Wednesday, May 20, 2020

Application Network Security - Free Essay Example

Sample details Pages: 24 Words: 7116 Downloads: 3 Date added: 2017/06/26 Category Internet Essay Type Essay any type Tags: Cyber Security Essay Did you like this example? 2.0 CHAPTER TWO 2.1 INTRODUCTION The ever increasing need for information technology as a result of globalisation has brought about the need for an application of a better network security system. It is without a doubt that the rate at which computer networks are expanding in this modern time to accommodate higher bandwidth, unique storage demand, and increase number of users can not be over emphasised. As this demand grows on daily bases, so also, are the threats associated with it. Don’t waste time! Our writers will create an original "Application Network Security" essay for you Create order Some of which are, virus attacks, worm attacks, denial of services or distributed denial of service attack etc. Having this in mind then call for swift security measures to address these threats in order to protect data reliability, integrity, availability and other needed network resources across the network. Generally, network security can simply be described as a way of protecting the integrity of a network by making sure authorised access or threats of any form are restricted from accessing valuable information. As network architecture begins to expand, tackling the issue of security is becomes more and more complex to handle, therefore keeping network administrators on their toes to guard against any possible attacks that occurs on daily basis. Some of the malicious attacks are viruses and worm attacks, denial of service attacks, IP spoofing, cracking password, Domain Name Server (DNS) poisoning etc. As an effort to combat these threats, many security elements have been desig ned to tackle these attacks on the network. Some of which includes, firewall, Virtual Private Network (VPN), Encryption and Decryption, Cryptography, Internet Protocol Security (IPSec), Data Encryption Standard (3DES), Demilitarised Zone, (DMZ), Secure Shell Layer (SSL) etc. This chapter starts by briefly discussing Internet Protocol (IP), Transmission Control Protocol (TCP), User datagram Protocol (UDP), Internet Control Message Protocol (ICMP), then discussed the Open system interconnection (OSI) model and the protocols that operate at each layer of the model, network security elements, followed by the background of firewall, types and features of firewalls and lastly, network security tools. 2.2 A BRIEF DESCRIPTION OF TCP, IP, UDP AND ICMP 2.2.1 DEFINITION Going by the tremendous achievement of the World Wide Web (internet), a global communication standard with the aim of building interconnection of networks over heterogeneous network is known as the TCP/IP protocol suit e was designed (Dunkels 2003; Global Knowledge 2007; Parziale et al 2006). The TCP/IP protocol suite is the core rule used for applications transfer such as File transfers, E-Mail traffics, web pages transfer between hosts across the heterogeneous networks (Dunkels 2003; Parziale et al 2006). Therefore, it becomes necessary for a network administrator to have a good understanding of TCP/IP when configuring firewalls, as most of the policies are set to protect the internal network from possible attacks that uses the TCP/IP protocols for communication (Noonan and Dobrawsky 2006). Many incidents of network attacks are as a result of improper configuration and poor implementation TCP/IP protocols, services and applications. TCP/IP make use of protocols such as TCP, UDP, IP, ICMP etc to define rules of how communication over the network takes place (Noonan and Dobrawsky 2006). Before these protocols are discussed, this thesis briefly looks into the theoretical Open Systems Intercon nection (OSI) model (Simoneau 2006). 2.2.2 THE OSI MODEL The OSI model is a standardised layered model defined by International Organization for Standardization (ISO) for network communication which simplifies network communication to seven separate layers, with each individual layer having it own unique functions that support immediate layer above it and at same time offering services to its immediate layer below it (Parziale et al 2006; Simoneau 2006). The seven layers are Application, Presentation, Session Transport, Network, Data, Link and Physical layer. The first three lower layers (Network, Data, Link and Physical layer) are basically hardware implementations while the last four upper layers (Application, Presentation, Session and Transport) are software implementations. Application Layer This is the end user operating interface that support file transfer, web browsing, electronic mail etc. This layer allows user interaction with the system. Presentation Layer This layer is responsible for formatting the data to be sent across the network which enables the application to understand the message been sent and in addition it is responsible for message encryption and decryption for security purposes. Session Layer This layer is responsible for dialog and session control functions between systems. Transport layer This layer provides end-to-end communication which could be reliable or unreliable between end devices across the network. The two mostly used protocols in this layer are TCP and UDP. Network Layer This layer is also known as logical layer and is responsible for logical addressing for packet delivery services. The protocol used in this layer is the IP. Data Link Layer This layer is responsible for framing of units of information, error checking and physical addressing. Physical Layer This layer defines transmission medium requirements, connectors and responsible for the transmission of bits on the physical hardware (Parziale et al 2006; Simoneau 2006). 2.2.3 INTERNET PROTOCOL (IP) IP is a connectionless protocol designed to deliver data hosts across the network. IP data delivery is unreliable therefore depend on upper layer protocol such as TCP or lower layer protocols like IEEE 802.2 and IEEE802.3 for reliable data delivery between hosts on the network.(Noonan and Dobrawsky 2006) 2.2.4 TRANSMISSION CONTROL PROTOCOL (TCP) TCP is a standard protocol which is connection-oriented transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 793. TCP solves the unreliability problem of the network layer protocol (IP) by making sure packets are reliably and accurately transmitted, errors are recovered and efficiently monitors flow control between hosts across the network. (Abie 2000; Noonan and Do brawsky 2006; Simoneau 2006). The primary objective of TCP is to create session between hosts on the network and this process is carried out by what is called TCP three-way handshake. When using TCP for data transmission between hosts, the sending host will first of all send a synchronise (SYN) segment to the receiving host which is first step in the handshake. The receiving host on receiving the SYN segment reply with an acknowledgement (ACK) and with its own SYN segment and this form the second part of the handshake. The final step of the handshake is then completed by the sending host responding with its own ACK segment to acknowledge the acceptance of the SYN/ACK. Once this process is completed, the hosts then established a virtual circuit between themselves through which the data will be transferred (Noonan and Dobrawsky 2006). As good as the three ways handshake of the TCP is, it also has its short comings. The most common one being the SYN flood attack. This form of attack occurs when the destination host such as the Server is flooded with a SYN session request without receiving any ACK reply from the source host (malicious host) that initiated a SYN session. The result of this action causes DOS attack as destination host buffer will get to a point it can no longer take any request from legitimate hosts but have no other choice than to drop such session request (Noonan and Dobrawsky 2006). 2.2.5 USER DATAGRAM PROTOCOL (UDP) UDP unlike the TCP is a standard connectionless transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 768 (Noonan and Dobrawsky 2006; Simoneau 2006). When using UDP to transfer packets between hosts, session initiation, retransmission of lost or damaged packets and acknowledgement are omitted therefore, 100 percent packet delivery is not guaranteed (Sundararajan et al 2006; Postel 1980). UDP is designed with low over head as it does not involve initiation of s ession between hosts before data transmission starts. This protocol is best suite for small data transmission (Noonan and Dobrawsky 2006). 2.2.6 INTERNET CONTROL MESSAGE PROTOCOL (ICMP). ICMP is primarily designed to identify and report routing error, delivery failures and delays on the network. This protocol can only be used to report errors and can not be used to make any correction on the identified errors but depend on routing protocols or reliable protocols like the TCP to handle the error detected (Noonan and Dobrawsky 2006; Dunkels 2003). ICMP makes use of the echo mechanism called Ping command. This command is used to check if the host is replying to network traffic or not (Noonan and Dobrawsky 2006; Dunkels 2003). 2.3 OTHER NETWORK SECURITY ELEMENTS. 2.3.1 VIRTUAL PRIVATE NETWORK (VPN) VPN is one of the network security elements that make use of the public network infrastructure to securely maintain confidentiality of information transfer between hosts over t he public network (Bou 2007). VPN provides this security features by making use of encryption and Tunneling technique to protect such information and it can be configured to support at least three models which are Remote- access connection. Site-to-site ( branch offices to the headquarters) Local area network internetworking (Extranet connection of companies with their business partners) (Bou 2007). 2.3.2 VPN TECHNOLOGY VPN make use of many standard protocols to implement the data authentication (identification of trusted parties) and encryption (scrambling of data) when making use of the public network to transfer data. These protocols include: Point-to-Point Tunneling Protocol PPTP [RFC2637] Secure Shell Layer Protocol (SSL) [RFC 2246] Internet Protocol Security (IPSec) [RFC 2401] Layer 2 Tunneling Protocol (L2TP) [RFC2661] 2.3.2.1 POINT-TO-POINT TUNNELING PROTOCOL [PPTP] The design of PPTP provides a secure means of transferring data over the public infrastructure with authentication and encryption support between hosts on the network. This protocol operates at the data link layer of the OSI model and it basically relies on user identification (ID) and password authentication for its security. PPTP did not eliminate Point-to-Point Protocol, but rather describes better way of Tunneling PPP traffic by using Generic Routing Encapsulation (GRE) (Bou 2007; Microsoft 1999; Schneier and Mudge 1998). 2.3.2.2 LAYER 2 TUNNELING PROTOCOL [L2TP] The L2TP is a connection-oriented protocol standard defined by the RFC 2661which merged the best features of PPTP and Layer 2 forwarding (L2F) protocol to create the new standard (L2TP) (Bou 2007; Townsley et al 1999). Just like the PPTP, the L2TP operates at the layer 2 of the OSI model. Tunneling in L2TP is achieved through series of data encapsulation of the different levels layer protocols. Examples are UDP, IPSec, IP, and Data-Link layer protocol but the data encryption for the tunnel is provided by the IPSec (Bou 2007; Townsley et al 1999). 2.3.2.3 INTERNET PROTOCOL SECURITY (IPSEC) [RFC 2401] IPSec is a standard protocol defined by the RFC 2401 which is designed to protect the payload of an IP packet and the paths between hosts, security gateways (routers and firewalls), or between security gateway and host over the unprotected network (Bou 2007; Kent and Atkinson 1998). IPSec operate at network layer of the OSI model. Some of the security services it provides are, authentication, connectionless integrity, encryption, access control, data origin, rejection of replayed packets, etc (Kent and Atkinson 1998). 2.3.3.4 SECURE SOCKET LAYER (SSL) [RFC 2246] SSL is a standard protocol defined by the RFC 2246 which is designed to provide secure communication tunnel between hosts by encrypting hosts communication over the network, to ensure packets confidentiality, integrity and proper hosts authentication, in order to eliminate eavesdropping attacks on the network (Homin et al 2007; Oppliger et al 2008). SSL makes use of security elements such as digital certificate, cryptography and certificates to enforce security measures over the network. SSL is a transport layer security protocol that runs on top of the TCP/IP which manage transport and routing of packets across the network. Also SSL is deployed at the application layer OSI model to ensure hosts authentication (Homin et al 2007; Oppliger et al 2008; Dierks and Allen 1999). 2.4 FIREWALL BACKGROUND The concept of network firewall is to prevent unauthorised packets from gaining entry into a network by filtering all packets that are coming into such network. The word firewall was not originally a computer security vocabulary, but was initially used to illustrate a wall which could be brick or mortar built to restrain fire from spreading from one part of a building to the other or to reduce the spread of the fire in the building giving some time for remedial actions to be taken (Komar et al 2003). 2.4.1BRIEF HISTORY OF FIREWALL Firewall as used in computing is dated as far back as the late 1980s, but the first set of firewalls came into light sometime in 1985, which was produced by a Ciscos Internet work Operating System (IOS) division called packet filter firewall (Cisco System 2004). In 1988, Jeff Mogul from DEC (Digital Equipment Corporation) published the first paper on firewall. Between 1989 and 1990, two workers of the ATT Bell laboratories Howard Trickey and Dave Persotto initiated the second generation firewall technology with their study in circuit relays called Circuit level firewall. Also, the two scientists implemented the first working model of the third generation firewall design called Application layer firewalls. Sadly enough, there was no published documents explaining their work and no product was release d to support their work. Around the same year (1990-1991), different papers on the third generation firewalls were published by researchers. But among them, Marcus Ranums work received the most attention in 1991 and took the form of bastion hosts running proxy services. Ranums work quickly evolved into the first commercial product—Digital Equipment Corporations SEAL product (Cisco System 2004). About the same year, work started on the fourth generation firewall called Dynamic packet filtering and was not operational until 1994 when Check Point Software rolled out a complete working model of the fourth generation firewall architecture. In 1996, plans began on the fifth generation firewall design called the Kernel Proxy architecture and became reality in 1997 when Cisco released the Cisco Centri Firewall which was the first Proxy firewall produced for commercial use (Cisco System 2004). Since then many vendor have designed and implemented various forms of firewall both in hardware and software and till date, research works is on going in improving firewalls architecture to meet up with ever increasing challenges of network security. 2.5 DEFINITION According to the British computer society (2008), Firewalls are defence mechanisms that can be implemented in either hardware or software, and serve to prevent unauthorized access to computers and networks. Similarly, Subrata, et al (2006) defined firewall as a combination of hardware and software used to implement a security policy governing the flow of network traffic between two or more networks. The concept of firewall in computer systems security is similar to firewall built within a building but differ in their functions. While the latter is purposely designed for only one task which is fire prevention in a building, computer system firewall is designed to prevent more than one threat (Komar et al 2003).This includes the following Denial Of Service Attacks (DoS) Virus attacks Worm attack. Hacking attacks etc 2.5.1 DENIAL OF SERVICE ATTACKS (DOS) â€Å"Countering DoS attacks on web servers has become a very challenging problem† (Srivatsa et al 2006). This is an attack that is aimed at denying legitimate packets to access network resources. The attacker achieved this by running a program that floods the network, making network resources such as main memory, network bandwidth, hard disk space, unavailable for legitimate packets. SYN attack is a good example of DOS attacks, but can be prevented by implementing good firewall polices for the secured network. A detailed firewall policy (iptables) is presented in chapter three of this thesis. 2.5.2 VIRUS AND WORM ATTACKS Viruses and worms attacks are big security problem which can become pandemic in a twinkle of an eye resulting to possible huge loss of information or system damage (Ford et al 2005; Cisco System 2004). These two forms of attacks can be programs designed to open up systems to allow information theft or programs that regenerate themselves once they gets into the system until they crashes the system and some could be programmed to generate programs that floods the network leading to DOS attacks. Therefore, security tools that can proactively detect possible attacks are required to secure the network. One of such tools is a firewall with good security policy configuration (Cisco System 2004). Generally speaking, any kind of firewall implementation will basically perform the following task. Manage and control network traffic. Authenticate access Act as an intermediary Make internal recourses available Record and report event 2.5.3 MANAGE AND CONTROL NETWORK TRAFFIC. The first process undertaken by firewalls is to secure a computer networks by checking all the traffic coming into and leaving the networks. This is achieved by stopping and analysing packet Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc. in order decide on what action to take on such packets either to accept or reject the packet. This action is called packet filtering and it depends on the firewall configuration. Likewise the firewall can also make use of the connections between TCP/IP hosts to establish communication between them for identification and to state the way they will communicate with each other to decide which connection should be permitted or discarded. This is achieved by maintaining the state table used to check the state of all the packets passing through the firewall. This is called stateful inspection (Noonan and Dobrawsky 2006). 2.5.4 AUTHENTICAT E ACCESS When firewalls inspects and analyses packets Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc, and probably filters it based on the specified security procedure defined, it does not guarantee that the communication between the source host and destination host will be authorised in that, hackers can manage to spoof IP address and port action which defeats the inspection and analysis based on IP and port screening. To tackle this pit fall over the network, an authentication rule is implemented in firewall using a number of means such as, the use of username and password (xauth), certificate and public keys and pre-shared keys (PSKs).In using the xauth authentication method, the firewall will request for the source host that is trying to initiate a connection with the host on the protected network for its username and password before it will allow connection between the protected network and the source host to be established. Once the connection is been confirmed and authorised by the security procedure defined, the source host need not to authenticate itself to make connection again (Noonan and Dobrawsky 2006). The second method is using certificates and public keys. The advantage of this method over xauth is that verification can take place without source host intervention having to supply its username and password for authentication. Implementation of Certificates and public keys requires proper hosts (protected network and the source host) configuration with certificates and firewall and making sure that protected network and the source host use a public key infrastructure that is properly configured. This security method is best for big network design (Noonan and Dobrawsky 2006). Another good way of dealing with authentication issues with firewalls is by using pre-shared keys (PSKs). The implementation of PSKs is easy compare to the certificates and public keys although, aut hentication still occur without the source host intervention its make use of an additional feature which is providing the host with a predetermined key that is used for the verification procedure (Noonan and Dobrawsky 2006). 2.5.5 ACT AS AN INTERMEDIARY When firewalls are configured to serve as an intermediary between a protected host and external host, they simply function as application proxy. The firewalls in this setup are configured to impersonate the protected host such that all packets destined for the protected host from the external host are delivered to the firewall which appears to the external host as the protected host. Once the firewalls receive the packets, they inspect the packet to determine if the packet is valid (e.g. genuine HTTT packet) or not before forwarding to the protected host. This firewall design totally blocks direct communication between the hosts. 2.5.6 RECORD AND REPORT EVENTS While it is good practise to put strong security policies in p lace to secure network, it is equally important to record firewalls events. Using firewalls to record and report events is a technique that can help to investigate what kind of attack took place in situations where firewalls are unable to stop malicious packets that violate the access control policy of the protected network. Recording this event gives the network administrator a clear understanding of the attack and at the same time, to make use of the recorded events to troubleshoot the problem that as taken place. To record these events, network administrators makes use of different methods but syslog or proprietary logging format are mostly used for firewalls. However, some malicious events need to be reported quickly so that immediate action can be taken before serious damage is done to the protected network. Therefore firewalls also need an alarming mechanism in addition to the syslog or proprietary logging format when ever access control policy of the protected network is viol ated. Some types of alarm supported by firewalls include Console notification, Simple Network Management Protocol (SNMP), Paging notification, E-mail notification etc (Noonan and Dobrawsky 2006). Console notification is a warning massage that is presented to the firewall console. The problem with this method of alarm is that, the console needs to be monitored by the network administrator at all times so that necessary action can be taken when an alarm is generated. Simple Network Management Protocol (SNMP) notification is implemented to create traps which are transferred to the network management system (NMS) monitoring the firewall. Paging notification is setup on the firewall to deliver a page to the network administrator whenever the firewall encounters any event. The message could be an alphanumeric or numeric depending on how the firewall is setup. E-mail notification is similar to paging notification, but in this case, the firewall send an email instead to proper address. 2.6 TYPES OF FIREWALLS Going by firewall definition, firewalls are expected to perform some key functions like, Application Proxy, Network Translation Address, and Packet filtering. 2.6.1 APPLICATION PROXY This is also known as Application Gateway, and it acts as a connection agent between protected network and the external network. Basically, the application proxy is a host on the protected network that is setup as proxy server. Just as the name implies, application proxy function at the application layer of the Open System Interconnection (OSI) model and makes sure that all application requests from the secured network is communicated to the external network through the proxy server and no packets passes through from to external network to the secured network until the proxy checks and confirms inbound packets. This firewall support different types of protocols such as a Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and Simple Mail Transport Protocol ( SMTP) (Noonan and Dobrawsky 2006; NetContinuum 2006). 2.6.2 NETWORK ADDRESS (NAT) NAT alter the IP addresses of hosts packets by hiding the genuine IP addresses of secured network hosts and dynamically replacing them with a different IP addresses (Cisco System 2008; Walberg 2007). When request packets are sent from the secured host through the gateway to an external host, the source host address is modified to a different IP address by NAT.  When the reply packets arrives at the gateway, the NAT then replaces the modified address with genuine host address before forwarding it to the host (Walberg 2007).The role played by NAT in a secured network system makes it uneasy for unauthorized access to know: The number of hosts available in the protected network The topology of the network The operating systems the host is running The type of host machine (Cisco System 2008). 2.6.3 PACKET FILTERING. â€Å"Firewalls and IPSec gateways have become major components in the current high speed Internet infrastructure to filter out undesired traffic and protect the integrity and confidentiality of critical traffic† (Hamed and Al-Shaer 2006). Packet filtering is based on the lay down security rule defined for any network or system. Filtering traffic over the network is big task that involves comprehensive understanding of the network on which it will be setup. This defined policy must always be updated in order to handle the possible network attacks (Hamed and Al-Shaer 2006). 2.6.4 INSTRUCTION DETECTION SYSTEMS. Network penetration attacks are now on the increase as valuable information is being stolen or damaged by the attacker. Many security products have been developed to combat these attacks. Two of such products are Intrusion Prevention systems (IPS) and Intrusion Detection Systems (IDS). IDS are software designed to purposely monitor an d analysed all the activities (network traffic) on the network for any suspicious threats that may violate the defined network security policies (Scarfone and Mell 2007; Vignam et al 2003). There are varieties of methods IDS uses to detect threats on the network, two of them are, anomaly based IDS, and signature based IDS. 2.6.4.1 ANOMALY BASED IDS Anomaly based IDS is setup to monitor and compare network events against what is defined to be normal network activities which is represented by a profile, in order to detect any deviation from the defined normal events. Some of the events are, comparing the type of bandwidth used, the type of protocols etc and once the IDS identifies any deviation in any of this events, it notifies the network administrator who then take necessary action to stop the intended attack (Scarfone and Mell 2007). 2.6.4.2 SIGNATURE BASED IDS Signature based IDS are designed to monitor and compare packets on the network against the signature database of known malicious attacks or threats. This type of IDS is efficient at identifying already known threats but ineffective at identifying new threats which are not currently defined in the signature database, therefore giving way to network attacks (Scarfone and Mell 2007). 2.6.5 INTRUSION PREVENTION SYSTEMS (IPS). IPS are proactive security products which can be software or hardware used to identify malicious packets and also to prevent such packets from gaining entry in the networks (Ierace et al 2005, Botwicz et al 2006). IPS is another form of firewall which is basically designed to detect irregularity in regular network traffic and likewise to stop possible network attacks such as Denial of service attacks. They are capable of dropping malicious packets and disconnecting any connection suspected to be illegal before such traffic get to the protected host. Just like a typical firewall, IPS makes use of define rules in the system setup to determine the action to take on any traffic and this could be to allow or block the traffic. IPS makes use of stateful packet analysis to protect the network. Similarly, IPS is capable of performing signature matching, application protocol validation etc as a means of detecting attacks on the network (Ierace et al 2005). As good as IPS are, they also have their downsides as well. One of it is the problem of false positive and false negative. False positive is a situation where legitimate traffic is been identified to be malicious and thereby resulting to the IPS blocking such traffic on the network. False negative on the other hand is when malicious traffic is be identified by the IPS as legitimate traffic thereby allowing such traffic to pass through the IPS to the protected network (Ierace N et al 2005). 2.7 SOFTWARE AND HARDWARE FIREWALLS 2.7.1 SOFTWARE FIREWALLS Software-based firewalls are computers installed software for filtering packets (Permpootanalarp and Rujimethabhas 2001). These are programs set up either on personal computers or on network servers (Web servers and Email severs) operating system. Once the software is installed and proper security polices are defined, the systems (personal computers or servers) assume the role of a firewall. Software firewalls are second line of defence after hardware firewalls in situations where both are used for network security. Also software firewalls can be installed on different operating system such as, Windows Operating Systems, Mac operating system, Novel Netware, Linux Kernel, and UNIX Kernel etc. The function of these firewalls is, filtering distorted network traffic. There are several software firewall some of which include, Online Armor firewall, McAfee Personal Firewall, Zone Alarm, Norton Personal Firewall, Black Ice Defender, Sygate Personal Firewall, Panda Firewall, The DoorStop X Firewall etc (Lugo Parker 2005). When designing a software firewall two keys things are considered. These are, per-packet filtering and a per- process filtering. The pre-packet filter is design to search for distorted packets, port scan detection and checking if the packets are accepted into the protocol stack. In the same vein, pre-process filter is the designed to check if a process is allowed to begin a connection to the secured network or not (Lugo and Parker 2005). It should be noted that there are different implantations of all Firewalls. While some are built into the operating system others are add-ons. Examples of built-in firewalls are windows based firewall and Linux based. 2.7.2 WINDOWS OPERATING SYSTEM BASED FIREWALL. In operating system design, security features is one important aspect that is greatly considered. This is a challenge the software giant (Microsoft) as always made sure they implement is their products. In the software industry, Microsoft Windows operating system as grown tremendously both in design and functionality over decades. As new version of the product is released, additional feature s are added and the defects in the previous version are been corrected to improve the performance of the new product. One of such improvement is the implementation of windows firewall with Service Pack 2 (SP2) in XP and Windows Server 2003 with Service Pack 1 surrogate for Internet Connection Firewall (ICF) (Microsoft Corporation 2005). Windows firewall is a stateful connection management and can be configured for specific traffic on the network. The following are features of Windows Firewall in XP SP2. Windows Firewall in XP SP2 is a global setup which apply to any kind of connection It has a new mode of operation Group policy settings configuration IPv4 scoping for all Incoming traffic Excepted traffic can be specified by program filename It has in Built support for IPv6 Windows Firewall in XP SP2 is enabled by default to all connections of the system New Windows Firewall component of Control Panel (Microsoft Corporation 2005). Similarly, Windows Firewall with Advanced Security is another windows based firewall introduced into Windows Vista OS which is a layered security model. This firewall is derived from the integration of Internet Protocol Security (IPsec) and Windows Firewall configuration setup to form a single Microsoft Management Console (MMC). Unlike the previous versions of windows firewalls that block only inbound traffic, Windows Firewall with Advanced Security provides end to end packet filtering on the network by blocking malicious network packets coming in and going out of the protected network (Microsoft 2006). 2.7.3 THE FLAWS IN WINDOWS FIREWALL Without any doubt, Microsoft as done a lot of work in the area of security to make sure that users are protected from possible attacks, by continually making patches available to update their products. But one thing that should be noted about windows OS is, it is not primarily designed for security threats as security is just a fraction of t he entire functionality of the product, therefore, making the product vulnerable to attacks. Research works as shown that, it is always better to install dedicated firewall application that is solely responsible for analysing and filtering packets rather than depending on all in one windows OS for protection. The following are some of the flaws in windows based Firewalls [ ]. Windows based firewall in XP unlike Vista does not inspect outbound packets and likewise can not protect against Trojans. Windows based firewall can not protect against e-mail containing threats such as worms when it been accessed. Windows firewall can efficiently filter inbound traffic but lacks the utility to detect DOS attacks. If a system already has a virus before the windows firewall is configured, the firewall can neither detect nor remove the virus (Microsoft Corporation 2005). 2.8 LINUX BASED FIREWALL â€Å"Since its birth in 1991† (SUSE LINUX 2004), Linux operating system (OS) has made a land mark over the years. Linux is an open source OS that is secure, scalable, flexible, stable, and can be implemented on all different platforms and in most cases, Linux distributions (SUSE, Debian, Red Hat, Centos, Fedora Core, etc.) are free, expect for few which requires users to pay. Presently, Linux is gaining more acceptances in corporate data centres and from users who are beginning to discover the features which the OS offers (Cisco System 2004) All Linux OS distributions package comes with built-in firewall that can be configured when installing the OS. The implementation of firewall in Linux OS is cheap in that most of the distributions are free and it requires little hardware configuration. The implementation of firewall in Linux started with ipfw code an idea taken from Berkeley Software Distribution (BSD) of UNIX. As security demand increases , more security features is required by the firewall to protect the system against possible attacks which the ipfw could not provide. Therefore, ipfwadm utility was developed to complement ipfw code. Both ipfwadm utility and ipfw code were implemented in the Linux kernels 1.0 series and provided significant flexibility by allowing the administrator to do the following (Noonan and Dobrawsky 2006). To setup, TCP ACK, and TCP SYN handshake To add additional rules automatically in situations where named hosts IP address is more than one. To setup reliable accounting system by listing and resetting the packet counter To modify the default policies setup for firewall To state the address of the interface and name for the rules IP address masquerading To list existing rules in number of formats (Noonan and Dobrawsky 2006). The release of new version of Linux brought about improvements in the existing filter that was implemented in the Linux 1.0 series. This upgrade is known as ipchains and was implemented in Linux 2.2. The ipchains firewalls are upgrade of the ipfwadm and ipfw code firewalls. The Ipchains setup allow TCP traffic with ACK bit which is set to permit return traffic from a remote server into the protected network (Noonan and Dobrawsky 2006). But there is a problem with this type of filtering technique reason been that, this firewall depend on the transmitted packet to determine if it is part of the established connection or not. This technique makes the whole system vulnerable to attacks, as transmitted packets can be imitated thereby rendering the firewall useless. This pitfall in ipchains based firewall was improved upon in the later version of Linux kernel (Linux 2.4 kernel) known as NetFilter or iptables. NetFilter is a stateful firewall unlike the ipchains, having better filtering a nd logging capabilities [ ]. The features of Netfilter includes, â€Å"stateless packet filtering (IPv4 and IPv6) stateful packet filtering (IPv4 and IPv6) all kinds of network address and port translation, e.g. NAT/NAPT (IPv4 only) flexible and extensible infrastructure multiple layers of APIs for 3rd party extensions large number of plugins/modules kept in psatch-o-matic repository†(Netfilter 2007). 2.9 HARDWARE FIREWALL Hardware firewalls are physical devices with which specific program (proprietary standard software) is integrated to provide firewall operations. Hardware firewalls are routers which are capable of filtering packets (Permpootanalarp and Rujimethabhas 2001). These devices do not need separate program installation other than the one already integrated in the devices. However, these devices require some form configuration in defining the right polices to secure any network. Hardware firewalls are the first point of defence to any secure network and they seat in between protected network and the external system or network. In situations were both hardware firewalls and software firewalls are used together to secure the network, the hardware firewalls can be configured such that they filter out the incoming packets from the external source while the software firewalls are setup to inspect the network packets. There are many vendors designing and manufacturing these products (hardware firewalls). Four of them with their products are as follows. 2.9.1 UTM-1 TOTAL SECURITY This device offer a complete set of security features including firewall, intrusion prevention, antivirus, anti-spy ware, messaging security, Web application firewall, VoIP security, instant messaging (IM) and peer-to-peer (P2P) blocking, Web filtering, as well as secure site-to-site and remote access connectivity (Check Point software technologies ltd. 2008). 2.9.2 CISCO ASA 5500 SERIES ADAPTIVE SECURITY APPLIANCES The Cisco ASA 5500 Series Adaptive Security Appliances are the latest security solutions from Cisco that integrate firewall, Unified Communications (voice/video) security, SSL and IPsec VPN, intrusion prevention (IPS), and content security services in a flexible, modular product family. These products are designed to provide intelligent threat defence and secure communications services that stop attacks before they impact network operations and to protect networks of all sizes (Cisco systems 2007). 2.9.3 SIDEWINDER APPLIANCE Sidewinder is a multi-function firewall appliance by Secure Computing that delivers true enterprise-class features and performance. This device has a multi-gigabit performance capabilities and hardware monitoring and redundancy features which allow its multiple security functions to run simultaneously, including its multi-layer firewall, Trusted Source reputation services, anti-virus, anti-spyware, anti-spam, URL filtering or blocking, VPN encryption services, and more (Secure computing 2008). 2.9.4 SONICWALL NETWORK SECURITY APPLIANCE The SonicWALLs network security appliance can be configured and customized with an expanding array of security services into a solution  that will integrate seamlessly into any network while providing complete protection. Every appliance is capable of integrating support for gateway anti-spyware, antivirus, intrusion prevention, content filtering, wireless se curity and more. Likewise, it utilises encryption technology and deep packet inspection to provide secure VPN connectivity to an array of deployments including site-to-site, and continually monitoring each connection to deliver instant and automatic protection against transmitted threats, ensuring each connection is as reliable as possible (Sonicwall 2008). 2.10 NETWORK SECURITY TOOLS Network security tools can be classified into different categories based on the function they perform. Three of such categetgories include; network troubleshooting tools (Packet analysis tools), security test tools, logging and logging analysis tools. 2.10.1 NETWORK TROUBLESHOOTING TOOLS One of the network troubleshooting tools are the Packet-analysis tools which are security tools used in a network setup to monitor all communication activities between hosts in order know how hosts interact with each other likewise, to detect and identify network-based problems and communications errors (No onan and Dobrawsky 2006). Packet-analysis tools are also known as Packet sniffers. Packet-analysis tools are designed to decode the traffic flowing through the network to a readable format (plaintext). There are different types of packet analysis tools, but the common ones are, Ethereal, Microsoft Network Monitor and TCPDump (Noonan and Dobrawsky 2006; Davis D 2006). 2.10.1.1 ETHEREAL This is an open source Packet-analysis tool that is designed for analysis and troubleshooting of traffic between hosts. It can be implemented on different types of OS (windows OS, Linux or Unix kernel, Mac OS X) having the same interface and functionality across the this different platform of the OS. Ethereal is a graphical user interface tool that is probably easy to use, as it works by decoding the information on the network to a readable text format which is easy to understand for the network administrator (Davis D (2006). Ethereal make use of three window panes to display result of the analys is in real time. They are panes are; The first pane is the top pane which display the list of packets The second one is the middle pane which display packet details The third one is the bottom pane that displays the packet bytes (Noonan and Dobrawsky 2006). 2.10.1.2 MICROSOFT NETWORK MONITOR. Microsoft Network Monitor is a window based tool designed to monitor, manage and troubleshoot hosts on the network running windows OS. Microsoft Network Monitor is not different from Ethereal as both perform the same function. The only difference between the two is that, unlike Ethereal, Microsoft Network Monitor can not simultaneously captured and display packets in real time but can only do one thing at a time (Noonan and Dobrawsky 2006). 2.10.1.3 TCPDUMP TCPDump is another open source packet analysis tool used by the network administrators to troubleshoot the network, debug network traffic, capture packet from the network, decipher the bits and pieces, and display them in a semi-coherent fashion (Fuentes F and Kar 2005). TCPDump can be implemented in Linux or UNIX and in Window OS (WinDump). A good understanding of TCPDump will aid the learning of other packet analysis tools. One of such is Ethereal that uses the same syntax for packe t filtering with TCPDump (Fuentes F and Kar 2005). To use TCPDump in Linux or UNIX environment requires administrative privilege (root) to run the tool (Noonan and Dobrawsky 2006). 2.10.2 NETWORK SECURITY TOOLS One of the good qualities of a network security setup is, the ability of such network to have logs that can accurately and comprehensively monitor and record all the events that are taking place in order to give the network administrator a clear understanding of what actually happened at a particular point in time on the network and the required action to take. Logs are designed to serve different tasks such as, Troubleshooting system application problems Gives early warning notification of system abuse. In the case of a system crash logs provides helpful forensic information (Yamanishi K and Maruyama Y 2005). A tool that is capable of performing these tasks is the syslog. 2.10.2.1 SYSLOG Syslog is a security utility designed to monitor and record system events across the network. They are used to address issues like network performance, network failure, system crash, record alteration in system configuration etc (Yamanishi K and Maruyama Y (2005)). 2.10.3 NETWORK SECURITY TESTING While it is a good thing to secure the network by configuring the appropriate tools with aim of preventing unauthorised access into the network. The question then is how secure is the network? To address is doubt, it therefore becomes mandatory as a good security practise to carry out security testing after finalising security configuration. Network security testing is an activity that conclusively determines the integrity of the network security. Security testing is carried out to detect unknown vulnerabilities on the network and to ensure proper security is in place (Wack et al 2003). Network s ecurity tools can be classified in the following groups; networks port-scanning tools (Network Mapper), vulnerability-scanning tools (Cybercop Scanner, Nessus), password-cracking tools (John the Ripper, Novel Netware password cracker), Network Sniffers (Ethereal, Snort) etc. Network mapper and Nessus are briefly discussed. 2.10.3.1 NETWORK MAPPER (NMAP) Nmap is a network port scanning tool that is used to check if a network port is open or closed. It makes use of IP packet to identify if ports are open, the type of OS the hosts are running and also the version available on the hosts, the type of firewall implementation etc (Yamanishi and Maruyama 2005). If Nmap is used to scan hosts ports on the protected network as against rules define for the ports on the secured network and it is discovered that there are response from some of the ports apart from the rules defined for those ports, it then means that the ports responding to Nmap scan request are exposed and are likely point s through which attackers can gain entry into the network (Noonan and Dobrawsky 2006). 2.10.3.2 NESSUS Nessus is another vulnerability scanning tool used to identify holes (open ports) and the kind possible attacks that might occur through the open ports on the protected network. An example is DOS attacks. Nessus is a freeware that can be implemented in Linux, Mac OS X, and windows OS. In addition, Nessus is a client-server based operation. The Nessus sever is responsible for vulnerability testing and scanning while the Nessus client provides reporting and front end configuration (Noonan and Dobrawsky 2006).

Wednesday, May 6, 2020

Boko Haram Is A Terrorist Extremist Group - 2204 Words

Introduction Boko Haram is a terrorist extremist group that fights against Christianity. Their goal is to turn the world into Islam believers. Right now they have focused on Africa, Nigeria in particular. In order to do this, they have taken over towns, stolen girls from schools and brought terror to Nigeria. Boko Haram promotes a version of Islam which makes it haram, or forbidden, for Muslims to take part in any political or social activity associated with Western society. This includes voting in elections, wearing shirts and trousers or receiving a secular education. Boko Haram regards the Nigerian state as being run by non-believers, even when the country had a Muslim president - and it has extended its military campaign by targeting neighbouring states. A) Full Reference: Chothia, Farouk. Who Are Nigeria’s Boko Haram Islamists. BBC UK. BBC UK, 4 May 2015. Web. 21 Oct. 2016. Article No: 1 Headline: Who are Nigeria s Boko Haram Islamists? Source: BBC UK Author: Farouk Chothia Date: 4 May 2015 A) Glossary of Key Words: Maiduguri, Sokoto caliphate, Mohammed Yusuf, mosque, Borno, Abubakar Shekau, al-Qaeda, President Goodluck Jonathan, Borno, Yobe and Adamawa. B) Article Summary (100 words Approx.) This article explained who Boko Haram is, who leads it. It explains their intentions, plans and their actions. One of the key incidents that occurred in Nigeria, 219 school girls were taken by Boko Haram, this was also spoken about in the article. It gave a clear insightShow MoreRelatedChristian Persecution in Nigeria790 Words   |  3 PagesChristian persecution by Muslim extremists in (mainly) northern Nigeria is and has been a serious problem for several years. The main contributors to this issue are the Islamic extremist and Muslim purist organization, Boko Haram. According to Religion Today, over 3000 people have been killed since Boko Haram began it’s insurgency. Murders and jihads are a regular occurrence in Nigeria, with new reports seemingly coming out every day of another terrorist attack or mass shooting. With government beingRead MoreA Brief Note On The Country Of Nigeria1584 Words   |  7 Pagesterrorism by northern Nigeri an Islam extremists are becoming much more frequent because of a rather newly created terrorist group, Boko Haram. The group is growing in power and most likely is not being shut down any time soon. There are many reasons for this, including many Nigerian citizens being in poverty, Nigeria’s corrupt government, and most crucial, religious conflict. Nigeria is a very diverse nation, where there are many different ethnic and religious groups. The country is split almost perfectlyRead MoreBoko Haram And Its Effect On Women And Children1604 Words   |  7 PagesBoko Haram is the infamous insurgency that sprang up in Nigeria in 2002 with then relative influence that has now gone on to gain worldwide attention thanks in part to their horrendous abduction of over 200 young schoolgirls. This terrorist group is responsible for â€Å"numerous attacks on government and civilian targets that resulted in thousands of deaths and injuries, widespread destruction, the internal displacement of 1.8 million persons, and the external displacement of an estimated 191,000 NigerianRead MoreBoko Haram : A Serious Problem1628 Words   |  7 Pagesthere has been an increasing threat posed by growing numbers of homegrown terrorists that have managed to become a serious problem to the nation. In recent times, several terror attacks have been mounted i n major towns and cities spread across the country. The major religious terrorist group, Boko Haram, has caused chaos in these areas causing substantial damage in the regions over which they have gained control. Boko Haram militants have taken over a majority of the regions in the north and declaredRead MoreBoko Haram Is The Most Powerful Group1468 Words   |  6 Pagesunbridled by Boko Haram. Nigeria has always been at the heart of security threatening challenges, but Boko Haram is the most powerful group as of yet. Boko Haram has claimed responsibility for many bombings and other terrorist activities north and central Nigeria, thus placing Nigeria on the verge of dissolution. Till date, terror caused by Boko Hara has resulted in an estimate of about 10,000 deaths. Boko Haram, officially called Jama’tu Ahlis Sunna Lidda’Awati Wal-Jihad, is a Sunni extremist terroristRead MoreTerrorism And Terrorist Organizations Across Different Continents1552 Words   |  7 Pages The topic that our group decided to choose was terrorism because of the huge impact it has on the society we live in today. With the recent attacks in Paris, terrorism as a whole needs to be discussed. The specific section on terrorism that was given to me included different terrorist groups abroad. There are endless terrorist organization in numerous countries that would take hours to discuss all, but this will discuss the top four most known and deadliest terrorist organizations across differentRead MoreBoko Haram Is The Elusive Master Mind Behind The Islamic State2063 Words   |  9 PagesThe group, Boko Haram, was created 14 years ago by Mohammed Yusuf (1970-2009) to create and pure Islamic state in Nigeria. With the development in technology over the last ten years the internet has become a freeway of information. This has created the perfect opportunity for terrorist groups to blossom and spread their messages to lands far away from their previous reach. Mohammed Yusuf Ideals were focused on making Nigeria a â€Å"pure Islamic State†. In 2009 police found and killed him which with mediaRead MoreIslam Extremism And Islamic Terrorism Essay1827 Words   |  8 Pagesâ€Å"Jama atu Ahl as-Sunnah li-Da awati wal-Jihad† (People Committed to the Propagation of the Prophet s Teachings and Jihad) is also known as Boko Haram, which translates to â€Å"Western education is a sin† (Study of Terrorism and Responses to Terrorism, 2014). It is an extremist Islamic group who fights against the Nigeria state. It has become a global concern because of its acts that can be categorized as terrorism attack lately. The motive of its activities is to establish and expand the Islamic empireRead MoreMiddle Eastern And African Terrorist Movements1414 Words   |  6 Pages Middle-Eastern and African Terrorist Movements Michael Scheil Troy University Abstract Over the course of this paper Middle-Eastern and African Terrorist Movements will be examined with different organizations and networks used as source material. How states sponsor terrorism in different parts of the world and trends that influence violence in these parts of the world. When talking about terrorist goals and campaigns, many people group all of the countries in the Middle East andRead MoreBoko Haram : A Deadly Mission1625 Words   |  7 Pagestheir dislike; whether a group of people are supposedly the cause for economic crisis, or they are associated with terrorists. People learn to accept differences and work together, but in extreme cases where the tensions are high things may get out of control. A current group who is on track for genocide, Boko Haram, looks to put a â€Å"ban on all things Western† (The Deadly Mission Of Boko Haram.). This is a terror group that will stop at nothing to get what it covets. Boko Haram operates in Nigeria

Fundraising Rural Electrification Ethiopia -Myassignmenthelp.Com

Question: Discuss About The Fundraising Rural Electrification Ethiopia? Answer: Introducation World Vision Charity Organization is a non-profit organization which aims to organize a fundraising for providing electricity to a poor village in Ethiopia. The mission is to raise funds for rural electrification in a village of Ethiopia. A mini marathon has been operations, named as lets light Africa, in order to raise funds for the rural electrification. However, several methods and strategies have been used for making this event successful. Method For making this fundraising event, a successful one, the organization has conducted a two-day mini marathon, where the volunteers will sell printed t-shirts, water bottles and more goodies. There will be a registration fee, which the participants need to fill in, before taking part into this marathon. The sole purpose of the proposed campaign is to raise funds for rural electrification in a small village of Ethiopia. The method is quite simple but it focuses on ensuring that the event has a positive impact on the participants and also, provides them with a fun experience. However, selecting the right campaign is one of the most important aspects for raising funds. The organization has conducted a mini marathon as it will help in engaging audiences from every age group (Bray 2016). The registration fee for the event is just 100 dollars per person. This is a great way of raising money and engaging the local community as well. The indispensable two day event will provide the runners with fun and happiness. The overall campaign is aimed to have three major outputs; to provide electricity to a rural village in Ethiopia, encourage mini marathon participants to lead and practice a healthy life and to motivate them to marketing donations for such a noble cause. The first and foremost product the volunteers will sell is printed t-shirts, with the tagline, lets light Africa. This will help in attracting more and more people, who in turn can donate a chunk of their savings for this noble cause (Weinstein and Barden 2017). The t-shirts will be sold at the spot of the event, which will encourage the participants to buy those. In addition to this, water bottles and healthy food will also be sold on the spot. Participant safety is an important thing to be considered, while setting the route of the event. Furthermore, the most important product to be sold on the event spot is a pedometer. These pedometers will be branded with the logo of, lets light Africa. The benefit of this product is that, it will obviously help in raising funds for rural electrification and at the same time, the product will monitor the heart rate of the participants. In this way, they can decide upon their running distance (Snelgrove, Wood and Havitz 2013). Moreover, the organization has also designed a #funrun application, which will be sold via online at 3 dollars each. Strategies Before discussing about the implementation of the methods, it is important to set the strategies of how the organization is going to promote this event for a noble cause. While advertising the mini marathon, the organization needs to consider the target audience, at first. The marathon run is for a charitable cause; therefore, it will involve a wider section of the society with the target audience from nine years to pension holders. Additionally, it is immensely necessary for selecting the best mode of advertisements. Starting from traditional advertising to digital media promotions, all these methods will prove to be beneficial for promoting this charitable cause. Moreover, the organization should also distribute posters as well as do other volunteer works for contributing to the promotional activities (Saunders 2013). The volunteers must put up fliers and posters within the areas, where most fitness freaks will be willing to travel. A great way of promoting this event will be advertising at the gyms or gym equipment stores, which will grab the attention of the fitness freaks. In this way, it will help in promoting a healthy lifestyle and at the same time, it will assist in contributing to the charitable cause. Traditional marketing tools comprise newspaper, TV, radio, mail and poster advertisements. In addition to these methods of advertising, the organization should also consider the digital media, for promoting this event on the huge platform. With the advent of digital media, marketing and promoting events have become easier. Creating a web page is a must, which is absolutely free. It will also help in grabbing the attention of the media as well as interested sponsors and create a buzz about the noble event. There are numerous online communities as well as fan pages, which will help in encouraging the target audience to get involved in this charitable event (Payne, Scharf and Smith 2014). Implementation On implementing this event, it is important to take some important factors into consideration. These factors include; selecting a suitable road, suitable date, support from the police officials, ambulance, finding sponsors and others for promoting this event. Choosing the right venue and time is immensely crucial for the success of the event. The city of Melbourne is filled with a number of book able gardens, parks, reserves and promenades (Davis 2013). However, the starting point of the mini marathon will be at North Melbourne, where all the volunteers will distribute maps and other goodies to the runners. The ending point will be at East of Melbourne. The runners will get all the basic things like fine car parking facilities, washrooms, water stations, well marked route and others (Hall et al. 2013). Participant safety is the major concern here. Therefore, proper arrangements like ambulance facilities, security and others are also made. In addition to this, for the venue selection, permission from the State Government is being taken. Furthermore, police officials will be present at the venue for full security and safety. Traffic management and assessment procedures are also being undertaken. Moreover, permission from both the police officials and local council has been granted, keeping in mind that the event doesnt cause any harm to the participants. Apart than these factors, for finding the sponsors of this event, the organization has started holding promotional campaigns on digital and traditional media forms as well (Filo, Spence and Sparvero 2013). References Bray, I., 2016.Effective fundraising for nonprofits: real-world strategies that work. Nolo. Davis, C., 2013.An Analysis of Financially Successful Special Fundraising Events(Doctoral dissertation, University of Akron). Filo, K., Spence, K. and Sparvero, E., 2013. Exploring the properties of community among charity sport event participants.Managing Leisure,18(3), pp.194-212. Hall, D., Jones, S.C., Andrews, K.L. and Cridland, E.K., 2013. Community perceptions of and suggested fundraising strategies for local charities. Payne, A.A., Scharf, K.A. and Smith, S., 2014. Online fundraising: the perfect ask?. Saunders, S.G., 2013. The diversification of charities: from religion?oriented to for?profit?oriented fundraising.International Journal of Nonprofit and Voluntary Sector Marketing,18(2), pp.141-148. Snelgrove, R., Wood, L. and Havitz, M.E., 2013. Developing personal attachment to a psychology active charity event.International Journal of Nonprofit and Voluntary Sector Marketing,18(2), pp.133-140. Weinstein, S. and Barden, P., 2017.The complete guide to fundraising management. John Wiley Sons.