Assignment 2: LASA 1: Analyzing and Preventing Network Attacks Consider the foll
ID: 3592898 • Letter: A
Question
Assignment 2: LASA 1: Analyzing and Preventing Network Attacks
Consider the following scenario:
You work for a large online retailer that specializes in selling fishing equipment. This company has most of the market share for online fishing equipment sales and receives thousands of hits on its website every day.
Recently, three disgruntled employees were dismissed from the company. Later, the company noticed that the company web servers were being overwhelmed with bogus connections and web requests during peak utilization hours. Management suspects that one or more of these employees may be initiating distributed denial-of-service (DDoS) attacks to disrupt company operations and sales.
As the senior network specialist, you have been asked to analyze these attacks, recommend methods to enhance security to prevent future attacks, and describe how enhanced authentication can increase security.
Tasks:
Part I: Create a 3-page report on the following aspects:
1.Create an After-Action Report for management that describes how this type of attack could have occurred.
2.Analyze and explain how using specific industry best practices can protect the company network.
3.Determine and explain security measures, in detail, that you would recommend to enhance security.
4.Include how cryptography and authentication can support security.
Part II: Overview to Management (approximately 3 pages)
In Part I of this assignment, you provided a background about how the DDoS attack occurred and described how industry best practices could help prevent future attacks. Assume that the online retailer is using Internet Information Services (IIS) 7.5 on Windows Server 2008 R2.
1.Create a memo to management recommending specific enhancements to improve security on the Windows Server 2008 web server.
a. Describe the common vulnerabilities of IIS 7.5.
b. Describe the countermeasures to DDoS using Window native technologies or services.
c. Recommend security enhancements or software to lockdown the web server.
The final report will be in a Microsoft Word document and be approximately 5–7 pages in length; utilize two scholarly sources in your research. Your paper should be written in a clear, concise, and organized manner; demonstrate ethical scholarship in accurate representation and attribution of sources; and display accurate spelling, grammar, and punctuation.
Explanation / Answer
Question 1
The attack could have occured for the following reasons :-
a.Butter overflow attack-This is one of the most common DOS attack.Its aim is to send huge number of traffic to the network which it cannot handle.As a result it locks up the whole system with such huge request.
b.ICMP flood-It takes one of the misconfigured network by sending dummy packets thats oing on every machines except a particular machine.After that this network is triggered to increase the traffic flow.This is also known as ping of death.
c.SYN flood - This one sends a request to the server but it never completed the handshakes.As a result this leaves the port opened to be used.
Question 2
The attack can be stopped by using the following ways:-
a.The company needs to purchase a lot of bandwidth.It prevents the attacker as he cannot jam the network.
b.To have a proper detection techniques whcih will help to identify the difference between legitimate and malicious traffic.
c.Use of throttling and rate limiting technilogies can prevent the attack a greater strength.
Question 3.
Security measure which should be taken by the company are
a.First of all the comapny need to purchase a lot of bandwidth.
b.HAve a proper detection method to identify the traffic.
c.Use of throttling and rate limitng techniques.
d.Keeping a strong firewall.
e.Have all the anitvirus and security features upto date.
Question 4.
Cryptography and authentication can support security
When a data is encrypted , it is done with a particular key and that key is not known to anywone except the user.So for other the message seems nothing but some meaningless charecters.The other end of the user when supplied with the key can decode the message and have it.So having a encryption increses the security standard of an organisation.