University IT Security and Intrusion Detection Assignment
VerifiedAdded on 2022/12/20
|21
|5218
|63
Homework Assignment
AI Summary
This assignment focuses on Information Technology Security, addressing network vulnerabilities and protection strategies. The first section analyzes issues faced by a global IT organization expanding its network, including server non-responsiveness, file corruption, and limited network access. It then details methods to secure a network, such as firewalls, password updates, antivirus maintenance, VPN creation, user access management, and inactive account cleanup. The second section explains Intrusion Detection Systems (IDS) and discusses online scams and frauds, including identity theft, triangulation, clean fraud, and friendly fraud, along with methods for controlling fraud. The assignment also covers the installation and configuration of SNORT, a traffic detection and inspection engine. The final section defines foot printing and its role in IT security, emphasizing its importance in identifying computer systems and network footprints, both for legitimate and malicious purposes.
Running head: INFORMATION TECHNOLOGY SECURITY
Information Technology Security
[Name of the Student]
[Name of the University]
[Author note]
Information Technology Security
[Name of the Student]
[Name of the University]
[Author note]
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1INFORMATION TECHNOLOGY SECURITY
Question 1:
The TIA software is one of the global IT organization which is associated with providing
of different IT related services throughout the entire world. Besides this the organization has also
been associated with expanding its business along with the consequences and for this reason they
are having the will of expanding their new office in Auckland so as to meet the business needs
mostly faced in the Trans-Tasman region.
However while connecting the Auckland Local Network with the global network certain
issues were faced. The problems which were faced by the organization has been listed below:
Non-response of the servers very often
The files which were sometimes shared were also seen to corrupted
Limited access is provided to the network access as well as to the email services which
runs in the servers.
There are number of way by which it is possible to secure a network. Protecting the
system is seen to challenging but still it is critical. In the section provided below few methods
have been described by which the company would be capable of protecting its assets from
different kind of vulnerabilities.
1. Use of firewalls along with monitoring its performance: firewall is generally considered
to be set of software or hardware which is designed with an aim of blocking any kind of
unauthorized access to the computers or networks. So firewall can be defied as a set of
rules which are associated with controlling the incoming and the outgoing traffic of the
network.
Question 1:
The TIA software is one of the global IT organization which is associated with providing
of different IT related services throughout the entire world. Besides this the organization has also
been associated with expanding its business along with the consequences and for this reason they
are having the will of expanding their new office in Auckland so as to meet the business needs
mostly faced in the Trans-Tasman region.
However while connecting the Auckland Local Network with the global network certain
issues were faced. The problems which were faced by the organization has been listed below:
Non-response of the servers very often
The files which were sometimes shared were also seen to corrupted
Limited access is provided to the network access as well as to the email services which
runs in the servers.
There are number of way by which it is possible to secure a network. Protecting the
system is seen to challenging but still it is critical. In the section provided below few methods
have been described by which the company would be capable of protecting its assets from
different kind of vulnerabilities.
1. Use of firewalls along with monitoring its performance: firewall is generally considered
to be set of software or hardware which is designed with an aim of blocking any kind of
unauthorized access to the computers or networks. So firewall can be defied as a set of
rules which are associated with controlling the incoming and the outgoing traffic of the
network.
2INFORMATION TECHNOLOGY SECURITY
2. Updating of the passwords on a regular basis: Along with the usage of complicated
passwords or usage of different password combinations it is also very essential to make
sure that the passwords are being changed on a regular basis so as to ensure an added
security. Passwords are to be changed in a regular time interval such as quarterly but the
more often it is the more it is better.
3. Maintenance of the Anti-virus software: Regular updates of the antivirus needs to be
done in case if not done then the chances of facing the risk increases. The reason behind
this is that the hacker is always associated finding out of ways of cracking into the system
so as to infect it with a virus. It is very critical to stay ahead and use the latest version of
the antivirus software.
4. Creation of VPN or Virtual private network: The VPNs are mostly created for the
purpose of providing a more secure connection between the remote computers and the
other computers or servers. These type of networks are essentially and only available to
those and the equipment which are associated with the system and this in turn is
associated with drastic reduction of the likelihood of getting hacked. Encryption of the
data along with authentication of the identity are very important for securing the VPN. It
is very important to review the documentation of the server and the VPN so as to be sure
about the protocols which are the strongest for the encryption and authentication.
Besides all this there exists the multi-authentication which are seen to be very important
for securing the methods related to identity authentication. It is also a good idea to make
use of the firewall which is associated with separating the VPN network from rest of the
network.
2. Updating of the passwords on a regular basis: Along with the usage of complicated
passwords or usage of different password combinations it is also very essential to make
sure that the passwords are being changed on a regular basis so as to ensure an added
security. Passwords are to be changed in a regular time interval such as quarterly but the
more often it is the more it is better.
3. Maintenance of the Anti-virus software: Regular updates of the antivirus needs to be
done in case if not done then the chances of facing the risk increases. The reason behind
this is that the hacker is always associated finding out of ways of cracking into the system
so as to infect it with a virus. It is very critical to stay ahead and use the latest version of
the antivirus software.
4. Creation of VPN or Virtual private network: The VPNs are mostly created for the
purpose of providing a more secure connection between the remote computers and the
other computers or servers. These type of networks are essentially and only available to
those and the equipment which are associated with the system and this in turn is
associated with drastic reduction of the likelihood of getting hacked. Encryption of the
data along with authentication of the identity are very important for securing the VPN. It
is very important to review the documentation of the server and the VPN so as to be sure
about the protocols which are the strongest for the encryption and authentication.
Besides all this there exists the multi-authentication which are seen to be very important
for securing the methods related to identity authentication. It is also a good idea to make
use of the firewall which is associated with separating the VPN network from rest of the
network.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3INFORMATION TECHNOLOGY SECURITY
5. Active managing of the user access privileges: A significant amount of security threat is
imposed because of the inappropriate user-privileges so it is suggested not to overlook
the process of managing the access of the employees to the data which are critical in
nature. Besides this whenever an employee is associated with changing their jobs it must
be must be necessarily made sure by the IT department that they are notified regarding
the access privileges which can be modified so as to make the duties well fitted in the
new positions.
6. Inactive accounts are to be cleared up: Hackers are seen to be associated with the usage
of the inactive accounts which were once assigned to the contractors or to the formal
employees for the purpose of gaining access and for disguising the activities. So software
are to be used in order to clean up the inactive accounts present in the large networks
along with many users.
Question 2:
IDS OR Intrusion detection system:
The intrusion detection system or the IDS generally refers to the system which is seen to
be associated with monitoring the network or the traffic for the purpose of detecting any kind of
suspicious activities or alerts related to the issues whenever an suspicious activity is detected.
There exists some IDS whose primary function is associated with including the anomaly
detection and alerting whereas some of IDS are there which are having the capability of taking
certain actions whenever any kind of anomalous traffic or malicious activity is detected and this
actions mainly includes the blocking of the traffic sent from any kind of suspicious IP addresses.
5. Active managing of the user access privileges: A significant amount of security threat is
imposed because of the inappropriate user-privileges so it is suggested not to overlook
the process of managing the access of the employees to the data which are critical in
nature. Besides this whenever an employee is associated with changing their jobs it must
be must be necessarily made sure by the IT department that they are notified regarding
the access privileges which can be modified so as to make the duties well fitted in the
new positions.
6. Inactive accounts are to be cleared up: Hackers are seen to be associated with the usage
of the inactive accounts which were once assigned to the contractors or to the formal
employees for the purpose of gaining access and for disguising the activities. So software
are to be used in order to clean up the inactive accounts present in the large networks
along with many users.
Question 2:
IDS OR Intrusion detection system:
The intrusion detection system or the IDS generally refers to the system which is seen to
be associated with monitoring the network or the traffic for the purpose of detecting any kind of
suspicious activities or alerts related to the issues whenever an suspicious activity is detected.
There exists some IDS whose primary function is associated with including the anomaly
detection and alerting whereas some of IDS are there which are having the capability of taking
certain actions whenever any kind of anomalous traffic or malicious activity is detected and this
actions mainly includes the blocking of the traffic sent from any kind of suspicious IP addresses.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4INFORMATION TECHNOLOGY SECURITY
Scams and Frauds on Online Transaction
Identified
Scam and
Fraud
Definition
Identity Theft This is payment fraud which is quite common and is associated with
including an imposter who would be associated with obtaining of the key
details related to the personally identifiable information so as to use then in
fraudulent purchases by usage of the internet.
Triangulation: This is the type of fraud method which generally refers to the implication of
the fact that there is an existence of three different participants while
purchasing an order which includes the unsuspecting customer, a fake
online store and the stolen data. So whenever a customer is associated with
moving towards purchasing the fake merchant would be immediately
associated with stealing the card details of the customer. The main aim of
the fraudster in this type of fraud is the gathering of the data and cancelling
the payment after the details of the card are received.
Clean Fraud The clean fraud is very difficult to detect along with being prevented and
the reason behind this is that the fraudster is seen to be associated with
using the real time data for the purpose of committing the different kind of
cybercrimes. Whereas the friendly frauds are seen to be associated with
hiding behind the fake identities of the data which has been stolen. In
addition to this the hackers are seen to be associated with the usage of clean
frauds and the reason is they are having a greater deal of knowledge related
Scams and Frauds on Online Transaction
Identified
Scam and
Fraud
Definition
Identity Theft This is payment fraud which is quite common and is associated with
including an imposter who would be associated with obtaining of the key
details related to the personally identifiable information so as to use then in
fraudulent purchases by usage of the internet.
Triangulation: This is the type of fraud method which generally refers to the implication of
the fact that there is an existence of three different participants while
purchasing an order which includes the unsuspecting customer, a fake
online store and the stolen data. So whenever a customer is associated with
moving towards purchasing the fake merchant would be immediately
associated with stealing the card details of the customer. The main aim of
the fraudster in this type of fraud is the gathering of the data and cancelling
the payment after the details of the card are received.
Clean Fraud The clean fraud is very difficult to detect along with being prevented and
the reason behind this is that the fraudster is seen to be associated with
using the real time data for the purpose of committing the different kind of
cybercrimes. Whereas the friendly frauds are seen to be associated with
hiding behind the fake identities of the data which has been stolen. In
addition to this the hackers are seen to be associated with the usage of clean
frauds and the reason is they are having a greater deal of knowledge related
5INFORMATION TECHNOLOGY SECURITY
to the cardholders and the details of the credit card and for this reason they
utilize the real-time customer data so as to fool the system. This type of
fraud is associated with making this look legitimate by stealing of all the
necessary real data.
Friendly Fraud This is the fraud which is considered to be friendly which seems to happen
when the customers are associated with making digital purchase by making
use of the credit cards which is followed by contacting the issuer of the
credit card so as to claim an dispute of the charge. These type of situation
would be responsible for making the customers to contact the issuer so as to
claim that the item is not delivered, the item was returned but they did not
received the refund or they do not remember that they have purchased the
product by making use of their credit card and their credit card has been
compromised.
Amongst all this chargebacks not all of them are fraudulent because the
claim many times can be true as well.
Methods of Controlling the Fraud:
Eliminating the online frauds or scam is very difficult and for this reason there are different
security measures which can be implemented so as to reduce the frauds and scams and this
includes the following:
Constant running of the security checks by usage of the antivirus along with installing the
necessary firewalls as well so as to provide protection to the network from any kind of
penetration attack
The passwords that are used should be strong
to the cardholders and the details of the credit card and for this reason they
utilize the real-time customer data so as to fool the system. This type of
fraud is associated with making this look legitimate by stealing of all the
necessary real data.
Friendly Fraud This is the fraud which is considered to be friendly which seems to happen
when the customers are associated with making digital purchase by making
use of the credit cards which is followed by contacting the issuer of the
credit card so as to claim an dispute of the charge. These type of situation
would be responsible for making the customers to contact the issuer so as to
claim that the item is not delivered, the item was returned but they did not
received the refund or they do not remember that they have purchased the
product by making use of their credit card and their credit card has been
compromised.
Amongst all this chargebacks not all of them are fraudulent because the
claim many times can be true as well.
Methods of Controlling the Fraud:
Eliminating the online frauds or scam is very difficult and for this reason there are different
security measures which can be implemented so as to reduce the frauds and scams and this
includes the following:
Constant running of the security checks by usage of the antivirus along with installing the
necessary firewalls as well so as to provide protection to the network from any kind of
penetration attack
The passwords that are used should be strong
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6INFORMATION TECHNOLOGY SECURITY
Users should be aware while conducting online transactions
Installation and Configuration of IDS: SNORT
Installation of SNORT
Snort 2_9_13: Download and save the file to the d:\temp folder.
64bit Windows All: Required additional downloads for the 64bit architecture install!
dload.png Strawberry Perl 5.28.1.1: Download and save the file to the d:\temp folder.
dload.png PostgreSQL Database 10.7-1: Download and save the file to the d:\temp folder.
dload.png PHP 5.6.40 NTS (VC11): Download and save the file to the d:\temp folder.
Installs Microsoft Visual C++ 2012/2013/2017
Installs 'Notepad2' to Windows\System32
Installs 'unzip' to Windows\System32
Installs 'tartool' to Windows\System32
Inserts 'winids' hostname into hosts file
Inserts 'IGMP and SCTP' into the protocol file for Snort rules
Inserts 'Nodosfilewarning' into User ENV to suppress CYGWIN warning message when
starting Barnyard2
Sets 'Show File Extensions' as on in registry
Reboots system
Installing Snort, the Traffic Detection and Inspection Engine
At the CMD prompt type 'd:\temp\Snort_2_9_13_Installer.exe' (less the outside quotes), and tap
the 'Enter' key.
The 'License Agreement' window opens, left-click 'I Agree'.
The 'Choose Components' window opens, left-click 'Next'.
The 'Choose Install Location' window opens, in the 'Destination Folder' dialog box, type 'd:\
winids\snort' (less the outside quotes), left-click 'Next' allowing the install to complete.
The 'Snort has been successfully installed' window opens, left-click 'OK'
Users should be aware while conducting online transactions
Installation and Configuration of IDS: SNORT
Installation of SNORT
Snort 2_9_13: Download and save the file to the d:\temp folder.
64bit Windows All: Required additional downloads for the 64bit architecture install!
dload.png Strawberry Perl 5.28.1.1: Download and save the file to the d:\temp folder.
dload.png PostgreSQL Database 10.7-1: Download and save the file to the d:\temp folder.
dload.png PHP 5.6.40 NTS (VC11): Download and save the file to the d:\temp folder.
Installs Microsoft Visual C++ 2012/2013/2017
Installs 'Notepad2' to Windows\System32
Installs 'unzip' to Windows\System32
Installs 'tartool' to Windows\System32
Inserts 'winids' hostname into hosts file
Inserts 'IGMP and SCTP' into the protocol file for Snort rules
Inserts 'Nodosfilewarning' into User ENV to suppress CYGWIN warning message when
starting Barnyard2
Sets 'Show File Extensions' as on in registry
Reboots system
Installing Snort, the Traffic Detection and Inspection Engine
At the CMD prompt type 'd:\temp\Snort_2_9_13_Installer.exe' (less the outside quotes), and tap
the 'Enter' key.
The 'License Agreement' window opens, left-click 'I Agree'.
The 'Choose Components' window opens, left-click 'Next'.
The 'Choose Install Location' window opens, in the 'Destination Folder' dialog box, type 'd:\
winids\snort' (less the outside quotes), left-click 'Next' allowing the install to complete.
The 'Snort has been successfully installed' window opens, left-click 'OK'
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION TECHNOLOGY SECURITY
Configuring SNORT:
At the CMD prompt type 'type NUL > d:\winids\snort\rules\white_list.rules' (less the outside
quotes), and tap the 'Enter' key.
At the CMD prompt type 'type NUL > d:\winids\snort\rules\black_list.rules' (less the outside
quotes), and tap the 'Enter' key.
At the CMD prompt type 'notepad2 d:\winids\snort\etc\snort.conf' (less the outside quotes), and
tap the 'Enter' key.
Use the Find option in Notepad2 to locate and change the variables below.
Original Line(s): ipvar HOME_NET any
Change to: ipvar HOME_NET 192.168.1.0/24
In the above HOME_NET example (192.168.1.0/24), using a CIDR of 24 the Windows
Intrusion Detection System (WinIDS) will monitor addresses 192.168.1.1 - 192.168.1.254. It is
important to specify the correct internal IP segment of the Windows Intrusion Detection System
(WinIDS) network that needs monitoring, and to set the correct CIDR.
Original Line(s): var RULE_PATH ../rules
Change to: var RULE_PATH d:\winids\snort\rules
Original Line(s): var SO_RULE_PATH ../so_rules
Change to: # var SO_RULE_PATH ../so_rules
Original Line(s): var PREPROC_RULE_PATH ../preproc_rules
Change to: var PREPROC_RULE_PATH d:\winids\snort\preproc_rules
Original Line(s): var WHITE_LIST_PATH ../rules
Change to: var WHITE_LIST_PATH d:\winids\snort\rules
Original Line(s): var BLACK_LIST_PATH ../rules
Change to: var BLACK_LIST_PATH d:\winids\snort\rules
Original Line(s): dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
Change to: dynamicpreprocessor directory d:\winids\snort\lib\snort_dynamicpreprocessor
Original Line(s): dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
Change to: dynamicengine d:\winids\snort\lib\snort_dynamicengine\sf_engine.dll
Original Line(s): decompress_swf { deflate lzma } \
Change to: decompress_swf { deflate } \
Original Line(s): # preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level
{ low }
Change to: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low }
Configuring SNORT:
At the CMD prompt type 'type NUL > d:\winids\snort\rules\white_list.rules' (less the outside
quotes), and tap the 'Enter' key.
At the CMD prompt type 'type NUL > d:\winids\snort\rules\black_list.rules' (less the outside
quotes), and tap the 'Enter' key.
At the CMD prompt type 'notepad2 d:\winids\snort\etc\snort.conf' (less the outside quotes), and
tap the 'Enter' key.
Use the Find option in Notepad2 to locate and change the variables below.
Original Line(s): ipvar HOME_NET any
Change to: ipvar HOME_NET 192.168.1.0/24
In the above HOME_NET example (192.168.1.0/24), using a CIDR of 24 the Windows
Intrusion Detection System (WinIDS) will monitor addresses 192.168.1.1 - 192.168.1.254. It is
important to specify the correct internal IP segment of the Windows Intrusion Detection System
(WinIDS) network that needs monitoring, and to set the correct CIDR.
Original Line(s): var RULE_PATH ../rules
Change to: var RULE_PATH d:\winids\snort\rules
Original Line(s): var SO_RULE_PATH ../so_rules
Change to: # var SO_RULE_PATH ../so_rules
Original Line(s): var PREPROC_RULE_PATH ../preproc_rules
Change to: var PREPROC_RULE_PATH d:\winids\snort\preproc_rules
Original Line(s): var WHITE_LIST_PATH ../rules
Change to: var WHITE_LIST_PATH d:\winids\snort\rules
Original Line(s): var BLACK_LIST_PATH ../rules
Change to: var BLACK_LIST_PATH d:\winids\snort\rules
Original Line(s): dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
Change to: dynamicpreprocessor directory d:\winids\snort\lib\snort_dynamicpreprocessor
Original Line(s): dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
Change to: dynamicengine d:\winids\snort\lib\snort_dynamicengine\sf_engine.dll
Original Line(s): decompress_swf { deflate lzma } \
Change to: decompress_swf { deflate } \
Original Line(s): # preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level
{ low }
Change to: preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { low }
8INFORMATION TECHNOLOGY SECURITY
logfile { \portscan.log }
Original Line(s): # output unified2: filename merged.log, limit 128, nostamp,
mpls_event_types, vlan_event_types
Change to: output unified2: filename merged.log, limit 128
Original Line(s): include classification.config
Change to: include d:\winids\snort\etc\classification.config
Original Line(s): include reference.config
Change to: include d:\winids\snort\etc\reference.config
Original Line(s):
# include $PREPROC_RULE_PATH/preprocessor.rules
# include $PREPROC_RULE_PATH/decoder.rules
# include $PREPROC_RULE_PATH/sensitive-data.rules
Change to:
include $PREPROC_RULE_PATH/preprocessor.rules
include $PREPROC_RULE_PATH/decoder.rules
include $PREPROC_RULE_PATH/sensitive-data.rules
Original Line(s): include threshold.conf
Change to: include d:\winids\snort\etc\threshold.conf
Save the file, and eXit Notepad2.
Question 3:
Foot printing:
Foot printing is generally associated with referring to the term which is not exclusive to
computer science however this is often used in the IT or Information technology for the purpose
of referring to the efforts related to finding out about the computer systems and the network or
the footprints. Besides this it is also possible to use foot printing for legitimate purpose and this
term is often linked with the hacking or cyber-attacks.
logfile { \portscan.log }
Original Line(s): # output unified2: filename merged.log, limit 128, nostamp,
mpls_event_types, vlan_event_types
Change to: output unified2: filename merged.log, limit 128
Original Line(s): include classification.config
Change to: include d:\winids\snort\etc\classification.config
Original Line(s): include reference.config
Change to: include d:\winids\snort\etc\reference.config
Original Line(s):
# include $PREPROC_RULE_PATH/preprocessor.rules
# include $PREPROC_RULE_PATH/decoder.rules
# include $PREPROC_RULE_PATH/sensitive-data.rules
Change to:
include $PREPROC_RULE_PATH/preprocessor.rules
include $PREPROC_RULE_PATH/decoder.rules
include $PREPROC_RULE_PATH/sensitive-data.rules
Original Line(s): include threshold.conf
Change to: include d:\winids\snort\etc\threshold.conf
Save the file, and eXit Notepad2.
Question 3:
Foot printing:
Foot printing is generally associated with referring to the term which is not exclusive to
computer science however this is often used in the IT or Information technology for the purpose
of referring to the efforts related to finding out about the computer systems and the network or
the footprints. Besides this it is also possible to use foot printing for legitimate purpose and this
term is often linked with the hacking or cyber-attacks.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9INFORMATION TECHNOLOGY SECURITY
In terms of the Hacking the term foot printing generally refers to some of the work which
is done quietly by the hackers before they are associated with conducting an attack upon the
system. This might be associated with looking in the type operating system which being used by
a specific hardware setup or pinging of the system so as to determine the properties of the design.
Besides this the port scanning or the registry queries are some other type of foot printing. These
type of information are then used for the purpose of building up of plans so as to counter the
cyber-attack.
Network Vulnerability Tool Scanner
OpenVAS:
This is one of the open Vulnerability Assessment System which is a free network security
scanning tool and many of the components of the OpanVAS is licensed under the General Public
License or the GNU. Besides this the major components of the OpnaVAS is one of the security
scanner which is seen to be running in the Linux environment. Besides this it is also possible to
integrate the OVAL or the Open Vulnerability Assessment Language for the purpose of writing
the vulnerability tests.
WireShark
This another network vulnerability scanning tool which is an open source tool and is also known
as the multi-platform network protocol analyzer and is seen to be associated with the scanning of
the data vulnerabilities on the live network which exists between the active client and the server.
Besides this the tool is also associated with helping in viewing the network traffic as well as
helping in following the network stream as well. This software runs in the windows, linux and in
OSX as well. This in turn is also associated with showing the stream construction of the TCP
In terms of the Hacking the term foot printing generally refers to some of the work which
is done quietly by the hackers before they are associated with conducting an attack upon the
system. This might be associated with looking in the type operating system which being used by
a specific hardware setup or pinging of the system so as to determine the properties of the design.
Besides this the port scanning or the registry queries are some other type of foot printing. These
type of information are then used for the purpose of building up of plans so as to counter the
cyber-attack.
Network Vulnerability Tool Scanner
OpenVAS:
This is one of the open Vulnerability Assessment System which is a free network security
scanning tool and many of the components of the OpanVAS is licensed under the General Public
License or the GNU. Besides this the major components of the OpnaVAS is one of the security
scanner which is seen to be running in the Linux environment. Besides this it is also possible to
integrate the OVAL or the Open Vulnerability Assessment Language for the purpose of writing
the vulnerability tests.
WireShark
This another network vulnerability scanning tool which is an open source tool and is also known
as the multi-platform network protocol analyzer and is seen to be associated with the scanning of
the data vulnerabilities on the live network which exists between the active client and the server.
Besides this the tool is also associated with helping in viewing the network traffic as well as
helping in following the network stream as well. This software runs in the windows, linux and in
OSX as well. This in turn is also associated with showing the stream construction of the TCP
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10INFORMATION TECHNOLOGY SECURITY
session and is associated with including the tshark which is a tcpdump console version. However
one issue is faced by this software and is having the risk of remote security exploitation.
Question 4:
Role played by firewall:
A firewall is considered to be a vital component of the network which is associated with
playing a very vital role in the securing and protecting the network, the security of the network is
generally associated with referring to the methods related to addressing the different external as
well as the internal threats which are faced by the computer network system. Firewalls are
having the capability of securing the network from internal as well as from the external danger.
Firewall is the device which is installed in between the internal network and external
network with an aim of filtering all the incoming as well as the outgoing traffic or the data. This
process is also known as packet filtering. Certain rules are programmed into the firewall by the
system administrator for the purpose of evaluating the incoming and the outgoing data.
Types of Firewall:
The firewalls can be classified into five different types and is associated with including the
following:
Packet-filtering firewalls:
This firewall is the oldest and the most simple firewall architecture which is
associated with a creation of the checkpoint in the traffic of the router or at the switch and
is responsible for performing of simple checks. The checks are generally performed upon
the data packets which are coming through the router so as to inspect different
session and is associated with including the tshark which is a tcpdump console version. However
one issue is faced by this software and is having the risk of remote security exploitation.
Question 4:
Role played by firewall:
A firewall is considered to be a vital component of the network which is associated with
playing a very vital role in the securing and protecting the network, the security of the network is
generally associated with referring to the methods related to addressing the different external as
well as the internal threats which are faced by the computer network system. Firewalls are
having the capability of securing the network from internal as well as from the external danger.
Firewall is the device which is installed in between the internal network and external
network with an aim of filtering all the incoming as well as the outgoing traffic or the data. This
process is also known as packet filtering. Certain rules are programmed into the firewall by the
system administrator for the purpose of evaluating the incoming and the outgoing data.
Types of Firewall:
The firewalls can be classified into five different types and is associated with including the
following:
Packet-filtering firewalls:
This firewall is the oldest and the most simple firewall architecture which is
associated with a creation of the checkpoint in the traffic of the router or at the switch and
is responsible for performing of simple checks. The checks are generally performed upon
the data packets which are coming through the router so as to inspect different
11INFORMATION TECHNOLOGY SECURITY
information such as the IP addresses destination and place of origin, type of packet,
number of the prot, and many other information without opening them so as to inspect the
content.
Stateful inspection firewalls:
This is the firewall which is associated with combining the packet inspection
technology and the TCP handshake verification. This is mainly done for the purpose of
creating a certain level of protection which is much greater than the either of the two
architecture which has been used for the purpose of creating this firewall. In addition to
all this these type of firewall is associated with putting a more stress upon the computing
resources and this in turn might be associated with making the legitimate packets to slow
down as compared to the other solutions.
Circuit-level gateways:
This is another simple firewall which is generally used for quick and easy
approval or denial of the traffic which is done without consuming of the significant
resources. The circuit level gateway is seen to be working by verifying the TCP or the
Transmission Control Protocol Handshake. The main reason lying behind the designing
of the TCP check is for the purpose of making sure that the session which is provided by
the packet is legitimate in nature. Despite of being extremely resource-efficient these
firewalls are not associated with checking of the packet itself. In case when a packet is
associated with holding the malware but is having the right TCP handshake then it would
be right passing through.
Application-level gateways or the. proxy firewalls:
information such as the IP addresses destination and place of origin, type of packet,
number of the prot, and many other information without opening them so as to inspect the
content.
Stateful inspection firewalls:
This is the firewall which is associated with combining the packet inspection
technology and the TCP handshake verification. This is mainly done for the purpose of
creating a certain level of protection which is much greater than the either of the two
architecture which has been used for the purpose of creating this firewall. In addition to
all this these type of firewall is associated with putting a more stress upon the computing
resources and this in turn might be associated with making the legitimate packets to slow
down as compared to the other solutions.
Circuit-level gateways:
This is another simple firewall which is generally used for quick and easy
approval or denial of the traffic which is done without consuming of the significant
resources. The circuit level gateway is seen to be working by verifying the TCP or the
Transmission Control Protocol Handshake. The main reason lying behind the designing
of the TCP check is for the purpose of making sure that the session which is provided by
the packet is legitimate in nature. Despite of being extremely resource-efficient these
firewalls are not associated with checking of the packet itself. In case when a packet is
associated with holding the malware but is having the right TCP handshake then it would
be right passing through.
Application-level gateways or the. proxy firewalls:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.