Selection one option from below and complete the discussion question.
Discuss/describe the port scanning and/or enumeration techniques (attacks) not covered in Module 2. How can the attacks you have described be detected and prevented?
Enhance and elaborate on the port scanning and/or enumeration techniques (attacks) covered in Module 2. Share any additional thoughts you may have on them and explain how they can be detected and/or prevented.
ANSWER # 1
B. Enhance and elaborate on the port scanning and/or enumeration techniques (attacks) covered in Module 2. Share any additional thoughts you may have on them and explain how they can be detected and/or prevented.
In last weekÃ¢â‚¬â„¢s module titled The Preattack Phases, several methods were discussed regarding how Nmap scans a network to determine if ports are open. One of the methods known as the SYN stealth scan involves sending a packet to a host and then failing to respond to the hostÃ¢â‚¬â„¢s SYN/ACK. This scan is also known as a half-open scan and is considered stealthy because a connection is never established (UMUC, 2012). Since a connection never occurs, this type of scan is less likely to be logged and detected. The process of establishing half-open connections to detect open ports can also be used against a host to cause a Denial of Service (DoS). A SYN flood attack causes a DoS by flooding a network device with SYN requests and not responding to the hostÃ¢â‚¬â„¢s SYN/ACK response. The objective for performing this type of DoS attack commonly involves extortion, espionage, or protesting (Dambala, 2011). According to ProlexicÃ¢â‚¬â„¢s Quarterly Global DDoS Attack Report (2013), SYN floods comprise approximately one-third of all reported DoS attacks. This level of SYN flood attacks represents the highest volume for any single attack type since Prolexic began publishing its Quarterly Report.
Denial of service attacks such as SYN floods are a common disruptive technique that many organizations experience today. The organizations that are affected by these types of attacks vary across a spectrum of industries that include financial, retail, healthcare, and media. The following actions are some countermeasures that organizations can employ to mitigate this type of attack:
Decrease the connection-established timeout period
Increase the size of the connection queue in the IP stack
Install vendor-specific patches, where available, to deal with SYN attacks
Employ a network-based IDS to watch for this type of activity
Install a firewall to watch for these types of attacks and alert the administrator to cut off the connection (Harris, 2008, p. 1012).
Damballa. (2011). Understanding the modern DDoS threat [White Paper]. Retrieved from http://www.damballa.com/downloads/r_pubs/WP_Understanding_the_Modern_DDoS_attack.pdf
Harris, S. (2008). CISSP all-in-one exam guide (4th ed). New York, NY: McGraw-Hill.
Prolexic. (2013). Prolexic quarterly global DDoS attack report [Q2 2013]. Retrieved from http://www.prolexic.com/knowledge-center-dos-and-ddos-attack-reports.html
QUESTION # 2
Discuss/describe one or more LAN based attacks (also known as layer 2 attacks or lower layer attacks) which are not covered in the Module 3, or share any additional thoughts you may have on LAN based attacks covered in Module 3.
Discuss the security measures or methods used to prevent or mitigate the LAN based attacks you presented in Question A.
Local area network (LAN) based attacks can be divided into two arenas; wired or wireless network attacks. In addition to the LAN based attacks discussed in Module 3 (Media Access Control (MAC) & Address Resolution Protocol (ARP) Attacks), other LAN based attacks on wired networks include content address (CAM) table exhaustion, dynamic host configuration protocol (DHCP) starvation attacks, and virtual LAN (VLAN) hopping (University of Maryland University College, 2012). Wireless network attacks on the LAN include hidden node attacks, deauth attacks, and fake access point (FakeAP) attacks. Since the world is constantly moving towards a more mobile infrastructure, discussion of wireless LAN based attacks seems appropriate.
FakeAP attacks spoof the 802.11 beacon frame advertising an access point. To begin with, the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard refers to the wireless local area network (WLAN) MAC and physical layer specifications (IEEE Standards Association, 2012). Beacons, in this setup, are designed to transmit the presence of an access point; the more beacons available, the more responsive the association and roaming process is (Geier, 2001). FakeAP attacks generate counterfeit access points by spoofing the beacon frame advertising an access point and exploit a network via the generated beacons (Oconnor, 2010).
There are at least two tools in use that exploit the 802.11 beacon, Black Alchemy and KaraMetaSploit. Black Alchemy generates thousands of counterfeit 802.11 access points, causing problems with wireless network mapping (Oconnor, 2010). KaraMetaSploit takes Black Alchemy many steps further, by generating, advertising and integrating 802.11 beacons to launch automatic attacks against an unsuspecting user (Oconner, 2010). Like an ARP Protocol, beacons do not have the ability to check an identity and authenticate real access points from fake access points, easily allowing an intruder to find and gain access to a network (Chomsiri, 2008).
Detecting the FakeAP tool is fairly simple. Between increases in overhead assets, decrease in throughput, and out of order timestamp data intrusion detection and prevention systems (IDPS) are able to be designed around detecting these anomalies.
Since FakeAP attacks rely on increasing the number of beacons, exponentially, to make the association and roaming process very responsive, the network reacts by incurring additional overhead, using a great deal more power, thus decreasing throughput (Geier, 2001). This fluctuation in power and throughput is easily detectable. Moreover, as beacons must use the 802.11 carrier sense multiple access/collision avoidance (CSMA/CA) algorithm, pinpointing the fluctuation is also easily detectable (Geier, 2001).
Additionally, since time is linear factor on Earth, random timestamps are also an easily detectable error used by the FakeAP tools. Timestamps grow incrementally when clients attempt to sync with an access point; fakeAP tools, however, spoof random timestamp information (Oconner, 2010). This randomization is also easily detectable. As both tools are easily identifiable when in use IDPS are able to alert and prevent these actions from continuing.
Chomsiri, T. (2008). Sniffing packets on LAN without ARP spoofing. Retrieved from: http://www.researchgate.net/publication/215766539_Sniffing_Packets_on_LAN_without_ARP_Spoofing/file/58caf610db9cf1f2958bcfa2cfe159ff.pdf
Geier, J. (2001). 802.11 Beacons Revealed. Retrieved from http://www.wi-fiplanet.com/tutorials/print.php/1492071
IEEE Standards Association. (2012). IEEE 802.11. Retrieved from: http://standards.ieee.org/about/get/802/802.11.html
Oconnor, T. (2010). Detecting and responding to data link layer attacks. Retrieved from the SANS Institute InfoSec Reading Room: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CCkQFjAA&url=http%3A%2F%2Fwww.sans.org%2Freading_room%2Fwhitepapers%2Fdetection%2Fdetecting-responding-data-link-layer-attacks_33513&ei=nrxBUsz9Gu234APazoHIDg&usg=AFQjCNEfrNiTht8RkxIjfu5l9M_GHZQh7A&bvm=bv.52434380,d.dmg
University of Maryland University College. (2012). Switching and routing vulnerabilities, CSEC 640 Ã¢â‚¬â€œ Module 3. Retrieved from http://tychousa5.umuc.edu/cgi-bin/id/FlashSubmit/fs_link.pl?class=1309:CSEC640:9047&fs_project_id=423&xload&cType=wbc&tmpl=CSECfixed&moduleSelected=csec640_03
PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET AN AMAZING DISCOUNT 🙂
Compelling correspondence is essential to the achievement all things considered but since of the changing idea of the present working environments, successful correspondence turns out to be more troublesome, and because of the numerous impediments that will permit beneficiaries to acknowledge the plan of the sender It is restricted. Misguided judgments.In spite of the fact that correspondence inside the association is rarely completely open, numerous straightforward arrangements can be executed to advance the effect of these hindrances.
Concerning specific contextual analysis, two significant correspondence standards, correspondence channel determination and commotion are self-evident. This course presents the standards of correspondence, the act of general correspondence, and different speculations to all the more likely comprehend the correspondence exchanges experienced in regular daily existence. The standards and practices that you learn in this course give the premise to additionally learning and correspondence.
This course starts with an outline of the correspondence cycle, the method of reasoning and hypothesis. In resulting modules of the course, we will look at explicit use of relational connections in close to home and expert life. These incorporate relational correspondence, bunch correspondence and dynamic, authoritative correspondence in the work environment or relational correspondence. Rule of Business Communication In request to make correspondence viable, it is important to follow a few rules and standards. Seven of them are fundamental and applicable, and these are clear, finished, brief, obliging, right, thought to be, concrete. These standards are frequently called 7C for business correspondence. The subtleties of these correspondence standards are examined underneath: Politeness Principle: When conveying, we should build up a cordial relationship with every individual who sends data to us.
To be inviting and polite is indistinguishable, and politeness requires an insightful and amicable activity against others. Axioms are notable that gracious “pay of graciousness is the main thing to win everything”. Correspondence staff ought to consistently remember this. The accompanying standards may assist with improving courtesy:Preliminary considering correspondence with family All glad families have the mystery of progress. This achievement originates from a strong establishment of closeness and closeness. Indeed, through private correspondence these cozy family connections become all the more intently. Correspondence is the foundation of different affiliations, building solid partners of obedient devotion, improving family way of life, and assisting with accomplishing satisfaction (Gosche, p. 1). In any case, so as to keep up an amicable relationship, a few families experienced tumultuous encounters. Correspondence in the family is an intricate and alluring marvel. Correspondence between families isn’t restricted to single messages between families or verbal correspondence.
It is a unique cycle that oversees force, closeness and limits, cohesiveness and flexibility of route frameworks, and makes pictures, topics, stories, ceremonies, rules, jobs, making implications, making a feeling of family life An intelligent cycle that makes a model. This model has passed ages. Notwithstanding the view as a family and family automatic framework, one of the greatest exploration establishments in between family correspondence centers around a family correspondence model. Family correspondence model (FCP) hypothesis clarifies why families impart in their own specific manner dependent on one another ‘s psychological direction. Early FCP research established in media research is keen on how families handle broad communications data. Family correspondence was perceived as an exceptional scholastic exploration field by the National Communications Association in 1989. Family correspondence researchers were at first impacted by family research, social brain science, and relational hypothesis, before long built up the hypothesis and began research in a family framework zeroed in on a significant job. Until 2001, the primary issue of the Family Communication Research Journal, Family Communication Magazine, was given. Family correspondence is more than the field of correspondence analysts in the family. Examination on family correspondence is normally done by individuals in brain science, humanism, and family research, to give some examples models. However, as the popular family correspondence researcher Leslie Baxter stated, it is the focal point of this intelligent semantic creation measure making the grant of family correspondence special. In the field of in-home correspondence, correspondence is normally not founded on autonomous messages from one sender to one beneficiary, yet dependent on the dynamic interdependency of data shared among families It is conceptualized. The focal point of this methodology is on the shared trait of semantic development inside family frameworks. As such, producing doesn’t happen in vacuum, however it happens in a wide scope of ages and social exchange.
Standards are rules end up being followed when performing work to agree to a given objective. Hierarchical achievement relies significantly upon compelling correspondence. So as to successfully impart, it is important to follow a few standards and rules. Coming up next are rules to guarantee powerful correspondence: clearness: lucidity of data is a significant guideline of correspondence. For beneficiaries to know the message plainly, the messages ought to be sorted out in a basic language. To guarantee that beneficiaries can without much of a stretch comprehend the importance of the message, the sender needs to impart unmistakably and unhesitatingly so the beneficiary can plainly and unquestionably comprehend the data.>