Background. You have just been hired by a startup cyber security company. The co
ID: 3601455 • Letter: B
Question
Background. You have just been hired by a startup cyber security company. The company has agreements with vendors to provide network architecture designs, including intrusion detection tool placement and operation.
Task. You are designing and implementing a corporation’s architecture and intrusion detection capabilities from a blank slate. As a cyber security analyst you must design a network containing the architecture components listed below, and design where the security components will reside within that network. The security components necessary are also listed below. Your security components are not limited to the specific brand of tools taught in this course, but the tools you select must fulfill the same functions as the tools we learned about.
Architecture components:
1. Public facing web server where users can login
2. Web server database containing customer information
3. Email system for users to communicate with each other and customers
4. Internal user systems
5. Firewalls, switches and routers as necessary
Security Components:
1. Network segmentation (e.g. DMZ, internal, external)
2. Network-based Intrusion Detection or Prevention (e.g. Suricata in passive mode or active mode)
3. Host-based Intrusion detection (e.g. AIDE)
4. Network foot printing tool (e.g. nmap)
Corporate Requirements:
1. Protection of a pubic facing web site where clients can log in, access their accounts, buy and pay for product/services, have access to training and education material, access a knowledge base, security blogs, links, etc.
2. Protection of client data (client network data, assessment results, financial information)
3. Protection of internal systems which may contain employee PII, financial, banking information and email.
4. Ability to detect rogue systems or unauthorized devices
Deliverable(s).
1. Architecture of the network components defined above
2. Placement of the security components, defined above, within that architecture
3 A description of the traffic that each network based security component should be configured to allow or explicitly deny
3.a. For example, a NIDS placed between a public facing web server and the internet may potentially only allow internet traffic on ports 80 or 443, and prevent all other traffic
3.b. For example, a NIDS placed between a public facing web server and the internet may potentially only allow internet traffic on ports 80 or 443, and prevent all other traffic.
Explanation / Answer
Linux is one of the most used OS when it comes down to the servers. It is true that vulnerability in Linux are arising as the time passes. Hence, many big organizations are running down the Bounty programs to get them on the safer side and even a big leap in getting security for themselves. This technique has decreased the hacking scenarios and has increased the awareness towards cybersecurity.Today, we are going to talk about the recent vulnerability that was been disclosed in the Linux systems. Below is the description.
Network Monitoring Using Security:
The Traffic monitoring is also an important concept as it can be used to increase the chances of being vulnerable as much time it takes to get less traffic. As, chances of being exploited with attacks such as DoS & DDoS attacks. The networking of the whole system is being done mostly on Linux so understanding Linux to attend the traffic in the system with full proof of vulnerability.
Linux Vulnerability:
The vulnerability was very severe and consists of the programming issue in the ELF files in linux kernel while the kernel loads.
The exploiters had written an malicious program known as Position Independent Executable(PIE)which was able to exploit the loader and will be able to map the rest of the part of the Application's data segments which was been registered over the memory area and was reserved for the stack.
This completely resulted in the memory corruption and was then possible to get the local privilige escalations.
The flaw was completely representing the possible mechanism for any exploiter or hacker to put up a normal user as root and then acquire the control over the system easily.
The patch of the vulnerability was given away recently past two days and the sysadmins were advised to patch the systems for prevention of more hacks.
Hence, this is how the linux security is exploited and with the help of the possible exploits and pitfalls in the system there are many hacks happening in the systems with Linux.
Exploiting The Vulnerabilities:
In Linux, there are penetration tester softwares that test the vulnerabilities and make the world aware of the security issues that are contained in the systems. The system will then get to know about the cyber security and getting into the facts of the applications is also very important.
The vulnerabilities that are pretty much available in the Internet and are exploited are as follows:
Remote Code Execution (RCE)
Phishing
XSS Attacks
SQL Injections
DoS & DDoS Attacks
Hence, these are the vulnerabilities that are being indentified on the bigger scale in the market and are being exploited by many security professionals and hackers.
Methodologies:
The impact of the vulnerabilities on the organization may be very intense if not focused on. To keep the network running and fine we need to overcome these vulnerabilities and create patches for these vulnerabilities otherwise the impact of these vulnerabilities will be very immense.
The network if contains any of these vulnerabilities and if not focused on removing the vulnerability it can be exploited by anybody resulting in decrease in the privacy.
It will also result in getting the security of the network in trouble and can be compromised by anyone anytime.
Hence, these are the impacts of the vulnerabilities and how must one deal with these vulnerabilities.
Ebay Hack:
This was 4 months back the massive data breach in the e-bay website which left more than 100 million registered users under an hacked situation. This was an vulnerability test but still it was quite a big and massive data breaches running in wild from long time.
Details Of Breach:
The breach consists of the authentication problem and it became very easy for one to change the password of the users with the reset link, which sounded like little of the problem but would have become one of the wildest running vulnerability if it would have been in the wrong hands.
The breach was been identified by an security researcher and sent the details of the vulnerability to the e-bay team and then they started patching it. This vulnerability was not caught by any hacker so e-bay was at a bit safe side.
The vulnerbility was exploited using one of the most common things which can be used to hack. The forget password link, this link was activated by the attacker which resulted in sending an reset link to the victim.
But the attacker, kept on sending the reset password. The attacker intercepted the request and saved the reqInput value which was then triggered again and again for which the user clicks the link and then resets the password but the password is been set by the attacker using the same reqInput link.
Hence, this is what the exploit encountered recently in e-bay website.
About The Researcher
The security researcher was from Egypt namedYaseer.H.Ali. As, he is an security researcher as soon as he came to know about the exploit he reported to Ebay and the exploit was patched and now the website is running fine with it can be never done to the website.
Thanks to the researcher.
Consequences:
The consequences of the exploit would be very immense and disturbing if it would have been exploited in the wild. It would have resulted in declaring many wrong things to the group.Some of them are stated below:
It would have resulted in losing all the privacy of the users.
It would have left all the credit card, debit card numbers of the users open to all the hackers.
Acquiring the account may have altered many things in the account which may have resulted in very bad consequences.
Hence, these are the consequences that would have happened if it would have been reached to many hacking groups.
The ISO network management models consists of the Internetworking of the TCP/IP models in which there are certain steps to be taken into consideration from the point of view of the various concepts in the network models.They are as follows:
OSI Funtional Areas
Internetwork Explainer
SNMP(Simple Network Management Port)
Various Tools & Applications.
The functional areas that are dependent on these various functionalities are as follows:
Fault Management:
This part of the OSI Network Management Area consists of enabling the facilities like detection, isolation & correction of the most abnormal operations.
To handle such conditions there is an error-such as transient bit of the error that will be detected or corrected.
The fault management is the only process where the faults are been rechecked and handled as per the contribution of the testing process.
Configuration:
Determining the configuration of the network services is been done in the process. To get the services up and in running condition there is need of getting the procedures ready for the console serving process.
To get the operations such as shut down and start-up are been done in this part of the functioning of network services.
Performance:
This process facilitates the evaluation of the behavior of most of the managed objects and there are variously effectiveness of the communication of the activities.
There are various parts of monitoring and controlling of the services. They check the services are running accordingly or not.
To handle the performance one must regularly have a check on the systems and get their hands on running the network models.
Security:
The security protocols are been the driving forces in the network management models. This modelling of the network models is toally dependent on how strong is the security of the network working.
The modelling of the network is the least that can be tolerated. It ensures the generation, distribution and stroage of the encryption keys and passwords. So that the security is been maintained at it's most.
There are many effective maintainence of the logs activity and other such things in the recognition of the security of the netowrks.
Accounting:
The process of accounting is known to facilitating the affirmation of the charges and the cost which can be assessed by the normal use of the network services.
The network services are been maintained on the basis of the areas which are mandatory to handle and costing of such areas.
Handling accounting problems is one of the crucial problems in the Network management and for this to neutralize we need to get the accounts of the network mangement been resolved.
Hence, these are "gey areas" in each of the above written functional areas which must be handled with utter care.
Rate an upvote....Thankyou
Hope this helps.........
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.