Table of Content

1. Question 2 ……………………………………………………………………………..…2
1.1. Spoofing ………………………………………………………………….……….…2
1.2. Malware …………………………………………………………………………...2-3
1.3. DoS and DDoS …………………………………………………………………...…3
1.4. Social engineering …………………………………………………………….…3-4
2. Question 3 ……………………………………………………………………………..…4
2.1. End-User password ……………………………………………………………..…4
2.2. Logon and Logoff process …………………………………………………………4
2.3. Limit system access …………………………………………………………..……5
3. Question 4 …………………………………………………………………..……………5
3.1. Spoofing ……………………………………………………………………..………5
3.2. Malware ………………………………………………………………………..……5
3.3. DoS and DDoS ………………………………………………………...…………5-6
3.4. Social engineering …………………………………………………….……………6
4. Question 5 …………………………………………………………….……...………7-13
5. Reference …………………………………………………………………………..13-14

1
Network Security Assignment Report
Question 2
i. Spoofing
Spoofing is a network attack where an attacker pretends to become another people
or computer for the purpose to deceive other people or computers to provide data
or information in order to have authorized access to the network. Usually spoofing
attacks are used to attack networks, to breach the confidentiality of data and
information and to propagate viruses and malware. There are a few common
spoofing attacks which are ARP spoofing attack, DNS spoofing attack and IP
spoofing attack.
 ARP spoofing attack
Address Resolution Protocol (ARP) is a network protocol mostly used when
transmitting packets by translating IP address into MAC address. In ARP
spoofing attack, the attacker connects his MAC address with the IP address of
the target network and he is allowed to intercept incoming data for the
computer in the network. The attacker is able to steal away the data or delete
the data in the network.
 DNS spoofing attack
Domain Name System (DNS) is related to assigning domain names to the
proper IP address in order to connect to the right server. A DNS spoofing attack
is where the attacker reroutes the process above so that it points to the server
with malware which aids to spread worms and viruses.
 IP spoofing attack
IP spoofing attack can be considered as the most used spoofing attack in the
world. An attacker duplicates a legitimate IP address so that there is a trusted
IP address can be used to send packets. This causes any system believes that
the IP address is trustworthy and the packets sent can be used to launch other

2
 attacks. One of the most popular attack is the Denial of Service (DoS) attack,
which is able to overload and shutdown a server by sending tons of data
packets.

ii. Malware
Malicious software or malware in short, is a program or file that aims to steal or
delete data, gain unauthorized access over the infected computer and monitor the
activity conducted on the computer. Malware can also remotely control the infected
computer to perform attacks such as DoS or DDoS attack.
 Viruses
Viruses are programs that designed to cause damage to data stored in the
computers by displaying messages, deleting and overwriting data. Viruses can
replicates themselves to other programs or files in the same computer.
 Trojan
Trojan is a malicious program that pretends to be a legitimate software that is
executed when the user of the infected computer runs it. Similar to virus, the
objectives of Trojan is to cause damage to the computer’s data such as
deleting and changing the data. Trojan also enables the attacker to gain
backdoor access to the computer. The main difference between Trojan and
viruses is that Trojan is unable to replicate by itself, which means attackers
have to bait users to run the program.
 Rootkit
Rootkit can be described as a collection of programs or tools that grants
administrator-level access to a network or computer. Generally, the attacker
will gain user-level access then install the rootkit to the computer. The rootkit
allows the attacker to gain control over the computer and possibly other
computers in the same network without permission. This means that the
attacker can monitor the activity conducted on the computer or network and
have full access to all the files and data.

iii. DoS and DDoS

Denial-of-Service (DoS) attack is an attack that the main goal is to disable a server
or a network which denies any access from intended users. Usually the attacker
floods the target server or network with traffics or packets resulting in overload and
crashes of the server or network.
Distributed-Denial-of-Service (DDoS) attack is the advanced version of DoS attack
where the target is attacked by multiple computers or locations instead of attacked
by a single computer like DoS attack do. In order to make DDoS attack more

3
 efficient, usually attackers will hijack a few computers, making them become
botnets and then launch DDoS to the victim.

iv. Social engineering

Social engineering attack is a kind of attack that involves in the attacker tries to
deceive people to reveal their confidential information in order to get access to
computers, systems or networks. One of the most famous social engineering attack
is phishing.
Phishing, commonly takes form in email, where the attacker will disguise himself
as a trusted entity and send links or files that contains malware or viruses which
will extract the information of the user as soon as he/she clicks onto them. For
instance, if an attacker wants to gain access into the campus network, he can
pretends to be an admin in the campus and send an email that tells the student or
lecturer to reset or to update his/her profile information and provides a link
disguised as the legitimate campus website to bait him/her to click on it.

Question 3
i. End-User passwords
MYFIRST University have the responsibility to safeguard any intellectual property
and sensitive personal information of students, lecturers, guests and others. The
first step to do so is to use complex passwords that are difficult to crack. The
passwords should have the minimum length requirements of 6 characters
containing the combination of lowercase letter with at least one number and one
uppercase letter. All the passwords should have an expiration date and users are
requested to change their passwords that are different than the current passwords.
Users should be acknowledged that their passwords are neither to be shared nor
disclosed to anybody. If there’s any suspicion of disclosure of password, user must
request to change it at once.

ii. Logon and Logoff process

Every users must be identified before granted access to use any of the MYFIRST
University computers or resources. The identification process includes using user
ID and password, which are distinct to each and every individual user. An extended
user authentication system can also be used to further secure every Internet and
remote connections. only using user ID and password doesn’t provide enough
security for systems and networks of MYFIRST University. Devices that are
concerned with the network such as routers, switches and access points should
embedded with user authentication system.
The logon process for MYFIRST University computer systems that are connected
to the network must prompt the user to log on. Before providing a valid user ID and

4
 password, information about the university computers such as the operating
system and network configuration used will not be revealed.
If the computer has been detected of no activity conducted for a particular period
of time, the session will be terminated and the display of the screen will be turned
off automatically. User must relog to the computer in order to reestablish the
session. Exception can be made for certain circumstances where the room or
building of the session established is locked and permission must be granted
before entering.

iii. Limit system access

MYFIRST University must restrict the privileges of computer and communication
systems of every users based on the knowledge they need. Privileges should not
be simply extended unless there are legitimate special academic or business
needs for it. No users should be permitted by the default user file permissions to
read or alter any system file in the system. Only specific people with authentication
are permitted. Access restriction must be done through routers, gateways and
firewalls to computers that can reach MYFIRST University network.

Question 4
i. Spoofing
Packet filtering is one of the way to prevent spoofing attack where packets are
inspected in the process of transmitting over the network. Packet filters are
essential in preventing spoofing attack particularly IP address spoofing as they are
able to filter out and block suspicious packets. There are also many spoofing
detection software on the market that can be used to detect potential spoofing
attacks. Cryptographic network protocols such as TLS, SSH and HTTPS are
commonly used to prevent spoofing attack which encrypts data before sending and
authenticates it when received.

ii. Malware
There are a lot of ways to protect ones computer against malware, one of them is
to consistently conduct updates on the operating system and browsers. Users often
ignore or disable updates that was meant to patch the latest vulnerabilities. With
the operating system and browsers being outdated, the computer is most likely to
become the target to attack. Using firewalls, anti-virus and anti-malware programs
can detect and block malware that is known. The programs are able to stop the
malware from executing in time and protect other programs in the computer.

iii. DoS and DDoS

5
Generally there are 2 ways to counter DoS and DDoS attack:
 IDS
Intrusion Detection System (IDS) is a technology created to detect potential
vulnerabilities attack against a computer. IDS only monitors network traffic and
reports the result but will not perform steps to prevent the threats detected by
itself.
 IPS
In addition to detect threats, Intrusion Prevention System (IPS) allows to block
potential threats automatically after checking the network traffic. IPS is able to
send alarms to warn the administrator, blocking traffic and dropping any
packets that is detected to be harmful. IPS is more efficient compare to IDS as
it can do all the tasks in real-time.

There are a few tools that helps to prevent DoS and DDoS attack which are
Cloudflare, Black Lotus and Incapsula.

iv. Social engineering

Human is the weakest link to be penetrated by attackers and most of the time
solutions are vary even though the cases are pretty similar. General education can
be done to identify the characteristics of social engineering attack and to increase
the awareness of user about the attack. The source of email must be verified before
proceed to the content of the email. User should never click on links and files that
are attached within the email without confirming the source of the email. Usually
the URL provided by the attacker is modified to deceive targets. Therefore, user
must check carefully of the URL before proceed on clicking it.

6
Question 5

The above diagram is the topology I designed for the campus network based on the
information given to me. The topology consist of 3 zones (INSIDE, DMZ and OUTSIDE)
with 1 router in each zone that connected to a zone-based firewall. The INSIDE zone
includes internal users such as lecturer, financial, administration, student, guest and
vendor/contractor that can directly access to the campus network. There are 3 servers
which is StudentSystem, FinanceSystem and HRSystem that can only accessible
within the INSIDE zone. The OUTSIDE zone is for remote users like marketing
personnel which are only allowed to have certain access to services like sending email
and view the E-Learning website. To restrict the access of remote users, DMZ zone is
created to prevent access of unauthorized users. NetworkServer, E-Learning and
MailServer are the servers that are included in DMZ zone.
Each network is configured with IP addresses. For INSIDE zone, the zone network is
configured with IP address 192.168.1.0, the internal user network is configured with
IP address 192.168.10.0 and the server network is configured with IP address
192.168.20.0. For DMZ zone, the zone network is configured with IP address
192.168.2.0 and the server network is configured with IP address 192.168.30.0. For
OUTSIDE zone, the zone network is configured with IP address 192.168.3.0 and the
remote user network is configured with IP address 192.168.40.0. After that, all the end
devices such as server, PC and laptops are configured statically according to the
network assigned. I configure static route via OSPF protocol to allow a device in a
network to ping to other devices of another network that is not directly connected.

7
After configured zone and zone pairs for each zone, I configure policies in ZBF router
so that user access between zones can be controlled. From INSIDE to OUTSIDE, I
configured the policy to permit any internet protocol from the INSIDE network to any
OUTSIDE network. From INSIDE to DMZ, I configured the policy to permit Internet
Control Message Protocol (ICMP) and Transmission Control Protocol (TCP) from
INSIDE network to DMZ network. From OUTSIDE to INSIDE, I configured ICMP from
any OUTSIDE network to INSIDE network. From OUTSIDE to DMZ, I configured ICMP
and TCP with port 25 (SMTP), port 110 (POP3) and port 80 (HTTP) from any
OUTSIDE network to DMZ network. From DMZ to OUTSIDE, I configured ICMP and
TCP with port 25 (SMTP), port 110 (POP3) and port 80 (HTTP) from DMZ network to
any OUTSIDE network.
The screenshot below are the configuration that I done for the ZBF router.

8
9
10
11
12
Reference
1. Networkmonitoring.org. (2018). List of Network Security Threats | Protection for
Online Security. [online] Available at:
http://www.networkmonitoring.org/network-security-threats/ [Accessed 30 Mar.
2018].
2. Checkmarx. (2018). Spoofing Attack. [online] Available at:
https://www.checkmarx.com/glossary/spoofing-attack/ [Accessed 30 Mar.
2018].
3. Paloaltonetworks.com. (2018). What is Malware? - Palo Alto Networks. [online]
Available at: https://www.paloaltonetworks.com/cyberpedia/what-is-malware
[Accessed 30 Mar. 2018].
4. Definitions, V. and Hope, C. (2018). What is a Virus?. [online]
Computerhope.com. Available at:
https://www.computerhope.com/jargon/v/virus.htm [Accessed 30 Mar. 2018].
5. Kaspersky.com. (2018). [online] Available at:
https://www.kaspersky.com/resource-center/threats/trojans [Accessed 30 Mar.
2018].

13
6. Lifewire. (2018). What Is A Rootkit And How Can You Avoid Them?. [online]
Available at: https://www.lifewire.com/what-is-a-rootkit-2487272 [Accessed 30
Mar. 2018].
7. SearchMidmarketSecurity. (2018). What is rootkit? - Definition from
WhatIs.com. [online] Available at:
http://searchmidmarketsecurity.techtarget.com/definition/rootkit [Accessed 30
Mar. 2018].
8. Paloaltonetworks.com. (2018). What is a denial of service attack (DoS) ? - Palo
Alto Networks. [online] Available at:
https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-
attack-dos [Accessed 30 Mar. 2018].
9. SearchSecurity. (2018). What is phishing? - Definition from WhatIs.com. [online]
Available at: http://searchsecurity.techtarget.com/definition/phishing [Accessed
30 Mar. 2018].
10. txwes. (2018). Network Protection and Information Security Policy. [online]
Available at: https://txwes.edu/media/twu/content-
assets/documents/it/Network-Protection-and-Info-Security-Policy.pdf
[Accessed 30 Mar. 2018].
11. DuPaul, N. (2018). Spoofing Attack: IP, DNS & ARP. [online] Veracode.
Available at: https://www.veracode.com/security/spoofing-attack [Accessed 30
Mar. 2018].
12. Zamora, W. and Zamora, W. (2018). 10 easy ways to prevent malware infection
- Malwarebytes Labs. [online] Malwarebytes Labs. Available at:
https://blog.malwarebytes.com/101/2016/08/10-easy-ways-to-prevent-
malware-infection/ [Accessed 30 Mar. 2018].
13. Computer Business Review. (2018). 5 DDoS attack prevention tools to protect
your company - Computer Business Review. [online] Available at:
https://www.cbronline.com/mobility/security/5-ddos-attack-prevention-tools-to-
protect-your-company-4692345/ [Accessed 30 Mar. 2018].
14. Paloaltonetworks.com. (2018). What is an Intrusion Detection System? - Palo
Alto Networks. [online] Available at:
https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-
system-ids [Accessed 30 Mar. 2018].
15. Paloaltonetworks.com. (2018). What is an Intrusion Prevention System? - Palo
Alto Networks. [online] Available at:
https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-
prevention-system-ips [Accessed 30 Mar. 2018].
16. HackRead. (2018). Simple Tips to manage and Prevent Social Engineering
Attacks. [online] Available at: https://www.hackread.com/simple-tips-manage-
prevent-social-engineering-attacks/ [Accessed 30 Mar. 2018].

14