Network Security Questions - Assignment Example

Assignment, Computer sciences and Information technology Network Security Questions Question How to mitigate Configuration WeaknessesIn order to mitigate the weaknesses with network configuration, the first step is to identify the causes.Causes of configuration weaknessesWhen installations are done based on the default settings of the system, there is no regard for network security and the default configuration is not reset. This compromises the configuration standards of the network. The second cause is by setting configuration properties that do not conform to the services that run on the network.

For example, when the IP addresses, and the subnet mask and the DNS server addresses do not have any connection, the network services cannot be supported.MitigationThe configuration weaknesses are configures through the following procedure:Setup of effective access control list to prevent the blockages of trafficResetting of the network or system properties to default values and prohibiting of password recyclingEnsuring that any idle ports and services are deactivatedConstruction of strong and protected remote access on the Internet and on dial-up connectionsHow to mitigate Security Policy WeaknessesThe following issues cause security policy weaknesses:CausesMitigationLack of written policies or existence of Poorly reviewed policiesDocumentation of relevant policies to guide the system and network securityUnmonitored installation of hardware and softwareDisabling of installation rights for all users except the system administratorsLack of logs for registering security audit trailsCreation and regular monitoring of security logsOverreliance on key staff on Information managementSpread of security awareness through proper training of all staff on the use of the network servicesLack of personal attitude and ethicsEmployee motivation and ethics training to discourage temptations to system fraudsLack of plan for business continuity and disaster management planPreparation of plans for disaster recoverySharing of PasswordsEstablishment of policies prohibiting password sharing and disciplinary actions on perpetratorsQuestion 2:How botnet attack is conductedBotnet are pieces of malware, which infect victims by contacting central commanding system, then wait for the execution of the commands.

Botnets mainly send harmful mails in form of spam campaign messages to the target points of the attackers. The botnet can therefore spread as viruses, Trojans or worms through emails and websites.Attack ObjectivesThe objectives of botnet attack are to enable the attackers spy on the victims and gain access to sensitive information such as financial statements. They steal the victims’ credentials and hijack banking information, ultimately leading to stealing of money. Their transactions run concurrently with those of their victims.

The attackers can also use botnet to access the system source codes.Impact on the VictimsBotnet attackers can use their victims’ computers and resources for sending malicious spam. These can then spy other victim’s and execute denial of service command against them. The victims spend a lot of money as well as time to recover from the consequences. Worse still, botnet attacks can land victims into legal challenges. It is not easy for the victim to realize from the onset that the sender of the malware is in fact a fellow victim.

In that case, the end victim may take sue the supposed attackers.Question 3:i. Access Control List Firewall and proxy firewalla. DifferencesAccess Control List FirewallACLs exist as rules to grant or deny access to certain IP addresses. It selects the IP addresses whose traffics should be accepted or rejected.Proxy FirewallOn the other hand, Proxy firewalls are intermediate barriers that accept every traffic instructions moving into a network. It achieves this through impersonation of the actual receiving point of the traffic in the network.

From the results of inspection, it grants or denies access and the proxy firewall relays feedback to the destination. After the destination replies, proxy firewall ends the connection. Only one of the two computers remains connected to the global network.b. SimilaritiesBoth the ACLs and the Proxy firewall use the technique of grant and denial of traffic to network IP addresses and services.c. Advantages and disadvantagesACLSAdvantagesThe advantage of ACLs is that it is scalable and has high performance.

DisadvantagesACLS are not capable of reading past packet headers. This gives only basic details concerning the network. In this regard, ACLs packet filtering is not sufficient in itself to eliminate network threats.Proxy FirewallAdvantageProxy firewalls are able to inspect to make decisions on specific information. Proxy firewall is suitable for access control for network administrators.DisadvantageProxy firewall demands that every application require a separate proxy at the level of each application.

Proxy firewall network suffer from poor traffic performance and functionality. This reduces the scalability of the firewall and reduces chances of successful implementation.(ii) Difference between Perimeter Firewall and Host-based FirewallPerimeter firewalls are network firewalls located at the boundaries between external and internal networks. Host-based firewalls are firewalls located on every host inside the network.Examples of Perimeter FirewallInternet Security and Acceleration Server (ISAS) From Microsoft CorporationExample of Host-based FirewallAdvanced Security Windows firewallQuestion 4When the ACL type command is applied in this command, the network allows movement of packets from 192.168.200.10 to 192.168.200.1.

Question 5Foot printing is the process of gathering and keeping the sequence of information about an organization. Tools for foot printingSocial MediaWeb searchObjectives of foot printing by hackerTo begin arrangement for ethical hacking on one’s personal businessQuestion 6RADIUS and TACACS+SimilaritiesRadius and TACACS + are applicable in remote network access as long as users can dial remotely for accessing a network. They are both used to authenticate the remote access.DifferencesTACACS+ does encryption of the whole authentication process, hence, is more secure.

RADIUS does encryption only on the passwordRADIUS applies UDP protocol while TACACS+ applies TCP protocol