DDOS Attack and its Mitigation – Simulation in GNS3
Summary: A private LAN network comprising of hundreds of end devices and several servers in DMZ is protected by Cisco ASA (Firewall). In the internet the most commonly found network attack is to take down enterprise resources by DDOS(Distributed Denial of Service) attack either on Servers(which will impact hundreds of end users) or on the network resources like routers itself. In this practical simulation we will analyse how a DOS attack happens on web server placed in DMZ from the internet via traffic flooding, and how we can fine tune ASA to mitigate and stop further attacks on the network. Devices used: a) b) c) d) e) Attacker PC – Windows XP – Service Pack3 Web server (Simulated in
…show more content…
h) Let us configure the loopback adapter’s ip address as 20.1.1.100/24, and set the default gateway as 20.1.1.1 as shown in the below image. https://www.elance.com/s/feroz_sm/ https://www.odesk.com/users/~013128626566145b05 Page 5
i) The above configuration means that the virtual XP can also be access by the ip address 20.1.1.100 and the default gateway i.e. router’s interface which is connecting to the switch has an ip address of 20.1.1.1. j) In the next step, we are going to create a topology, through which we can simulate the DOS attack, after we create the topology, we have to connect our virtual XP to the topology, which actually represents the internet cloud, a server placed in the DMZ of a corporate (in actual configuration it is placed in Inside zone) and the attacker PC in the internet (i.e. the virtual XP). Between the internet(outside) and the Corporate LAN, we have placed an ASA(Adaptive security Appliance) version 8.4, which is has all the functionalities of a firewall and features like NAT, Routing, VPN, AAA services etc. hence it is called UTM(Unified Threat Management) device. The topology which we are going to use for the DOS simulation is in the below image.
https://www.elance.com/s/feroz_sm/ https://www.odesk.com/users/~013128626566145b05
Page 6
Configuration: a) Web Server – IP address: 10.1.1.100/24 Zone: Inside Device: Router c7200 used as a web server. Running configuration of this device : version 12.2
! Permit http access to the web server at 192.168.1.201 access-list 111 permit tcp any host 192.168.1.201 eq 80
NOTE THE FOLLOWING CHANGE: In the Preferred DNS server text box, type the following DNS Server Value: 192.168.111.250 (our classroom hardware is different from that of a Microsoft-only network)
In this report I will be describing the ways in which networks can be attacked, also be giving real life example of each of the below.
As part of the network security team, we will be proving IDI with a network security plan to mitigate the vulnerabilities that have been discovered. A secure site will be set up with network intrusion detection and network protection systems will be available to access via the internal network. Policies will be presented for remote access and the use of VPN. Also contained within this report will be strategies for hardening the network and mitigating risks. An updated network layout with increased network security to meet the current needs will be included.
The Apache Web server has a well established group dedicated to the discussion, identification, and correction of any security risk one might find in their software systems. By working with the dedicated teams at the Apache project center one learns “how to configure the product securely; and find out if a published vulnerability applies to the version of the Apache product you are using; if a published vulnerability applies to the configuration of the Apache product you are using; obtaining further information on a published vulnerability; the availability of patches and/or new releases to address a published vulnerability” (Apache). Cisco also offers more than enough information to configure the ASA 5510 Adaptive Security Appliance for the most secure VNP connections connected to the local network and the data stored within its boundaries. The greatest number of complaints made about computers and computer programs are that they run slowly and they produce inaccurate information. Research in technology is ongoing and improvements in these areas are apparent.
An extended ACL was created to filter traffic closer to the source and so traffic coming from the Host will be filtered.
1. You have a network address of 132.66.0.0 and a subnet mask of 255.255.224.0. Which three of the following are valid host addresses for the subnet 132.66.160.0?
1. You have a network address of 133.233.11.0 and a subnet mask of 255.255.240.0. Which three of the following are valid subnet addresses?
Denial of Service (DoS) attack is a very common cyber menace that renders websites and other online means inaccessible to intended users. There are various types of DoS threats and nearly all directly target the core server structure. Others abuse weaknesses in application and communication proprieties. DoS is also used as a cover-up for other wicked actions, and to take down security applications like web firewalls. A prosperous DoS attack is very obvious and impacts the entire online user base.
Today, security devices such as Firewall, IDS are used on the many organization's networks for preventing security attacks. But, these devices can only diagnose illegitimate traffic and prevent it. They cannot prevent attacks which are as a result of the network devices vulnerabilities in the switches, routers, and etc. A malicious user who is within the network can implement many attacks by using these vulnerabilities. This paper explains the kind of existing vulnerabilities in Cisco switches and methods of preventing these attacks from
For static IP address, type IP addresses with format (-- removed HTML --) /CIDR (Figure 3).
A user on the outside network sees a request addressed from 192.168.1.3 using port 80.
The purpose of this project is to design a WAN (wide area network) using a Cisco Packet Tracer simulation. The Step by step instructions included in this project are designed to help provide an inside view of how to design any type of network using the Cisco Packet Tracer network simulation software. In addition i will also be looking at other software’s that are similar to the Cisco Packet Tracer and analyse the strengths and weaknesses of the software. I will also be looking into the types of network devices needed to design a WAN. Finally, I into the types of network architecture, network topologies and security management suitable for my design network project.
Second, if the IP address is available in the database, then the traffic from it will be blocked. Else, it is forwarded for the further calculation.
Please let me know if this was helpful or if you need anything else. Remember that using 10. address space is not necessary, you can use 172.29.x or 192.168.x as well. It is just a little more flexible if