MN502
NETWORK SECURITY (lab 1)
1. What are the different types of password attacks?
Types of password attacks:
Brute force attack:
It is an attack, the attacker continuously trying too many passwords hoping that it was correct.
Dictionary attack:
It is an attack, the attacker cracking the password by millions of words in a dictionary
Social engineering:
It is a type of attack for gathering information using social network.
Guessing:
It is an attack by our best friends, …… and these attacks on mostly in randomly generated user name sites it was easy to short.
Offline cracking:
In this attacker has limited times to enter the password on protected passwords.
Rainbow table attack:
In this attackers apply an algorithm called hashing algorithm
…show more content…
to encrypt the password. Key logger attack: In this hacker uses the program which is collection of all keys entered by user including user ID and passwords. 2. System administrator can do to protect against attacks: Have to implement network security policies Making policy recommendations. Analysing and establishing security requirements. Providing technical security advice.
Monitoring traffic for suspicious activities.
Identifying threats and defend them.
Administrator train on proper protocols.
3. Intrusion Detection System (IDS):
IDS is a device or software application that monitors a network for an unauthorised attack.
It can be classified by where detection takes place Network or Host.
Network based Intrusion Detection System(NIDS):
NIDS placed at a crucial point within the network to monitor to and from all devices in network. It performs an analysis of passing traffic on the entire SUBNET and matches the traffic that is passed on the subnets to the library of known attacks.
Host based Intrusion Detection System(HIDS):
HIDS run on individual hosts or devices on the network, it monitors inbound and outbound packets from the device and will alert the user if there is any suspicious activity is detected.
NIDS
HIDS
1. NIDS are installed on every host machine.
1. HIDS are installed only on certain intersection points, such as servers, routers.
2. NIDS analyse the flow of information between computers
2. HIDS examine specific host-based action, such as what applications are being used and accessed in the kernel
logs. 3. NIDS doesn’t protects you when you are off the LAN. 3. HIDS protects you are off the LAN. 4. NIDS uses up LAN bandwidth. 4. HIDS doesn’t uses up LAN bandwidth. 5. NIDS are centrally managed. 5. HIDS are not centrally managed. Host-based intrusion prevention system (HIPS): It is a program employed to protect critical computer systems containing important data against viruses. HIPS can be implemented on various types of machines, including servers, workstations. Network base Intrusion Prevention System (NIPS): It is a system used to monitor a network as well as protect the confidentiality, integrity and availability of network Difference: Host IPSs (HIPS) are a little more granular than network IPSs (NIPS). HIPS can monitor the application layer, a little closer to the logic delivered to the web application. But HIPS still lacks some understanding of web application languages and logic. In response to these shortcomings, we are presented the Web Application Firewall.
resolve. At first it seemed to just be an unauthorized user, who had used up nine seconds of computer time and refused to pay for it. Further investigation led him to an outside hacker that gained access to Berkley computers, by sneaking through an obscure security breach and gained administrative privileges over...
Let’s assume we have a pallet in manual check and we want to break it down to 80 totes. If this pallet has any problem such as not on shipment, no PO, no barcode then we will create 80 problems from just one problem and then problem become bigger when we inject 80 problems to the line 16 because everybody in 20 stations will pick one of the totes and turn on his blue and waiting for problem solver to fix the problem. This kind of problems definitely will slow down all associate at the line and they will put more pressure to problem solver and water spider while we need to stop creating problem from the manual check.
The Aim Higher College’s system administrators and network engineers have described seeing some strange behaviors such as high levels of traffic from many hosts that are causing system outages. The web servers of the college have been shutting down frequently by this traffic, it must be from a hacker group trying to attack the school with malicious software. I will review the network traffic from the college’s intrusion detection system and use an intrusion prevention system to block off these threats from the hackers.
This latest string of hacks have revolved around the ease at which hackers can find other computers connected to the internet, hack into those, and use their computing power for help in the attack. A company called Norse Corp. has developed ways to monitor this traffic.
...acks. These systems have integrated within firewalls. Snot is free IDS that can be downloaded for free. Wireshark is a packet analyzer that to captures and displays the data packets. This tool helps users see a data packet and check it for tampering. It is used in conjunction with SNORT.
There are numerous network security devices and tools available to aid in computer network defense, and these tools are often relied upon for protecting against increasingly sophisticated, stealthy, and damaging attacks. When acting alone, the current generation of security devices has an exceedingly difficult time providing an effective defense against such threats, and the situation is particularly grim for targeted or novel attacks.
Detecting ICS cyber-attack is difficult; hence we need Application Whitelisting (AWL). In one of the cyber-attack a malware having 0 percent detection rate compromised 80 percent of the assets of ICS, the antivirus seemed to be not useful in this case. Use of AWL becomes essential since it detects and prevents malware executions. Successful AWL implementation are very few. Systems such as human-machine interface (HMI) computers and database servers, are ideal candidates to run AWL. Operators and vendors must
has infiltrated, or to perform a DoS or impersonation attack on the entity whose prefix is being
Brute Force Attack is the simplest attack method used and is aimed to gain access to a particular site by attempting to break through a security system through possible combinations. The attack is systematic, deliberate and methodical and its goal is to use any possible code combinations of usernames and passwords repeatedly until one is correct and access is granted to the intruder. A brute force attack starts with the letter “a” and works its way up eventually finding out weak passwords like “password”, “1qaz2wsx” or “123456789”. Brute force attack does not exclude anyone from any organization. Brute force attack is dependent of computer processing speed and the time it has to find the right password combination.
Internet technology has extended to greater degree than it is believed to be. It has become an inevitable part of our lives and we rely totally on the internet for our daily necessities. Internet is a highly unbounded vast network of networks. As Internet keeps growing, there are new threats evolving thus increasing the need to develop and tighten security measures to ensure the protection of it. There are many challenges faced by Internet, Distributed denial of Service is the critical concern for Internet, particularly to internet commerce. Distributed Denial of Service attacks can cause infrastructure problems and can disrupt communications on international level. Access denial to information by attacking the network in illicit way has become common nowadays. In this paper, we will discuss about how to detect and defend network service from the Denial of Service (DioS) and Distributed Denial of Service attack (DDioS).
I decided to write my paper on Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) because professor mentioned these devices several times in class and I am interested in network security therefore it was a good opportunity for me to learn more about these security systems. An intrusion detection system (IDS) generally detects unwanted manipulations to computer systems, mainly through the Internet. The manipulations may take the form of attacks by crackers. An intrusion detection system is used to detect many types of malicious network traffic and computer usage that can't be detected by a conventional firewall. This includes network attacks against vulnerable services, data driver attacks on applications, host based attacks such as privilege escalation, unwanted logins and access to sensitive files, and malware (viruses, Trojan horses, and worms).
2013, p.21). Businesses that use Symantec Endpoint Protection (SEP) will be able to receive a variety of features that have the capabilities of protecting their business. These features include “antivirus/antimalware, a firewall, intrusion prevention component, host integrity checking, USB device control, application control, network access control, and website browsing protection” (Tittel, E. 2015). Unlike businesses running only antivirus software, Symantec offers other features that can stop attacks from infecting businesses systems in real time. For instance, Symantec offers a feature called Symantec Insight that can be able to provide protection from new and unknown threats that can steal unauthorized information from businesses (Best Endpoint Protection Software of 2015, 2014). This feature works by collecting data off of other end points that are being used and gives a reputation score of each individual files based on the criteria of age, source, prevalence, and behavior (Rubens, P. 2011). Another feature that Symantec offers is called Symantec Online Network for Advance Responses (SONAR). SONAR is a feature that “spots possible malware by analyzing suspicious behavior such as connecting to a site and downloading files without opening a visible window” (Rubens, P.
Intrusion Prevention System (IPS) is considered to be one of the pre-emptive approaches used to detect various potential threats on the network and respond to them as quickly as possible to stop their activities over the network. It is similar to intrusion detection system which monitors various types of network traffic on the network.
J. Yan et.al [12] reviews that the users have some complexity in remembering the random passwords. In this approach mnemonic passwords are introduced, it is simple for the user to remember and makes the invader harder to guess the password. Through this approach they are suggesting the users to choose mnemonic passwords and make the invader to work for three times harder compare to other password method. Users are instructed to choose the mnemonic based passwords as these are very easily memorable as chosen passwords being hard to guess as arbitrarily chosen ones. Users have to choose passwords that contain numbers and special characters, as well as letters.
...t. It also prevents viruses and other malicious attacks at the gateway and furthermore, notifies users if any foul intrusions are detected. Detailed login and accounting information is also noted to give notification on all the communication attempts within the system.