Documente Academic
Documente Profesional
Documente Cultură
MAIN CAMPUS
INSTRUCTIONS:
a) What’s the one main drawback of network taps and protocol analyzers? (1 mark)
Putting a network tap into place will disrupt the network being monitored
b) Explain two vulnerabilities associated with the File Transfer Protocol (FTP) ( 2 marks)
Packet capture (Sniff) - When a file is sent using this protocol, the data, username, and
password are all shared in plain text, which means a hacker can access this information
with little to no effort using packet sniffers like Wireshark.
Port Stealing - an attacker can observe the current port number allocated by the server
and "guess" the next one that will be used. The attacker can make a connection to this
port, thus denying another legitimate client the ability to make a transfer.
c) Explain what you understand by the two these two secure network technologies NAC and
PAT ( 2 marks)
Port Address Translation – is an extension to NAT that permits multiple devices on a local area
network to be mapped to a single public IP address. Each packet is given the same IP address but
a different port number
1. Installing the IDS database - IDS uses the database to compare traffic detected by
sensors. There are two types; Anomaly-based systems, which requires a training period
of over one week and Misuse-based IDS which can use data base immediately
2. Gathering data – Network sensors gather data by reading packets. Sensors need to
be positioned where they can capture all packets
3. Sending alert messages – Sensors capture packets, the IDS software compares
captured packets with information in its database, the IDS then sends alert messages if
captured packets match an attack signature or deviated from normal network behavior
4. The IDS responds – Command consoles receives alert messages and notifies the
administrator. The IDS can be configured to take actions when a suspicious packet is
received for instance; send an alarm message, drop the packet or stop and restart the
network traffic.
5. The administrator assesses damage – The administrator monitors alerts and
determines whether countermeasures are needed.
6. Following escalation procedures – these are set of actions to be followed if the
IDS detects a true positive. This should be spelled out in the company’s security policy
7. Logging and reviewing the event – The IDS events are stored in log files or
databases. The administrator should review logs to determine patterns of misuse
c) State at least three ways in which you can harden an operating system to resist attacks
(3 marks)
Patch and upgrade
Remove unnecessary programs
Use Security templates for users
IP Version
Source IP Address
Destination IP Address
a) State and explain the various components that make up an intrusion detection system
(IDS) (10Marks)
1. Network Sensors – This can be hardware or software that monitors traffic in your
network and triggers alarms. Attacks detected include single-session attack, multiple
session attacks. Sensors should be placed at a common entry points e.g internet gateway.
2. Alert Systems – These are circumstances that cause an alert message to be sent
3. Command Console – Provides a graphical front-end interface to an IDS which enables
administrators to receive and analyze alert messages and manage log files.
4. Response system – IDS can be setup to take some countermeasures. This do not
substitute net administrators because administrators can make judgement and distinguish
false positive.
5. Database of attack signatures or behaviors – IDS don’t have the capability to make
judgement therefore they can make use of a source of information from comparing the
traffic they monitor.
b) State and briefly explain at least 5 advantages associated with subnetting as a way of
securing a network infrastructure (5 marks)
1. Decreased network traffic – Broadcasts to network hosts are generally limited to
individual subnets
2. Flexibility – The number of subnets and hosts can be customized for each organization
and easily changed as necessary
3. Improved troubleshooting – Tracing a problem on a subnet is faster and easier than on a
single large network
4. Improved utilization of addresses – Because networks can be subdivided it generally
reduces the number of wasted ip addresses
5. Minimal impact on external routers – Because only routers within the organization are
concerned with routing between subnets, routers outside the organization do not have to
be updated to reflect changes
6. Reflection of physical network – hosts can be grouped into subnets that more accurately
reflect the way they are organized in the physical network
c) Briefly explain at least 5 convergence vulnerabilities especially in relation to VOIP
(5 marks)
Operating Systems – Softphones that operate on standard pcs are vulnerable to
operating system attacks
VOIP protocols – Many of the common VOIP protocols do not provide adequate call-
party authentication, end-to-end integrity protection, and confidentiality measures
Lack of encryption – Voice protocols do not encrypt call-signaling and voice streams,
so identities, credentials, and phone numbers of callers can be captured using protocol
analyzers
Network acknowledgment – attackers can flood VoIP targets with DoS type attacks
that can degrade service, force calls to be dropped prematurely, and render certain
VoIP equipment incapable of processing calls
Spam – Spam over internet telephony can carry unsolicited sales calls and other
nuisance messages and programs can download hidden malware to softphones