Monday, December 9, 2019

Information Security Technologies-Free-Samples-Myassignmenthelp

Questions: 1.Define the concepts of symmetric key encryption, public key encryption, and hashing and explain which of these techniques are used for confidentiality and authentication. 2.You are a security administrator responsible for your organization's security. Using the content of the book, describe in detail at least two ways to defend your company from denial of service attacks 3.You are a security administrator responsible for your organization's security, list rules for working in secure areas. Please include how should trash bins be protected? 4.The two types of filtering IDSs use are deep Packet inspection and packet stream analysis, explain why they are important and why they are processing intensive. Answers: 1.Encryption Symmetric key encryption This is a cryptography approach in which the message sender and the receiver share a common single key used for encrypting and decrypting a message. It uses algorithms where similar cryptographic keys are used for both plain text message encryption and cipher-text message decryption. As such, the key is a secret that is shared between the sender and the receiver. Symmetric encryption is used to ensure confidentiality; it helps keep messages secret and unable to be intercepted and decrypted before they reach their destination. The process starts with a sender creating a cipher text through encryption of plain text message using a symmetric encrypting algorithm as well as a shared key. The created cypher text is then sent by the sender as a message to the recipient and the receiver then decrypts the sent encrypted message into plain text using the shared key. There are two parties involved, and only these two parties have the key for the encrypted data and information. The space of a key doubles every time a bit is added to it, meaning that longer keys are much better than shorter keys in ensuring security and confidentiality. Since, for example, people use patterns they can remember to generate passwords, attackers can build dictionaries of passwords that are regularly used for launching attacks (Sikorski, Honig Bejtlich, 2012). The symmetric key that is encrypted can be changed at every instance, creating a session, but changing the keys at every session means an attacker cannot decrypt each and every new session key, thereby enhancing security. There are various symmetric encryption algorithms in use and include Rijndael and Triple DES; they are designed to perform efficiently on common hardware architectures. Symmetric is very simple in nature due to the sharing of the secret key between the sender and recipient. Public key encryption This is the opposite of symmetrical key encryption is is usually termed as asymmetric key encryption where both private and public keys are utilized in data/ message encryption and decryption. It entails using large numbers that are paired together, although the numbers are dissimilar. In the pair, one key is shared with anyone and makes up the public key. However, the other key remains secret and is thus the private key. In public encryption, the strength of the public key encryption system is based on the degree of computational difficulty for a key that is propery generated properly to be established from the corresponding public key. Security then becomes dependent only on ensuring the private key remains private; the public key can be published without any compromises to security. Either the private or public key can be used for message encryption; the opposite key is then used fr data/ message decryption (Cobb, 2016). The public key encryption is employed both for authenticatio n and confidentiality (Buchmann, Karatsiolis Wiesmaier, 2016). Hashing Hashing is the act of transforming character strings into a a shorter value or key with a fixed length to represent the original longer string. It incorporates a mathematical algorithm that maps arbitrary sized data into bit strings with fixed size to create a one way hash function that cannot be inverted. Hashing is used for authentication as an HMAC (keyed hash message authentication). The cryptographic hash function is an algorithm that is run on a specific data such as a password or file; this produces a value that is called checksum. The hashing function is employed in verifying how authentic a piece of information of data is. Two pieces of data or files can be guaranteed to be identical if the checksums that are generated for every file based on the same cryptographic hashing function remain similar. Hashing functions of cryptography are designed so as to prevent reversal of checksums created back into their original texts. However, despite being designed so as not to be revers ed, there are loopholes that can be exploited ton reverse hashes; a rainbow table can be utilized to figure out the plain text of a given checksum. Technically, though, this is not reversing cryptographic hashes but are helpful for passwords that are simple. 2.Secure Networks Implementing strong intrusion detection systems The intrusion detection systems will detect any anomalies in traffic entering the companys network , especially when valid protocols are used by malicious people to as attack vehicles; these would be different to detect by other methods. The detection systems ill act as the first line of defense; it is important that an attack is detected and ascertained, before other measures such as contacting the ISP can be set in motion Implementing firewall and router configuration against DoS attacks This entails configuring network routers in such a way that they stop simple pinging attacks by filtering protocols that are non essential and stopping invalid IP (Internet protocol) addresses. But routers can be ineffective against sophisticated DoS attacks, hence a firewall should also be implemented to work with the routers. The firewall should be updated and patched regularly and set up to shut down specific data flows in a network associated with DoS attacks; hence the need for intrusion detection systems. The router must be set up in a way that it blocks all inbound traffic that have a source address from inside the companys internal networks. This is done because having inbound traffic having source addresses from the companys internal network is a sign of spoofing and spoofing is among the most challenging forms of DoS attacks to stop..or even detect. The routers should also be set to stop all outbound traffic whose source addresses are NOT from the company's internal network ; this is because the companys network should never generate traffic sourced from other different networks as it is possible someone from within the company is spoofing another user on another network (Hosting, 2004). The routers should also be set to stop all outbound and inbound traffic having addresses from private range of addresses as defined in the address allocation for private Internet; such addresses are supposed to be used in internal networks and so they should not be routed over networks using ISPs (Internet service providers). However, ISPs can make mistakes so these should be blocked from the companys networks; this requires Windows automatic address blocking for private IPs should also be enabled. The routers also need to set to block out all packets that are source -routed as this is a classical sign of an attack. Further, the router should be set to block all fragment packets as well as broadcast packets, including all directed broadcasts. This is because while broa dcasts are of use within networks, they have no role between networks. Fragments should not be accepted as they are usually not created and can be used by attackers using Frag-routers to avoid detection in network intrusion. 3.Access Control The procedure for working in secure areas in an ICT environment must first start be limiting and managing physical access to these areas. The integrity of the secure must be maintained by; Confirming and ensuring the access door to the secure area remains locked; before entering, it must have been locked and should also be locked after finishing using the protected area. The door to the protected area should never be left open while working inside the secure IT area Unsupervised access to the secure area such as by contractors doing maintenance should never be allowed; and is such a permission must be given, such as for maintenance technicians, then the administrator must supervise entry, use, and exit of the secure IT area The secure IT area environments integrity must also be maintained; Hazardous material, food, and drinks should never be brought into the secure IT area Nothing should ever be plugged into UPS power outlets, be they vacuum cleaners or power tools; they also should never be plugged into server racks, unused servers, and spare cables power sources. When installing cables in horizontal or vertical conduits, the fire protection systems must either be installed or replaced Actions must be limited to appropriate and authorized activities Approved ITS RFCs (requests for change) must accompany any changes to the IT infrastructure and systems Entry into the secure area such as for checking the status of servers must be specified and actions undertaken only for that specific task/ purpose Equipment or cabinets for which one has no authority/ responsibility should never be opened by the person using the secure IT area Anything out of the ordinary that is observed in the secure IT area, such as UPS or servers sounding the alarm must be reported immediately to the IT service desk Great care must be taken whenever performing routine/ scheduled tasks in the secure IT area not to disturb equipment nearby, for instance ladders should not bump onto IT equipment while being used. The IT service desk must be immediately contacted whenever one accidentally damages, disturbs, or unplugs any equipment in the secure IT area Trash bins must be kept in isolated areas away from IT equipment and should be fastened so they do not topple over. Further, the trash bins need to be lockable, or have a tight fitting lid and be airtight so that the heat and cooling does not cause debris being blown into the air. Access to the secure IT area must be logged If the area is accessed using electronic keys, the key should be scanned always, even if someone has already opened the door and accessed the room to maintain access logs People accessing the secure IT area must sign in when commencing work and the time when the work has been completed using either a log book or an electronic logging device The reason for entry into the secure IT area must always be given including change requests (as applicable) as well as the times when one entered and exited the secure IT room. To reduce the risk/ dangers of individual PCs theft within an organization, the PCs can be locked/ attached on to the work desks and tables using a cable where the cable is wrapped around an applicable area on the table and locked. A device like the Kensington desktop locking kit can be used for this purpose. Every PC must have restricted log-in with a complex password required to log in to the PC; for very sensitive computers, the log-in should incorporate a two step log-n process where the person also receives a specific code through their mobile devices to enable them use their strong password to log into the computer (Shinder, 2007) 4.Firewalls Firewalls are put in place to stop malicious code from gaining access into a network; most firewalls use the stateful packet inspection (SPI) system. The SPI works at the OSI models outer layer and examines basic information within data packets, for instance, the packet footers and headers and the process also determines if data packets belong to valid sessions and the firewall determines whether the data packet should enter into the network or not. But SPI has several flaws, and is essentially a basic gatekeeper for checking headers and footers in data packets; as such it does not provide information on what is contained in the packet and if its a part of a bigger transmission. For this reason, Deep packet inspection (DPI) was introduced; apart from looking at headers and footers, it also examines the content of data packets to seek out predefined criteria and illegal statements. This makes it possible for the firewall to make decisions that are more informed on whether to allow or block the packet from getting through based on this information (its content). DPI therefore goes deeper into data packets and this makes it possible to make better determination on the content of data packets before being allowed entry into a network (Tzu-Fang, Nen-Fu Hsiao-Ping, 2010). DPI disassembles incoming data packets, examines their data (payload), and makes comparisons of this data with predefined criteria, before re-assembling the data packet for transmission or alternatively, rejects it. DPI uses signature matching as well as stealth payload detection to examine and validate data. However, DPI does much more than just data packet examination; the information contained in the DPI is used by other network security management tools to better understand network traffic. This helps unify the management of network and application performance into a single event. This creates additional value for better troubleshooting as a network manager can view a complete picture of netwo rk traffic and determine causes of issues with network performance. The additional information offered by the DPI can be used for network analytics, network trending, and for forensics. Therefore, DPI in firewall operation serves the function of improving network security through increased and detailed examination and detection, while also providing data and information for network performance management Packet stream analysis refers to an evaluation of data streams (several data packets) to evaluate the communication patterns in computer networks. Packet stream analysis entails the capture and examination of data within a network to deduce information from the examined communications patterns. A packet stream refers to a stream of network traffic having common identifiers and is defined by traffic with a similar source IP, protocol, destination IP, source port as well as a destination port. The packet stream analysis evaluates these parameters and if there is a change, new flows are defined. This analysis is essential in troubleshooting problems within a network, such as issues to do with congestion and help with intrusion detection (Asarin, Sabelfeld, Meier Gollmann, 2006). The packet stream analysis also helps rules for intrusion detection and firewall rules; it is also important in undertaking threat and incident detection, all to ensure networks remain safe and avid attacks suc h as denial of service, malware attacks, and cyber attacks to computer networks; while also providing tools for better network management and troubleshooting of responses. These processes are very resource intensive (memory and CPU) because they involve capturing, analyzing and processing, and reassembly for large amounts of data such as 10 Gigabits per second, which is a high throughput; this consumes a lot o CPU and memory power. References Asarin, E. A., Sabelfeld, A., Meier, J., Gollmann, D. (2006). Computer Security - ESORICS 2006: 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings. (Springer e-books.) Berlin Heidelberg: Springer- Verlag. Buchmann, J. A., Karatsiolis, E. Wiesmaier, A. (2016). Introduction to Public KeyInfrastructures. Berlin, Springer-Verlag GmbH. Hosting, P. F. (2004, June 24). How to defend against DDoS attacks. Retrieved August 26, 2017, from https://www.computerworld.com/article/2564424/security0/how-to-defend-against- ddos-attacks.html Shinder, D. (2007). 10 physical security measures every organization should take. Retrieved August 26, 2017, from https://www.techrepublic.com/blog/10-things/10-physical-security-measures- every-organization-should-take/ Sikorski, M., Honig, A., Bejtlich, R. (2012). Practical malware analysis: The hands-on guide to dissecting malicious software. San Francisco: No Starch Press. Tzu-Fang, S., Nen-Fu, H., Hsiao-Ping, L. (April 01, 2010). In-Depth Packet Inspection Using a Hierarchical Pattern Matching Algorithm. Ieee Transactions on Dependable and Secure Computing, 7, 2, 175-188.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.