After reading this week\'s materials, please respond to Two of the following que
ID: 3811711 • Letter: A
Question
After reading this week's materials, please respond to Two of the following questions.
1.Describe the functions of hubs/repeaters, bridges, switches, routers, and gateways. At what layers of the OSI model does each device operate?
2. Describe the following types of network attacks: denial of service (and DDoS), malformed packet attacks, flooding, sniffing, Ransomware, DNS hijacking, and drive-by download. Give an example of a DoS or DDoS attack and describe how it overwhelms a target system.
3. Depending on their needs and budget, companies can choose from a variety of perimeter security options. Discuss the differences between packet-filtering, stateful inspection, proxy, dynamic packet filtering, kernel proxy, and next generation firewalls and how they provide security filtering to protect the perimeter.
Explanation / Answer
Answer 1:
HUB: A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets. These operate at first layer. i.e. Physical layer of OSI model.
SWITCH: In networks, a device that filters and forwards packets between LAN segments. Switches operate at the data link layer (layer 2) and sometimes the network layer (layer 3) of the OSI Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs.
ROUTER: This device forwards data packets along networks. It is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP.s network. Routers are located at gateways, the places where two or more networks connect. Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts. Routers work at network layer of OSI model.
GATEWAY: It is an internetworking system capable of joining together two networks that use different base protocols. A network gateway can be implemented completely in software, completely in hardware, or as a combination of both. Depending on the types of protocols they support, network gateways can operate at any level of the OSI model. Because a network gateway, by definition, appears at the edge of a network, related capabilities like firewalls tend to be integrated with it. On home networks, a broadband router typically serves as the network gateway although ordinary computers can also be configured to perform equivalent functions.
Answer 2:
DOS attack: DOS attack refers to Denial of Service attack. It is a kind of cyber attack where a hacker hacks the network of a system and makes it unavailable for the users which results in interrupting the internet services of the machine. In other words, access to online services is denied for the user. Any type of network service can be disrupted by DOS attacks be it either bank website or an e-commerce website.
Malformed packet attack: It refers to any attack that utilizes nonstandard packets to cause denial of service. Malformed packet attacks generally exploit errors in the Transmission Control Protocol/Internet Protocol (TCP/IP) stack of the victim system by sending atypically formatted packets.
Flooding: Flooding is a Denial of Service (DoS) attack that is designed to bring a network or service down by flooding it with large amounts of traffic. Flood attacks occur when a network or service becomes so weighed down with packets initiating incomplete connection requests that it can no longer process genuine connection requests. By flooding a server or host with connections that cannot be completed, the flood attack eventually fills the host's memorybuffer. Once this buffer is full no further connections can be made, and the result is a Denial of Service.
Sniffing: Sniffing involves capturing, decoding, inspecting and interpreting the information inside a network packet on a TCP/IP network. The purpose is to steal information, usually user IDs, passwords, network details, credit card numbers, etc. Sniffing is generally referred to as a “passive” type of attack, wherein the attackers can be silent/invisible on the network. This makes it difficult to detect, and hence it is a dangerous type of attack.
Ransomware: Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key. Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.
DNS hijacking: It is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogue DNS server, thereby invalidating the default DNS settings. In other words, when an attacker takes control of a computer to alter its DNS settings, so that it now points to a rogue DNS server, the process is referred to as DNS hijacking.
Drive-by download: A drive-by download refers to potentially harmful software code that is installed on a person's computer without the user needing to first accept or even be made aware of the software installation. Drive-by downloads are a form of malware typically found on compromised web pages. By simply "driving by," or visiting the web page, the drive-by download begins to download and is then installed in the background on the computer or mobile device without alerting the user.
Example of DOS attack: Hong Kong’s Democracy Movement Flustered -
This attack does not deal with anything U.S. related. This story shows that DDoS attacks can occur world wide to foreign governments and corporations as alike.
A grassroots moment located in Hong Kong wanted to bring destruction to the Chinese government back in June 2014. This movement is called Occupy Central. They organized one of the biggest and most famous DDoS attacks in history.
Occupy Central used this DDoS attack against the Chinese government because they wanted a one man one vote system when electing officials to represent political office. At the time, the government didn’t allow for such a voting system. Only 1,200 members apart of an election committee were allowed to vote on who would be the next political leader.
This all led Occupy Central to push their DDoS attack forward and brought down a major political website.