Delivery in day(s): 3
Networking Question Assignment Help
Network Address Translation (NAT)
NAT is useful to provide security in network by making it necessary for every incoming package to go through the translation process which isolates the identity of original destination from the sender. Also it offers mechanism to reduce the requirement of IP addresses for an organization with reuse of existing address with routers. NAT works as intermediate firewall for server and connecting devices because incoming request must need to be already mapped in PAT table of router to get access to terminal otherwise they are rejected. However, terminals in network under NAT are able to connect to any website and downloading server. Incoming packages are filtered at routers to check their entries in table. Connection can only be established from network devices to outer internet devices (Bagnulo.et.al.2011).
For instance, a terminal has IP address 10.0.0.9 which cannot be routed for internet service. However terminal can access internet with a router which translate the address into public IP address which is capable to be used in internet protocols. In same manner, incoming packages can be translated from public IP address to private IP address to map the terminals to internet. In order to connect multiple devices in network with fixed number of IP addresses, NAT is useful because router can manage dynamic table to map all local addresses with corresponding public IP address as shown in second figure.
Cloud security threads and solution
Cloud specific threats affect the efficiency of the organization and also create the risk of migrating application and data to the cloud. The security of data is serious concern for the organization. The first step is to minimize the risk is to identify the top security threats. Following are the threats that can be identified:
- Data Breaches: Cloud environments face many of the related threats as customary corporate network, large amount of data stored and attractive target to the providers. The severity of the capable damage tends to rely on the sensitivity of the data revealed. Revealed individual financial statement details be liable get the captions, but the breakages contains health related information, business secrets and disclosed property can be more shocking (Zissis and Lekkas, 2012). If the data disclosed than organization may cause fine or they may face the law related activities or may face the criminal charges. Contravene investigation and the customer notification can bring important costs. Indirect effects, like brand damage and loss of business clients this kind of things affects a lot to the business.
- Account Hijacking: Fraud and software exploitation is the biggest threat for the cloud computing. Attackers may use the cloud application to do the attack on other parts of the organization. Organization must ban the sharing of account credential between users and services as well as instruct them about the authentication schemes that are available.
- Permanent data loss: Malicious hacker’s many times deleting the data on the cloud drive permanently (Nicho and Hendy, 2013). This is severe loss for the organization and there is no way to recover the data.
Types of wireless attacks and possible solutions
- Denial of services: Under this threat the user may send continuous request to the device that causes the long line of the users and thus it may crash the programming of the device. The solution for this problem is that the user may use the firewall to block such kind of users.
- Replay attacks: These attacks are generally done by the different kind of IP address by which firewall is not able to understand that which IP address should be blocked and these results to crash of the system (Fragkiadakis.et.al.2013). The hackers do the thing that they accelerate the data flow on the network to reduce the time required to gather sufficient information to crack a WEP encryption key.
- Network Injection: In this attack the cracker can make use of access point that are revealed to non-filtered network traffic and thus if may crash the data drive. Under this the hacker may inject the bogus networking re-configuring commands that affects router, hubs and switches.
- Man in Middle: The attack needs the reliable software that may give the high loss to the user and significant data loss to disruption (Pearce.et.al.2013). The hackers insert themselves between the access point and the wireless terminal.
Network access control (NAC)
NAC is a mechanism to protect the availability of resources from certain users in network so that they only can access granted resources. There are basically four models of NAC:
- Mandatory Access Control: In this model, only the owner defines the permissions for users and user has no control on settings. Model is based on the assignment help of labels to every level which determines MAC as policy and management strategy. Model is subdivided in Biba and Bell-LaPadula model. Biba model focuses on integrity of data whereas LaPadula focuses on confidentiality of data. Number system is used on files to protect the data from reading and writing because a lower numbered user cannot read or write the file with higher numbers.
- Discretionary Access Control:In comparison of MAC, DAC is more effective for owners as they can decide who can access the resources. This model uses concept of Access Control List (ACL) to assign the permissions and rights to uses. For instance, in windows operating system ACL is used with NTFS so that owner can decide who can access files and folder (Chen.et.al.2010).
- Role Based Access Control: In RBAC, individual is not monitored for permission and rights but the group of users is determined in respect of their roles in organization. For instance, owner can decide certain resources for access only at administrative level and standards users are not allowed to perform any action on resources.
- Rule Based Access Control: Router with proper configuration of ACL is used to determine which IP addresses are under granted list to access resources. Other IP addresses are automatically blocked in network to access resources. For that, routing table must be configured with predetermined list of blocked or allowed IP addresses.
Books and Journals
Bagnulo, M., Matthews, P. and Beijnum, I.V., 2011. Stateful NAT64: Network address and protocol translation from IPv6 clients to IPv4 servers.
Chen, Z., Deng, F.C., Luo, A.A., Jiang, X., Li, G.D., Zhang, R.H. and Lin, C., 2010, June. Application level network access control system based on TNC architecture for enterprise network. In Wireless Communications, Networking and Information Security (WCNIS), 2010 IEEE International Conference on(pp. 667-671). IEEE.
Fragkiadakis, A.G., Tragos, E.Z. and Askoxylakis, I.G., 2013. A survey on security threats and detection techniques in cognitive radio networks. IEEE Communications Surveys & Tutorials, 15(1), pp.428-445.
Nicho, M. and Hendy, M., 2013. Dimensions of security threats in cloud computing: A case study. The Review of Business Information Systems (Online), 17(4), p.159.
Pearce, M., Zeadally, S. and Hunt, R., 2013. Virtualization: Issues, security threats, and solutions. ACM Computing Surveys (CSUR), 45(2), p.17.
Zissis, D. and Lekkas, D., 2012. Addressing cloud computing security issues. Future Generation computer systems, 28(3), pp.583-592.