Physical Layer Essay

Physical Layer Essay
COMP247 Assignment 1 Van Vu 42872480 1) QueStiOn oNe Physical Layer, IEEE.802.3 The
physical layer, inclusive of the cables that transport data are exposed to the environments and
various other external factors making its reliability difficult to guarantee. Despite this, the physical
layer has several of its own contributions to making a quality network. The Institute of Electrical
and Electronics Engineers (IEEE) has developed standards for physical ports and cables that have
been generally accepted globally. This greatly simplifies the physical connection work required with
only one type of cable needed that will fit any machine's ports. This further extends to the scalability
of a network, allowing additional machines to be connected ... Show more content on
Helpwriting.net ...
By having the finer internal cables intertwining and twisting, it reduces the effect of electrical or
magnetic interference on the signals By nature of how electrical work, more than once signal cannot
be transmitted as they interfere with each other and data can be corrupted and be recoverable. A
system of allocating time or sharing of the resource avoids this problem. There are options such as
passing a token where only the token holder may transmit or time reservations. Though these
methods work, they are inefficient as time is lost during token passing, or when resources are
urgently needed. CSMA/CD and CSMA/CA protocols are designed to overcome is issue.
CSMA/CA taps into and listens in on a line to check that not data is currently being transmitted. In
the case that the line is unused the device may transmit its data allowing for the line to be used
dynamically. This method has a blind spot, in the case two or more devices are listening on an idle
line simultaneously, they will send simultaneously and each signal will interfere with the other.
Though there are protocols to avoid this from happening again when each node resends their data,
time lost can vary depending on the quantity of data sent. CSMA/CA resolves this by listening while
transmitting, if a collision is detected the data stream is cut off and stopping data that will be
corrupted being sent. This avoids wasted time, during which a resource is in use but nothing
productive is achieved. Data
... Get more on HelpWriting.net ...

A Report On The Attack Automation Strategy
http://www.eecis.udel.edu/~sunshine/publications/ccr.pdf
1a) An DDoS(Distributed Denial of Service) Attack consists of several phases – firstly the attacker
recruits multiple agent machines which will be later on infected with the attack code and further
exploited. The infected machines can be used to further recruit new agents. We can outline those
phases as Recruit, Exploit, Infect and Use.
ATTACK AUTOMATION STRATEGY
The attack automation strategy stands for how much of the DDoS attack does an attacker want to
make automatic and how much to leave for manual control. The strategy depends on the degree of
automation of the phases of the attack. There are three general automation degrees – Manual,
Automated and Semi–Automated– which are explained as follows:
o Manual
In that case, the hacker manually recruits machines by scanning remote ones for vulnerabilities,
breaks their security mechanisms, installs the prepared attack code and then directs the attack. This
type of a DDoS Attack has become really outdated since lately all the recruitment phase has been
automated.
Weak design consideration in terms of functionality and productivity.
o Semi–Automated
In the Semi–Automated DDoS attacks the DDoS "network" is made of a handler and an agent
machine. There is automation present for the Recruit, Exploit and Infect phases. Through the
communication between the handler and the agent, the attacker specifies the attack type, the onset,
the duration and the victims ID. The

What Are The Advantages And Disadvantages Of I-Voting System
Anti–phishing I–voting system using Visual Cryptography (VC) aims at providing a facility to cast
vote for critical and confidential internal corporate decisions. The user or the employee is allowed to
cast his or her vote from any remote place. The election is held in full confidentiality where the user
is allowed to vote only if he logs into the system by entering the correct password. The password is
generated by merging two shares using VC scheme. Before the election administrator sends share 1
to the voter's e–mail id and share 2 will be available in the voting system for his login during
election. Voter then combines share 1 and share 2 using VC to get the secret password. No
information can be revealed by observing any one share. Phishing ... Show more content on
Helpwriting.net ...
There are different kinds of applications based on the Internet. One of them is online voting system.
The use of new technologies to support voting is the subject of great debate. Several people
advocate the benefits it can bring such as improved speed and accuracy in counting, accessibility,
voting from home and it is also concerned with the risk it poses, such as unequal access, violation to
secrecy, anonymity and alteration of the results of an election.
Phishing attack is identified as a major attack among all online attacks. Phishing is the attempt to
obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly,
money), often for malicious reasons, by disguising as a trustworthy entity in an electronic
communication. Attacker creates a replica of original website or attacker sends a lot of email to the
user asking him to change certain confidential data as shown in Fig 1. User then fills and submits
the sensitive and useful information into the fake website which allows the attacker to pull the
information and save the data for his or her own illegal use. So, by using visual cryptography
technique the problems of online voting system such as security risk and phishing attacks can be
prevented. It provides secured authentication for Internet voting

Cyber Security Essay
CYBER SECURITY:
Cyber Security also called computer security and IT security, is the assurance of data from theft or
any harm to the gadget, the product and information stored on hardware. It incorporates controlling
physical access to the equipment and additionally ensuring against code or data injection or via
network access. The field is of developing significance because of the expanding dependence of PC
frameworks in most societies. Computer frameworks now incorporate a wide assortment of "keen"
gadgets, including cell phones, TVs and little gadgets as a major aspect of the Internet of Things –
and systems incorporate the Internet and private information systems, as well as Bluetooth, Wi–Fi
and different remote system. ... Show more content on Helpwriting.net ...
Distributed denial of service is hard to block. Due to much traffic, system could not tolerate the
unacceptable requests from different machines. A single user is attacked from the number of
attackers. The millions of requests force the computer to shut down. The main purpose of denial of
service is to disturb business of specific organization. The normal work is effected such as make
server unavailable to its regular users. A single blockage of an IP address could not stop the attack.
Direct – access attacks:
If attacker have physical access to victim computer could easily copy information from it. An
unauthorized user can change coding of operating system to bypass the security check, they could
install malware, worms, or harmful viruses. Though system is secured by standard security, they
could be able to boot computer using another working programs for boot the system using bootable
USB drive or CD–ROM. Trusted platform module or disk encryption are developed to prevent
direct–access attacks.
Eavesdropping:
Eavesdropping is the unapproved real–time interception of a private transmission, for example, a
telephone call, text, video conferencing and fax transmission. The term eavesdrop gets from the act
of really remaining under the roof of a house, listening to discussions inside. Eavesdropping is very
easy to perform with IP–based calls as compare to TDM–based

Ipv4. Internet Protocol Version 4 ( Ipv4 )
IPV4
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP) and it is only
protocol widely used for the communication purpose in the computer networks and it works in the
Internet layer of the OSI reference model. The IPv4 address is 32 bits long. The 32 bit is divided
into four groups. Each group has the eight bits which forms as an octet. Each IP address has two
parts called the network id and the host id. This IP address is used as a unique identification address
for the hosts in the networks. Network ID also known as network address used to identify the
network from the large internetwork. All the computers in the same network will have the same
network ID. Host ID is also known as host address used to identify the host in the same network.
There are five classes of IPv4 address. They are Class A, Class B, Class C, Class D and Class E.
Class A, Class B and Class C are most commonly used, Class D is multicast and Class E is for the
research and the development purpose. These classes of IP addresses are used in different location
based on the network infrastructure.
The first octet in the class A IP address belong to the network part and the remaining three octets
represents the host part of the IP address. Class A can be written as N.H.H.H, N refers the network
identifier and the H refers the host identifier, The number of available hosts is 16,77,214 in each
network, number of networks available is 128 and the default mask is

Nt1330 Unit 3 Network Analysis Paper
Schaffer needs to create a layout with a specialized team that has these: DMZ, Intranet, Internal
Network, Proxies, Firewall Configuration, and mobile users The DMZ is needed to separate the
company from the internet. This is a secured area into which the company should place servers
providing Internet services and facilities (for example, web servers). It is also good to have because
if anyone attacks the machine is hardened to defend from attacks. These servers don't have any
information in the internal network.
The firewall providing the DMZ segmentation should allow only inbound packets destined to the
corresponding service ports and hosts offering the services within the DMZ. Also, limit outbound
initiated traffic to the Internet to those machines requiring access to the Internet to carry out the
service they are ... Show more content on Helpwriting.net ...
Jay might want to segment an inbound–only DMZ and an outbound–only DMZ, with respect to the
type of connection requests. However, given the potential of a DoS attack interrupting DNS or
email, consider creating separate inbound and outbound servers to provide these services.
The intranet helps protects your internal hosts, but it is not in the same place as the host. Internally,
the company also has similar services to offer (Web, mail, file serving, internal DNS, and so on) that
are meant solely for internal users which will allow tighter controls to be placed for router filtering.
Next is the internal network, where everything else remaining is in this segment. The machines on
the segment request information from the host including the labs and other departments that Jay's
company's working with. For each internal network, the company should place a firewall in between
each to filter the traffic to provide additional

Assignment 1 Nt13p 9. 1
9.1 DHCP SNOOPING
What Is DHCP?
Hosts communicate with each other through addressing in a network. At first devices used to be
assigned unique static IP addresses. But, this system could not be scaled up when mobile devices
became more common. Modifying each device's address, such as that of a mobile phone or laptop,
each time it moved from one location to another became very complex.
To resolve this issue, dynamic address configuration was developed, and soon became the standard
addressing system for most networks around the world. All kinds of networks, from coffee shops to
corporate networks, use the Dynamic Host Configuration Protocol (DHCP) to connect a multitude
of devices to the internal networks as well as the Internet. However, ... Show more content on
Helpwriting.net ...
When DHCP snooping is enabled, a database called the DHCP snooping table or binding table is
created. This database stores the lease information from the switching device. This includes the IP–
MAC address binding, the lease time for the IP address, the type of binding, VLAN name, and
interface for each host.
The entries in the binding table are updated when significant changes occur in the network. For
example, when a client sends a DHCPRELEASE message to release an IP address, the
corresponding entry in the table is deleted. The entry associated with a device is also deleted if the
timeout value or lease time of the IP address assigned by the DHCP server expires. However, if you
move a network device from one VLAN to another, the device acquires a new IP address. In this
case, the corresponding entry, including its VLAN ID, is updated in the table. DHCP Snooping
Process
Here's what happens when DHCP snooping is enabled on a switching device:
A network host requests for an IP address by sending a DHCPDISCOVER packet to the switching
device.
The switching device sends the packet to the DHCP server.
The server in turn offers the host an IP address by returning a DHCPOFFER packet to the switching
device.
The switching device confirms that the offer is from a trusted interface, and sends the packet to the
host.
The host then accepts the address through a DHCPREQUEST packet.
The switching device adds a placeholder entry for the

S-ARP is a Permanent Solution to ARP Spoofing Attacks
1. How can ARP spoofing attack be controlled permanently? What are the drawbacks of S–ARP
protocol, Static MAC Entries, Kernel based patches?
Answer:
1.1.1 Secure ARP Protocol (S–ARP)
This has been proposed as a replacement for the ARP protocol in [10]. The S–ARP protocol is
definitely a permanent solution to ARP spoofing but the biggest drawback is that we will have to
make changes to the network stack of all the hosts. This is not very scalable as going for a stack
upgrade across all available operating systems is something both vendors and customers will not be
happy about. As S–ARP uses Digital Signature Algorithm (DSA) we have the additional overhead of
cryptographic calculations though the authors of the paper have claimed that this overhead is not
significant.
1.1.2 Static MAC Entries Adding static MAC addresses on every host for all other hosts will not
allow spoofing but is not a scalable solution at all and managing all these entries is a full time job by
itself. This can fail miserably if mobile hosts such as laptops are periodically introduced into the
network. Also some operating systems are known to overwrite static ARP entries if they receive
Gratuitous ARP packets (GARP).
1.1.3 Kernel Based Patches Kernel based patches such as Anticap[11] and Antidote[12] have made
an at– tempt to protect from ARP spoofing at a individual host level. Anticap[11] does not allow
updating of the host ARP cache by an ARP reply that carries a differ– ent MAC address then

Designing My Second Rhel Vm
Goal In this lab the goal was to set up another RHEL server and install a few core services on the
box such as DNS, DHCP, NTP, OpenLDAP and RSysLog. By doing this lab I was able to have a
deeper understanding of the configuration files for each of these services as well as understanding
the way each of these services store data on the server. Procedural and Informational Documentation
When starting this lab, I had to make the decision of how I wanted to create my second RHEL VM. I
quickly threw away the idea of manually making a new VM, installing the OS, updating it and re–
securing it. Instead, I duplicated my VM that was already created for the Wiki server and then
proceeded to roll back changes I made in the firewall, SELinux ... Show more content on
Helpwriting.net ...
I realized my mistake after looking through the pre–made DNS file and I found that my DNS server
was set to only allow queries from the IP it was listening on (127.0.0.1). After removing that entry
from the configuration file and restarting the service, I was able to query using DNS from my
clients. DNS Zone files created successfully The other issue that I had was with OpenLDAP and my
inability to find proper documentation. With the switch to RHEL7, many services and way you
access OpenLDAP configuration files changed. For instance, you no longer are able to edit certain
configuration files directly, all edits must be done through new commands. Once I was able to find
RHEL7 compatible documentation, the process for creating new users, OUs and other OpenLDAP
directories was a breeze. Finally was able to get OpenLDAP configured Security Considerations
There are many security concerns that are apparent when looking at this lab and all of the services
that have been set up on the devices on the network. I will be going through the devices one by one
and go through the security issues apparent and will be going through how they should be addressed
in this environment and in an enterprise environment. The first service that I will be examining for
security issues is the BIND service. Zone transfers are done from a slave DNS to the

Security Issues With Dynamic Host Configuration Protocol
Abstract– The paper discusses security issues with Dynamic Host Configuration Protocol (DHCP)
and four different approaches proposed to secure DHCP. DHCP assigns network parameters to
existing and new clients. A misconfigured client is a big security breach as the traffic from and to
such client can be intercepted. The two main issues with DHCP are rogue server and Media Access
Control (MAC) address spoofing. The techniques discussed in the paper attempt at solving these
problems by encrypting the plain text send in DHCP, using digital signatures and key exchange
algorithms to maintain data integrity and security.
1. Introduction–
Internet grew rapidly over the last few decades. This has led to increase in the size of networks and
number of network devices. The network infrastructure today needs improvement and changes daily,
so adding new devices to network is very essential. The traditional way of assigning network
configuration to clients with the help of a network administrator is difficult. DHCP has now owned
the responsibility to perform this task. DHCP has its security issues because at the time of its
development internet security was not as important as dynamic allocation of the network parameters
were [2]. The major security concern in DHCP is interception of plaintext messages and illegitimate
client or server that compromises the network.
In section 4 of the paper, four different techniques to secure DHCP have been discussed. The first
approach makes use of

Cyber Attack Source Analysis
Results
At first, we will take a look at some statistical numbers we have collected in the past months. We the
help of the web interface, we can easily query the database to get a quick overview of peaks in the
data set that we have collected:
Average number of attack sources per day is 184.94
Maximum number of attack sources per day was 2022 and happened at November
15, 2004.
The two number show that there is a high variation in the collected data about the number of unique
attack sources per day. To take a closer look at this phenomenon, we present in Table 1 the number
of unique sources for six different platforms. In addition, the ta– ble presents the average number of
sources per day, which shows a high variation across different platforms as well.
Currently it is unclear why we have this high variation in the number of average source per day. One
possible explanation for the high number of average sources for the first platform is the following:
since this system is deployed within the network with the first octet 192, it presumably receives
many packets from broken systems which use Network Address
Translation (NAT). Such a system often use the IP range 192.168.0.0/16 (defined in RFCWindows
Others Unknown
Week 1 7235 18 10
Week 2 6839 26 5
Week 3 6475 38 –
Week 4 7766 89 –
Week 5 6594 24 64
Week 6 3599 5 58
Week 7 4640 11 92
Week 8 6247 20 83
Table 2: Operating system of attack source on weekly basis between January and February 2005
1918). If this system is infected

Network Security : Attack And Protection
Network Security; Attack and Protection
DeKenth Davidson
ISSC 461, IT Security: Countermeasures
23 November 2014
American Military University
Professor Christopher Weppler
Abstract: Networks have worked their way into the everyday lifestyle of most individuals in the
world, businesses especially rely on the networks for efficiency and globally reach. With the huge
demand for network usage it is easy to recognize why these systems are a huge target for hackers
and other ill intenders. Securing these popular networks should be a top concern for anyone or
organization that maintains one, additionally anyone using a network has to be able to traverse the
dangerous virtual roadway and be able to identify common concerns that may arise should some
suspicious activity arise.
Keywords: computer, networks, security, network security
Table of Contents
Attention Material
A. Describe the vital nature of Network Security.
1. Individuals and households rely on personal computers for school and work.
2. Computer networks have become the life blood of international business.
B. Malware and malicious intenders are ever present.
1. Recent cyber–attacks on prominent organizations.
BODY
I. Home Computer Networks Attacks
A. Growing number home computer networks.
B. Potential risks.
1. Malware.
2. Inadvertent disclosure of data.
3. Potential for hackers. C. Security controls. 1. Router controls. 2. System Controls. 3. Personal
responsibilities. D.

Limiting Ip Spoofing Through Bgp & Idpf Essay
Limiting IP Spoofing through BGP & IDPF
Mr. A.K.Kadam, Devadkar Kirti Rajaram, Ankita Kumari,Arunima
Mr. A.K.Kadam, Professor, Dept. Of Computer Engineering,BVPCOE Pune,Maharashtara,India
Devadkar Kirti Rajaram,Student, Dept. Of Computer Engineering,BVPCOE
Pune,Maharashtara,India
Ankita Kumari, Student, Dept. Of Computer Engineering,BVPCOE Pune,Maharashtara,India
Arunima,student, Dept. Of Computer Engineering,BVPCOE Pune,Maharashtara,India
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
***–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Abstract – IP Spoofing is a serious threat to the legitimate use of the Internet. By employing IP
spoofing, attackers can overload the destination network thus preventing it from providing service to
legitimate user. In this paper, we propose an inter domain packet filter (IDPF) architecture that can
minimize the level of IP spoofing on the Internet. A key feature of our scheme is that it does not
require global routing information. IDPFs are constructed from the information implicit in Border
Gateway Protocol (BGP) route updates and are deployed in network border routers. We establish the
conditions under which the IDPF framework correctly works in that it does not discard packets with
valid source addresses. We show that, even with partial deployment on the Internet, IDPFs can
proactively limit the spoofing capability of attackers. In addition, they can help localize the origin of
an attack

Comparison Between Different Firewall and Their Abilities.
Packet filtering is the earliest technology developed to protect the network from dangers in the
Internet. It works at network transport layer. A data is split in to several packets and then
reassembled back once it has reached its destination. Administrators creates a set of rules which will
then be configured to the router, router will then act as a security guard, will either deny or allow
packets from passing through. However packet filtering has only limited function, it can only
analyze header information in IP packets. For an instance it can all allow or deny specific functions
of FTP such as the use of "GET" and "PUT" command (Ogletree, 2000). Packet filtering susceptible
to IP Spoofing (Webopedia, 2011). IP Spoofing is used by ... Show more content on Helpwriting.net
...
Disadvantage of proxy server, low performance due to processing at application level and not so
effective, due to protocol specific services. Application gateway works on the application level and
it is also connected proxy server; it is more complex version of a firewall, intercepting traffic for a
specific application is what it does mainly (Ogletree, 2000). When a connection is established, it is
then brought to application gateway first or proxy which then will proceed to destination. Compared
to other firewall technologies it is very secure but also consumes large memory and a good
processor (Webopedia, 2011). Advantage of Application level gateway provides direct connection
between external and internal hosts are disallowed, besides that it also allows user–level
authentication and finally application commands are analyzed inside the data packets. (Careerride,
2008–2010). Disadvantage of application gateway– detailed concentration is required to each
individual application that uses the gateway and has a very complicated and complex setup. Circuit
Level Filtering is one step ahead than packet filtering, and it works at Transport Layer. Major duty
would be to check whether the connection between both sides is valid and only then will decide to
allow the packet to be transmitted (Toolbox.com, 1998–2011). Once that is done it allows the traffic
for a limited time from the valid source. To determine the validity of connection, it is based on
certain

An Essay on Denial of Service Attack
DENIAL OF SERVICE ATTACK: SIMPLE BUT DESTRUCTIVE
In last several years, Daniel of Service attack (DoS)/ Distributed Daniel of Service attack (DDoS)
has become one of the most critical threats for internet security, though it's easily accomplished by
the intruders. Even, proven and practicable attacking software are also available on the Internet. To
get rid of this attack, first of all we have to know its consequences.
Typically, an internet connection is established using a methodology named 'THREE WAY
HANDSHAKING'. Following this protocol, at first client pc sends request (SYN) for connection
establishment and then receiving this request server pc response to it sending an acknowledgement
of approval (SYN_ACK) message to the client ... Show more content on Helpwriting.net ...
It just sends UDP echo packet in place of ICMP. This invasion can be very serious because of the
'stateless' property of UDP. This means there is no acknowledgement mechanism in this protocol,
which makes UDP favorable for DoS attack. Attacker swallows up the network by UDP packets.
Because of there is no mechanism, receiver can't identify the fake requests.
Ping of death attack follows the same mechanism but from a new angel. It sends ping request using
over–sized packets. Normally, TCP/IP's Maximum Transmission Unit (MTU) i.e. maximum packet
size is 65,536 octets (as per CISCO). As a result of over–sized pings, the routing device keeps
rebooting perpetually or may be freezes up causing a total crash.
'Tribe Flood network'/'Tribe Flood network 2000' (TFN/TFN2K) is more complicated than previous
DoS attacks. Alternately it is named as 'IP Spoofing'. It is capable of initiating synchronized DoS
attacks from multiple sources to multiple target devices. It accomplishes the violation by imitating
itself as an IP address of a network to other IP addresses, which are in the scope of it. In this manner,
it misleads the network system by using an approved or trusted internal/external IP address and does
massive destruction.
Stacheldraht is a Distributed DoS program (DDoS), which is actually an assortment of DoS
methodologies. It integrates TFN irruption processes along with UDP, TCP/IP, ICMP overflow,
Smurf attack. Starting with a huge

Discuss the Roles and Motivations for Separately Filtering...
Discuss the roles and motivations for separately filtering ingress and egress traffic in the enterprise
network. Describe separate conditions for both ingress and egress traffic as they transit the network.
Discuss: What roles do ingress and egress filtering play in protecting a network? How do protective
isolations help to protect a network? Why do we need to separate and isolate the types of traffic?
Ingress filtering is the filtering of any IP packets with untrusted source addresses before they have a
chance to enter and affect your system or network. It can protect users from malicious attacks based
on spoofing, where a hacker attempts to make a packet look like it originated from somewhere else.
Internet service providers (ISPs) ... Show more content on Helpwriting.net ...
Especially communication between servers has very predefined patterns of communications. By
only allowing this traffic you are sure that no one wills accidently compromise the server by adding
new software, and thus raise the security.
.
The main purpose of egress filtering is to ensure that unwanted or destructive traffic (such as
malware, unauthorized e–mail messages, or requests to Web sites). To create an isolated network,
you need to separate the various types of computers on the organization network according to the
type of access you want the computers to have. The communication requirements are the following:
Computers on the isolated network can initiate communications with all of the computers on the
organization network, including those that are not located on the isolated network.
Computers that are not on the isolated network can initiate communications only with other
computers that are not on the isolated network. They cannot initiate communications with computers
on the isolated network.
REFERENCE
http://msdn.microsoft.com/en–us/library/ff648651.aspx
http://whatis.techtarget.com/definition/egress–filtering

Information Retrieval And Its Effects On The Server
Data is distributed to minimize the response time and request drop rates across all over the servers.
A request for a particular data from the server (vendor or set of mirrors) is sent by client and server
responds back with the data that client requested. In this case server comes to know what data is
requested or needed by the client. Generally mirrors are the third party sites that may or may not be
trustworthy. If in case if a client wants to update a security patch for its system and the mirror that
was chosen for the update is not trustworthy, then in this case it's a threat to the system as its
vulnerability is exposed to third party. Private Information Retrieval (PIR) is basically a protocol
that allows client to retrieve the ... Show more content on Helpwriting.net ...
With manifest provided by server, client can determine which block to retrieve from mirrors and to
validate their correctness. Vendor removes the malicious mirror reported by the client. It also polls
and removes the unresponsive mirror. Mirror: It basically uses 'rsync' to obtain files for a release
from vendor. Mirror stores all of the software update to be released in a contiguous memory. It uses
manifest for the validation of each block. Once the mirror is ready to serve the blocks to the clients,
then it notifies the server for its readiness. Client: The first thing client will do is will request vendor
for manifest and list of mirrors. With the help of manifest, client will be able to determine which
block of the release it will need to retrieve in order to receive updates. The client has the value N
that represents the number of mirrors that it would have to interact in order to keep its privacy. To
retrieve a single block for an instance, it generates cryptographically suitable N–1 and it derives the
'Nth' string by XORing the other N–1 random string together to get the desired updates. As the
mirror receives random bit string, it won't be able to identify which updates client is looking for to
retrieve. In order to protect against those who can monitor traffic, client can securely communicate
with the mirror using encrypted tunnel. The release provided by a vendor

VoIP: A New Frontier for Security and Vulnerabilities Essay
VoIP: A New Frontier for Security and Vulnerabilities
Introduction to Voice over IP Technology
The promise of extremely cheap telephone service, utilizing the Internet to transmit voice, has made
voice over IP an attractive and profitable idea. Vonage (http://www.vonage.com/) and other service
providers entice consumers by charging a flat, monthly rate for unlimited long distance in the U.S.
and Canada; the rate is often less than it would cost for a regular phone line without any long
distance charges. An entity with an enormous call volume, such as a worldwide retail corporation,
could benefit from tremendous cost savings by transitioning all of its telephony networks to VoIP. ...
Show more content on Helpwriting.net ...
H.323 utilizes unicast and multicast on UDP port 1718 to locate the gateway; then remote access
service (RAS) is started on UDP port 1719. H.225 and H.245 are also used for call signaling over
TCP port 1720 and data transmission over TCP ports 1000 through 65535 (Mullins, 2005).
Security Concerns
As with any new technology of the Information Age which has had groundbreaking implications for
the way we communicate electronically, IT managers have been wise to greet voice over IP with
some skepticism. After all, VoIP is a service that utilizes the Internet to transmit data, much like web
browsers, email, or any other networked application. In that case, security should definitely be a
major concern for anyone who is considering the adoption of VoIP telephone service. As
Korzeniowski (2005) writes, "VoIP features all of the security problems inherent with IP
communications and adds a few new items to the mix."
The Internet
The benefits that voice over IP offer must be acknowledged with these security concerns in mind.
Unfortunately for simplicity's sake, VoIP is not just a replacement for traditional phone systems
operating on the PSTN (Public Switched Telephone Network). Indeed, we often take for granted the
security we enjoy on the PSTN, which is by nature more secluded than Internet transmissions. A
dedicated circuit handles only the

Dr Case Study
IV.DISABLING THE RECURSION ON THE DNS SERVER
The DNS is a hierarchical organized system which offers the essential mapping between human
names and their IP addresses so that it can provide appropriate access to internet. DNS does so by
two essential methods; the first one is authoritative DNS which gives original, actual and complete
data to your DNS queries and those data are installed in its configuration system not data that are
cached in other servers.
The other method that DNS provide mapping through it, is the recursive method, this type of service
is done when the DNS server does not find the data or the related IP address in its memory so it will
ask the authoritative DNS about the data and return it back to the user and store ... Show more
content on Helpwriting.net ...
Disabling the recursion and restricting the capability to process delegation data can stop the DoS
attacks and cache poisoning, there are several methods which can be done to protect the DNS as
explained below. Disabling the recursion in your system is the main method that can be done to
protect the DNS, it means that your name server will be put in the passive mode so that no queries
on behalf of other servers will be sent to it that will save the server and the cache memory since it
will process requests which are directed to it only.
The other method is restricting the requests, depending on that it will suggested that sites use
distinct name servers for offering authoritative responses for their zones and offering recursive
services to the internal system, this makes recursive be completely disabled on the authoritative
zone while in the same time offering the recursive service for the internal system.
The third method is restricting the recursion, so that in those structures where it is not possible to
totally disable the recursion, it is suggested that the server be limited to offer recursive processes
only to a limited set of addresses, when this option is used, requests from other IP addresses out this
set will be processed as non–recursive, nevertheless of

The Media Access Control Address
1. Introduction
Media Access control address is a permanent/fixed address which is assigned to every hardware
device connected to a network (wireless adapter, network interface card etc.) by the hardware
manufacturer. Every device on a network has an ip address, IP is an internet protocol which give
unique identity to the devices at network layer. IP address can be frequently changed. One the other
side, MAC addresses are permanent and they work at layer 2 (data link layer). MAC Address is also
known as hardware address or physical address of a device. Changing of MAC address may allow
the bypassing of access control list of router/servers by hiding the computer/device on a network or
allowing it to deceive another network devices. This is called the spoofing of MAC Address. The
media address control spoofing does not mean that we can write the new Mac on the chipset of
network interface card but the Mac spoofing is the way to change MAC details of physical
configuration of the operating system. Spoofing is used to hiding the original machine which sent
the data, this can be done to avoid original machine address or to make it undetectable. For the
safety reasons we don't want to show the original address of the machine which send the data ,
because hackers ,viruses etc. can target our machines by knowing the original MAC addresses.
MAC spoofing is one of the biggest threat for cybercrime investigation agencies, in this today's
world there is no physical evidence where the

Network Security Is Important For Protecting Your Computer
Network Security
EET 5720
Daljot Rai
Have you ever surfed the web and received a popup alerting you a threat is detected? If so, you are
not alone. This is a very common issue web browsers and organizations face. In order to resolve or
prevent such issues, it is key to learn about the security of your network. Network security is the
protection of networks that help secure files and directories of a computer. It helps protect the user
from hackers, virus attacks, misuse and prevents unauthorized access. The importance of learning
and becoming aware of network security is important for protecting yourself and others around you.
I will be discussing the common type of attacks, methods to protect your computer from harm and
discuss what the future may hold for network security.
There are many attacks that can be associated with network security, eavesdropping,
viruses/malware and Trojans, phishing, IP spoofing attack and lastly denial of service.
Eavesdropping, has two subcategories passive and active. Passive eavesdropping refers to someone
listening to a phone call, or reading a chat email (Daya, Bhavya). Active eavesdropping refers to the
hacker physically going in and distressing the conversation (Daya, Bhavya). This type of attack
allows the hacker to steal confidential information. In this circumstance, it is important to have some
sort of network security because having someone listening in on a personal conversation can be
detrimental. This can be solved

Installing Multiple Services On A Single Red Hat...
1. Goal This lab included installing multiple services on a single Red Hat Enterprise Linux 7 Server
box, which included DNS, DHCP, openLDAP, NTP, and rsyslog. I have familiarity with installing
and managing DNS, DHCP, and NTP, while just learning about openLDAP and ryslog, which are a
new concept to me. The installation and configuration of openLDAP allowed me to get a basic
general look at the operation of openLDAP, without going too in–depth. I was able to learn how to
correctly and efficiently configure both the openLDAP server and client, add users, install schemas,
and modify configuration files. Rsyslog was also a new concept to me which brought be a greater
sense of local logging using Red Hat Enterprise Linux 7. This lab focused on deploying a DNS
server, a NTP server, and a DHCP server to handle things such as IP address pools, hostname
resolution, and a systematic time sync to keep all of the nodes on the network on the same page.
Rsyslog allows us to remotely access log files from our servers, allowing us to determine issues
from a node without actually being on that node, which is good when dealing with a client computer
that is having issues. OpenLDAP allows us to create a directory in a similar manner as Windows
Active Directory, to store information in an easily accessible lightweight database.
2. Procedural and Informational Documentation All information pertaining to my virtual network
can be found at the address http://10.0.15.1/wiki or

Database Management Systems : Role Of Database
Chapter 5
Topic 1
DATABASE MANAGEMENT SYSTEMS:
ROLE OF DATABASE IN SQL SERVER:
A database management system (DBMS) is a collection of programs that enables you to store,
modify, and extract information from a database. There are many different types of database
management systems, ranging from small systems that run on personal computers to huge systems
that run on mainframes
1) It is a suite of programs for constructing and maintaining the database.
2) Offering ad hoc query facilities to multiple users and applications.
3) A query language provides a uniform interface to the database for users and multiplications.
4) Database systems provide efficient access to large volumes of data and are vital to the operation
of many organizations.
It also usually enables access controls to be specified over a wider range of commands, such as to
select, insert, update, or delete specified items in the database. Thus, security services and
mechanisms are needed that are designed specifically for, and integrated with database systems.
Statements from database management systems generally plays protecting role for the digital assets.
In this the operating systems mechanisms typically control read and write access to entire files So
they could be used to allow a user to read or to write any information.
TOPIC 2:
PRIMARY KEY AND FOREIGN KEY:
PRIMARY KEY:

A table typically has a column or combination of columns that contain values that uniquely identify
each row in the

Ipv4 vs Ipv6
The IPv4 came before the IPv6 and these datagrams are similar in many ways but also differ in more
ways than one. IPv6 came out in the year 2004 and still uses many of the features that made IPv4 so
successful. IPv6 is supposed to become the new standard over the older version of IPv6, but it is
tough for v6 to take its spot when v6 cannot support everything v4 does, basically v6 cannot connect
to a v4 system. Some differences are that it is stated that the IPv6 is more secure than the IPv4, the
address size went from 32 bits in the IPv4 to 128 bits in the IPv6, extensible protocols are more
flexible in the IPv6, IPv4 and IPv6 are not compatible, the IPv4 will not be able to support
additional nodes or support for applications, and the ... Show more content on Helpwriting.net ...
The reason why the address is longer in v6 is because it can support over 340 undecillion IP
addresses. Mainly because the IPv6 has potential to have problems just like the IPv4 address
problems. Also, the IPv6 has been broken down into geographical locations, meaning that the
address can be tracked to a specific location in the world. The downfall in this part, in my opinion,
in a hacker's point of view, is that you can breakdown a specific location where you would want to
attack, if you know the geographic location of the hexadecimal in the address. What I mean is that
you can know the country code in the IPv6 address and focus your attack in that specific location.
Having a random order of the v6 address would make it more reliable and more secure but also
would allow disorder, not knowing where specific address might be located.
IPv6 is more flexible in using protocols which, are mainly defined as the Request for Comment
(RFC) that we discussed in the discussions. Protocols are defined in the RFC, but the name of the
protocol will be something like Internet Protocol, Internet Control Message Protocol, Telnet
Protocol, and many more. The reason why these Protocols are more flexible in the IPv6 is for one,
the IPv6 is a newer technology than the IPv4, and the IPv6 also has more functionality and allows
more flexibility in the protocols, whereas the

Mobile Ipv4 And Ipv6 Problems And Implementation
Mobile IPv4 and IPv6 Problems and Implementation Mobile IPv4 and IPv6 are the future of mobile
communications wirelessly and can help greatly in the infrastructure and combination of mobile
systems and internet. This usage of IP addresses in mobile would increase the need for
implementation of IPv6 as the new standard to replace IPv4 and increase the number of available
addresses. However IP based mobile isn't perfect and has its own host of problems and those will be
discussed as well later as well as possible fixes in short and long term to these problems. The main
need to implement mobile IP is the fact that it can support more users and keep those users closer to
the internet, meaning that the internet is integrated into the system. ... Show more content on
Helpwriting.net ...
This can be a problem as more devices connect to and use a network the more data they use and can
cause a network to become congested. A solution to reduce congestion is to use many small wireless
receivers within the range of a large tower to spread out the devices upon smaller more confined
networks when within cities and high density areas. And simply using long range low capacity
towers when in the country side and places where fewer devices will be on a network at any given
time, this is a combination of macro cells and micro cells to ensure network stability. At layer 2
comes the need to differentiate between devices on the network and needs a standard to work in
place usually used at layer 2 in IP based communications over the internet is Ethernet II and uses
MAC addresses differentiating between devices by using a hexadecimal format. This is done by
burning a unique ID into a network card by a manufacturer, however rather than the normal Wi–Fi a
better option for long range communications is WiMAX. The differences in Wi–Fi and WiMAX is
that WiMAX has an effective distance of up to 90km while Wi–Fi only has a range of up to 100m
and data rates on WiMAX is up to 40mbps compared to Wi–Fi with up to 54mbps. Next layer 3 the
Network layer is where the Internet Protocol (IP) will take place and be defined. There are two
options to use here IPv4 or IPv6.

Detection Systems For The Network
As we know the computer network and communication has brought many sophisticated changes to
the networking world, But it also made the network systems vulnerable to attacks by hackers
anywhere at a distance. These attacks usually start by interrupting the network through some host
and encouraging further more attacks on the network. The hackers usually use sophisticated
techniques in interrupting the network, they use some softwares which will hardly use some
traditional techniques to hack the network. Therefore we need some detection systems to detect the
unusual data approaching the network. Therefore we discuss on two types of intrusion detection
systems , their development, principal, working and its pros and cons. In this ... Show more content
on Helpwriting.net ...
A littler framework can be setup for the single sensor to screen the movement by switch, passage or
switch. These intrusion detection systems are need in now a days on the grounds that it is difficult to
dependably follow along on potential treats and vulnerabilities of the computer organizing
framework. Today 's reality is changing and advancing with new advances and the web. intrusion
detection systems are tools which are situated in distinguishing the attacks and vulnerabilities in this
evolving environment. Therefore we need to curb these attacks by using intrusion detecting systems
to detect the attacks. Without these tools, it becomes very difficult and damage to the computer
systems. FIGURE 1: Computer network with intrusion detection systems Attacks can be partitioned
into two classifications Pre–intrusion activities Intrusions 1.2 Pre– Intrusion activities: Pre intrusion
activities are utilized to plan for intruding into a system. These incorporate port checking and IP
spoofing to identify the attacker or intruder. Port scans: A program will be utilized by programmers
to interface with the framework and figure out what TCP or UDP ports are open and vulnerable
against attack, which is called as scanner. These scanners will discover which PC on the system is
vulnerable against attack and focus the services running over the

Task A Post Event Evaluation Essay
TASK A. Post–Event Evaluation
1. Malicious Events
Wanting a pay raise, an employee looked for a method to obtaining a raise without going through
the proper channels, such as their manager. So, instead of discussing the raise with a manager, the
employee found a way to hack into the Human Resource (HR) records system at work. The
employee figured out to spoof an IP address and proceeded to eavesdrop on the business network
until the employee records were located. Once the employee obtain access to the records in the HR
system the employee altered the records to receive a raise. Once the change was made, the employee
received two paychecks with the pay increase.
During an audit, an auditor discovered a problem with the employee's paycheck and contacted
numerous employees within the company through email. The employee who caused the hack was
able to divert the auditor's messages. The employee then created phone messages and communicated
with the auditor. In time, the employee acquired access to other parts of the network including
additional financial records. The employee changed the salary of several additional employee,
including the company president, lowering their pay and pocketing the different into the employee's
own paycheck.
A lack of encryption controls and authentication, were determined by the IT department, to be what
allowed the employee to hack into the HR system.
2. Notification
Different types of attacks required different processes and procedures. Due to

Network Security : Is It Protected Or Not Important?
Networking and Security
What is Networking and Security? you may think network security is worthless or not important, but
network security allows you to have usability, reliability, integrity, and safety of your data ("What Is
Network Security" np). Without network security you would be opening yourself to many different
threats such as: Viruses, Worms, Hacker Attacks, Denial of Service Attacks, Identity Theft, and more
("What Is Network Security and How Does It Protect You?" np). Network Security is important
because it protects your personal information on the internet, keeps small and large business
networks up and running as well as protects their private information, and speeds up the transfer rate
of data because network security ... Show more content on Helpwriting.net ...
With Network Security, networking technicians use multiple layers of security, so that if one layer
fails the others are there to pick up the slack until the first layer is fix. Some parts of the security of a
network involve these items: Antivirus and Antispyware, Firewalls, Intrusion Prevention
Systems(IPS), and Virtual Private Networks(VPNs) ("How Does Network Security Work?" np).
With this layer system that is used the ability to maintain the integrity of the network.
How Does Network Security Protect You As A Common User of The Internet? Network Security
helps protect you from many times of attacks every time you go on the internet some of those
attacks being: Viruses, Worms, Trojan Horses, Spyware, Adware, Zero day Attacks, Hacker Attacks,
Denial of Service Attack, and Identity Theft ("What Is Network Security and How Does it Protect
You?" np). Most of these attacks or software target the vital parts of your computer and renders them
nearly viable or complete unusable. Without network security you would be unprotected from these
attacks which would make the internet an unsafe place.
How Easy Is It To Break Into My Computer? Even though hackers are trying everyday to make
more complex software or files to get into computers and network. The companies creating the
network security softwares are constantly updating their software so that they catch the majority of
the new software that the

Mim Attack Essay
What series of malicious events led up to the incident?
The following events led up to the reported incident. First, an attacker spoofed his IP address to
eavesdrop on the network to find the finance and HR information systems. Second, the employee
hacked into the HR database and increased his salary in the records system. This resulted in the
employee receiving two paychecks with the altered amounts. Third, the employee sniffed the
network to intercept and alter emails about the checks between an auditor and management. Fourth,
the employee impersonated a person who has access to financial records to gain more access to
other financial records. Finally, the employee decreased the company President's paycheck while
increasing his paycheck by ... Show more content on Helpwriting.net ...
Account hijacking – again, this attack's severity is high because the attacker had access to finance
record accounts on the finance information systems.
Email spoofing attack – email spoofing is a medium severity attack because it is an easily mitigated
attack; it is mostly a nuisance to most organizations.
MITM attack – the severity of an MITM attack is medium since the attacker used it to intercept
messages between the auditor and the finance department; it can be easily mitigated with network
and VLAN segmentation accompanied by access control lists; often times, using a layer two switch
mitigates the issue.
Describe how these additional attacks can be prevented in the future.
Mitigate the attacks by using the following techniques:
Encryption – apply encryption to the network with software and hardware solutions. For instance,
software can be used to encrypt the financial records for anyone unauthorized to see the information,
and a hardware solution can be used to build a VPN from any remote

Computer Forensics : An Analysis Of Network Capture And Logs
Computer Forensics:
An Analysis of Network Capture and Logs
By:
Presented to
Presence of online infiltration and hacking tools has proliferated to a thorough necessity to employ
effective Intrusion Detection Systems (IDS) and firewalls to keep attackers at bay. These tools
however can be circumvented and are not very effective. A thorough computer forensics analysis
into network traffic thus becomes critical in aid in examining and establishing the nature of attacks
that in retrospect assist in deploying more safety measures. To ascertain this claim, we will deploy a
case scenario involving a friend who runs a website using a Content Management System platform,
PhpMySport, for a hacking club. He suspects his site has ... Show more content on Helpwriting.net
...
The other major reason to establish the presence of an attack is due to the fact that the attackers used
different IP address to access the system, at distinct times. This trend is commonly used by attackers
to avoid trace back (Vacca 2013, p. 318). The other evidence to ascertain this is presence of different
Source Port (SRC) and Destination Port (DPT). From the firewall logs, it is quite evident that the
attacker kept interchanging their destination and source IP addresses to avoid being detected. At
certain points, evidence collected from website logins shows the site returned an 'Error 404'
message. This error occurs when the server cannot establish the requested connection (Fisher 2015).
This clearly depicts the user was trying to establish an unauthorized access. The server logins also
indicate multiple logins from the same address in quick succession.
2. What software's or attack tools did the attackers use? From deeply examining the trend in the
network intrusion, the attacker might have applied port scan and IP address spoofing method of
attack. Forensic evidence gathered from the firewall logins indicated that the attacker used varying
IP address to access the network system. This clearly proves IP address spoofing, which occurs
when an attacker impersonates a firewall's trusted IP address. Attackers can henceforth get access to
the system and manipulate malicious content (Thomas & Stoddard

Homeland Security: Air-Gapped Computers
For only physically representing two states: off and on, the transistor has done much more than
perhaps initially imagined. The transistor enabled the information age: interconnectivity, intricate
analysis, the internet, data storage. Currently, thousands and millions of transistors are rarely more
than a meter away; minute processors run many products. Commonplace computing is incredibly
successful, and, consequently, corporations are constantly looking for new, ingenious, and assistive
applications for the technology. Having conquered typical computers, phones, cars, cameras, and
notebooks, companies are experimenting with injecting processing chips into everyday objects and
with connecting those objects to the internet. The term for this ... Show more content on
Helpwriting.net ...
In the test, "the U.S. government showed how hackers could take down a power plant by physically
destroying a generator using just a few lines of code." The attack works "when a circuit breaker or
breakers are opened or closed [automatically], resulting in an out–of–phase condition which
damages alternating current (AC) equipment connected to the grid" (Swearingen). The belligerent
party had to simply disable the system's self–regulation. While small, consumer–style devices
connected to the internet are not prone to such widespread effect, both are, ultimately, susceptible to
breaches as per their connection to the

Ip Address
TOPIC:IP ADDRESS
AUTHOR–Rameshwar Prasad Srivastava MS ( Cyber Law & Information Security) Indian Institute
of Information Technology ,Allahabad
The address of a computer on the Internet is commonly referred to as the IP Address (Internet
Protocol). It 's a 32 bit (4 bytes) number normally written as follows: xxx.xxx.xxx.xxx Since a byte
can represent any number from zero to 255, the least and the maximum IP address possible are:
0.0.0.0 to 255.255.255.255
Understanding IP Addresses
Understanding IP Addressing is necessary, since all applications on the Internet generate logs,
wherein IP Addresses of all interacting computers are recorded. The logs from a basis for
investigation by investigating ... Show more content on Helpwriting.net ...
There is no relation between an IP address and the FQDN. They are somewhat related as the name
of a person, and his telephone number. A list of IP Addresses and their corresponding Domain names
is kept in servers called the Domain name service Servers – DNS Server. A Domain name has four
parts:
1) Computer Name, or the host machine name
2) Organization Name
3) Internet Top Level Domain
a. This give information regarding the nature of the organization. gov, com, edu, mil, net etc
representing Government, commercial, educational, military, network provider organization
respectively.
4) Countries name – usually the first two letters of the name of the country
A typical domain name appears as follows: adohare.svpnpa.gov.in indicating that the name of the
host machine is adohare, on a network called svpnpa, which is a government organization in India.
Universal Resource Locator URL
Programs on the computer are identified uniquely by URL 's. An URL specifies exactly where on a
system to go. It has six parts:–

1. Protocol/Information service : type http, ftp, NNTP.
2. Domain name of the server
3. Port address : for http default is Port No. 80
4. Directory address
5. File or object name
6. Internal anchor only for http resources
A typical URL appears as follows
http://www.svpnpa.gov.in:80/cp18–whoiswho.html#dds
Translated into a command it translates: Use the

Advantages Of Malware Analysis
Assignment # 3 Q1. There are different techniques for malware analysis like static, dynamic and
postmortem. Briefly discuss these malware analysis techniques (or if any other than mentioned).
Ans: Static analysis is the kind of analysis in which one can study a specific program or malware
even without its actual or real execution. From many advantages of Static analysis it is very
interesting that this analysis can open up about how a malware or a program would efficiently
behave under the conditions which are not usual or not normal in behavior, it is just because the
parts of the malware can be analyzed separately which are not included in normal execution. In
general and more real examples this analysis provides best results. It is ... Show more content on
Helpwriting.net ...
From many advantages of dynamic analysis the best one is its speed and efficiency it can be faster
than static or any other and the level of accuracy of priceless. Meanwhile there is one con we
shouldn't forget and that is dynamic analysis is just what it shows nothing more than the live
analysis and it is all one can get from this analysis. So this analysis cannot open up about how a
malware or a program would efficiently behave under the conditions which are not usual or not
normal in behavior nor does it cover all paths and the nodes. Dynamic analysis has an important
type called black box where one can study the behavior of malware without knowing its system
internals. One can only see the exterior I/O and the defined relations of timing. There are some
limitations but it can extraordinarily behave in exceptional conditions. Postmortem analysis is the
kind of analysis in which one can study the malware and its working behavior by seeing its effects
afterword its full execution. The analysis through postmortem is sometimes the last existing or only
available tool or techniques after its final execution. There is one con of this analysis which is its
information hiding or the disappearance of evidence. But there are ways like memory–based after–
effects and disk–based after–effects which can help in these kind of

Firewall Essay
TABLE OF CONTENT
ABSTRACT/SYNOPSIS
A firewall is a product that sets up a security border whose primary undertaking is to piece or limit
both approaching and active data over a system. These firewalls are fundamentally not compelling
and suitable for professional workplaces to keep up security of data while it bolsters the free trade of
perspectives. In this paper, i think about system firewall that helps the professional workplace and
alternate systems that need to trade data over the system. A firewall ensures the stream of activity
over web and is less prohibitive of outward and internal data and furthermore give inward client the
fantasy of unknown FTP and www availability to web.
1. ... Show more content on Helpwriting.net ...
It ensures protection by standing amongst system and the outside world. The information move in
any direction must go through the firewall.
3.0 TYPES OF FIREWALLS :
There are various types of technique which might be executed by a firewall. Some of them are as
per the following:
Packet channel
Application gateway
Circuit level gateway
Proxy server
3.1 PACKET FILTER:
It focuses at one packet at once and after that it applies some set of guidelines to every packet and
afterwards it chooses to either forward the packet or dispose the packet. The standards depend on
various fields in the IP and TCP/UDP headers i.e. Source and destination address, IP protocol field,
TCP/UDP port number.
Attackers can break the security with the assistance of following techniques:
IP ADDRESS SPOOFING : In this kind of attack, attackers send a packet to inside network, by
setting source
IP address equals to IP address of inside client.
SOURCE ROUTING ATTACKS: Here attackers determine the route that is trailed by the packet to
move along the web with the goal that packet filter can be tricked to sidestep its normal checks.
Solution: The solution of this attack is disposed of all packets that use this alternative.

Advantages:
It is Simple to execute.
Low hardware cost, shabby boxes can do packet filtering.
Rules set are less complex.
3.2 APPLICATION GATEWAYS
With a specific end goal to control dangers when internal server permits connections

Essay on IT Security
Denial of service (DoS)– This type of attack occurs when a hacker overloads a server or network
device with numerous IMCP (Internet Control Message Protocol) ping requests, such that it is
unable to respond to valid requests. By updating to the latest service pack and applying security
patches, you can minimize the threat of DoS attacks by reducing the vulnerabilities in the TCP/IP
network protocol. Although disabling ICMP can remove valuable troubleshooting tools, it can
effectively remove the possibility of DoS attacks. Also, any firewall or security software should be
configured to recognize and block these attempts if possible. Back door– In a back door attack, a
hacker exploits a coded "opening" in an application that allows them ... Show more content on
Helpwriting.net ...
TCP/IP hijacking– Through the use of IPSec or a similar encryption method, you can eliminate
instances of TCP/IP hijacking on your network. This incident occurs when an unauthorized user has
knowledge of a legitimate IP address on the network, performs a DoS attack to remove the
connection, and the spoofs the known address as their own to establish connection with another
authorized user on the network. Man–in–the–middle– The use of Public Key Infrastructure (PKI),
verified by a Certificate Authority, can prevent the instance of Man–in–the–Middle (MITM) attacks.
MITM attacks occur when unauthorized users eavesdrop on communications between authorized
users via packet sniffing. This requires an authorized user to present a unique key that can be
authenticated by another authorized user before the connection can occur. Replay– Timestamps or
sequence numbers on packet transmission can eliminate replay attacks. Replay attacks occur when
an unauthorized user intercepts transmissions between authorized users, and forwards the packets to
the destination as if he were the original sender. DNS poisoning– This type of attack can be
prevented by only updating DNS server entries by authenticated sources and by maintaining up–to–
date DNS software. This attack occurs when an attacker updates an IP address entry in a DNS server

Malicious Traffic For Network Security Essay
MALICIOUS TRAFFIC FOR NETWORK SECURITY
3.1 Intoduction
Malware depends on its communication network to receive commands, extract information and
infect systems.
Due to this reliance on networked resources, traffic analysis becomes a valuable and effective
method for detecting malware on host machines.Despite the frequency of malware traffic, net– work
administrators and incident responders may not be aware of what characteristics are common to
malware.By looking at traffic generated while malicious samples are executed the characteristics of
the traffic can be recorded and investigated.
Disclosing malicious traffic for network security
3.2 Intoduction To Network Anomaly Detection
Network anomaly detection is a broad area of research. The use of entropy and distributions of
traffic features has received a lot of attention in the research community. While previous work has
demonstrated the benefits of using the entropy of different traffic distributions in isolation to detect
generalized anomalies,there has been little effort in unconditionally understanding the detection
power provided by entropy–based analysis of multiple traffic distribution used in affiliation with
each other.We have demonstrated the entropy based approach to disclose malicious traffic for
network security.
To calculate entropy features like source and destination IP address, port numbers, packet size,
connection time and the total number of packets flowing are considered. A

Write A Research Paper On DNS Services
IV.DISABLING THE RECURSION ON THE DNS SERVER
The DNS is a hierarchical organized system which offers the essential mapping between human
names and their IP addresses so that it can provide appropriate access to internet. DNS does so by
two essential methods; the first one is authoritative DNS which gives original, actual and complete
data to your DNS queries and those data are installed in its configuration system not data that are
cached in other servers.
The other method that DNS provide mapping through it, is the recursive method, this type of service
is done when the DNS server does not find the data or the related IP address in its memory so it will
ask the authoritative DNS about the data and return it back to the user and store this ... Show more
content on Helpwriting.net ...
Disabling the recursion and restricting the capability to process delegation data can stop the DoS
attacks and cache poisoning, there are several methods which can be done to protect the DNS as
explained below. Disabling the recursion in your system is the main method that can be done to
protect the DNS, it means that your name server will be put in the passive mode so that no queries
on behalf of other servers will be sent to it that will save the server and the cache memory since it
will process requests which are directed to it only.
The other method is restricting the requests, depending on that it will suggested that sites use
distinct name servers for offering authoritative responses for their zones and offering recursive
services to the internal system, this makes recursive be completely disabled on the authoritative
zone while in the same time offering the recursive service for the internal system.
The third method is restricting the recursion, so that in those structures where it is not possible to
totally disable the recursion, it is suggested that the server be limited to offer recursive processes
only to a limited set of addresses, when this option is used, requests from other IP addresses out this
set will be processed as non–recursive, nevertheless of

P1 : The First Methods In Network Addressing
P1: The first method in network addressing is, Fully Qualified Domain Name which is known as
FQDN for short. FQDN is used as the domain name for a specific host or computer name on the
internet. FQDN consists of two main parts, the domain name and the hostname. For example,
Belfast Met is the hostname, but the domain name is belfastmet.ac.uk. IPv4 addressing is the next
method, it's is split up into two main parts as well Network I.D and Host I.D which are split over
four octets which are written as four decimal numbers which have 32 bits, it only contains 4.3billion
different IPs. For example, you sent an IP to a website and it sends its IP back, which means you can
communicate. Whereas IPv6 addressing has 128 bits and is written as ... Show more content on
Helpwriting.net ...
The second is Class B was designed for medium and large networks; the two main bits in Class B
are always 10 which makes up the address. The next 14 bits are used to gather Class B I.Ds and
instead they are set a length of 16–bit. The last 16 bits are used for the Host I.D. This allows for
16,384 networks and also 65,534 hosts to the network. Finally Class C which was designed for
small networks. The three mains bits in Class C addresses are 110; the next 21 bits are used to gather
Class C network I.Ds and Class C has a length of 24. Meaning the last 8 bits are for the Host I.Ds
which means that Class C has 2,097,152 networks and 254 hosts.
IP address are automatically assigned to the devices upon boot up which is known as dynamic IP but
they are only semi–permanent whereas you can assign a device with a permanent IP so it will
always stay the same which is called a static IP address, But having a static address means if a
hacker tries to affect your network he can do it with the same IP whereas if you had a dynamic IP it
would be harder for the hacker to keep track of your IP address. DHCP is a service function that
automatically assigns devices with IP addresses but only for DHCP clients. DHCP assigns Dynamic
IP which means that they aren't permanent IP addresses. Whereas APIPA (Automatic Private IP
Addressing) automatically obtains an IP from the DHCP server to give to the clients, but the client
can't contact the

Dns, A Domain Name System
2.1.2 DNS SPOOFING: DNS is a Domain Name System. DNS contains all IP addresses and name
of the websites in its database in the form of records called resource records and are placed in the
hierarchal manner. DNS spoofing is a similar type of MITMA when compared to ARP cache
poisoning. DNS spoofing is a technique used by hackers to provide false DNS information to the
host while accessing a website. When users try to gain access to a particular website, a request will
be first sent out the local DNS server for the IP address of the website which the user wants to
access. Once it receives the request the DNS server does a search in the database to find the
particular IP address of the website, once if identifies the ip address of the website it immediately
send a response to the user browser regarding the IP information.
FIGURE 2: DNS Request Query If the requested IP address is not found in the database of the DNS
server, it will then forward the request to a higher level DNS server in the hierarchy. It is due the
hierarchical nature of the DNS structure of the internet, DNS server need the ability to communicate
with each other in order to find the ip addresses of the websites requested by the users. It is
reasonable to expect the local DNS server to know the name mapping to the local intranet server. It
is termed as Recursion, the request from one local DNS

Physical Layer Essay

Recommended

More Related Content

Similar to Physical Layer Essay (16)

More from Jenny Richardson (20)

Recently uploaded (20)

Physical Layer Essay