IPV6 Security Enhancement - Assignment Example

Q1: Poorly configured peripheral allows attackers to compromise internet based company networks. Using IPv6 can enhance the security of a company’s network, but not eliminate these attacks. Attackers can be divided into opportunistic and focused attackers. Assuming that a company allows corporate officers, and middle managers to have laptops and home computer access to corporate networks, explain how these computers might be used to compromise a corporate network and then explain several ways that the network administrator might use policy and network tools to minimize these vulnerabilities. In your explanation also include the added security that IPv6 would add and explain the difference between the two types of attackers. Focused attackers Focused attackers will attack a defined target either in an organization or defined network within the organization. In focused attack, the attacker will spend times learning about the target IP address, location and the domain within which it exists. After getting all these information, the attacker proceeds with the attack. Opportunistic attackers The opportunistic attacker will target the targets without distinguish them. This involves attacking as many targets as possible within the network exploiting their weaknesses. At this point, the attacker does not learn about the target so that to proceed with the attack. Home Computer and Laptop Compromise on Organization network Used for impersonation The users of laptops from their homes might misplace their username and password to malicious people. Here, hackers will then use the password and username to gain access into the corporate network by either sending spam mails pretending they were sent by the holder of the password. Additionally, the hackers can send malwares and spywares using the connection to a company’s virtual private network. The spyware will allow hackers to get personal information from the company servers or read other users passwords when being used on a company network. Used for Denial of services The personal computers once used to access other sites outside the organization, and once they are back to the trusted organization network can be utilized in denial of service. Denial of service can be where websites can create traffic unnecessary traffic within the organization bandwidth denying the genuine users from accessing the bandwidth. This can go on unnoticed for some time before getting noticed by the network administrators creating havoc in the organization. Used to get Organizational Network details The personal computer once they are outside the organization is not secure from physical theft. Theft of the computer will allow outsiders to have critical data on the organization network infrastructure. Some data would be network IP address and passwords where the users have been saving them in their personal computer. Once the hacker obtains the information they can configure other machines and infiltrate into the organization network. Policies by Administrator to sort problems The administrator should introduce a policy where workers are supposed to report loss of their machines within less than an hour to block them from accessing the organization network. This measure will ensure even when hackers get an access to the organization network they will be blocked immediately before causing problems. A password policy whereby passwords are changed every week, and that ensures non disclosure of the passwords should be developed. Users of the organization network should not share their credentials and anything done using once credentials the owner is held liable. The organization network should be monitored to see any weird traffic which should be reported to the network administrator immediately. IPV6 Security Enhancement End to End Encryption The end to end encryption will prevent anyone reading data that does not belong to their host machine while it is over the network. This helps in preventing spywares sent through impersonation from reading critical organization data. The end to end encryption will encrypt data while leaving the host machine and it is decrypted on reaching the recipient machine. Secure Name resolution Hackers have been seen to steal access credentials and using them to access other host by impersonation. With secure name resolution in IPV6, a neighbor communicating over the network can establish whether the other host it is whom it claims to be. Q: 2. VMware, Virtual PC, and Parallels allow network administrators to run multiple OS on one server, explain each system and the type of machine you would find them on and the advantage of running several operating systems on one machine. Explain what a virtual machine is. Also explain the following scanning tools and indicate which operating system they can be run on and the purpose for using each tool. The chapter was written several years ago so you cannot rely on the chapter totally for your answer. eEye Retina, nmap, CORE, Immunity CANVAS, Paros, and Cenzic Hailstorm. VMware It is software used to provide virtualized hardware devices to a guest operating system either in the servers or the Desktop machines. Some of the virtualized devices through VMware are the video adapter, and network adapters within the host machine. VMware Desktop can be run in machines running Linux, Windows, MAC OS and Solaris operating system. A VMWare server is installed in servers to allow virtualization within the servers. Virtual PC It is virtualization software developed by Windows to allow use of multiple windows software within the same machine. The software requires the PC to meet the following minimum standards minimum speed of 400MHZ processor speed and minimum of 35MB hard disk space. The Virtual PC can run in tablets that are running windows tablet operating system. Parallels It is used for running windows applications within the Mac machines. It allows users of Mac PC’s to run both windows and Mac OS X without the need of restarting one of the operating system. The machine minimum requirements to run parallels are run an Intel, 64 bit Processor, 2GB RAM and 15GB hard disk space for installation of the windows operating system. Advantages of running multiple of operating system 1. Software developers can carry test of their software on multiple operating systems within the same host machine without installing the software in multiple machines. Virtualization supports this requirement. 2. Legacy hardware and software that is not supported in the latest operating system can be supported by installing the old operating system while the latest operating system is installed on top of the old operating system. The legacy software will be used in the old operating system while the new software is used in the new operating system. 3. Saving cost on purchase of hardware by eliminating the need to purchase new hardware to install every operating system. Virtual Machine It is an implementation of a computer through software which performs activities like a physical computer with its own processors and RAM. eEye Retina This is used to scan organization network for known vulnerabilities and unknown vulnerabilities to protect infiltration from organization network. It discovers vulnerability on devices that are on the network and offline. The eEye retina runs on windows operating system like XP, and Windows 7. Nmap It is software used to scan hosts and services running within a network. The software has the ability of getting data on the traffic on the network and origin host machine. This can be used to identify which machine is generating traffic leading to denial of services. It runs on Microsoft Windows, Linux, Mac OS X and HP-UX. CORE Core is used to scan operating systems within machines in the network. After the scan determination of the impact that the organization would face if the vulnerabilities were used by hackers to gain access, it can be used to scan the guest operating system during virtualization of operating system. It is supported in all windows operating systems, and MAC OS X. Immunity CANVAS It is a penetration testing tool that identifies open ports within the network and tries to exploit the vulnerability within the ports. The network administrator performs a scan of the network to identify vulnerabilities. Data about the vulnerabilities is fed into the Immunity Canvas which tries to exploit each vulnerability. It runs on Windows, Linux and MAC OS X. Paros This is software used to scan web applications for any vulnerability. It tries to establish if sessions or cookies within the application can be used to gain access using the application. It is written in Java and can run on any operating system. Cenzic Hailstorm This is used to scan vulnerabilities that exist in Web, Mobile and cloud applications. It is used as a risk management tool by developers while developing systems by showing vulnerabilities that exist. The software can be purchased as a managed service to users or desktop software. It is supported in windows operating system with the minimum requirement being windows 2000 professional. Q: 3 What does the term Network Enumerating. How would an attacker use DNS and SMTP information to compromise a network? List some of the information you would expect to find while doing a full enumeration on a network. What information would an administrator be looking for and why and what information would an attacker be looking for and why. Use the chapter and the internet and thoroughly explain the process. Explain two enumeration counter measures. Network Enumerating This is an activity carried on devices within the organization to retrieve usernames, information on user groups on the network, shared resources within the network. The vulnerability data on the network is sent back to the hackers or administrators. Use of DNS information to compromise a network? Extension on DNS protocols Information on extensions of the DNS protocols can be used to create long messages by attackers to the network. An attacker will develop a message that is less than a 100 byte while the DNS delivers a message that is 70 times the original message. This long message will lead to denial of service to other network users. Use of the IP address One of the name servers IP address can be used to create unnecessary traffic within the network. An attacker will send a request using IP address of the machine being attacked as IP address on the machine sending the request. Once the request is sent to the Domain name server will send results to the actual host but not the machine impersonating as the host. This will create unnecessary traffic to the host. Use of trace information in SMTP The SMTP on receiving a mail it adds a received header while storing information on the route the mail had followed before being delivered to the mail server. Hackers having access to the information can use it to learn about vulnerabilities that exist in machines where the mail has passed. Once they get the vulnerability they can use that information to attack any of those servers or hosts. Information found during full enumerating of the network The administrator might be interested in IP address of the machine, operating systems it is using and weaknesses in the network. An administrator will look for valid usernames and wrongly configured accounts. The wrongly configured the administrator will carry out corrective measures to configure them correctly. An administrator will identify all the machines in the domain to try and block machines occurring illegally within the domain. Hackers will be interested in weaknesses in the network to use it in gaining access into the network. Hackers will like to obtain information on the wrongly configured accounts to use their vulnerability to gain access to the system. Enumeration counter measures Configuring DNS The name server can be accessed by untrusted host machine leading to infiltration to organization network. This can be done by configuring those host names not accessible by the public not to be listed within the public domain. The next measure would be to ensure records are not appearing within the region of the domain name server. Configuration of the SMTP The SMTP server should be configured to disallow mails from unknown recipients. This will eradicate situation where hackers will send malicious mails to the organization mail server to spoof for information. The server can be configured to be sending mails without information on systems used and IP address of the Origin host or server. Works Cited Bellovin. Security Problems in the TCP/IP Protocol Suite. Pearson Education Inc.: Indianapolis, 2010. Print. James Urquhart. Cloud Computing’s green paradox. Albany: New York, 2010. Print. Morris, R.T. A Weakness in the 4.2BSD Unix TCP/IP Software. AT&T Bell Laboratories: New Jersey, 2011. Print. Read More