CSI2102 Information Security Assignments Solution
IQIncorporated is the provider of solar panel located at Adelaide in South Australia. The core business of this company is to manufacturer and install solar panels. The company has experience a significant growth over the last two years because of the escalating power prices through Australia. The economic growth has observe the company initiate sales office in the regional southern Australia and has significantly there headquarters offices have grown. Nevertheless, the additional facilities has obligate the company to hire additional staff through the company at all the departments, the total employees currently are about 300. The company has two main offices: the head office located at Mason Lakes in Adelaide that houses the senior management, the staff admins, sales staff and the manufacturing operations, and the sales office located at MT Gambier in South Australia the houses the administrative staff and the sales staff.
The two major offices are linked through a private WAN which being controlled by external telco. The entire traffic, comprising the internet bound from the Mt Gambier is transmitted to head office located at Mawson Lakes.
Fig 1 WAN connecting the main office and branches (Maveli, Nagaraj &Yu, 2018)
Types of network attacks that might be a threat to the company
Any computer that is connected to a network is possibly susceptible to anAttack. Attack is simply referred to the prevention of the computer system flow, the computer system might be an operating system, a user system or a software program. The attack violates the operating and will eventually have harm the computer. The following are some of the network attacks that may potentially harm the company’s WAN.
1. Password-based attacks— controlling of access is a major feature of most of the operating systems and security of networks plans (Chen, Wang. Yeh, Xiang, and Wu, 2018).
2. Viruses– a network virus is able to immediately vitiate the recital of a network hence disabling important computer programs, computer devices and the organization WAN connections (Mitchell, 2018)
Example of recent virus attack
On 27 the June 2017 there was a latest cyber virus that spread in Ukraine, the virus wreak havoc globally and it crippled so many computers, this caused disruption of ports across Mumbai and Los Angeles and also halts the production of chocolate firm in Australia. The virus is diagnose to have originated from users who downloaded an accounting package advertise on the net.s
3. Worms– worm is independent computer program malware that redoes itself so as to blow-out to several computers, it utilizes the network protocols to infect and widely spread and on the computer. Worm may cause a main disruption by aggregating a traffic in the network amongst other effects (Singh, Awasthi, Singh & Srivastava, 2018, pp.2535-2551)
Example of worm attack
On February 2017, Downadup infection provoked Microsoft to include detection for worm attacks to its MSRT. The latest edition of MSRT was develop by Microsoft due to rising concern. The company the recommend that all windows users to install the update urgently to eliminate the worm from there compromised computer operating system.
Fig 2 Conficker worm
4. Trojans- it is a malicious program that give users misleading content which is not true, this Trojans permits an attacker to gain access to users private information like passwords, banking information and personal identity. The company may use the following step in order to remove Trojan (Zhou, Chen, Zhang, Leng &Tang, 2018).
1. Step 1- terminate any suspicious programs by the help of Rkill.
2. Remove Rootkits, Trojans or any other malware by help of Malwarebytes.
3. Utilize HitmanPro to remove or scan to browser adware and Hijackers
4. Buffer – in programming and information security is a variance whereby a program, during data writing the buffer, besieges the buffer’s margin (Khurana, Yadav & Kumari, 2018).
5. Overflows- in software engineering invades when a computer program writes data to a memory address on the software program known as stack (Kiriansky, Waldspurger., 2018).
6. Denial of service attack – this attack prevent the normal functioning of a computer by an authorise user. The attacker do the following after entering the system
7. Send unsound data a network service or a computer applications and overwrites a nearby memory locations (Zhang, Cheng, Shi & Chen, 2015, pp.3023-3028).
8. Food the whole network with the traffic till an overland transpire causing the computer to shut down.
Couse random attention to the internal system of a computer, the user will not be able to see the intrusion at a go, this will allow the attacker to cause more spasms at the diversion. The rights for access demine by a user’s name and password.
Older computer applications of the company does not safeguard the company’s identity information when it is passed across the WAN for validation. This may give chance to ‘’eavesdropper’’ to enter into the network by acting to be valid user.
9. Physical attacks- physical attacks on a computer network is are the subclass of corporal threats (Ding, Han, Xiang, Ge & Zhang, 2018. pp.1674-1683).
10. Information gathering – this the practise of accumulating information concerning something. Permits enough time for gathering of information and also creating necessary applications for fiscal support. Information might be obtain from telephone to the company, online searches through various search engines like google, searching of information on social sites e.g. Facebook
A phone call to the company might reveals information such as the company’s name, the company’s basic protocols that are utilize by the organizations, various departments of the company amongst others.
Search engines may give the location of the company and it may also give corporate documents such as resumes, email addresses, phone numbers, vendor relationship, photos and many more. Availing this information may goes threats in an organization (Zhang, Yuan, Naveed, Zhou, &Wang, 2015).
Example of recent information gathering attack
Middle Eastern company. In February 2017 the company employee used a LinkedIn to find out a staff having a work that implicit administrative access to corporate network. He then emailed the employee through a network site asking about photography. After a conversation they become Facebook friends, the employee was told to participate in a survey. The employees agreed and he sends a document and he was instructed to open it by use of an account for corporate email. He sends finally a comprehensive survey to the staff. Unfortunately the company was hijacked through email, the employee was entice so as to launch this pad to beach to the company (Bae, & Heo, 2018).
My understanding of network attack and possibility of it to happened
According to my understanding a network attack is a method, means or a process used by attackers to spitefully try to interfere with a network security.
There are several reasons that the attackers would need to interfere with the corporate network. The individuals who causing the network attacks are called network attackers. The following are some of the malicious actions done by the attackers.
1. Stealing hardware or software
2. Running a code which damage computers
3. Perform actions that deplete network resources
4. Stealing of data and many more motives
Network security appliances that reduce risk
Source spoofing and anti-spoofing-this is the process of inserting a fake information to TCP/IP headers with an intention of more trusted host taking it away. Address spoofing happens when an attacker tries to slip over a peripheral fortifications by masquerading like an interior host, and interior packets must not arrive inbound the routers boarder. Realising this packet guard the network against spoofing attack, and the boarder routers may be utilized to release inbound packets that has IP addresses that relates to internal network (Sajjad et al 2018).
Internet control message protocol-this protocol provides a tool that reports to the TCP/IP connection hitches, and also provides efficacies used to test the connectivity of the IP layer. While troubleshooting network difficulties ICMP is invaluable. However, the tool may also be used in gleaning of crucial information concerning network topologies and the existing host services. The following are the designate relevant ICMP purposes and risk they fake when it is utilized for spiteful motives (Rosen, 2014).
Security switch practices- the network nodules are not aware that the switches grip the traffic of incoming and outgoing communication skills, since the node is not directly mindful it makes the switches to be a soundless workhorse of connections. Apart from giving an executive interface, the switches does not retain layer 3 IP addresses, because of this the host would be unable to propel traffic directly to them (Ion, Reeder & Consolvo, 2015, p.1-20).
However, the chances of ARP attack does not mean that the switches will not be used to control network devices. There is a unique MAC address to any network interface, switches are not configured to permits only precise MAC reports to propel traffic over specific port within the switch. The role is referred toportsecurity, it helps when the physical address in a network port cannot be relied on. For instance in public kiosk having a port security, a malevolent individual can never unblock the kiosk, switch the port and charged computer because the computer Switch and the MAC would prohibit the traffic. Though it is possible for the MAC address to be spoof, securing a port to a certain MAC forms a hurdle for an intruder (Stein, 2018.pp.556-583.).
Switches may also be utilize to form a VLANs. The VLANs has two layers of broadcast domains which use more segmentation of LANs. A switch should cross the host’s packets over a layer 3 device and should be routed to appropriate VLAN to enable communication across various hosts (Lee, Sohn & Seok, 2018).