NT-DoS
.pdf
keyboard_arrow_up
School
Valdosta State University *
*We aren’t endorsed by this school
Course
4625
Subject
Computer Science
Date
May 16, 2024
Type
Pages
3
Uploaded by mnvandyke2003
CS 4625 (Network and System Security) Assignment/Class Activity 11 [Spring 2021]
Network Traffic and Denial of Service –
using GENI Caution! This exercise is only for learning purpose. Do not use the technique to target a system for Denial of Service (DoS) attacks. Targeting a system for DoS (or, DDoS) is considered cybercrime and can be punishable. In this exercise we will use VMs in GENI framework to generate network traffic to examine a denial-
of-service (DoS) attack. This attack (or, its distributed variation called DDoS) deprives, temporarily or for prolonged time, legitimate users to get services from the target system. For example, a DoS attack against a web-server may prevent users to get the web-content provided by the server. Objective of this activity is to: •
Use GENI to set up network topology •
Learn generating regular and DoS network traffic •
Analyze network traffic and make inference [
You are strongly encouraged to complete HelloGeni exercise prior to this activity. Execute the steps and note the results in document. In fact, you need to answer some questions. If needed, take screenshots. You need to submit the document after completing the lab. You may need to submit additional files, as instructed at the end.
] Deliverable: A word document file with screenshots, observations, and answers as instructed (highlighted in yellow). Name the file as DoS_lastname.docx
where lastname is your last name. Include your name and task identifier (DoS using GENI) at the top of the file. Section 0: Set up the network topology using GENI 1.
Create and new slice under the project and add resources. 2.
From the resource pane on left, drag and drop 3 VM nodes and one OVS node onto the work area. 3.
Click on any VM node. On the left pane, you will have the default name node-0 or node-1 or node-2 for this node. Change the node label to “
user
”
. Change the other two VM nodes’ label to “
victim
”
and “
attacker
”
. Name the OVS node as OVS. 4.
Connect all the VM nodes to the OVS node. Now your network topology should look like as follows:
Click on ‘Site 1’ and select any ‘aggregate’ from the left pane. Reserve resources and wait until all nodes turn green. While waiting for your resources, answer the following questions: Question: Based on educated guess, describe the purpose of each node in the topology. If your resources are available now, SSH into all the nodes in the topology. (
Follow the steps you executed in the ‘HelloGENIexperiment’ activity
). Section 1: Running the experiment 1.
On the terminal corresponding to “user”, execute the command ping victim
. Wait few seconds and then cancel the command using Ctrl-C. 2.
Copy-paste in the document first 3 lines of the result of ping that were displayed on the terminal. 3.
On the “victim” terminal, execute the command
sudo tcpdump -i eth1
4.
On the “user” terminal, execute
ping victim
5.
After a few seconds, press Ctrl-C on both terminals to stop the command executions. 6.
Take a look at the “victim” terminal and copy the lines that were printed on the terminal. Do you think these lines have any relation to the command entered on the “user” machine terminal? 7.
Take a look at the “user” terminal and copy the lines that were printed on the terminal. What time units are used in the ping statistics? 8.
If you have observed any RTT in these lines, explain what is it? (
You may search Google for the abbreviation but include sources/sites.
) 9.
Explain whether the ping statistics from 7 indicate a fast or slow network. (
You may search Google for network speeds for comparison but include sources/sites.
) Section 2: Generating regular and DoS traffic and making observation 1.
On the “victim” terminal, execute the command iperf -s
2.
On the “user” terminal, execute the command iperf -c
victim
3.
Wait few minutes and then copy the lines that were printed on the “user” terminal.
4.
Now go to “victim” terminal and press Ctrl
-C to stop the command execution. Then on this terminal (“victim”), execute the command ping ovs
, and note down the IP displayed. Also take a screenshot of this and add it to your document.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Related Questions
113
Spoofing attack is
a) an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network.
b) a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access.
c) a toolkit for hiding the fact that a computer’s security has been compromised, is a general description of a set of programs which work to subvert control of an operating system from its legitimate (in accordance with established rules) operators.
d) None of these
arrow_forward
(b)
Cross-site request forgery (CSRF) attacks and defenses.
What is a CSRF attack and why do the attacks happen?
Solution:
Give an example of attack scenario of CSRF and its consequence. Describe a solution
to prevent the attack.
Solution:
arrow_forward
c) You are in charge of designing a secure Internet Banking System. While designing the
system, you need to consider several aspects of information security, such as:
i) user authentication, ii) bank server authentication, iii) distribution of the public key (if
using an asymmetric cipher), iv) distribution of the symmetric key (if using a symmetric
cipher), v) confidentiality of the communication between the user and the bank server, vi)
integrity of the communication between the user and the bank server, vii) non-repudiation.
To address these design goals, you may need to use a combination of different types of
cryptographic/security primitives.
Symmetric
Asymmetric
Message
authentication
Digital
encryption signatures exchange
Hash
Public key
Key
Digital
Certificate
Ciphers
functions
cades (MAC)
Stream
Block
ciphers
ciphers
Figure 3: Basic cryptographic building blocks
Select appropriate primitives that you propose to address each of the above security
goals and provide necessary…
arrow_forward
Consider all forms of access control models (shown below) and choose sample cases. Example shown. • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Role-Based Access Control (RBAC) • Attribute-Based Access Control (ABAC) • Rule-Based Access Control • Risk-Adaptive Access Control • Identity-Based Access Control • Organization-Based Access Control
arrow_forward
One of the most basic concepts in the field of Information Security is the CIA Triad or CIA Triangle. This was mentioned briefly in Chapter 1 of your text. CIA stands for Confidentiality, Integrity, and Availability. Denial of Service (DoS) attacks challenge the "Availability" of a system or data. This could be temporary (e.g., a SYN Flood Attack that renders a web server unavailable during the attack) or permanent (e.g., the deletion or destruction of the data).
The latter of these has become increasingly common in the case of "ransomware" which is malware that encrypts all of the data on an infected system and the administrator is notified that if they don't pay a ransom by a certain date that the key to decrypt the data will be permanently deleted. (NOTE: This is conspicuously absent from the books discussion on malware but is a MAJOR issue right now.) While the temporary attacks may be less destructive, they are often done against systems that generate a lot of money (such…
arrow_forward
This type of Access Control Model uses labels to identify both subjects, and
objects. It provides the highest level of security when compared to other models,
and is usually by the military to ensure that data is protected in mission-critical
systems:
m
Select one:
O a. Mandatory Access Control (MAC)
O b.
Discretionary Access Control (DAC)
Role-based Access Control (RBAC)
O. C.
O d. Rule-based Access Control (RBAC)
e.
Non-Discretionary Access Control (Non-DAC)
arrow_forward
Take into consideration the various types of access control mentioned below, and choose some example scenarios. This is an example. • Discretionary Access Control (DAC), • Mandatory Access Control (MAC), • Role-Based Access Control (RBAC), • Attribute-Based Access Control (ABAC), • Rule-Based Access Control (RBAC), • Risk-Adaptive Access Control (RAC), • Identity-Based Access Control (IBAC), • Organization-Based Access Control (OBAC), •
arrow_forward
Have an idea about all types of Access control models (Provided below) and pick out some example scenarios where these can be applied. An example is provided. • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Role-Based Access Control (RBAC) • Attribute-based Access Control (ABAC) • Rule-Based Access Control • Risk – Adaptive Access control • Identity-Based Access Control • Organization Based Access Control
arrow_forward
There are several approaches to access control, each with its own strengths and weaknesses. For at least three or more of the following, Mandatory access control (MAC), discretionary access control (DAC), Role-based access control (RBAC), and Rule-based access control (RBAC), and Attribute-based access control (ABAC), provide examples from web searches, in which each is used and why?
arrow_forward
1. Lipner's model: we have security levels and integrity levels assigned
as follows. In security level, the AM > SL; in integrity level, the ISP >
IO > ISL. Please complete the access control matrix to show the rights
(read and write) that each subject has over each object. Assume that
discretionary access controls allow anyone access
Subjects
Security Level
Integrity Level
(SL, { SP })
(SL, { SD })
Ordinary users
(ISL, { IP })
Application developers
(ISL, { ID })
System programmers
(SL, { SSD })
(ISL, { ID })
System managers and
(AM, { SP, SD, SSD })
(ISL, { IP, ID})
auditors
System controllers
(SL, { SP, SD })
(ISP, { IP, ID})
Objects
Security Level
Integrity Level
Development code/test data
(SL, { SD })
(ISL, { IP} )
(SL, { SP })
(SL, { SP })
(SL, Ø)
(SL, Ø )
(SL, { SSD })
(10, { IP })
(ISL, { IP })
(10, { ID })
Production code
Production data
Software tools
System programs
(ISP, { IP, ID })
System programs in
(ISL, { ID })
modification
System and application logs
(АМ, ( арpropriate…
arrow_forward
Within the context of Network/Information security, AAA stands for:
a. Authentication, Authorization, Accounting
b. Accessibility, Availability, Accountability
c. Accounting, Accreditation, Authorization
d. Authorization, Access Control, Availability
arrow_forward
(c) An organisation is hosting multiple LANS in its site. The security administrators are keen to
achieve an end-point security, as they realise hackers target their endpoint devices such
as desktops and laptops more than the network devices. The organisation would like
to implement an IPS solution as an integrated single-product suite of security functions.
Propose your approach for such requirements that can be managed easily and offers
protection against malicious behaviours in the network. Extend and explain any three
specific malicious/abnormal behaviours of the internal employees that can be detected
using your approach in an enterprise network.
arrow_forward
A health care centre suffers from very low information security in terms of maturity across many elements of infosec and information assurance, including cyber resilience and application of cybersecurity good practice. Patients expect a high level of protection of their data; however, data breaches can put the reputation of the institute at risk. It is highly recommended that a certain level of filtering is imposed for the network to be secure so as to sustain from threats and attacks. Let us assume that you are hired by the health care centre to develop an information security plan to identify the possible threats to the organization. For example, it is necessary to identify the important services (e.g., website, booking portal, electronic health equipments…) that the healthcare centre is running. The criteria that you need to address based on the given scenario is summarized into two parts: Part A: 1. Assessing the current risk of the entire business 2. Treat the Risk as much as…
arrow_forward
Give a thorough explanation of DDoS (distributed denial of service) attacks. What is the difference between DDoS assaults and Denial of Service attacks?
arrow_forward
How do avoiding and preventing deadlock differ?
arrow_forward
The distinction between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS) is as follows:
NIPS can react to an assault far faster than other types of defenses. Attacks are more useful when they are detected by an NIDS. b
Because it makes use of protocol analysis, an NIPS is considerably slower.
Due to the fact that NIDS and NIPS are both equal, there is no difference.
arrow_forward
Computer Science
Find pen-testing technical mistakes in this scenario?
Company XYZ recently conduct a security audit by the internal auditor, after finishing the security audit, the company decided to use one of its staff to test an external pen testing and the company provided him all information regarding their network vulnerabilities, He chose Black box testing methodology but the company has a very tight budget and also allowing very short time to run the test. IT staff decided to start pen-testing at the very early stage without the company’s permission and shut all unused ports in the company. After that, he decided to test an application tester in the live network to find all vulnerabilities. He used dynamic testing to monitor system memory.
arrow_forward
C
Question 4
(a) Network security is essential in protecting a company’s data. Internet Engineering Task Force (IETF) has deprecated Secure Socket Layer (SSL) and replaced it with Transport Layer Security (TLS).
(i) List the modification implemented in TLS and describe why these enhancements were important for network security.
(ii) Other than encryption, Certificate Authorities (CAs) can also authenticate the identity of the owner of a website, adding another layer of security called digital certificate. Explain how a Digital Certificate can provide security for a company’s network.
(b) List and describe FIVE (5) ways to hack passwords.
(c) Explain why physical security is an important aspect in cybersecurity. Give ONE (1) example of a physical security measure.
arrow_forward
Cybersecurity helps organizations to avoid attacks. It also helps to mitigate the risks if an attack occurs. For instance, network segmentation plays a vital role in reducing the risk of a cyber breach by isolating it. Explain the following:
A. What does network segmentation mean; compare it to its flat network counterpart.
B. Mention at least two of the best practices for network segmentation (i.e., what should be considered when segmenting an organization’s network)?
arrow_forward
Assuming that one of the attacks used to defraud Zambian banks was a DDoS attack, describe in depth with the aid of a diagram what a Distributed Denial of Service (DDoS) attack is. Give the steps that could be followed by the banks in the event of the DDoS assault on their systems
arrow_forward
Access control is the method by which systems determine whether and how toadmit a user into a trusted area of the organisation.Using suitable examples, differentiate between role-based access control (RBAC)and mandatory access control (MAC). In your answer, also state theenvironment(s) where each access control is used.
arrow_forward
When an attacker tries to overwhelm a target's Internet connection, website, or server through the Internet, they are attempting a distributed denial of service (DDoS). A distributed denial of service (DDoS) assault is more extensive and sophisticated than a single-computer or single-machine based denial of service attack. The success of a distributed denial of service (DDoS) assault requires the attacker to orchestrate the simultaneous activities of many computers and systems across the Internet, often making use of bots and other automated tools. If a distributed denial of service (DDoS) assault is launched, not even the most robust infrastructure can withstand the influx of traffic.
arrow_forward
In the context of security, explain the importance of protocols like SSL/TLS in ensuring data confidentiality and integrity during transmission.
arrow_forward
a. Familiarity with the concepts and functions of Host based Firewall, Network Based Firewall, Antivirus and malware detection approaches. (signature based, anomaly or heuristic).
b. Familiarity with the DDOS attack types, Syn Spoofing, Syn Flooding, DNS flooding, etc.
arrow_forward
SEE MORE QUESTIONS
Recommended textbooks for you
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Related Questions
- 113 Spoofing attack is a) an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network. b) a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access. c) a toolkit for hiding the fact that a computer’s security has been compromised, is a general description of a set of programs which work to subvert control of an operating system from its legitimate (in accordance with established rules) operators. d) None of thesearrow_forward(b) Cross-site request forgery (CSRF) attacks and defenses. What is a CSRF attack and why do the attacks happen? Solution: Give an example of attack scenario of CSRF and its consequence. Describe a solution to prevent the attack. Solution:arrow_forwardc) You are in charge of designing a secure Internet Banking System. While designing the system, you need to consider several aspects of information security, such as: i) user authentication, ii) bank server authentication, iii) distribution of the public key (if using an asymmetric cipher), iv) distribution of the symmetric key (if using a symmetric cipher), v) confidentiality of the communication between the user and the bank server, vi) integrity of the communication between the user and the bank server, vii) non-repudiation. To address these design goals, you may need to use a combination of different types of cryptographic/security primitives. Symmetric Asymmetric Message authentication Digital encryption signatures exchange Hash Public key Key Digital Certificate Ciphers functions cades (MAC) Stream Block ciphers ciphers Figure 3: Basic cryptographic building blocks Select appropriate primitives that you propose to address each of the above security goals and provide necessary…arrow_forward
- Consider all forms of access control models (shown below) and choose sample cases. Example shown. • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Role-Based Access Control (RBAC) • Attribute-Based Access Control (ABAC) • Rule-Based Access Control • Risk-Adaptive Access Control • Identity-Based Access Control • Organization-Based Access Controlarrow_forwardOne of the most basic concepts in the field of Information Security is the CIA Triad or CIA Triangle. This was mentioned briefly in Chapter 1 of your text. CIA stands for Confidentiality, Integrity, and Availability. Denial of Service (DoS) attacks challenge the "Availability" of a system or data. This could be temporary (e.g., a SYN Flood Attack that renders a web server unavailable during the attack) or permanent (e.g., the deletion or destruction of the data). The latter of these has become increasingly common in the case of "ransomware" which is malware that encrypts all of the data on an infected system and the administrator is notified that if they don't pay a ransom by a certain date that the key to decrypt the data will be permanently deleted. (NOTE: This is conspicuously absent from the books discussion on malware but is a MAJOR issue right now.) While the temporary attacks may be less destructive, they are often done against systems that generate a lot of money (such…arrow_forwardThis type of Access Control Model uses labels to identify both subjects, and objects. It provides the highest level of security when compared to other models, and is usually by the military to ensure that data is protected in mission-critical systems: m Select one: O a. Mandatory Access Control (MAC) O b. Discretionary Access Control (DAC) Role-based Access Control (RBAC) O. C. O d. Rule-based Access Control (RBAC) e. Non-Discretionary Access Control (Non-DAC)arrow_forward
- Take into consideration the various types of access control mentioned below, and choose some example scenarios. This is an example. • Discretionary Access Control (DAC), • Mandatory Access Control (MAC), • Role-Based Access Control (RBAC), • Attribute-Based Access Control (ABAC), • Rule-Based Access Control (RBAC), • Risk-Adaptive Access Control (RAC), • Identity-Based Access Control (IBAC), • Organization-Based Access Control (OBAC), •arrow_forwardHave an idea about all types of Access control models (Provided below) and pick out some example scenarios where these can be applied. An example is provided. • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Role-Based Access Control (RBAC) • Attribute-based Access Control (ABAC) • Rule-Based Access Control • Risk – Adaptive Access control • Identity-Based Access Control • Organization Based Access Controlarrow_forwardThere are several approaches to access control, each with its own strengths and weaknesses. For at least three or more of the following, Mandatory access control (MAC), discretionary access control (DAC), Role-based access control (RBAC), and Rule-based access control (RBAC), and Attribute-based access control (ABAC), provide examples from web searches, in which each is used and why?arrow_forward
- 1. Lipner's model: we have security levels and integrity levels assigned as follows. In security level, the AM > SL; in integrity level, the ISP > IO > ISL. Please complete the access control matrix to show the rights (read and write) that each subject has over each object. Assume that discretionary access controls allow anyone access Subjects Security Level Integrity Level (SL, { SP }) (SL, { SD }) Ordinary users (ISL, { IP }) Application developers (ISL, { ID }) System programmers (SL, { SSD }) (ISL, { ID }) System managers and (AM, { SP, SD, SSD }) (ISL, { IP, ID}) auditors System controllers (SL, { SP, SD }) (ISP, { IP, ID}) Objects Security Level Integrity Level Development code/test data (SL, { SD }) (ISL, { IP} ) (SL, { SP }) (SL, { SP }) (SL, Ø) (SL, Ø ) (SL, { SSD }) (10, { IP }) (ISL, { IP }) (10, { ID }) Production code Production data Software tools System programs (ISP, { IP, ID }) System programs in (ISL, { ID }) modification System and application logs (АМ, ( арpropriate…arrow_forwardWithin the context of Network/Information security, AAA stands for: a. Authentication, Authorization, Accounting b. Accessibility, Availability, Accountability c. Accounting, Accreditation, Authorization d. Authorization, Access Control, Availabilityarrow_forward(c) An organisation is hosting multiple LANS in its site. The security administrators are keen to achieve an end-point security, as they realise hackers target their endpoint devices such as desktops and laptops more than the network devices. The organisation would like to implement an IPS solution as an integrated single-product suite of security functions. Propose your approach for such requirements that can be managed easily and offers protection against malicious behaviours in the network. Extend and explain any three specific malicious/abnormal behaviours of the internal employees that can be detected using your approach in an enterprise network.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage LearningManagement Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,