NT-DoS
.pdf
keyboard_arrow_up
School
Valdosta State University *
*We aren’t endorsed by this school
Course
4625
Subject
Computer Science
Date
May 16, 2024
Type
Pages
3
Uploaded by mnvandyke2003 on coursehero.com
CS 4625 (Network and System Security) Assignment/Class Activity 11 [Spring 2021]
Network Traffic and Denial of Service –
using GENI Caution! This exercise is only for learning purpose. Do not use the technique to target a system for Denial of Service (DoS) attacks. Targeting a system for DoS (or, DDoS) is considered cybercrime and can be punishable. In this exercise we will use VMs in GENI framework to generate network traffic to examine a denial-
of-service (DoS) attack. This attack (or, its distributed variation called DDoS) deprives, temporarily or for prolonged time, legitimate users to get services from the target system. For example, a DoS attack against a web-server may prevent users to get the web-content provided by the server. Objective of this activity is to: •
Use GENI to set up network topology •
Learn generating regular and DoS network traffic •
Analyze network traffic and make inference [
You are strongly encouraged to complete HelloGeni exercise prior to this activity. Execute the steps and note the results in document. In fact, you need to answer some questions. If needed, take screenshots. You need to submit the document after completing the lab. You may need to submit additional files, as instructed at the end.
] Deliverable: A word document file with screenshots, observations, and answers as instructed (highlighted in yellow). Name the file as DoS_lastname.docx
where lastname is your last name. Include your name and task identifier (DoS using GENI) at the top of the file. Section 0: Set up the network topology using GENI 1.
Create and new slice under the project and add resources. 2.
From the resource pane on left, drag and drop 3 VM nodes and one OVS node onto the work area. 3.
Click on any VM node. On the left pane, you will have the default name node-0 or node-1 or node-2 for this node. Change the node label to “
user
”
. Change the other two VM nodes’ label to “
victim
”
and “
attacker
”
. Name the OVS node as OVS. 4.
Connect all the VM nodes to the OVS node. Now your network topology should look like as follows:
Click on ‘Site 1’ and select any ‘aggregate’ from the left pane. Reserve resources and wait until all nodes turn green. While waiting for your resources, answer the following questions: Question: Based on educated guess, describe the purpose of each node in the topology. If your resources are available now, SSH into all the nodes in the topology. (
Follow the steps you executed in the ‘HelloGENIexperiment’ activity
). Section 1: Running the experiment 1.
On the terminal corresponding to “user”, execute the command ping victim
. Wait few seconds and then cancel the command using Ctrl-C. 2.
Copy-paste in the document first 3 lines of the result of ping that were displayed on the terminal. 3.
On the “victim” terminal, execute the command
sudo tcpdump -i eth1
4.
On the “user” terminal, execute
ping victim
5.
After a few seconds, press Ctrl-C on both terminals to stop the command executions. 6.
Take a look at the “victim” terminal and copy the lines that were printed on the terminal. Do you think these lines have any relation to the command entered on the “user” machine terminal? 7.
Take a look at the “user” terminal and copy the lines that were printed on the terminal. What time units are used in the ping statistics? 8.
If you have observed any RTT in these lines, explain what is it? (
You may search Google for the abbreviation but include sources/sites.
) 9.
Explain whether the ping statistics from 7 indicate a fast or slow network. (
You may search Google for network speeds for comparison but include sources/sites.
) Section 2: Generating regular and DoS traffic and making observation 1.
On the “victim” terminal, execute the command iperf -s
2.
On the “user” terminal, execute the command iperf -c
victim
3.
Wait few minutes and then copy the lines that were printed on the “user” terminal.
4.
Now go to “victim” terminal and press Ctrl
-C to stop the command execution. Then on this terminal (“victim”), execute the command ping ovs
, and note down the IP displayed. Also take a screenshot of this and add it to your document.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Related Questions
113
Spoofing attack is
a) an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network.
b) a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access.
c) a toolkit for hiding the fact that a computer’s security has been compromised, is a general description of a set of programs which work to subvert control of an operating system from its legitimate (in accordance with established rules) operators.
d) None of these
arrow_forward
(b)
Cross-site request forgery (CSRF) attacks and defenses.
What is a CSRF attack and why do the attacks happen?
Solution:
Give an example of attack scenario of CSRF and its consequence. Describe a solution
to prevent the attack.
Solution:
arrow_forward
Question 2: Access Control A significant cause of security breaches is inappropriate entitlements. This can be caused by incorrect initial access rights settings, accumulation of entitlements over time, or even improper access rights for a user that were intentionally set by a rogue collaborating administrator. Entitlement accumulation can result from a lack of maintenance when an employee changes positions and maintains all of his or her old access rights. One frequent mistake many organizations make is terminating administrators while not immediately de-provisioning their accounts and removing all access rights.
i. Discuss the why the mistakes identified are seen as problems ii. Propose your solution to these problems. Support you answers with concepts learnt in class.
arrow_forward
c) You are in charge of designing a secure Internet Banking System. While designing the
system, you need to consider several aspects of information security, such as:
i) user authentication, ii) bank server authentication, iii) distribution of the public key (if
using an asymmetric cipher), iv) distribution of the symmetric key (if using a symmetric
cipher), v) confidentiality of the communication between the user and the bank server, vi)
integrity of the communication between the user and the bank server, vii) non-repudiation.
To address these design goals, you may need to use a combination of different types of
cryptographic/security primitives.
Symmetric
Asymmetric
Message
authentication
Digital
encryption signatures exchange
Hash
Public key
Key
Digital
Certificate
Ciphers
functions
cades (MAC)
Stream
Block
ciphers
ciphers
Figure 3: Basic cryptographic building blocks
Select appropriate primitives that you propose to address each of the above security
goals and provide necessary…
arrow_forward
101.
A vulnerability scanner is
a) a prepared application that takes advantage of a known weakness.
b) a tool used to quickly check computers on a network for known weaknesses.
c) an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network.
d) a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access.
arrow_forward
b) Describe THREE (3) principles required to apply the access control.
arrow_forward
To what extent can a single individual organize the launch of a DDoS attack?
arrow_forward
For each of the following requirements, identify the best choice of degree ofdurability in a remote backup system:a. Data loss must be avoided, but some loss of availabilitymay be tolerated.b. Transaction commit must be accomplished quickly, even at the cost ofloss of some committed transactions in a disaster.c. A high degree of availability and durability is required, but a longer runningtime for the transaction commit protocol is acceptable.
arrow_forward
One of the most basic concepts in the field of Information Security is the CIA Triad or CIA Triangle. This was mentioned briefly in Chapter 1 of your text. CIA stands for Confidentiality, Integrity, and Availability. Denial of Service (DoS) attacks challenge the "Availability" of a system or data. This could be temporary (e.g., a SYN Flood Attack that renders a web server unavailable during the attack) or permanent (e.g., the deletion or destruction of the data).
The latter of these has become increasingly common in the case of "ransomware" which is malware that encrypts all of the data on an infected system and the administrator is notified that if they don't pay a ransom by a certain date that the key to decrypt the data will be permanently deleted. (NOTE: This is conspicuously absent from the books discussion on malware but is a MAJOR issue right now.) While the temporary attacks may be less destructive, they are often done against systems that generate a lot of money (such…
arrow_forward
For each of the following requirements, identify the best choice of degree of durability in a remote backup system: a. Data loss must be avoided, but some loss of availability may be tolerated. b. Transaction commit must be accomplished quickly, even at the cost of loss of some committed transactions in a disaster. c. A high degree of availability and durability is required, but a longer running time for the transaction commit protocol is acceptable.
arrow_forward
True or False
1. authentication exchange is the use of a trusted third party to assure certain properties of a data exchange
2. a loss of integrity is the unauthorized modification or destruction of information
3. the denial of service prevents or inhibits the normal use or management of communication facilities
arrow_forward
This type of Access Control Model uses labels to identify both subjects, and
objects. It provides the highest level of security when compared to other models,
and is usually by the military to ensure that data is protected in mission-critical
systems:
m
Select one:
O a. Mandatory Access Control (MAC)
O b.
Discretionary Access Control (DAC)
Role-based Access Control (RBAC)
O. C.
O d. Rule-based Access Control (RBAC)
e.
Non-Discretionary Access Control (Non-DAC)
arrow_forward
Describe an access control situation using one of the four techniques. What makes this choice unique?
arrow_forward
Take into consideration the various types of access control mentioned below, and choose some example scenarios. This is an example. • Discretionary Access Control (DAC), • Mandatory Access Control (MAC), • Role-Based Access Control (RBAC), • Attribute-Based Access Control (ABAC), • Rule-Based Access Control (RBAC), • Risk-Adaptive Access Control (RAC), • Identity-Based Access Control (IBAC), • Organization-Based Access Control (OBAC), •
arrow_forward
Have an idea about all types of Access control models (Provided below) and pick out some example scenarios where these can be applied. An example is provided. • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Role-Based Access Control (RBAC) • Attribute-based Access Control (ABAC) • Rule-Based Access Control • Risk – Adaptive Access control • Identity-Based Access Control • Organization Based Access Control
arrow_forward
There are several approaches to access control, each with its own strengths and weaknesses. For at least three or more of the following, Mandatory access control (MAC), discretionary access control (DAC), Role-based access control (RBAC), and Rule-based access control (RBAC), and Attribute-based access control (ABAC), provide examples from web searches, in which each is used and why?
arrow_forward
A technique known as Mandatory Access Control (MAC) enables data owners to establish and manage access control policies on their own terms. Choose one: Is this true or false?
arrow_forward
1. Lipner's model: we have security levels and integrity levels assigned
as follows. In security level, the AM > SL; in integrity level, the ISP >
IO > ISL. Please complete the access control matrix to show the rights
(read and write) that each subject has over each object. Assume that
discretionary access controls allow anyone access
Subjects
Security Level
Integrity Level
(SL, { SP })
(SL, { SD })
Ordinary users
(ISL, { IP })
Application developers
(ISL, { ID })
System programmers
(SL, { SSD })
(ISL, { ID })
System managers and
(AM, { SP, SD, SSD })
(ISL, { IP, ID})
auditors
System controllers
(SL, { SP, SD })
(ISP, { IP, ID})
Objects
Security Level
Integrity Level
Development code/test data
(SL, { SD })
(ISL, { IP} )
(SL, { SP })
(SL, { SP })
(SL, Ø)
(SL, Ø )
(SL, { SSD })
(10, { IP })
(ISL, { IP })
(10, { ID })
Production code
Production data
Software tools
System programs
(ISP, { IP, ID })
System programs in
(ISL, { ID })
modification
System and application logs
(АМ, ( арpropriate…
arrow_forward
Within the context of Network/Information security, AAA stands for:
a. Authentication, Authorization, Accounting
b. Accessibility, Availability, Accountability
c. Accounting, Accreditation, Authorization
d. Authorization, Access Control, Availability
arrow_forward
A health care centre suffers from very low information security in terms of maturity across many elements of infosec and information assurance, including cyber resilience and application of cybersecurity good practice. Patients expect a high level of protection of their data; however, data breaches can put the reputation of the institute at risk. It is highly recommended that a certain level of filtering is imposed for the network to be secure so as to sustain from threats and attacks. Let us assume that you are hired by the health care centre to develop an information security plan to identify the possible threats to the organization. For example, it is necessary to identify the important services (e.g., website, booking portal, electronic health equipments…) that the healthcare centre is running. The criteria that you need to address based on the given scenario is summarized into two parts: Part A: 1. Assessing the current risk of the entire business 2. Treat the Risk as much as…
arrow_forward
How do avoiding and preventing deadlock differ?
arrow_forward
"Why are authorization lists so sensitive to unauthorised alteration that they need to be encrypted and protected? What kind of damage could take place if these files were altered in an unanticipated or unexpected way?
arrow_forward
SCENARIO 1: You have just completed a routine security audit on the company’s information systems, and you found several areas of vulnerability. For example, file permissions have not been updated in some time, no comprehensive password policy exists, and network traffic is not fully encrypted. You noted these areas, among others, in a report to your supervisor. The report included specific recommendations to fix the problems. Your supervisor responded by saying that budgets are tight right now, and she could not approve your requests to resolve these issues. As an IT professional, you are very uncomfortable with the risk level, but you have been unable to sway your supervisor. When you discussed the situation with a colleague, he said, “Why worry about it? If it’s good enough for her, it should be good enough for you.”
What do you think of your colleague’s advice, and why? Is this an ethical question? If you are still is uncomfortable, what are your options?
SCENARIO 2: You work for a…
arrow_forward
What is DDOS attack?
If two conties have conflicts, affects of DDOS on the country being attacked and country attacking BOTH.
**NOTE: It has to be in your own words.
arrow_forward
Question 5 (practical): A government agency where you are currently employed
has claimed that one of their servers has been slowed. The primary responsibility
of this server is to provide web-based access to internal users. They captured
network traffic after some investigation to aid in the analysis of any suspicious
activities. In addition, they agency asked you as the cybersecurity expert to do
this job by analyzing the captured network traffic. You should examine the file
"MCBS.pcap". Then you may be required to answer the following questions.
a) Type of attack
b) IP address of sender
c) IP address of recipient/server
d) Which port number(s) used?
e) Any suggestion to mitigate?
arrow_forward
The distinction between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS) is as follows:
NIPS can react to an assault far faster than other types of defenses. Attacks are more useful when they are detected by an NIDS. b
Because it makes use of protocol analysis, an NIPS is considerably slower.
Due to the fact that NIDS and NIPS are both equal, there is no difference.
arrow_forward
Assume that a self-driving, software-driven (for example the “Tesla”) car connects to conventional computer networks for communication and update purposes.
(a) Explain how the Separation of Duty principle could be applied to prevent an attacker from installing a malware program on the software within the car. Include any limitations to your approach.
(b) Next, Bob has a special mobile application that communicates wirelessly with his car using keystream xor encrypted messages, and Bob’s spouse happens to use the same application on a separate device.
Notably, the application uses the same keystream bits for both Bob and his spouse, since they both use the car. Explain any attacks you can conceive against their car keys/car.
arrow_forward
SEE MORE QUESTIONS
Recommended textbooks for you
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Related Questions
- 113 Spoofing attack is a) an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network. b) a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access. c) a toolkit for hiding the fact that a computer’s security has been compromised, is a general description of a set of programs which work to subvert control of an operating system from its legitimate (in accordance with established rules) operators. d) None of thesearrow_forward(b) Cross-site request forgery (CSRF) attacks and defenses. What is a CSRF attack and why do the attacks happen? Solution: Give an example of attack scenario of CSRF and its consequence. Describe a solution to prevent the attack. Solution:arrow_forwardQuestion 2: Access Control A significant cause of security breaches is inappropriate entitlements. This can be caused by incorrect initial access rights settings, accumulation of entitlements over time, or even improper access rights for a user that were intentionally set by a rogue collaborating administrator. Entitlement accumulation can result from a lack of maintenance when an employee changes positions and maintains all of his or her old access rights. One frequent mistake many organizations make is terminating administrators while not immediately de-provisioning their accounts and removing all access rights. i. Discuss the why the mistakes identified are seen as problems ii. Propose your solution to these problems. Support you answers with concepts learnt in class.arrow_forward
- c) You are in charge of designing a secure Internet Banking System. While designing the system, you need to consider several aspects of information security, such as: i) user authentication, ii) bank server authentication, iii) distribution of the public key (if using an asymmetric cipher), iv) distribution of the symmetric key (if using a symmetric cipher), v) confidentiality of the communication between the user and the bank server, vi) integrity of the communication between the user and the bank server, vii) non-repudiation. To address these design goals, you may need to use a combination of different types of cryptographic/security primitives. Symmetric Asymmetric Message authentication Digital encryption signatures exchange Hash Public key Key Digital Certificate Ciphers functions cades (MAC) Stream Block ciphers ciphers Figure 3: Basic cryptographic building blocks Select appropriate primitives that you propose to address each of the above security goals and provide necessary…arrow_forward101. A vulnerability scanner is a) a prepared application that takes advantage of a known weakness. b) a tool used to quickly check computers on a network for known weaknesses. c) an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network. d) a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access.arrow_forwardb) Describe THREE (3) principles required to apply the access control.arrow_forward
- To what extent can a single individual organize the launch of a DDoS attack?arrow_forwardFor each of the following requirements, identify the best choice of degree ofdurability in a remote backup system:a. Data loss must be avoided, but some loss of availabilitymay be tolerated.b. Transaction commit must be accomplished quickly, even at the cost ofloss of some committed transactions in a disaster.c. A high degree of availability and durability is required, but a longer runningtime for the transaction commit protocol is acceptable.arrow_forwardOne of the most basic concepts in the field of Information Security is the CIA Triad or CIA Triangle. This was mentioned briefly in Chapter 1 of your text. CIA stands for Confidentiality, Integrity, and Availability. Denial of Service (DoS) attacks challenge the "Availability" of a system or data. This could be temporary (e.g., a SYN Flood Attack that renders a web server unavailable during the attack) or permanent (e.g., the deletion or destruction of the data). The latter of these has become increasingly common in the case of "ransomware" which is malware that encrypts all of the data on an infected system and the administrator is notified that if they don't pay a ransom by a certain date that the key to decrypt the data will be permanently deleted. (NOTE: This is conspicuously absent from the books discussion on malware but is a MAJOR issue right now.) While the temporary attacks may be less destructive, they are often done against systems that generate a lot of money (such…arrow_forward
- For each of the following requirements, identify the best choice of degree of durability in a remote backup system: a. Data loss must be avoided, but some loss of availability may be tolerated. b. Transaction commit must be accomplished quickly, even at the cost of loss of some committed transactions in a disaster. c. A high degree of availability and durability is required, but a longer running time for the transaction commit protocol is acceptable.arrow_forwardTrue or False 1. authentication exchange is the use of a trusted third party to assure certain properties of a data exchange 2. a loss of integrity is the unauthorized modification or destruction of information 3. the denial of service prevents or inhibits the normal use or management of communication facilitiesarrow_forwardThis type of Access Control Model uses labels to identify both subjects, and objects. It provides the highest level of security when compared to other models, and is usually by the military to ensure that data is protected in mission-critical systems: m Select one: O a. Mandatory Access Control (MAC) O b. Discretionary Access Control (DAC) Role-based Access Control (RBAC) O. C. O d. Rule-based Access Control (RBAC) e. Non-Discretionary Access Control (Non-DAC)arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage LearningManagement Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,