Computer & Network Security: Vulnerabilities and Mitigation Report

Verified

Added on 2019/09/30

AI Summary

This report provides a comprehensive analysis of computer and network security, emphasizing the critical importance of data protection within organizations. It details various vulnerabilities, including firewall rule weaknesses, sudo user misconfigurations, insecure Telnet usage, and Yum server configuration issues, all of which can lead to significant security breaches. The report utilizes a Unix environment for security analysis and demonstrates how these vulnerabilities can be exploited. For each vulnerability scenario, the report offers specific mitigation strategies, such as modifying firewall rules, disabling direct root login, replacing Telnet with SSH, and using YUM for package installations. The report underscores the need for robust security measures before deploying systems into production environments and references several key sources in the field of cryptography and network security. The report provides practical steps for strengthening system security and preventing potential data loss or unauthorized access.

Computer & Network security

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Abstract
Network security is of the utmost importance to any organization. Data is the
most valuable entity and leaving it vulnerable can make the system weak and
lose the critical information. When procuring a server, there are so many
hardening steps that are taken into consideration so that when they are done,
system can be made strong and robust. In this report, there are various
vulnerabilities demonstrated which re breaching the security of the system.
Mitigation of each vulnerability is also provided so that the risk does not
persists.

In this report, we are using a Unix environment for security analysis,
There are various vulnerabilities that can invite attacks if left untreated. Each of
these vulnerability is tested and mitigated in the test VM built.
a. Explanation of Vulnerability
All the vulnerabilities shown in the section below are the loopholes that can
invite various attacks and intrusions. They are well explained in each
scenario with the respective mitigation.
Vulnerability Scenario 1: FIREWALL RULES
When the system is exposed to internet, it is vulnerable to various intrusions and
attacks. When it was tested to ping google, it was pinging. The security features
in Linux, that is IPTABLES was checked and in that it allowed all the traffic
from anywhere to anywhere. This is a major security breach and needs an
urgent attention.

After mitigation, the code in the script was changed and traffic was changed
from anywhere to destination that will be secured and trackable.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

b. Existence of vulnerability in production systems
Production systems are the ones which are running live and being
accessed by the end user. If there is any security breach in the data, it can
cause a heavy toll on user which can further tend to lose important
information. Therefore, it is very important to make the system strong

before deploying it into the production. All the risks have been shown in
the scenarios and mitigations are also mentioned with screenshot.
Vulnerability Scenario 2: SUDO user
When there is direct root login, logs are generated with root account and we do
not come to know who is the culprit. We have to disable the root login and
create sudo users to generate separate logs for the different users.
Also, disable direct root login by changing the code in /sshd_config file:

Vulnerability Scenario 3: Disabling Telnet
Telnet is a remote service which is used to communicate with other servers. But
this is insecure as it transfers the data in plain text format.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Disable the service and use ssh instead that is secure shell for communicating
between the remote servers.
Vulnerability Scenario 4: Yum Server Configuration
This is the repository which helps in installing the packages which are necessary
for security and boosting the performance.
Without Yum, we have to use RPM, which makes the installation process slow
and sometimes decline. This causes security breach in the system.
c. Demonstration of exploit:

In every scenario, there have been exploit. Like in the screenshot below,
rpm that is redhat package manager is used which can cause decline in
package installation by displaying such error messages, thus breaching
the security.
d. Mitigation
This is mitigated by using YUM yellow update manager, installing the security
packages by overcoming all the dependencies. Here, we are installing python,
which further stimulates other security packages.
As shown in the above screenshots, package was not able to get installed by
rpm but it able to get installed by YUM.
REFERENCES:
Stallings, W. (2006). Cryptography and network security, 4/E. Pearson Education India.

Stallings, W. (1995). Network and internetwork security: principles and practice (Vol. 1). Englewood
Cliffs, New Jersey: Prentice Hall.
Simmonds, A., Sandilands, P., & Van Ekert, L. (2004, October). An ontology for network security
attacks. In Asian Applied Computing Conference (pp. 317-323). Springer, Berlin, Heidelberg.
Ferguson, P. (2000). Network ingress filtering: Defeating denial of service attacks which employ IP
source address spoofing.
Motter, A. E., & Lai, Y. C. (2002). Cascade-based attacks on complex networks. Physical Review
E, 66(6), 065102.
Hansman, S., & Hunt, R. (2005). A taxonomy of network and computer attacks. Computers &
Security, 24(1), 31-43.