Comprehensive Report on Computer and Network Security Vulnerabilities

Verified

Added on 2019/09/30

AI Summary

This report delves into the critical realm of computer and network security, focusing on various vulnerabilities and their corresponding mitigation strategies. It begins with an abstract emphasizing the significance of data security and system hardening. The report then meticulously details several vulnerabilities, including firewall rule misconfigurations, the risks associated with direct root login and the use of Telnet, and the impact of Yum server configuration. Each vulnerability is thoroughly explained with specific scenarios and potential attack vectors. The report also provides practical mitigation steps, such as adjusting firewall rules with IPTABLES, disabling direct root login and utilizing sudo users for enhanced logging, and replacing Telnet with SSH for secure remote communication. Furthermore, the report addresses CVE-2016-3238, highlighting the dangers of man-in-the-middle attacks facilitated by network vulnerabilities. Finally, the report illustrates the importance of using YUM for package installation to avoid security breaches, referencing relevant academic literature to support the analysis.

COMPUTER & NETWORK
SECURITY

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Abstract
Network security is of the utmost importance to any organization. Data is the
most valuable entity and leaving it vulnerable can make the system weak and
lose the critical information. When procuring a server, there are so many
hardening steps that are taken into consideration so that when they are done,
system can be made strong and robust. In this report, there are various
vulnerabilities demonstrated which re breaching the security of the system.
Mitigation of each vulnerability is also provided so that the risk does not
persists.

In this report, we are using a Unix environment for security analysis,
There are various vulnerabilities that can invite attacks if left untreated. Each of
these vulnerability is tested and mitigated in the test VM built.
a. Explanation of Vulnerability
All the vulnerabilities shown in the section below are the loopholes that can
invite various attacks and intrusions. They are well explained in each
scenario with the respective mitigation.
Vulnerability Scenario 1: FIREWALL RULES
When the system is exposed to internet, it is vulnerable to various intrusions and
attacks. When it was tested to ping google, it was pinging. The security features
in Linux, that is IPTABLES was checked and in that it allowed all the traffic
from anywhere to anywhere. This is a major security breach and needs an
urgent attention.

After mitigation, the code in the script was changed and traffic was changed
from anywhere to destination that will be secured and trackable.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

b. Existence of vulnerability in production systems
Production systems are the ones which are running live and being
accessed by the end user. If there is any security breach in the data, it can
cause a heavy toll on user which can further tend to lose important
information. Therefore, it is very important to make the system strong

before deploying it into the production. All the risks have been shown in
the scenarios and mitigations are also mentioned with screenshot.
Vulnerability Scenario 2: SUDO user
When there is direct root login, logs are generated with root account and we do
not come to know who is the culprit. We have to disable the root login and
create sudo users to generate separate logs for the different users.
Also, disable direct root login by changing the code in /sshd_config file:

Vulnerability Scenario 3: Disabling Telnet
Telnet is a remote service which is used to communicate with other servers. But
this is insecure as it transfers the data in plain text format.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Disable the service and use ssh instead that is secure shell for communicating
between the remote servers.
CVE-2016-3238
This is a vulnerability which is imposed on the network of the system. This
enablss the man in the middle to take the advantage of the loophole. The
intruder attacks the on the system via weak network line and no security
protocol and hence lets the system lose its critical information. Due to the telnet
service which is disabled later on in this assignment for the motivation purpose
leadto this vulnerability. This is done both on windows and liquid and can be
vuonerable at different scale.
Vulnerability Scenario 4: Yum Server Configuration
This is the repository which helps in installing the packages which are necessary
for security and boosting the performance.

Without Yum, we have to use RPM, which makes the installation process slow
and sometimes decline. This causes security breach in the system.
c. Demonstration of exploit:
In every scenario, there have been exploit. Like in the screenshot below,
rpm that is redhat package manager is used which can cause decline in
package installation by displaying such error messages, thus breaching
the security.
d. Mitigation
This is mitigated by using YUM yellow update manager, installing the security
packages by overcoming all the dependencies. Here, we are installing python,
which further stimulates other security packages.

As shown in the above screenshots, package was not able to get installed by
rpm but it able to get installed by YUM.
REFERENCES:
Stallings, W. (2006). Cryptography and network security, 4/E. Pearson Education India.
Stallings, W. (1995). Network and internetwork security: principles and practice (Vol. 1). Englewood
Cliffs, New Jersey: Prentice Hall.
Simmonds, A., Sandilands, P., & Van Ekert, L. (2004, October). An ontology for network security
attacks. In Asian Applied Computing Conference (pp. 317-323). Springer, Berlin, Heidelberg.
Ferguson, P. (2000). Network ingress filtering: Defeating denial of service attacks which employ IP
source address spoofing.
Motter, A. E., & Lai, Y. C. (2002). Cascade-based attacks on complex networks. Physical Review
E, 66(6), 065102.
Hansman, S., & Hunt, R. (2005). A taxonomy of network and computer attacks. Computers &
Security, 24(1), 31-43.