Selection one option from below and complete the discussion question.
Discuss/describe the port scanning and/or enumeration techniques (attacks) not covered in Module 2. How can the attacks you have described be detected and prevented?
Enhance and elaborate on the port scanning and/or enumeration techniques (attacks) covered in Module 2. Share any additional thoughts you may have on them and explain how they can be detected and/or prevented.
ANSWER # 1
B. Enhance and elaborate on the port scanning and/or enumeration techniques (attacks) covered in Module 2. Share any additional thoughts you may have on them and explain how they can be detected and/or prevented.
In last weekÃ¢â‚¬â„¢s module titled The Preattack Phases, several methods were discussed regarding how Nmap scans a network to determine if ports are open. One of the methods known as the SYN stealth scan involves sending a packet to a host and then failing to respond to the hostÃ¢â‚¬â„¢s SYN/ACK. This scan is also known as a half-open scan and is considered stealthy because a connection is never established (UMUC, 2012). Since a connection never occurs, this type of scan is less likely to be logged and detected. The process of establishing half-open connections to detect open ports can also be used against a host to cause a Denial of Service (DoS). A SYN flood attack causes a DoS by flooding a network device with SYN requests and not responding to the hostÃ¢â‚¬â„¢s SYN/ACK response. The objective for performing this type of DoS attack commonly involves extortion, espionage, or protesting (Dambala, 2011). According to ProlexicÃ¢â‚¬â„¢s Quarterly Global DDoS Attack Report (2013), SYN floods comprise approximately one-third of all reported DoS attacks. This level of SYN flood attacks represents the highest volume for any single attack type since Prolexic began publishing its Quarterly Report.
Denial of service attacks such as SYN floods are a common disruptive technique that many organizations experience today. The organizations that are affected by these types of attacks vary across a spectrum of industries that include financial, retail, healthcare, and media. The following actions are some countermeasures that organizations can employ to mitigate this type of attack:
Decrease the connection-established timeout period
Increase the size of the connection queue in the IP stack
Install vendor-specific patches, where available, to deal with SYN attacks
Employ a network-based IDS to watch for this type of activity
Install a firewall to watch for these types of attacks and alert the administrator to cut off the connection (Harris, 2008, p. 1012).
Damballa. (2011). Understanding the modern DDoS threat [White Paper]. Retrieved from http://www.damballa.com/downloads/r_pubs/WP_Understanding_the_Modern_DDoS_attack.pdf
Harris, S. (2008). CISSP all-in-one exam guide (4th ed). New York, NY: McGraw-Hill.
Prolexic. (2013). Prolexic quarterly global DDoS attack report [Q2 2013]. Retrieved from http://www.prolexic.com/knowledge-center-dos-and-ddos-attack-reports.html
QUESTION # 2
Discuss/describe one or more LAN based attacks (also known as layer 2 attacks or lower layer attacks) which are not covered in the Module 3, or share any additional thoughts you may have on LAN based attacks covered in Module 3.
Discuss the security measures or methods used to prevent or mitigate the LAN based attacks you presented in Question A.
Local area network (LAN) based attacks can be divided into two arenas; wired or wireless network attacks. In addition to the LAN based attacks discussed in Module 3 (Media Access Control (MAC) & Address Resolution Protocol (ARP) Attacks), other LAN based attacks on wired networks include content address (CAM) table exhaustion, dynamic host configuration protocol (DHCP) starvation attacks, and virtual LAN (VLAN) hopping (University of Maryland University College, 2012). Wireless network attacks on the LAN include hidden node attacks, deauth attacks, and fake access point (FakeAP) attacks. Since the world is constantly moving towards a more mobile infrastructure, discussion of wireless LAN based attacks seems appropriate.
FakeAP attacks spoof the 802.11 beacon frame advertising an access point. To begin with, the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard refers to the wireless local area network (WLAN) MAC and physical layer specifications (IEEE Standards Association, 2012). Beacons, in this setup, are designed to transmit the presence of an access point; the more beacons available, the more responsive the association and roaming process is (Geier, 2001). FakeAP attacks generate counterfeit access points by spoofing the beacon frame advertising an access point and exploit a network via the generated beacons (Oconnor, 2010).
There are at least two tools in use that exploit the 802.11 beacon, Black Alchemy and KaraMetaSploit. Black Alchemy generates thousands of counterfeit 802.11 access points, causing problems with wireless network mapping (Oconnor, 2010). KaraMetaSploit takes Black Alchemy many steps further, by generating, advertising and integrating 802.11 beacons to launch automatic attacks against an unsuspecting user (Oconner, 2010). Like an ARP Protocol, beacons do not have the ability to check an identity and authenticate real access points from fake access points, easily allowing an intruder to find and gain access to a network (Chomsiri, 2008).
Detecting the FakeAP tool is fairly simple. Between increases in overhead assets, decrease in throughput, and out of order timestamp data intrusion detection and prevention systems (IDPS) are able to be designed around detecting these anomalies.
Since FakeAP attacks rely on increasing the number of beacons, exponentially, to make the association and roaming process very responsive, the network reacts by incurring additional overhead, using a great deal more power, thus decreasing throughput (Geier, 2001). This fluctuation in power and throughput is easily detectable. Moreover, as beacons must use the 802.11 carrier sense multiple access/collision avoidance (CSMA/CA) algorithm, pinpointing the fluctuation is also easily detectable (Geier, 2001).
Additionally, since time is linear factor on Earth, random timestamps are also an easily detectable error used by the FakeAP tools. Timestamps grow incrementally when clients attempt to sync with an access point; fakeAP tools, however, spoof random timestamp information (Oconner, 2010). This randomization is also easily detectable. As both tools are easily identifiable when in use IDPS are able to alert and prevent these actions from continuing.
Chomsiri, T. (2008). Sniffing packets on LAN without ARP spoofing. Retrieved from: http://www.researchgate.net/publication/215766539_Sniffing_Packets_on_LAN_without_ARP_Spoofing/file/58caf610db9cf1f2958bcfa2cfe159ff.pdf
Geier, J. (2001). 802.11 Beacons Revealed. Retrieved from http://www.wi-fiplanet.com/tutorials/print.php/1492071
IEEE Standards Association. (2012). IEEE 802.11. Retrieved from: http://standards.ieee.org/about/get/802/802.11.html
Oconnor, T. (2010). Detecting and responding to data link layer attacks. Retrieved from the SANS Institute InfoSec Reading Room: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CCkQFjAA&url=http%3A%2F%2Fwww.sans.org%2Freading_room%2Fwhitepapers%2Fdetection%2Fdetecting-responding-data-link-layer-attacks_33513&ei=nrxBUsz9Gu234APazoHIDg&usg=AFQjCNEfrNiTht8RkxIjfu5l9M_GHZQh7A&bvm=bv.52434380,d.dmg
University of Maryland University College. (2012). Switching and routing vulnerabilities, CSEC 640 Ã¢â‚¬â€œ Module 3. Retrieved from http://tychousa5.umuc.edu/cgi-bin/id/FlashSubmit/fs_link.pl?class=1309:CSEC640:9047&fs_project_id=423&xload&cType=wbc&tmpl=CSECfixed&moduleSelected=csec640_03
PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET AN AMAZING DISCOUNT ?
Our Service Charter
Excellent Quality / 100% Plagiarism-FreeWe employ a number of measures to ensure top quality essays. The papers go through a system of quality control prior to delivery. We run plagiarism checks on each paper to ensure that they will be 100% plagiarism-free. So, only clean copies hit customers’ emails. We also never resell the papers completed by our writers. So, once it is checked using a plagiarism checker, the paper will be unique. Speaking of the academic writing standards, we will stick to the assignment brief given by the customer and assign the perfect writer. By saying “the perfect writer” we mean the one having an academic degree in the customer’s study field and positive feedback from other customers.
Free RevisionsWe keep the quality bar of all papers high. But in case you need some extra brilliance to the paper, here’s what to do. First of all, you can choose a top writer. It means that we will assign an expert with a degree in your subject. And secondly, you can rely on our editing services. Our editors will revise your papers, checking whether or not they comply with high standards of academic writing. In addition, editing entails adjusting content if it’s off the topic, adding more sources, refining the language style, and making sure the referencing style is followed.
Confidentiality / 100% No DisclosureWe make sure that clients’ personal data remains confidential and is not exploited for any purposes beyond those related to our services. We only ask you to provide us with the information that is required to produce the paper according to your writing needs. Please note that the payment info is protected as well. Feel free to refer to the support team for more information about our payment methods. The fact that you used our service is kept secret due to the advanced security standards. So, you can be sure that no one will find out that you got a paper from our writing service.
Money Back GuaranteeIf the writer doesn’t address all the questions on your assignment brief or the delivered paper appears to be off the topic, you can ask for a refund. Or, if it is applicable, you can opt in for free revision within 14-30 days, depending on your paper’s length. The revision or refund request should be sent within 14 days after delivery. The customer gets 100% money-back in case they haven't downloaded the paper. All approved refunds will be returned to the customer’s credit card or Bonus Balance in a form of store credit. Take a note that we will send an extra compensation if the customers goes with a store credit.
24/7 Customer SupportWe have a support team working 24/7 ready to give your issue concerning the order their immediate attention. If you have any questions about the ordering process, communication with the writer, payment options, feel free to join live chat. Be sure to get a fast response. They can also give you the exact price quote, taking into account the timing, desired academic level of the paper, and the number of pages.