Beruflich Dokumente
Kultur Dokumente
TASK 1.1
Analyzing Network Monitoring Tools for Current Network
Status
What are Network Monitoring Tools?
Network Monitoring Tools calculates the bandwidth utilization, and scans the traffic
for errors through SNMP. The tool also provides asset details such as the OS, installed
software, and hardware and informs you about the general availability and
performance of the network elements.
Network Miner
A network forensic analysis tool for Windows, Network Miner by security software
company Netresec is designed to collect data about the hosts on the network as
opposed to the traffic. It sniffs for packets and even parses PCAP files in order to help
its users detect the OS, hostname and open ports of hosts on the network. This can
prove an excellent tool for incident response teams seeking to reassemble transmitted
files and certificates without adding additional traffic to the network.
The picture represented above shows how a Network Miner captures packets. The
images displayed are pictures of soccer during the users session in Google Images.
The packet capture process is initiated by clicking on the start button and choosing a
network adapter to bind.
To launch Microsoft Network Monitor, Choose an adapter to bind to and click on New
Capture to initiate a new capture tab and hit start to initiate the packet capture process.
To change filter options, adapter options, or global settings accordingly within click
Capture Settings, within the Capture Tab.
Capsa Free
Capsa Free is a network analyzer that allows you to monitor network traffic,
troubleshoot network issues and analyze packets. Features include support for over
300 network protocols, MSN and Yahoo Messenger filters, email monitor and autosave, and customizable reports and dashboards. Moreover, Capsa Free is a perfect
choice for students, teachers and computer geeks to learn protocols and networking
technology knowledge.
Why Choose Capsa Free;
Your own dashboard, important parameters in one place and in graphs
Record network profile, set your analysis objective and perform customized
analysis.
Powerful customizable alarm, customize dozens of alarm trigger combinations.
Identify and analyze more than 300 network protocols, create and customize
protocols, analyze unique protocol traffic.
Intuitive TCP timing sequence chart.
Accurate MSN & Yahoo Messenger monitoring statistics.
Email monitor and auto-saving Email content.
Enhanced, Customizable Reports.
To launch Capsa, choose the adapter you want it to bind to and click Start to initiate
the capture process. Use the tabs in the main window to view the dashboard, a
summary of the traffic statistics, the TCP/UDP conversations, as well as packet
analysis.
Nagios
Nagios is a powerful network monitoring tool that helps you to ensure that your
critical systems, applications and services are always up and running. It provides
features such as alerting, event handling and reporting. The Nagios Core is the heart of
the application that contains the core monitoring engine and a basic web UI. On top of
the Nagios Core, you are able to implement plug-in that will allow you to monitor
services, applications, and metrics, a chosen frontend as well as add-ons for data
visualisation, graphs, load distribution, and MySQL database support, amongst others.
SQLand be notified instantly of problems. Also, PRTG comes with some bandwidth
monitoring sensors, so you can ensure that malware designed to do DoS, phone
home, and other overload activities are not operating on your network.
TASK 1.2
Network Security Issues that arise within the Boundary
Hacking
In the computer security context, a hacker is someone who seeks and exploits
weakness in a computer system or computer network, also defined with the term
hacking. Hacking could be as dangerous as your personal information can be
obtained by the hacker such as personal bank account security number if stored in the
computer.
Data Modification
After an attacker has read your data, the next logical step is to alter it. An attacker can
modify the data in the packet without the knowledge of the sender or receiver. Even if
you do not require confidentiality for all communications, you do not want any of
your messages to be modified in transit.
Malware
One source of Internet traffic that can be difficult to track down is malware. Many
types of malware infect systems in order to take control of the servers and use them
for various nefarious purposes, such as the distribution of spam e-mail or distributed
attacks on other servers. When activated, these programs can flood your upstream
connection with data, though some might try to camouflage their activity by keeping
their bandwidth usage low. In any case, regularly updating your companys anti-virus
software can head off these kinds of infections and prevent this source of traffic.
Sniffer Attack
A sniffer is an application or device that can read, monitor, and capture network data
exchanges and read network packets. If the packets are not encrypted, a sniffer
provides a full view of the data inside the packet. Even encapsulated (tunneled)
packets can be broken open and read unless they are encrypted and the attacker does
not have access to the key.
Using a sniffer, an attacker can do any of the following:
Analyze your network and gain information to eventually cause your network
to crash or to become corrupted.
Read your communications.
T1.3
Importance of maintaining network service for each user level
An organization can be divided into three levels as Low level, Middle level and Top Level
Management as shown in the figure below
User access controls-User access control mainly focuses on students who use Pc
in IT labs. Restricting certain controls ensures that students do not download
unwanted software that has malware Trojan or any unwanted viruses. Downloading
could also cause network traffic leading to low performance so access control ensures
better network Performance.
Note-The most effective means for managing security in the network may be through service
level agreements (SLAs) because of the limited impact that an organization can realistically
exercise over the network service.
write access to selected GPOs, allowing the network administrator to delegate control
of the GPO settings.
Their data in the light of these new threats include performing regular third-party
external and internal security audits
This will effect to all level of management and as well as student also because some time
some file can be download automatically without user understanding so data lost
happening usually, if we maintain carefully it menace Download and upload acceptance
for each level of organization network performance will be fine.
TASK 1.4
Securing Network by externally using Hardware devices
Firewall
The role of the firewall is to block all unnecessary ports and to allow traffic only from
known ports. The firewall must be capable of monitoring incoming requests to prevent
known attacks from reaching the Web server. Coupled with intrusion detection, the
firewall is a useful tool for preventing attacks and detecting intrusion attempts, or in
worst-case scenarios, the source of an attack.
Like the router, the firewall runs on an operating system that must be patched
regularly. Its administration interfaces must be secured and unused services must be
disabled or removed.
This is clearly undesirable in many organizations, as proprietary information is often
displayed freely within a corporate intranet (that is, a TCP/IP network, modeled after
the Internet that only works within the organization).
In order to provide some level of separation between an organization's intranet and the
Internet, firewalls have been employed. A firewall is simply a group of components
that collectively form a barrier between two networks.
Switch
The switch has a minimal role in a secure network environment. Switches are
designed to improve network performance to ease administration. For this reason, you
can easily configure a switch by sending specially formatted packets to it.
It's important to remember that the firewall is only one entry point to your network.
Modems, if you allow them to answer incoming calls, can provide an easy means for
an attacker to sneak around (rather than through) your front door (or, firewall). Just as
castles weren't built with moats only in the front, your network needs to be protected
at all of its entry points.
Bastion host.
A general-purpose computer used to control access between the internal (private)
network (intranet) and the Internet (or any other non-trusted network). Typically, these
are hosts running a flavor of the Unix operating system that has been customized in
order to reduce its functionality to only what is necessary in order to support its
functions. Many of the general-purpose features have been turned off, and in many
cases, completely removed, in order to improve the security of the machine.
Cryptography device
Enabling cryptographic operations on hardware devices
You can enable cryptographic operations on hardware devices. The keys that are used
can be stored in a Java keystone file it is not necessary to store them on the hardware
device. The decision to use enable cryptographic operations on hardware devices is
made at the server level only, not at the application level.
If cryptographic operations on hardware device are enabled, the Web service security
runtime first attempts to use the hardware device for cryptographic operations. If the
attempt to use the hardware device fails or if the algorithm is not supported by the
hardware device, the runtime uses a software provider from the security providers list.
Enabling this feature might improve the performance, depending on the hardware
device. For more information on how to enable cryptographic operations on hardware
devices, see Configuring hardware cryptographic devices for Web Services Security.
Proxy.
This is the process of having one host act in behalf of another. A host that has the
ability to fetch documents from the Internet might be configured as a proxy server ,
and host on the intranet might be configured to be proxy clients . In this situation,
when a host on the intranet wishes to fetch the <http://www.interhack.net/> web page,
for example, the browser will make a connection to the proxy server, and request the
given URL. The proxy server will fetch the document, and return the result to the
client. In this way, all hosts on the intranet are able to access resources on the Internet
without having the ability to direct talk to the Internet.
Repeaters
Repeaters remove the unwanted noise in an incoming signal. Unlike an analog signal,
the original digital signal, even if weak or distorted, can be clearly perceived and
restored. With analog transmission, signals are restrengthened with amplifiers which
unfortunately also amplify noise as well as information.
Because digital signals depend on the presence or absence of voltage, they tend to
dissipate more quickly than analog signals and need more frequent repeating. Whereas
analog signal amplifiers are spaced at 18,000 meter intervals, digital signal repeaters
are typically placed at 2,000 to 6,000 meter intervals.
TASK 02
TASK 2.1
File Sharing
Do not share copyrighted material. Any sharing of copyrighted materials on the
company network is a violation of the Eligibility and Acceptable Use Policy, and may
lead to disciplinary proceedings. In some cases, legal action ensues. Become aware of
the following topics to ensure that you comply with copyright laws and policies:
The File Sharing policy for sharing copyrighted materials on the company
network
The Digital Millennium Copyright Act Agent is the agent designated to receive
and act on copyright violations under the Digital Millennium Copyright Act
View a list of legal alternatives for downloading music, movies and TV shows
Find out more about copyright issues from the Copyright Information Center
However, these share-level permissions won't apply to someone who is using the local
computer on which the data is stored. If you share the computer with someone else,
you'll have to use file-level permissions (also called NTFS permissions, because
they're available only for files/folders stored on NTFS-formatted partitions). File-level
permissions are set using the Security tab on the properties sheet and are much more
granular than share-level permissions. In both cases, you can set permissions for either
user accounts or groups, and you can allow or deny various levels of access from readonly to full control.
Password-protect documents
Protect your passwords: Use strong passwords and never share them. Do not leave
written copies of passwords in unsecure places like your desk or under your keyboard.
See Choosing Good Passwords and Keeping Them Secure for more information.
Many productivity applications, such as Microsoft Office applications and Adobe
Acrobat, will allow you to set passwords on individual documents. To open the
document, you must enter the password. To password-protect a document in Microsoft
Word 2003, go to Tools | Options and click the Security tab. You can require a
password to open the file and/or to make changes to it. You can also set the type of
encryption to be used.
Unfortunately, Microsoft's password protection is relatively easy to crack. There are
programs on the market designed to recover Office passwords, such as
Elcomsoft's Advanced Office Password Recovery (AOPR). This type of password
protection, like a standard (non-deadbolt) lock on a door, will deter casual would-be
intruders but can be fairly easily circumvented by a determined intruder with the right
tools.You can also use zipping software such as WinZip or PKZip to compress and
encrypt documents.
You should send or store data only on wireless networks that use encryption,
preferably Wi-Fi Protected Access (WPA), which is stronger than Wired Equivalent
Protocol (WEP).
T2.2
Ensuring the security of Network Data through software Protection
Virus Protection
A computer Virus is a software program designed that can manipulate data files such
as record corrupt or delete data or spread themselves through other computers through
a network system
Computer viruses range from the mildly annoying to the downright destructive. They
also take on new and different forms. The good news is that with an ounce of
prevention and a little knowledge, you are less likely to fall victim to viruses and you
can diminish their impact. With antivirus guards, virus are obliterated.
Windows Firewall
A firewall is a software program or a piece of hardware that helps screen out hackers,
viruses and worms that try to reach your computer over the internet. It also acts as a
barrier between a trusted network and other non trusted network. A firewall controls
access to the resource of network through a positive control model. This means that
the only traffic allowed onto the network defined in the firewall policy ; all other
traffic is denied.
Windows Defender
T2.3
Risks that may affect the network servers and prevention respectively to
the risks
Brute Force Attack
In a brute force attack, the intruder attempts to gain access to a server by guessing a
user password (usually the root administrator) through the SSH server, Mail server, or
other service running on your system. The attacker will normally use software that
will check every possible combination to find the one that works. Brute force
detection software will alert you when multiple failed attempts to gain access are in
progress and disable access from the offending IP address.
Malware
Malware can take many forms, but as the name implies, it is malicious software. It can
take the form of viruses, bots, spyware, worms, Trojans, root kits, and any other
software intended to cause harm. In most cases, malware is installed without the users
direct consent. It may attack the users computer and/or attack other computers
through the users own system. Having proper firewall and security software
protection can usually prevent malware from spreading.
IP spoofing
An attacker may fake their IP address so the receiver thinks it is sent from a location
that it is not actually from. There are various forms and results to this attack.
The attack may be directed to a specific computer addressed as though it is
from that same computer. This may make the computer think that it is talking to
itself. This may cause some operating systems such as Windows to crash or
lock up.
Gaining access through source routing. Hackers may be able to break through other
friendly but less secure networks and get access to your network using this method.
DoS
DoS stands for Denial of Service, and is a technique attackers will use to effectively
shut off access to your site. They accomplish this by increasing traffic on site so much
that the victims server becomes unresponsive. While some DoS attacks come from
single attackers, others are coordinated and are called Distributed Denial of Service
(DDoS) attacks. Often times, the users of computers executing a DDoS do not even
know their computers are being used as agents.
Check disk usage- Delete old logs, emails, and software versions no longer used.
Keeping your system free of old software limits security issues. A smaller data
footprint means faster recovery should a disk fail. If your usage is exceeding 90% of
disk capacity, either reduce usage or add more storage. If your partition reaches 100%,
your server may stop responding, database tables can corrupt and day can be lost.
Check RAID Alarms- If you are using RAID, check that your RAIDs error
notification system is configured properly and work as expected. Most RAID levels
tolerate only a single disk failure. If you miss a RAID notification, a simple disk
replacement could turn into a catastrophic failure.
Update your OS- Updates for systems are release almost often. Many of these fix
important security issues. If you do not have a management service or auto-updates
enabled, be sure to review your OS for any critical security updates. Get on the
mailing list for your OS so you know when critical security patches are release.