to
claim that the item is not delivered, the item was returned but they did not
received the refund or they do not remember that they have purchased the
product by making use of their credit card and their credit card has been
compromised.
Amongst all this chargebacks not all of them are fraudulent because the
claim many times can be true as well.
Methods of Controlling the Fraud:
Eliminating the online frauds or scam is very difficult and for this reason there are different
security measures which can be implemented so as to reduce the frauds and scams and this
includes the following:
Constant running of the security checks by usage of the antivirus along with installing the
necessary firewalls as well so as to provide protection to the network from any kind of
penetration attack
The passwords that are used should be strong
to the cardholders and the details of the credit card and for this reason they
utilize the real-time customer data so as to fool the system. This type of
fraud is associated with making this look legitimate by stealing of all the
necessary real data.
Friendly Fraud This is the fraud which is considered to be friendly which seems to happen
when the customers are associated with making digital purchase by making
use of the credit cards which is followed by contacting the issuer of the
credit card so as to claim an dispute of the charge. These type of situation
would be responsible for making the customers to contact the issuer so as to
claim that the item is not delivered, the item was returned but they did not
received the refund or they do not remember that they have purchased the
product by making use of their credit card and their credit card has been
compromised.
Amongst all this chargebacks not all of them are fraudulent because the
claim many times can be true as well.
Methods of Controlling the Fraud:
Eliminating the online frauds or scam is very difficult and for this reason there are different
security measures which can be implemented so as to reduce the frauds and scams and this
includes the following:
Constant running of the security checks by usage of the antivirus along with installing the
necessary firewalls as well so as to provide protection to the network from any kind of
penetration attack
The passwords that are used should be strong
6INFORMATION TECHNOLOGY SECURITY
Users should be aware while conducting online transactions
Installation and Configuration of IDS: SNORT
Installation of SNORT
Snort 2_9_13: Download and save the file to the d:\temp folder.
64bit Windows All: Required additional downloads for the 64bit architecture install!
dload.png Strawberry Perl 5.28.1.1: Download and save the file to the d:\temp folder.
dload.png PostgreSQL Database 10.7-1: Download and save the file to the d:\temp folder.
dload.png PHP 5.6.40 NTS (VC11): Download and save the file to the d:\temp folder.
Installs Microsoft Visual C++ 2012/2013/2017
Installs 'Notepad2' to Windows\System32
Installs 'unzip' to Windows\System32
Installs 'tartool' to Windows\System32
Inserts 'winids' hostname into hosts file
Inserts 'IGMP and SCTP' into the protocol file for Snort rules
Inserts 'Nodosfilewarning' into User ENV to suppress CYGWIN warning message when
starting Barnyard2
Sets 'Show File Extensions' as on in registry
Reboots system
Installing Snort, the Traffic Detection and Inspection Engine
At the CMD prompt type 'd:\temp\Snort_2_9_13_Installer.exe' (less the outside quotes), and tap
the 'Enter' key.
The 'License Agreement' window opens, left-click 'I Agree'.
The 'Choose Components' window opens, left-click 'Next'.
The 'Choose Install Location' window opens, in the 'Destination Folder' dialog box, type 'd:\
winids\snort' (less the outside quotes), left-click 'Next' allowing the install to complete.
The 'Snort has been successfully installed' window opens, left-click 'OK'
Users should be aware while conducting online transactions
Installation and Configuration of IDS: SNORT
Installation of SNORT
Snort 2_9_13: Download and save the file to the d:\temp folder.
64bit Windows All: Required additional downloads for the 64bit architecture install!
dload.png Strawberry Perl 5.28.1.1: Download and save the file to the d:\temp folder.
dload.png PostgreSQL Database 10.7-1: Download and save the file to the d:\temp folder.
dload.png PHP 5.6.40 NTS (VC11): Download and save the file to the d:\temp folder.
Installs Microsoft Visual C++ 2012/2013/2017
Installs 'Notepad2' to Windows\System32
Installs 'unzip' to Windows\System32
Installs 'tartool' to Windows\System32
Inserts 'winids' hostname into hosts file
Inserts 'IGMP and SCTP' into the protocol file for Snort rules
Inserts 'Nodosfilewarning' into User ENV to suppress CYGWIN warning message when
starting Barnyard2
Sets 'Show File Extensions' as on in registry
Reboots system
Installing Snort, the Traffic Detection and Inspection Engine
At the CMD prompt type 'd:\temp\Snort_2_9_13_Installer.exe' (less the outside quotes), and tap
the 'Enter' key.
The 'License Agreement' window opens, left-click 'I Agree'.
The 'Choose Components' window opens, left-click 'Next'.
The 'Choose Install Location' window opens, in the 'Destination Folder' dialog box, type 'd:\
winids\snort' (less the outside quotes), left-click 'Next' allowing the install to complete.
The 'Snort has been successfully installed' window opens, left-click 'OK'
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION TECHNOLOGY SECURITY
Configuring SNORT:
At the CMD prompt type 'type NUL > d:\winids\snort\rules\white_list.rules' (less the outside
quotes), and tap the 'Enter' key.
At the CMD prompt type 'type NUL > d:\winids\snort\rules\black_list.rules' (less the outside
quotes), and tap the 'Enter' key.
At the CMD prompt type 'notepad2 d:\winids\snort\etc\snort.conf' (less the outside quotes), and
tap the 'Enter' key.
Use the Find option in Notepad2 to locate and change the variables below.
Original Line(s): ipvar HOME_NET any
Change to: ipvar HOME_NET 192.168.1.0/24
In the above HOME_NET example (192.168.1.0/24), using a CIDR of 24 the Windows
Intrusion Detection System (WinIDS) will monitor addresses 192.168.1.1 - 192.168.1.254. It is
important to specify the correct internal IP segment of the Windows Intrusion Detection System
(WinIDS) network that needs monitoring, and to set the correct CIDR.
Original Line(s): var RULE_PATH ../rules
Change to: var RULE_PATH d:\winids\snort\rules
Original Line(s): var SO_RULE_PATH ../so_rules
Change to: # var SO_RULE_PATH ../so_rules
Original Line(s): var PREPROC_RULE_PATH ../preproc_rules
Change to: var PREPROC_RULE_PATH d:\winids\snort\preproc_rules
Original Line(s): var WHITE_LIST_PATH ../rules
Change to: var WHITE_LIST_PATH d:\winids\snort\rules
Original Line(s): var BLACK_LIST_PATH ../rules
Change to: var BLACK_LIST_PATH d:\winids\snort\rules
Original Line(s): dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
Change to: dynamicpreprocessor directory d:\winids\snort\lib\snort_dynamicpreprocessor
Original Line(s): dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
Change to: dynamicengine d:\winids\snort\lib\snort_dynamicengine\sf_engine.dll
Original Line(s): decompress_swf { deflate lzma } \
Change to: decompress_swf { deflate } \
Original Line(s): # preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level
{ low }
Change to: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low }
Configuring SNORT:
At the CMD prompt type 'type NUL > d:\winids\snort\rules\white_list.rules' (less the outside
quotes), and tap the 'Enter' key.
At the CMD prompt type 'type NUL > d:\winids\snort\rules\black_list.rules' (less the outside
quotes), and tap the 'Enter' key.
At the CMD prompt type 'notepad2 d:\winids\snort\etc\snort.conf' (less the outside quotes), and
tap the 'Enter' key.
Use the Find option in Notepad2 to locate and change the variables below.
Original Line(s): ipvar HOME_NET any
Change to: ipvar HOME_NET 192.168.1.0/24
In the above HOME_NET example (192.168.1.0/24), using a CIDR of 24 the Windows
Intrusion Detection System (WinIDS) will monitor addresses 192.168.1.1 - 192.168.1.254. It is
important to specify the correct internal IP segment of the Windows Intrusion Detection System
(WinIDS) network that needs monitoring, and to set the correct CIDR.
Original Line(s): var RULE_PATH ../rules
Change to: var RULE_PATH d:\winids\snort\rules
Original Line(s): var SO_RULE_PATH ../so_rules
Change to: # var SO_RULE_PATH ../so_rules
Original Line(s): var PREPROC_RULE_PATH ../preproc_rules
Change to: var PREPROC_RULE_PATH d:\winids\snort\preproc_rules
Original Line(s): var WHITE_LIST_PATH ../rules
Change to: var WHITE_LIST_PATH d:\winids\snort\rules
Original Line(s): var BLACK_LIST_PATH ../rules
Change to: var BLACK_LIST_PATH d:\winids\snort\rules
Original Line(s): dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
Change to: dynamicpreprocessor directory d:\winids\snort\lib\snort_dynamicpreprocessor
Original Line(s): dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
Change to: dynamicengine d:\winids\snort\lib\snort_dynamicengine\sf_engine.dll
Original Line(s): decompress_swf { deflate lzma } \
Change to: decompress_swf { deflate } \
Original Line(s): # preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level
{ low }
Change to: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low }
8INFORMATION TECHNOLOGY SECURITY
logfile { \portscan.log }
Original Line(s): # output unified2: filename merged.log, limit 128, nostamp,
mpls_event_types, vlan_event_types
Change to: output unified2: filename merged.log, limit 128
Original Line(s): include classification.config
Change to: include d:\winids\snort\etc\classification.config
Original Line(s): include reference.config
Change to: include d:\winids\snort\etc\reference.config
Original Line(s):
# include $PREPROC_RULE_PATH/preprocessor.rules
# include $PREPROC_RULE_PATH/decoder.rules
# include $PREPROC_RULE_PATH/sensitive-data.rules
Change to:
include $PREPROC_RULE_PATH/preprocessor.rules
include $PREPROC_RULE_PATH/decoder.rules
include $PREPROC_RULE_PATH/sensitive-data.rules
Original Line(s): include threshold.conf
Change to: include d:\winids\snort\etc\threshold.conf
Save the file, and eXit Notepad2.
Question 3:
Foot printing:
Foot printing is generally associated with referring to the term which is not exclusive to
computer science however this is often used in the IT or Information technology for the purpose
of referring to the efforts related to finding out about the computer systems and the network or
the footprints. Besides this it is also possible to use foot printing for legitimate purpose and this
term is often linked with the hacking or cyber-attacks.
logfile { \portscan.log }
Original Line(s): # output unified2: filename merged.log, limit 128, nostamp,
mpls_event_types, vlan_event_types
Change to: output unified2: filename merged.log, limit 128
Original Line(s): include classification.config
Change to: include d:\winids\snort\etc\classification.config
Original Line(s): include reference.config
Change to: include d:\winids\snort\etc\reference.config
Original Line(s):
# include $PREPROC_RULE_PATH/preprocessor.rules
# include $PREPROC_RULE_PATH/decoder.rules
# include $PREPROC_RULE_PATH/sensitive-data.rules
Change to:
include $PREPROC_RULE_PATH/preprocessor.rules
include $PREPROC_RULE_PATH/decoder.rules
include $PREPROC_RULE_PATH/sensitive-data.rules
Original Line(s): include threshold.conf
Change to: include d:\winids\snort\etc\threshold.conf
Save the file, and eXit Notepad2.
Question 3:
Foot printing:
Foot printing is generally associated with referring to the term which is not exclusive to
computer science however this is often used in the IT or Information technology for the purpose
of referring to the efforts related to finding out about the computer systems and the network or
the footprints. Besides this it is also possible to use foot printing for legitimate purpose and this
term is often linked with the hacking or cyber-attacks.
9INFORMATION TECHNOLOGY SECURITY
In terms of the Hacking the term foot printing generally refers to some of the work which
is done quietly by the hackers before they are associated with conducting an attack upon the
system. This might be associated with looking in the type operating system which being used by
a specific hardware setup or pinging of the system so as to determine the properties of the design.
Besides this the port scanning or the registry queries are some other type of foot printing. These
type of information are then used for the purpose of building up of plans so as to counter the
cyber-attack.
Network Vulnerability Tool Scanner
OpenVAS:
This is one of the open Vulnerability Assessment System which is a free network security
scanning tool and many of the components of the OpanVAS is licensed under the General Public
License or the GNU. Besides this the major components of the OpnaVAS is one of the security
scanner which is seen to be running in the Linux environment. Besides this it is also possible to
integrate the OVAL or the Open Vulnerability Assessment Language for the purpose of writing
the vulnerability tests.
WireShark
This another network vulnerability scanning tool which is an open source tool and is also known
as the multi-platform network protocol analyzer and is seen to be associated with the scanning of
the data vulnerabilities on the live network which exists between the active client and the server.
Besides this the tool is also associated with helping in viewing the network traffic as well as
helping in following the network stream as well. This software runs in the windows, linux and in
OSX as well. This in turn is also associated with showing the stream construction of the TCP
In terms of the Hacking the term foot printing generally refers to some of the work which
is done quietly by the hackers before they are associated with conducting an attack upon the
system. This might be associated with looking in the type operating system which being used by
a specific hardware setup or pinging of the system so as to determine the properties of the design.
Besides this the port scanning or the registry queries are some other type of foot printing. These
type of information are then used for the purpose of building up of plans so as to counter the
cyber-attack.
Network Vulnerability Tool Scanner
OpenVAS:
This is one of the open Vulnerability Assessment System which is a free network security
scanning tool and many of the components of the OpanVAS is licensed under the General Public
License or the GNU. Besides this the major components of the OpnaVAS is one of the security
scanner which is seen to be running in the Linux environment. Besides this it is also possible to
integrate the OVAL or the Open Vulnerability Assessment Language for the purpose of writing
the vulnerability tests.
WireShark
This another network vulnerability scanning tool which is an open source tool and is also known
as the multi-platform network protocol analyzer and is seen to be associated with the scanning of
the data vulnerabilities on the live network which exists between the active client and the server.
Besides this the tool is also associated with helping in viewing the network traffic as well as
helping in following the network stream as well. This software runs in the windows, linux and in
OSX as well. This in turn is also associated with showing the stream construction of the TCP
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10INFORMATION TECHNOLOGY SECURITY
session and is associated with including the tshark which is a tcpdump console version. However
one issue is faced by this software and is having the risk of remote security exploitation.
Question 4:
Role played by firewall:
A firewall is considered to be a vital component of the network which is associated with
playing a very vital role in the securing and protecting the network, the security of the network is
generally associated with referring to the methods related to addressing the different external as
well as the internal threats which are faced by the computer network system. Firewalls are
having the capability of securing the network from internal as well as from the external danger.
Firewall is the device which is installed in between the internal network and external
network with an aim of filtering all the incoming as well as the outgoing traffic or the data. This
process is also known as packet filtering. Certain rules are programmed into the firewall by the
system administrator for the purpose of evaluating the incoming and the outgoing data.
Types of Firewall:
The firewalls can be classified into five different types and is associated with including the
following:
Packet-filtering firewalls:
This firewall is the oldest and the most simple firewall architecture which is
associated with a creation of the checkpoint in the traffic of the router or at the switch and
is responsible for performing of simple checks. The checks are generally performed upon
the data packets which are coming through the router so as to inspect different
session and is associated with including the tshark which is a tcpdump console version. However
one issue is faced by this software and is having the risk of remote security exploitation.
Question 4:
Role played by firewall:
A firewall is considered to be a vital component of the network which is associated with
playing a very vital role in the securing and protecting the network, the security of the network is
generally associated with referring to the methods related to addressing the different external as
well as the internal threats which are faced by the computer network system. Firewalls are
having the capability of securing the network from internal as well as from the external danger.
Firewall is the device which is installed in between the internal network and external
network with an aim of filtering all the incoming as well as the outgoing traffic or the data. This
process is also known as packet filtering. Certain rules are programmed into the firewall by the
system administrator for the purpose of evaluating the incoming and the outgoing data.
Types of Firewall:
The firewalls can be classified into five different types and is associated with including the
following:
Packet-filtering firewalls:
This firewall is the oldest and the most simple firewall architecture which is
associated with a creation of the checkpoint in the traffic of the router or at the switch and
is responsible for performing of simple checks. The checks are generally performed upon
the data packets which are coming through the router so as to inspect different
11INFORMATION TECHNOLOGY SECURITY
information such as the IP addresses destination and place of origin, type of packet,
number of the prot, and many other information without opening them so as to inspect the
content.
Stateful inspection firewalls:
This is the firewall which is associated with combining the packet inspection
technology and the TCP handshake verification. This is mainly done for the purpose of
creating a certain level of protection which is much greater than the either of the two
architecture which has been used for the purpose of creating this firewall. In addition to
all this these type of firewall is associated with putting a more stress upon the computing
resources and this in turn might be associated with making the legitimate packets to slow
down as compared to the other solutions.
Circuit-level gateways:
This is another simple firewall which is generally used for quick and easy
approval or denial of the traffic which is done without consuming of the significant
resources. The circuit level gateway is seen to be working by verifying the TCP or the
Transmission Control Protocol Handshake. The main reason lying behind the designing
of the TCP check is for the purpose of making sure that the session which is provided by
the packet is legitimate in nature. Despite of being extremely resource-efficient these
firewalls are not associated with checking of the packet itself. In case when a packet is
associated with holding the malware but is having the right TCP handshake then it would
be right passing through.
Application-level gateways or the. proxy firewalls:
information such as the IP addresses destination and place of origin, type of packet,
number of the prot, and many other information without opening them so as to inspect the
content.
Stateful inspection firewalls:
This is the firewall which is associated with combining the packet inspection
technology and the TCP handshake verification. This is mainly done for the purpose of
creating a certain level of protection which is much greater than the either of the two
architecture which has been used for the purpose of creating this firewall. In addition to
all this these type of firewall is associated with putting a more stress upon the computing
resources and this in turn might be associated with making the legitimate packets to slow
down as compared to the other solutions.
Circuit-level gateways:
This is another simple firewall which is generally used for quick and easy
approval or denial of the traffic which is done without consuming of the significant
resources. The circuit level gateway is seen to be working by verifying the TCP or the
Transmission Control Protocol Handshake. The main reason lying behind the designing
of the TCP check is for the purpose of making sure that the session which is provided by
the packet is legitimate in nature. Despite of being extremely resource-efficient these
firewalls are not associated with checking of the packet itself. In case when a packet is
associated with holding the malware but is having the right TCP handshake then it would
be right passing through.
Application-level gateways or the. proxy firewalls:
12INFORMATION TECHNOLOGY SECURITY
This is the firewall which is associate with operating in the application layer so as
to filter the various incoming traffic between the network and the traffic source instead of
allowing the contents of the traffic to get connected directly. The proxy firewall is firstly
associated with the establishing a connection to the source of the traffic which is followed
by the inspection of the incoming data packets. The checking done is almost similar to
the stateful inspection firewall which is associated with looking into the packet as well as
in the TCP handshake protocol. In addition to all this type of firewall is having the
capability of performing deep-layer packet inspection along with the capability of
checking the actual contents of the information packet for the purpose of verifying that
there exists no malware.
Selection criteria for Next-gen firewalls:
Performance
In case of the next gen firewall there exists a balance between the threat protection and
raw performance. Performance can be achieved by avoidance of bottle necks. Another major
reason is the under sizing of the firewalls by the service providers so as to reduce the cost. So
performance is one of the major criteria for selecting the next gen firewalls.
Interoperability
Next generations firewalls are associated with interacting with numerous networks and
security tools like the network monitoring tools, logging servers, authentication servers, network
access control (NAC) products and external web/email security solutions. Interoperability
generally varies in accordance to the vendors and the next generation firewalls product line. So it
is essential to understand and verify the interoperability with the external components and
applications with the firewall would be working.
This is the firewall which is associate with operating in the application layer so as
to filter the various incoming traffic between the network and the traffic source instead of
allowing the contents of the traffic to get connected directly. The proxy firewall is firstly
associated with the establishing a connection to the source of the traffic which is followed
by the inspection of the incoming data packets. The checking done is almost similar to
the stateful inspection firewall which is associated with looking into the packet as well as
in the TCP handshake protocol. In addition to all this type of firewall is having the
capability of performing deep-layer packet inspection along with the capability of
checking the actual contents of the information packet for the purpose of verifying that
there exists no malware.
Selection criteria for Next-gen firewalls:
Performance
In case of the next gen firewall there exists a balance between the threat protection and
raw performance. Performance can be achieved by avoidance of bottle necks. Another major
reason is the under sizing of the firewalls by the service providers so as to reduce the cost. So
performance is one of the major criteria for selecting the next gen firewalls.
Interoperability
Next generations firewalls are associated with interacting with numerous networks and
security tools like the network monitoring tools, logging servers, authentication servers, network
access control (NAC) products and external web/email security solutions. Interoperability
generally varies in accordance to the vendors and the next generation firewalls product line. So it
is essential to understand and verify the interoperability with the external components and
applications with the firewall would be working.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13INFORMATION TECHNOLOGY SECURITY
Visibility and control
An area which is associated with making the firewall vary widely is the network and
visibility of the application from one vendor to the next. The visibility not only refers to the
application and user level, but also considers the visibility which is associated with providing
network behavior intelligence. So the visibility and control of each vendor needs to be
understood along with the functions related to security intelligence visibility so as to ensure that
it meets or exceeds the expectations.
Advanced security features
Next-generation firewalls is one of the veritable multi-tool of the IT security for any
organization and as the like the other most multi-tools the companies would be associated with
relying upon certain individual tools daily or rarely if at all being associated with using others.
The next generation firewall are associated with making the customers make use of the standard
stateful access control rules.
Scalability
The refreshment timeline of the Network hardware generally varies from one
organization to the next. However within a time span of three to six years most of the parts are
seen to be facing a fall. Next generation firewalls are chosen so as to make sure that it grow
accordingly in order to meet the demands related to the data expectations.
Management and reporting
In case when the security administrators are having the responsibility of managing dozens
or more firewalls, there is a need of having the right management platform so as to lower the
number of human resource required. Major of the enterprises are consisting of a built-in NGFWs
Visibility and control
An area which is associated with making the firewall vary widely is the network and
visibility of the application from one vendor to the next. The visibility not only refers to the
application and user level, but also considers the visibility which is associated with providing
network behavior intelligence. So the visibility and control of each vendor needs to be
understood along with the functions related to security intelligence visibility so as to ensure that
it meets or exceeds the expectations.
Advanced security features
Next-generation firewalls is one of the veritable multi-tool of the IT security for any
organization and as the like the other most multi-tools the companies would be associated with
relying upon certain individual tools daily or rarely if at all being associated with using others.
The next generation firewall are associated with making the customers make use of the standard
stateful access control rules.
Scalability
The refreshment timeline of the Network hardware generally varies from one
organization to the next. However within a time span of three to six years most of the parts are
seen to be facing a fall. Next generation firewalls are chosen so as to make sure that it grow
accordingly in order to meet the demands related to the data expectations.
Management and reporting
In case when the security administrators are having the responsibility of managing dozens
or more firewalls, there is a need of having the right management platform so as to lower the
number of human resource required. Major of the enterprises are consisting of a built-in NGFWs
14INFORMATION TECHNOLOGY SECURITY
or is having an optional centralized management which is having the capability of providing a
single pane of glass for configuration, monitoring and reporting of all NGFWs on your network.
or is having an optional centralized management which is having the capability of providing a
single pane of glass for configuration, monitoring and reporting of all NGFWs on your network.
15INFORMATION TECHNOLOGY SECURITY
Question 5:
The common network security problems and their solutions:
There exists numerous problems which are faced by the networks. Some of the major
network problems have been listed below along with the possible solutions:
Problem Definition Solution
Unknown Assets in the network In many of the organizations
which are not having any
completed inventory of all the
IT assets with which they have
tied up into their network
which acts as massive problem
in the network. Without being
sure about the assets present in
the network it is not possible to
be sure about the security.
The easiest way of fixing
this problem is by
conducting of reviews of
all the devices present in
the network along with
the identification of the
different platforms in
which they run. This in
turn would be helping in
being sure about the
different access points in
the network and the ones
which essentials needs an
updated security.
Abuse of the User account
privileges
The attacks might be carried
out by the insiders and this
might be an honest mistake or
an intentional leakage and
misuse of the account
privileges. This is also
associated with including the
identity theft which happens
because of the phishing attacks
or social engineering attacks
consisting of the data such as
account details. The reason that
threats are encounter because
of the trusted users and the
systems this type of problem is
very difficult to detect.
This type of problem can
be minimized by usage of
certain policies such as
the POLP or the policy of
least privileges with
respect to the access of
the user to the various
kind of systems and
databases. This policy
implementation would be
helping in limiting the
damages.
Unpatched Security
Vulnerabilities
Many organizations exist who
are seen to be concerned about
the zero day exploits and the
exploits are mainly associated
The easiest way by which
this problem can be fixed
is by maintenance of a
strict schedule so as to
Question 5:
The common network security problems and their solutions:
There exists numerous problems which are faced by the networks. Some of the major
network problems have been listed below along with the possible solutions:
Problem Definition Solution
Unknown Assets in the network In many of the organizations
which are not having any
completed inventory of all the
IT assets with which they have
tied up into their network
which acts as massive problem
in the network. Without being
sure about the assets present in
the network it is not possible to
be sure about the security.
The easiest way of fixing
this problem is by
conducting of reviews of
all the devices present in
the network along with
the identification of the
different platforms in
which they run. This in
turn would be helping in
being sure about the
different access points in
the network and the ones
which essentials needs an
updated security.
Abuse of the User account
privileges
The attacks might be carried
out by the insiders and this
might be an honest mistake or
an intentional leakage and
misuse of the account
privileges. This is also
associated with including the
identity theft which happens
because of the phishing attacks
or social engineering attacks
consisting of the data such as
account details. The reason that
threats are encounter because
of the trusted users and the
systems this type of problem is
very difficult to detect.
This type of problem can
be minimized by usage of
certain policies such as
the POLP or the policy of
least privileges with
respect to the access of
the user to the various
kind of systems and
databases. This policy
implementation would be
helping in limiting the
damages.
Unpatched Security
Vulnerabilities
Many organizations exist who
are seen to be concerned about
the zero day exploits and the
exploits are mainly associated
The easiest way by which
this problem can be fixed
is by maintenance of a
strict schedule so as to
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16INFORMATION TECHNOLOGY SECURITY
with including the unknown
issues with the security in the
program or in the system which
are yet to be utilized against
anyone. However the
unpatched known
vulnerabilities are one of the
bigger concern that the zero
day vulnerability.
cope up with the security
patches. There exists
another way of tackling
this problem and it
includes the gradual
change of the programs
and operating systems in
the network so as to make
all of them the same and
this in turn would be
associated with
simplification of the
entire process.
A Lack of Defense in Depth Despite of existence of the best
security measures the attackers
can succeed in breaching the
security of the network.
However the impact of the
attack would be dependent
upon the structure of the
network. The major problem is
that there exists few businesses
which are having an open
network structure in which if
an attacker is trusted in the
system then they would be
having an unfettered access to
all the systems present in the
network.
In case if the network is
structured in such a way
that it is having strong
segmentations so as to
keep all the discrete parts
separate then it would be
possible to make the
attacker slow down
enough and keep them
away from the vital
systems and in the
meantime the security
team would be capable of
identifying, containing
and elimination of the
breach.
Not Enough IT Security
Management
This is one of the biggest
problem which is faced even
after having the best security
solutions and besides this when
the problem occurs there might
not exist enough people in
place who are capable of
managing this problems.
The best way of tackling
this problem is by having
a large enough IT
security team which
would be entirely
responsible for the
management of all the
needs.
with including the unknown
issues with the security in the
program or in the system which
are yet to be utilized against
anyone. However the
unpatched known
vulnerabilities are one of the
bigger concern that the zero
day vulnerability.
cope up with the security
patches. There exists
another way of tackling
this problem and it
includes the gradual
change of the programs
and operating systems in
the network so as to make
all of them the same and
this in turn would be
associated with
simplification of the
entire process.
A Lack of Defense in Depth Despite of existence of the best
security measures the attackers
can succeed in breaching the
security of the network.
However the impact of the
attack would be dependent
upon the structure of the
network. The major problem is
that there exists few businesses
which are having an open
network structure in which if
an attacker is trusted in the
system then they would be
having an unfettered access to
all the systems present in the
network.
In case if the network is
structured in such a way
that it is having strong
segmentations so as to
keep all the discrete parts
separate then it would be
possible to make the
attacker slow down
enough and keep them
away from the vital
systems and in the
meantime the security
team would be capable of
identifying, containing
and elimination of the
breach.
Not Enough IT Security
Management
This is one of the biggest
problem which is faced even
after having the best security
solutions and besides this when
the problem occurs there might
not exist enough people in
place who are capable of
managing this problems.
The best way of tackling
this problem is by having
a large enough IT
security team which
would be entirely
responsible for the
management of all the
needs.
17INFORMATION TECHNOLOGY SECURITY
Network security is crucial for any business organization:
Network security is one of the important aspect of any organization because of various
reasons. One of the major reason is that it helps in providing security to the assets of the
organization. Besides all this the information which are kept in the networks are seen to be very
important as well as valuable and acts as the tangible asset of the company. The security of the
network is mainly concerned with the protection, integrity and providing of safe access to all the
confidential information. This is also associated with including the accessibility of the
information in a manner which is meaningful.
The network security is also important as this helps in making the organization comply
with the regulatory requirements as well as with the ethical responsibilities. So the organizations
are associated with having the need of developing certain policies along with procedures so as to
address all the requirements related to the security. This policies and procedures would be
associated with working for ensuring the safety and security of the organization along with being
compulsory for the organization which works on computers. Effective security systems would be
associated with providing the organization have a competitive edge as well.
Network security is crucial for any business organization:
Network security is one of the important aspect of any organization because of various
reasons. One of the major reason is that it helps in providing security to the assets of the
organization. Besides all this the information which are kept in the networks are seen to be very
important as well as valuable and acts as the tangible asset of the company. The security of the
network is mainly concerned with the protection, integrity and providing of safe access to all the
confidential information. This is also associated with including the accessibility of the
information in a manner which is meaningful.
The network security is also important as this helps in making the organization comply
with the regulatory requirements as well as with the ethical responsibilities. So the organizations
are associated with having the need of developing certain policies along with procedures so as to
address all the requirements related to the security. This policies and procedures would be
associated with working for ensuring the safety and security of the organization along with being
compulsory for the organization which works on computers. Effective security systems would be
associated with providing the organization have a competitive edge as well.
18INFORMATION TECHNOLOGY SECURITY
References:
Ambusaidi, M. A., He, X., Nanda, P., & Tan, Z. (2016). Building an intrusion detection system
using a filter-based feature selection algorithm. IEEE transactions on computers, 65(10),
2986-2998.
Ashfaq, R. A. R., Wang, X. Z., Huang, J. Z., Abbas, H., & He, Y. L. (2017). Fuzziness based
semi-supervised learning approach for intrusion detection system. Information
Sciences, 378, 484-497.
Čuček, L., Klemeš, J. J., Varbanov, P. S., & Kravanja, Z. (2015). Significance of environmental
footprints for evaluating sustainability and security of development. Clean Technologies
and Environmental Policy, 17(8), 2125-2141.
Javaid, A., Niyaz, Q., Sun, W., & Alam, M. (2016, May). A deep learning approach for network
intrusion detection system. In Proceedings of the 9th EAI International Conference on
Bio-inspired Information and Communications Technologies (formerly BIONETICS) (pp.
21-26). ICST (Institute for Computer Sciences, Social-Informatics and
Telecommunications Engineering).
Kang, M. J., & Kang, J. W. (2016). Intrusion detection system using deep neural network for in-
vehicle network security. PloS one, 11(6), e0155781.
Kang, M. J., & Kang, J. W. (2016). Intrusion detection system using deep neural network for in-
vehicle network security. PloS one, 11(6), e0155781.
References:
Ambusaidi, M. A., He, X., Nanda, P., & Tan, Z. (2016). Building an intrusion detection system
using a filter-based feature selection algorithm. IEEE transactions on computers, 65(10),
2986-2998.
Ashfaq, R. A. R., Wang, X. Z., Huang, J. Z., Abbas, H., & He, Y. L. (2017). Fuzziness based
semi-supervised learning approach for intrusion detection system. Information
Sciences, 378, 484-497.
Čuček, L., Klemeš, J. J., Varbanov, P. S., & Kravanja, Z. (2015). Significance of environmental
footprints for evaluating sustainability and security of development. Clean Technologies
and Environmental Policy, 17(8), 2125-2141.
Javaid, A., Niyaz, Q., Sun, W., & Alam, M. (2016, May). A deep learning approach for network
intrusion detection system. In Proceedings of the 9th EAI International Conference on
Bio-inspired Information and Communications Technologies (formerly BIONETICS) (pp.
21-26). ICST (Institute for Computer Sciences, Social-Informatics and
Telecommunications Engineering).
Kang, M. J., & Kang, J. W. (2016). Intrusion detection system using deep neural network for in-
vehicle network security. PloS one, 11(6), e0155781.
Kang, M. J., & Kang, J. W. (2016). Intrusion detection system using deep neural network for in-
vehicle network security. PloS one, 11(6), e0155781.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19INFORMATION TECHNOLOGY SECURITY
Konak, A., & Bartolacci, M. R. (2016). Using a virtual computing laboratory to foster
collaborative learning for information security and information technology
education. Journal of Cybersecurity Education, Research and Practice, 2016(1), 2.
Lin, W. C., Ke, S. W., & Tsai, C. F. (2015). CANN: An intrusion detection system based on
combining cluster centers and nearest neighbors. Knowledge-based systems, 78, 13-21.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a
public world. Pearson Education India.
Shah, S. A. R., & Issac, B. (2018). Performance comparison of intrusion detection systems and
application of machine learning to Snort system. Future Generation Computer
Systems, 80, 157-170.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
White, G. B., Fisch, E. A., & Pooch, U. W. (2017). Computer system and network security. CRC
press.
Konak, A., & Bartolacci, M. R. (2016). Using a virtual computing laboratory to foster
collaborative learning for information security and information technology
education. Journal of Cybersecurity Education, Research and Practice, 2016(1), 2.
Lin, W. C., Ke, S. W., & Tsai, C. F. (2015). CANN: An intrusion detection system based on
combining cluster centers and nearest neighbors. Knowledge-based systems, 78, 13-21.
Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN,
VANET. CRC press.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a
public world. Pearson Education India.
Shah, S. A. R., & Issac, B. (2018). Performance comparison of intrusion detection systems and
application of machine learning to Snort system. Future Generation Computer
Systems, 80, 157-170.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
White, G. B., Fisch, E. A., & Pooch, U. W. (2017). Computer system and network security. CRC
press.
20INFORMATION TECHNOLOGY SECURITY
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.