An ACL also was known as Access Control List is a type of well-ordered list that works by denying or permitting statements (UMUC, 2012). A reference to an ACL by a network device allows the reading of the list from top to bottom. The placement order for the ACL statements is very critical. The ACL entries below are ideal entries when made use of. Research shows that there are various ACL entries that are most ideal for use. This essay will discuss these entries, their variations and their effects. “Access-list 101 deny TCP 192.168.2.0.0.0.255 192.168.3.3 0.0.0.0 any log” is the initial known decree. All sorts of traffic from the whole classified LAN are subject to being blocked using the first rule which was created to serve this …show more content…
“Alert IP 192.168.2.0/24 -> 192.168.3.3 999 (message: Potential Read Up Release”; sid: 9999998;)” is a decree that has the potential to read the private info on the receiver of a text message to detects all the attempts from all the devices.
Conclusion
Any sort of data manipulation between the sender and user end starts from somewhere. Various protocols can then be laid down to ensure that any Trojans activity that target this data have been curbed. If the decrees that are laid in place are followed, the programmer can then come up with a way of keeping the data secure from being pried on thus ensuring its security.
Part B) Describe a way for the Trojan to covertly transmit 4 characters (e.g., A, B, C and D) to the adversary without being detected or blocked by your rules and access control lists provided in part A.
Answer:
Introduction
The use of the malicious software is one of the most common implementation methods which is often referred to as Trojan. Sometimes, the administrators of systems have their systems accessed without their knowledge and consent using malicious codes known as Trojan horses. Their execution involves sending them to the user or even placing them directly into the system. Most of the times, the users will not realize that these are Trojans. For the Trojan to ensure that it is not detected by the firewall during the time of execution,
Trojan’s are one threat it is a type of malware designed to provide unauthorized, remote access to a user’s computer. Trojan horses do not have the ability to replicate themselves like viruses; however, they can lead to viruses being installed on a machine since they allow the computer to be controlled by the Trojan creator.
Its easy for the administrator to limit access to any equipment or servers he wishes to limit and they can be kept off in their own VLAN and the administrator can give access to other users in other VLANs selectively.
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
C1 - Discretionary Security Protection: In this sub division Access Control Lists (ACLs) security which protect User/Group/World. Security will protect following Users who are all on the same security level, Username and Password protection and secure authorisations database (ADB), Protected operating system and system operations mode, Periodic integrity checking of TCB, Tested security mechanisms with no obvious bypasses, Documentation for User Security, Documentation for Systems Administration Security, Documentation for Security Testing, TCB design documentation and Typically for users on the same security level.
An access list is a list for each object consisting of the domains with a nonempty set of access rights for that objects.
A buffer overflow attack is done by deliberately entering more data than a program was written to handle. Buffer overflow attacks exploit a lack of boundary checking on the size of input being stored in a buffer. The extra data will overflow the memory set aside to accept it and overwrite another region of memory that was meant to hold some of the program’s instructions. The effect is a cascade, which can eventually halt the application or the system it is running on. The newly introduced values can be new instructions, which could give the attacker control of the target computer depending on what was input. Just about every system is vulnerable to buffer overflows. For example, if a hacker sends an email to a Microsoft Outlook user using an address that is longer than 256 characters, he will force the buffer to overflow. The recipient wouldn’t even have to open the e-mail for this type of attack to be successful; the attack is successful as soon as the message is downloaded from the server. Microsoft quickly released a patch for this issue after it was discovered in October 2000 (James C. Foster, 2005)
Generally, the horse of Trojans is coded programs coded for the purpose of harming the computer devices which appears to be harm free, but when the code is executed by users, the data & file systems are corrupted leading to damaging the computer devices.
The framework of security policy is defined to construct a structure by the help of which policy gaps can be identified in an easy manner. A system specific policy would assist to ensure that all employees and management comply with the policies. This is also used to maintain the confidentiality for user authentication would assist in the confidentiality aspect of security, maintain integrity (There are several limiting rules or constraints which are distinct in the relational data model and whose work is to maintain the data’s accuracy and maintain its integrity.), availability and authenticity of the system. Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time. So, the framework acts as the guideline
On this ACL you listing first to permit all TCP traffic from any source IP address to any destination IP address before putting first the hosts IP address except you don’t want. In other words, the second line should have been first and the first line secondly to specify that to deny all TCP packets from the host 201.141.0.3 from any source IP addresses.
mandatory and discretionary access control policies. ACM Transactions on Information and System Security, Vol. 3, No. 2.
44. Which of the following type of program is also commonly referred to as a Trojan horse?
This information should be protected by others for potential by some hacker threats,they can read and change the contents of the message and information and exploit this information for personal benefit[17] .
The data is then sent back through the system to the original user. The information that is on the data coming back could have came from a wide array of sources such as books, financial markets, embedded chips or even made up by someone trying to fool the user. The History? The Internet is first
Two of the common known attacks on computing systems are the deployment of computer viruses and malware.
As the use of computers, databases, and technology in general, security has grown to be a powerful tool that has to be used. The threat of outside sources intruding and exploiting crucial information is a threat that is present on a daily basis. As a part of creating and implementing a security policy, a user must consider access control. Access Control is a security tool that is used to control who can use or gain access to the protected technology. Access control security includes two levels; logical and physical. Though database intrusions can happen at any moment, access control provides another security barrier that is needed.