Network Security Concepts - Assignment Example

Network Security Concepts Affiliation a. Create a Cisco IOS standard IP access list that allows IP packets from all hosts from the 142.16 network access-list 0 permit 142.16.0.0 0.0.255.255 b. Create a Cisco IOS standard IP access list that allows IP packets from all hosts from the 142.16 network except hosts on the subnet 142.16.11 access-list 16 permit 142.16.0.0 0.0.255.255 access-list 11 deny 142.16.11.0 0 0.0.255 c. Create a Cisco IOS extended IP access list that allows any host to access a web server on TCP port 80 whose IP address is 142.16.11.50 access-list 105 permit tcp 0.0.0.0 255.255.255.255 142.16.11.50 0.0.0.0 eq 80 d. Create a Cisco IOS extended IP access list that allows any host to access the internal SMTP server at 142.16.11.55 (tcp port 25), and the DNS servers at 142.16.11.174 (TCP and UDP port 53) access-list 105 permit tcp 0.0.0.0 255.255.255.255 142.16.11.55 0.0.0.0 eq 25 access-list 105 permit tcp 0.0.0.0 255.255.255.255 142.16.11.174 0.0.0.0 eq 53 access-list 105 permit udp 0.0.0.0 255.255.255.255 142.16.11.174 0.0.0.0 eq 53 2.) a) b) Identify the following three sections in the PCAP: DNS domain name resolution webfuse.cqu.edu.au 192.168.1.1 (The host computer (192.168.1.105) asks the DNS server (192.168.1.1) to resolve webfuse.cqu.edu.au in the 39th row, which it does and then later returns the numerical IP address of webfuse.cqu.edu.au to be 192.168.1.1 in the 41st row, destination column) The three-way handshaking for connection establishment 1. The host computer (192.168.1.105) asks the DNS server (192.168.1.1) to resolve webfuse.cqu.edu.au in the 39th row, which it does and then later returns the numerical IP address of webfuse.cqu.edu.au to be 192.168.1.1 in the 41st row, destination column. The SYN packet the host computer (192.168.1.105) sends to webfuse.cqu.edu.au is the first packet that makes up the first TCP handshake 2. Server 74.125.237.199 acknowledges connection initiation (synchronization)from host 192.168.1.105 3. Finally, the host computer (192.168.1.105) sends back an ACK completing the handshake. The host computer (192.168.1.105) and webfuse.cqu.edu.au’s server are satisfied that the connection is established and the transfer of data starts. Whereby: SYN – stands for Synchronize and it initiates a connection FIN – stands for Final-terminates a connection ACK – Stands for acknowledgment of received data Connection termination FIN – stands for Final-terminates a connection Row 218- 11.681400000 74.125.237.220 192.168.1.105 TCP 54 [TCP Retransmission] https > 52521 [FIN, ACK] Seq=1 Ack=1 Win=667 Len=0 c) Packet No. Time Source Destination Protocol Info 39 2.344129000 192.168.1.105 192.168.1.1 DNS Standard query 0xb5d8 A webfuse.cqu.edu.au Explanation: The host computer (192.168.1.105) asks the DNS server (192.168.1.1) to resolve webfuse.cqu.edu.au 45 2.403044000 192.168.1.105 138.77.5.135 TCP http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1 Explanation: It initiates the connection between the host computers (192. 168. 1. 105) and the server at 138.77.5.135 49 2.502009000 74.125.237.199 192.168.1.105 TCP https > 52481 [ACK] Seq=1 Ack=2 Win=661 Len=0 SLE=1 SRE=2 Explanation: server 74.125.237.199 acknowledges connection initiation (synchronization)from host 192.168.1.105 52 2.504516000 74.125.237.218 192.168.1.105 TCP https > 52517 [FIN, ACK] Seq=1 Ack=1 Win=664 Len=0 Explanation: Server at 74. 125. 237. 218 sends an acknowledgement to host at 192.168.1.105 to end the connection d) Frame number 64. I was able to identify the frame from the http 404 error thrown, to arrive at the retrieved web page and by clicking on the frame packet row I was able to retrieve the paragraph with the message “The requested URL /YourStudentNumber.html was not found on this server”. 3.) Introduction Computers running Windows operating systems are affected by a new malware named Flasher which is a Trojan horse, spread by a targeted attack. A Trojan horse is software that secretly gets installed in the host machine principally through malware programs to enable its designer (mostly hackers with destructive intentions) to gain full control of the machine in question, and is capable of exposing sensitive information to unauthorized and unintended audiences and/or even destroy the entire system .Trojan horse, and more specifically flasher, is spread through emails sent to selected individuals. This report investigates the details of Flasher Trojan behavior and propagation techniques and then later suggests ways through which the network could be protected from such attacks. Flasher Trojan Behavior and Propagation Techniques Flasher Trojan horse malware basically exploits the vulnerabilities of the Windows operating system to spread on the wide area networks, better known as the internet (Exterminate Lab 2014). Flasher creates unique identifiers in memory which can be updated and be varied to mimic legitimate file names (Exterminate Lab 2014). In this manner, malware infected files are easily camouflaged to take the same file names as the obviously trusted ones, enabling them to stay in the system longer and undetected (Exterminate IT 2014). This malicious software, it has been found out, can be used to steal vital information from targeted machines and/or even inflict serious damage to the infected machine. It has been found that they can render the operating system useless or disrupt its operations, steal vital private information like pin codes, passwords, credit card numbers among others, direct all web searches from an infected computers to malicious websites, gains complete control of the infected machine and can even introduce more malicious programs like viruses and worms or even aid to send out spam messages, and finally it dramatically slows down the infected machine (Exterminate IT 2014). It can be spread through infected email attachments, peer to peer file exchange, instant messaging and through adult-related sites (Free Spy Check 2014). The primary propagation methods include social networks (access to third party applications and software) and pirated software which might be containing malicious codes (Combo Fix 2013). Also the following are some of the ways that the Flasher malware can be propagated in the system: emails (mostly spread through attachments), removable media (mostly USB sticks) and finally, through infected websites (Combo Fix 2013). It has also been observed that flash based advertising aid in then spread of the flasher Trojan malwares (Security FAQS 2012). The Protection of the Network from Flasher Trojan Malwares Due to the harmful effects of the flasher Trojan malwares as discussed above, it is important to protect and/or remove these damaging programs from the system. The system can be scanned and if the flasher Trojan malware is detected be removed together with the clones, aliases and related files (Free Spy Check 2014). It is advisable to remove all folders, files and keys and their value of the register for windows (Exterminate Lab 2014). To achieve the above, it is highly recommended that registry entries associated with cracks and hacks be repaired, fully system scan for the malware be done on the machine, the system junk be cleaned out to get rid of temporary folders and files, PC device drivers be updated regularly, when need be restore the system changes through use of the undo button, uninstall and re-install the cracks and hacks associated with flasher.exe, system file checker be run on windows, all updates (windows) be installed and finally, if need be a new windows installation must be performed (Solvusoft 2014). . References Combo Fix 2013. How malware attacks and spreads in your computer. [Accessed on 15 August 2014]. Available from Exterminate IT 2014. Location of Flash.in and Associated Malware. [Accessed on 15 August 2014]. Available from Exterminate Lab 2014. Flasher. [Accessed on 15 August 2014]. Available from < http://www.exterminatelab.com/remove-flasher-virus> Free Spy Check 2014. Flasher.exe Removal. [Accessed on 15 August 2014]. Available from Security FAQS 2012. How Is Malware Spread through Flash Based Advertising. [Accessed on 15August 2014]. Available from Solvusoft 2014. [Accessed on 15 August 2014]. Available from Read More