Академический Документы
Профессиональный Документы
Культура Документы
Table of Contents
1.
2.
Anomaly actions............................................................................................ 3
(b)
(c)
(d)
Network diagram and Firewall rules for Reliable Power Suppliers (RPS)...............5
(a)
(b)
3.
4.
5.
(a)
SOP policy...................................................................................................... 9
(b)
(c)
CORS Policy.................................................................................................. 10
(d)
(b)
(c)
References................................................................................................................ 13
(a)
Anomaly actions
In general business network is prone to number of attacks and when the case with the e-business
and sales is considered, it is noticed that overall performance of making the operations have
become very low and users cant finish the transactions quickly. This type of situation is mainly
noticed over a attacked network and from the primary analysis, some of the threats and attacks
are recognized and as listed below
Session tracking might be disabled by the attacker, as the regular user logins will be
monitored and controlled by the attackers by establishing the VLAN map access attributes at
this level. Mail and chat configuration files will be corrupted due to the unanimous anomaly
traffic over the network and thus the overall performance of the network is degraded in this
context.
Separating mapping technique will be adopted by using the tools and techniques of
Wireshark, where the local sessions and buffers will be cleared prior to applying the
respective techniques.
All the packets those were considered against Wireshark tools analysis will be separately
mapped over the local buffers and thus further analysis is possible at this level. Traffic
anomalies will be imposed due to the minimal protocol level like libpcap and the required
(b)
There are multiple options available to mitigate the attacks over the e-sales network and some of
real scenarios are as discussed below
When the OS of the server and firewall policies are hacked, they can work properly
(c)
IP address spoofing is the main attacks possible with the role of IP preparator, where the IP
address will be used to create multiple similar and false addresses. Now whenever there is some
request from any of the sources, it will be treated as a normal client by the preparator and the
respective resources will be provided and thus the attacker will hide the actual identity in this
context. DoS attacks will integrate the data from the regular IP spoofing attacks to explore
further and thus reduce the overall performance of the network and this situation is also noticed
over the given case study of e-sales scenario.
(d)
All the scenarios associated with Wireshark tool will be helpful in filtering and blocking block
of data and other cases like HTTP, SMTP and XMLHTT requests and the columns of the
Wireshark tool can be used to impose the required filtering technique. Both the IP spoofing and
DoS attacks can be prevented by imposing the filtering technique while considering the http and
IP address into the required context.
(a)
Reliable Power Supplier (RPS) and the respective network diagram is as given below
(b)
Rule
Protocol
Transport
Source
Source
Destination
Destination
Action
Inward
protocol
IP
Port
IP
Port
TCP/IP
198.14
>1010
165.23.4.1
56
Allow
65
198.142.15.
5050
Allow
2.15.2
2
Outward
HTTP/TCP
165.23
.4.1
Inward/
All
All
All
All
All
Deny
TCP/HTT
198.14
65
165.23.4.1
1221
Allow
2.15.2
Outward
4
Inward
Rule
Explanation
Number
1
Rule Protocol
Transport
Source IP
protocol
Source
Destination
Destina
Port
IP
tion
Action
Port
1
Stealth
All
All
All
6
All
All
Deny
Protocol
2
Web
SMTP/HTT
143.32.9.10
>30
165.23.16.8
1010
Permit
IP / DMZ
All
All
All
All
Permit
SMTP
143.32.9.10
>42
165.23.16.8
>2020
Permit
Remote
access
Rule
Explanation
Stealth protocol is not at all allowed over the range of source and
destination IP addresses specified over the firewall rules set for both the
DMZ and Internet access
DMZ and IP are permitted within the range of source and destination IP
address and port range against the firewall rules set
Both the DNS and ARP caching and poisoning attacks will act similar on the network in term of
imposing the attacks, still there are quire implementation level variations and few of them are as
found and listed as below
ARP poisoning attacks are targeted over the entire network in form of ARP messages,
where the DNS attacks targets only few victims by sending the messages to the DHCP
they are analyzed at the routing table entries as well (Wang, 2014).
DNS spoofing is done without any additional requirement of ARP spoofing, where ARP
attacks always need the DNS attacks to be imposed in prior at the UDP level and TCP
By maintaining the local and primary buffers to handle the DNS server request, impact of DNS
cache poisoning attacks can be reduced a lot. DNS servers can be patched with additional
security mechanism with the configuration of bind-chroot package installer. MitM attacks
associated with ARP poisoning attacks can be reduced with the help of tools and techniques like
Wireshark and ARP tickets, when they are implicated over the layer 2 attacks with the help of
Ettercap techniques (Tripathy, 2011).
(a)
SOP policy
In general SOP policy will ensure that, none of the web pages apart from the websites home
page will be loaded. Basically all the requests associated with the java scripting like HTTP
request and response object will be considered while imposing these policies, where all the
8
external websites to the CQU DNS will be permanently blocked and the best example is
www.wikileaks.org, where it can be loaded over the university servers, as a part of SOP policy
(b)
Retrieval Allow/Deny
http://scholar.google.co.in/
Permit
Scholar
as
it
Permit
network
modeling
diagrams online
www.gmail.com
Deny
www.snapdeal.com
Deny
(c)
CORS Policy
Cross Origin Resource Sharing (CORS) policy allows the users to use the limited and constraints
and has some loosely imposed restrictions when compared to SOP policies. Both the http and
xmlhttp requests will be forwarded to some of the websites, such the java script will allow the
user to gain the required access and the examples are as listed below
(d)
It is assumed that www.gmail.com is a part of the SOP policy over CQU DNS server,
where with the advent of Origin and Access Control Allow Origin policies, few of the
pages like www.gmail.com/CQU can be given the access as Gmail group within the
with
the
help
of
CORS
policy
implementation,
web
pages
like
(a)
Useful information of the users like their passwords, login ids and user profiles will be
hacked with the level of DNS Spoofing and poisoning attacks implied over the safe bank
network
Scripting based attacks like validation attacks, user input attacks and interpretation
attacks can be implemented over the web browsers and application servers, such that all
10
the data entered by the user across both the clients and servers will be stolen and
misinterpreted.
ARP flooding and TCP Spoofing attacks will corrupt the normal traffic flow across the
network and thus the application behavior will be affected and changed a lot in this
context
All the external and internal internet requests and response objects will be blocked by
attacking the firewall based internet and DMZ rules respectively
(b)
(c)
11
Once the attacks on the Safe bank network are identified, they are mitigated using the below
techniques
Proper session and login management using the tools will improve the authentication
patterns of the verified users and thus the hackers might not fetch the desired information
DMZ/Internet rules like allow and deny can be imposed over the firewall configurations
such that only authorized users, traffic and protocols will access the network of Safe bank
One more firewall with extra configuration and rules can be defined and deployed to
block the unwanted anomaly and intruder traffic over the network
Still there could be chances of some potential limitations and they are as listed below
Database attacks might be imposed on the network and in general they will corrupt the
data over SQL and XMLL files in the form of SQL Injection and XML injection attacks
respectively
Few of the web services, WSDL files and SAOP messages might be attacked as a part of
References
Issac, B. (2009). Secure ARP and Secure DHCP Protocols to Mitigate Security
to
Poisoning
Cache. The Sixth International Symposium on Neural Networks (ISNN 2009) Advances in
Intelligent and Soft Computing, 56(3), 116-123.
12