StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Penetration Testing ACME Software Solutions Ltd - Report Example

Cite this document
Summary
This report "Penetration Testing ACME Software Solutions Ltd" presents considerations on the network design and any new devices that need to be introduced that will be based on the perimeter security as controlled by the NIDS and the specific resources that need to be secured in the network hosts…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.4% of users find it useful

Extract of sample "Penetration Testing ACME Software Solutions Ltd"

Running Head: Penetration Testing ACME Software Solutions ltd Penetration Testing ACME Software Solutions ltd Insert Name: Tutor: Introduction Securing and managing today’s multifaceted computer based network systems is not only demanding and challenging. Organizations’ of all sizes have to safeguard their company resources and business information and or transactions from foreign intruders and competition. They are aware of information risk in an interconnected collaborative computing environment. Software and hardware manufacturers have sought to have the products meet some if not all requirements of securing computing resources.Many organizations would find it hard to function successfully devoid of the added effectiveness and interactions enabled by the Internet. Simultaneously, the Internet has added new security challenges occasioned by intruder attacks, manual and automated. This assignment report details process of intrusion detection of the ACME Software Ltd Network and computer System. First the document identifies and describes security flow in the ACME Software Limited systems, CVE snort signatures. Evaluation and illustration of the System Vulnerability is explained. Finally a correlation of the snort rules in operation is given as extracted from the provided VMware files of the whole network and computer resources. A corrected and new and secure design of the network is also provided and illustrated in a diagram. ACME network limited consist of the following network and computing resources a firewall that is kept up-to-date, a Network based Intrusion detection System (NIDS), A web server running Microsoft Windows 2000 server Service Park 4 and Microsoft Internet Information server (IIS) version 5.0, numerous All employee workstations running a standard Windows XP service pack 2 installation, FTP server running Microsoft Windows 2000 Server sp4 operating system and FTP 5.0 (part of IIS 5.0). . Identification & Description of Security Flaws The central challenge of Network Technician is in securing the network and its related computing assets. Network penetration and or hacking process start by locating the preferred target host and then scanning it to mark its weaknesses. Various tools and applications exist at the disposal of the security administrator or Network technician to diagnose network based host from the Internet .All the tools used in port scanning and intrusion test use well known processes and exploit known weaknesses in the TCP/IP protocol to expose computer resources in the desired target. Commonly used weaknesses in the protocol are through: ICMP echo enquiries, ICMP sweep, TCP ping scan, DOS attack (McClure et al. 1999, pp. 31-6) Network diagnostic tools such as port scanners and applications that probe the network inform the security or Network administrator that a foreigner is able to target their computing resources. It is common for anyone to suggest that all ICMP echo requests aimed at the network perimeter security device be blocked. This however would block the network from gaining the benefit of getting connected in the first place. It will deny the organization benefit of collaboration and utilization of current web 2.0 social networking tools. It is therefore imperative that an organization keeps its network open for specific datagram packets. In other situation the network intruder may send many automated requests, that in effect flood the target hosts network adapters with datagram packets. These results in disabling the actual request leading to phenomena called denial of service attacks. The most common types of such attacks are ICMP echo request/reply, ACK and RST flags, TCP floods with SYN, ping floods and or UDP floods (Houle & Weaver 2001, p. 3). With increase in automation and readily available probes and tools in form of Malware and network monitoring applications hackers are able to find weak system. They would alternatively launch automated scripts or programs and then distribute across the internet using port listener application or an SMTP server or other web server application thereby compromising the network host computer. Currently we are having Microsoft windows based malware or scripts spreading the network attacks. Internet service providers hosting large windows based server farms have been a target. Virtual private networks using ADSL broadband and or cable connected to the local telecommunication, that are automatically assigned IP addresses through dynamic configuration may at times assign a IP addresses of the Virtual private network. The net effect of this is to bypass the firewall protection. The security policy of the controlling end of the VPN will dictate the exposure of the VPN client system. (Houle & Weaver 2001, p.13-4). Another weakness comes through the passwords supplied by default to managed network assets and resources such as switches, routers, and concentrators. Routers have been known to be safe, but attacks have been known to infiltrate the routing protocol. This could have very serious implications to the Internet itself. . Snort Signatures Upon evaluation and investigation of the network I have evaluate six snort signatures from the ACME Software Solutions ltd network. This follows a detailed study of the same network and implementation of TCP/UDP/ICMP packets with our snort system in the network based on images from the college course website. This is a clear evidence of the system vulnerabilities that exist in this network as explained in each of the snort signatures. In the same as we evaluate the snort signature we will be able to notice the vulnerabilities that exist in the system, these are clearly explain in the description of each snort signature and the action that may need to be taken. This clearly explain the evidence of system vulnerability Snort Signature (1) SID – 222 DDOS ACME ICMP possible communication .This happens when ICMP traffic is sent between ACME Software Solutions ltd network hosts. When ACME hosts communicate using ICMP, they most often use an ICMP echo reply with an ICMP ID number of 0 and with a series of A's in the datagram payload. Denial of service is the only plausible explanation as to why the datagram packets are transported. In network we are able to see that ACME especially the employee workstations communicate with each other for various reasons .To alleviate this and further improve on the overall system security a packet-filtering firewall and an Intrusion Detection System is configured to prevent unwanted traffic to the network . Snort Signature (2) SID – 504 MISC source port 53 to 1024 This is brought about when non-legitimate traffic is noticed by the Intrusion Detection System. Traffic from Transmission Control Protocol port 53 is used by Dynamic Named servers. Normal dynamic server’s traffic uses the UDP datagram   a foreign intruder could use a Transmission Control Protocol source port of 53 to pass through a inadequately configured protection firewall.   Snort Signature (3) SID – 521 MISC large UDP packet.UDP packets are used for small data payloads. In many cases UDP packets payloads are typically less than 4000. In this network (ACME) denial of service attacks could be one of the reasons for such datagram payloads. Snort Signature (4) SID – 522 MISC Tiny Fragments .This is generated when dubiously small IP version 4 data fragments are detected by the Intrusion detection system. Typically a router linking dissimilar networks with different MTU would fragment data packets so that communication of relatively bigger packets across the network of smaller MTU. Network devices including firewall and intrusion detection system appliances are prone to fragmented TCP or UDP data headers. This at times allows interchange which should have been filtered to pass through. Any IDS or firewall lacking proper IPv4 fragment reassembly could be affected by such attacks. To remedy this condition it is suggested that packet-filtering rules be set to prevent unsuitable traffic to the network. Snort Signature (5) SID – 523 BAD- TRAFFIC IP Reserved bit set This event is generated when packets on the network that have the reserved bit set are detected by the IDS. In normal scenarios packets do not use the IP Reserved bit. One explanation for the scenario could be that an attacker is trying to instigate covert channel communications. It may be an indication of unauthorized network use, reconnaissance action or system compromise. All system are susceptible to such attacks. A hacker could create packets with IP set aside bit set using packet generator tools. The way to avoid this attack is to disallow packets that have the reserved bit set in IP. Snort Signature (6) SID – 524 BAD TRAFFIC TCP port 0 traffic .This happens when TCP packets with target port field 0 is detected by the IDS. In normal scenarios TCP packets are not destined to port 0.It may be an indication of illegal network use, exploration activity or system compromise. The hacker may well send packets to port 0 on the target host. This abnormality may be the result of an attacker trying to verify the existence of a host at a particular address which is listening to requests as a prelude to an attack. This attack can be avoided by not allowing TCP traffic to port 0. Network Redesign & Diagram In order to improve the security of the ACME network a new network design will be needed. Considerations on the new network design and any new devices that need to be introduced will be based on the perimeter security as controlled by the NIDS and also the specific resources that need to be secured in the network hosts. The new network will have a careful consideration of the access and equipment security protection, who has access to the system, purpose of gaining access, the switches in use will be fully managed layer four based integrated with routing capabilities, VLAN and switched network based security practices on the configuration of switches and their trumping to avoid flooding caused by denial of service broadcasts. Another aspect of the new design will be the media in use and ensuring that it is protected from .Data link and wireless network security of the bridge will need to be improved through wireless access points. Internet routing security and Internet protocols configurations and monitoring will be factored in the new design. TCP/IP services will need to be configured in a secure manner. The network ID systems have several limitations, including the need to synchronise with the host system’s behaviour in particular handling of IP and TCP protocol exceptions (Ptacek & Newsham 1998, p. 21-2) Timm (2001, 2001a) suggests that adequate NIDS management will reduce false positives and false negatives. Signature-based NIDS are efficient in detecting known attacks but may not detect unknown or modified attacks. In anomaly-based NIDS unusual activity, out of the normal pattern of network traffic, triggers the alarm. Even though false negatives are reduced, this method is not flexible. Original Network Diagram Redesigned Network Diagram Design Explanations Layer 4 to 7 based Router: Router that operate from OSI Layer 4 to Layer 7 NIDS /Concentrator: Network intrusion Detection System Wireless Bridge and Switch: A switching bridge for Wireless access Point Workgroup Switch: OSI layer 3 and layer 4 Switch with VLAN, and Trunking protocol Server 1: FTP SERVER, Server2: Web server Employee Workstation: Host workstations in the Network for Employees work. Firewall: A firewall Appliances with access controls Cloud: (Service provider network for Internet connection) REFERENCES Allen, J., Christie, A., Fithen, W., McHugh, A., Pickel, J. & Stoner, E. 1999, State of the Practice of Intrusion Detection Technologies [Online], Available: http://www.sei.cmu.edu/publications/documents/99.reports/99tr028/99tr028abstract.html , [Accessed 31 12 2009] Axelsson, S. 1998, Research in Intrusion-Detection Systems: A Survey [Online], Available: http://www.ce.chalmers.se/staff/sax, [Accessed 31 12 2009] Axelsson, S. 2000, Intrusion Detection Systems A Survey and Taxonomy [Online], Available: http://www.ce.chalmers.se/staff/sax/, [Accessed 31 12 2009] Bellovin, S., Leech, M. & Taylor, T. 2001, ICMP Traceback Messages [Online], Available: http://www.ietf.org/internet-drafts/draft-ietf-itrace-01.txt, [Accessed 31 12 2009] Carver, A., Hill, J., Surdu, J. & Pooch, U. 2000, ‘A Methodology for Using Intelligent Agents to provide Automated Intrusion Response’, Proceedings of the 2000 IEEE Workshop on Information and Security, United States Military Academy, West Point, NY, pp. 110-6 Cerf, V., Burleigh, S., Hooke, A., Turgerson, L., Durst, R., Scott, K. , Traveis, E. & Weiss, H. 2001, Interplanetary Internet (IPN): Architectural Definition [Online], Available: http://www.ietf.org/internet-drafts/draft-irtf-ipnrg-arch-00.txt, [Accessed 31 12 2009] CERT 2001, CERT/CC Statistics 1988-2001 [Online], Available: http://www.cert.org/stats/cert_stats.html, [Accessed 31 12 2009] Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Penetration Testing ACME Software Solutions Ltd Report, n.d.)
Penetration Testing ACME Software Solutions Ltd Report. https://studentshare.org/information-technology/2044280-penetration-testing-acme-software-solutions-ltd
(Penetration Testing ACME Software Solutions Ltd Report)
Penetration Testing ACME Software Solutions Ltd Report. https://studentshare.org/information-technology/2044280-penetration-testing-acme-software-solutions-ltd.
“Penetration Testing ACME Software Solutions Ltd Report”. https://studentshare.org/information-technology/2044280-penetration-testing-acme-software-solutions-ltd.
  • Cited: 0 times

CHECK THESE SAMPLES OF Penetration Testing ACME Software Solutions Ltd

A Career in Business

ltd.... ltd is one of the largest aluminum processing companies in China.... ltd.... ltd has assisted me in my capability to be tolerant to diverse cultures and understand the effect of different cultural backgrounds in business.... ltd, I managed to get valuable experience that is essential for my future job searches and my experience in work places.... ltd company.... ltd....
13 Pages (3250 words) Essay

Secure Software Testing

In the essay “Secure software Testing” the author focuses on a system, which has been conceived and later developed to provide support medical readiness capability to military operations through the identification of medical personnel with the requisite skills.... The testing phase with the software has been completed in two phases.... This phase entails the test scenario that is similar to the real-time usage of the software.... The SIT is the first phase of testing i....
1 Pages (250 words) Essay

RE-WRITING SWOT ANALYSIS AND RECOMMENDATIOns

Plunkett Research ltd.... Plunkett Research ltd.... The staff will use the best security practice to assess (process) the website which includes identifying security vulnerabilityand provide solutions to remedy the holes.... To start with, the whole inputs, process and outputs are as follow: When it comes to the inputs they encompass the staff, software, projects information, diagrams URL, IP addresses, network diagrams, documentation, standards ISO 27001, PCI standards so the engineers use these inputs in the following processes such as security assessments, awareness, compliance these processes will generate reports that will ensure Etisalat services are secured....
2 Pages (500 words) Essay

Impact of Alpha Testing on Software during Developments

This paper is intended to show the impact that alpha testing has on software during developments or reviews, it brings forth ac case scenario that further highlights the benefits of utilizing this form of testing.... Moreover, the lead project manager handling the testing procedure often liaises with the developers to hint the This section recommends the application of alpha testing to solve the issue in question as it allows the developers to see the test software working in real time in a practical setting....
5 Pages (1250 words) Essay

Absence of Bugs, Fault and Failure after Testing

Kaner, Falk & Nguyen (2009) defines software testing as an investigation that is done to give the various stakeholders in software development information regarding the quality of the product.... It gives a very objective and independent view about the software so that those who… In most instances, it entails execution and the application of that given software with the sole intention of finding bugs, defects and errors....
4 Pages (1000 words) Essay

Testing Software and How It Is Controlled

This coursework "Testing software and How It Is Controlled" focuses on an analysis carried out to present stakeholders with facts concerning the quality of the product or service under investigation.... It can also give an objective view of the software to understand the risks of software realization.... nbsp; Test control can be considered as the test management tasks needed throughout the test procedure so as to keep the testing aligned to the software development procedure, the requirements of the project, and the requirements of the firm wanting to use the software (Miller, DeCarlo & Mathur, 2004)....
9 Pages (2250 words) Coursework

Enterprise Resource Planning System

With regard to the business technology the BIT, BIT Australasia, BIT Imports (BITI), BIT Engineering (BITE), BIT and Sales and Marketing (BITS) are operational through highly customized version of Micro Extensions Pty ltd (MXP) software.... Micro Extensions Pty ltd (MXP) is offering facility for basic sales, inventory management and financial reporting.... 3- Vantage from Epicor Epicor Vantage ERP software is a way out from meeting the requirements of the business that are taken as mixed-mode manufacturing business....
10 Pages (2500 words) Assignment

The Development History of Web-Scale Discovery Platform

Such products include; ‘collaborative solutions (WorldCAT), proprietary solutions (Chamo, Primo, and Summon), and open source software solutions (Backlight and VuFind) (Asher, Duke, & Wilson, 2012).... Since 2009, there has been accessing to discovery products in the market since the introduction of Summon by the Serials solutions (Ballard, & Blaine, 2011).... In the recent times, there has been an attempt to continue with the improvement of cloud computing and development of more discovery solutions....
8 Pages (2000 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us