IT Professionals: IT Security Ethical Hacking Essay

Question:

Discribe about the IT Professionals,IT Security Ethical Hacking ?

Answer:

Executive Summary:

Penetration testing is the name given to Ethical hacking it is a superior, unpleasant form of testing the security designed to give the analysis of technical in deep of the environment’s target vulnerability to utilization and attack. An ethical hacking goes away from risk assessment as basic and techniques which are automated and also relies on the professional of skilled security. An ethical hacking will test the target which might comprise anything from the web or applications of client-server to components which are based on infrastructure to hosting the environments.

In this assignment we have provided some of the frequent faced problems in this scenario and from those I have elaborated 2 of them which will be faced very frequently and out of those 6 issues I have illustrated 2 of them in depth and provided the solutions for them.

After reviewing the packet below are the errors which we got from error packets, the 6 problems which were faced on this case study:

1. Dos Attack: The Distributed Denial of Service (DDoS) which will attack is an effort which will make the unavailable of online service by just overwhelming with the traffic from numerous sources.
2. Ping of Death: The command of ping is typically used which will test availability of the resources of network. It will works by just sending data packets which are small to the resources of network.
3. Smurf: This attack will use huge quantities of the traffic of Internet Control Message Protocol (ICMP) to ping which is target at an Address of Internet Broadcast.
4. Buffer Overflow: Buffer is the storage location which is temporal in RAM which will be used for holding data so that CPU can influence before it will write that back to disc. Buffers have the limit on size.
5. Teardrop: This attack will use huge packets of data. TCP/IP will break them into the fragments which are assembled on receiving host.
6. SYN attack: Synchronize is the short form as SYN. In this attack it will take advantage of three-way handshake which will set up the communication using the TCP.
7. Whitelisting Application: Whitelisting Application is the practical technique of security where only the incomplete set of accepted programs which are permissible to run, whilst all other programs (adding mainly malware) are blocked from organization by default. In difference, the policy of standard imposed by mainly systems of operating which permits all users to run and download any program which was decides. Whitelisting Application facilitates only administrators, not users, to choose which programs will be permitted to run.

And below we have discussed broadly on “Dos attack” and “Ping of death” with the solutions. (It, 2014)

Problems faced in the scenario:

1. Dos attack:

In this attack there is a target on vast variety of resources which are important, from websites based on news to banks, and the main challenge is to make sure to the people so that they can access the information which is important and can publish it. This refutation of attacks to service is known as distributed because they arrive from so many computers at one place and at once. DoSer controls the computers of huge number which can be infected by the Trojan virus. This virus is the small application which will allow capabilities of remote control-and-command of computer without knowledge of user’s.

The computers which are infected by virus are known as zombies – because they will perform whatever commands of DoSer ask them to perform. Botnet or robot network was known for a huge group of computers which are affected by zombie.

It can happen that the computer which you are using can be affected by botnet and you are not aware of it. This is because there will be no difference in your computer which can be noticed, the only difference is sometimes you will find your computer will not be as quick as before it was. This is because sometime it is busy in participating in the attack of Dos when you are using your computer. Alternatively, you can catch this virus when your ISP (internet service provider) will drop the services which are provided to your affected computer as the computer start sending an unusually huge numbers of requests based on network.

2. Ping of Death

Ping of death sends the packets of data above its maximum limit (i.e 65,536 bytes) that was allowable by TCP/IP. Fragmentation of TCP/IP will break the packets into little chunks that will be sent to server. Because the data packages which are sent are larger than the capacity of server handle, it will freeze, crash or reboot the server.

3. Smurf

All replies which we get will be sent to victim instead of IP which are used for pings. Since the single Address of Internet Broadcast will support maximum hosts of 255, thus the attack of smurf will amplifies the single ping with 255 times. This effect will slow down the network at some point of time where it will be impossible to utilize it.

4. Buffer overflow

In this attack it will load the buffer with huge data that its capacity to hold. Due to which there is an overflow of buffer and it will corrupt the data which it holds. Just for an example of a buffer overflow is sending an email with the file names which are having 256 characters.

5. Teardrop

The attacker will influence the packets which will be sent so that they will overlap each other. Due to this it can cause victim which is intended to crash as it will try for packets to re-assemble.

6. SYN attack

This SYN attack will work by flooding victim which will incomplete the messages of SYN. This will cause the machine of victim which allows resources to allocate memory which will never be used and it will deny access to the users which are legitimate.

Although Dos attacks on application-layer are much harder to distinguish, mitigation expert of DoS in the Security Operations Center (SOC) will know what we have to look– and we will be looking that always.

7. Disadvantage of Whitelist:

This needs presentation overhead which will implement whitelist (fluctuates really depending on accomplishment) .It also needs standard maintenance of whitelist which will add fresh applications and it eliminate ones which are not longer approved Causes various users which will be infuriated as they cannot run and download the applications at their will.

Ping of Death

In this assume that Windows are used, also assume that we have at least two of the computers which are connected and will be sharing the same network. This attack of DOS is considered as illegal on the networks which was not authorized by us to perform. Thus for such exercise we have to setup our own network which we can configure.

On destination computer open command prompt.

Type ipconfig as command and enter. The result which you will get is similar as below:

Here in this example we will be using the connection details of Mobile Broadband. Note down the IP address. Note: to make this example more effective you should use LAN network.

Switch to source computer which will be used for attack and then command prompt will be opened. Then victim computer will be pinged with data packets which are infinite in number of 65500.

Then below command will be entered

ping 10.128.131.108 –t -65500

HERE,

  • Command “ping” will send the packets of data to victim.
  • Victim IP address is as “10.128.131.108”
  • Command “-t” means that the packets of data will be sent until program will be stopped
  • Command “-l” means that the load of data will be sent to victim

Results which will be displayed will be same as shown below:

Flooding the computer of target user with packets of data doesn’t have more consequence on victim. In arrange for attack to be more efficient, we will attack the computer of target with more pings from various computers.

We will use above attack to web servers, attacker router etc.

It the effects of the attack have to be seen on destination computer, for that open task manager in computer and then view the activities of network.

  • On task bar perform Right click
  • Then task manager has to be selected
  • Then click on network tab
  • The result which you will get will be similar as shown below:

If there is a successful attack, then you will be able to view activities of network will be increased.

Launch the DOS attack

Here in this scenario which is practical, we are using Namesy which will be used for generating the packets of data and then it will flood the computer of target user, its server or router.

As mentioned above, an illegal program which is Nemesy will be detected by the anti-virus. So, for such exercise we should disable the option of anti-virus.

  • From below link download Nemesy
  • Run the Nemesy.exe program after unzip it.
  • Then you will able to view the interface which is shown as below:

Then target IP address will be entered, here we have used target IP address as shown as above.

HERE,

If number of packets will be 0 then it means as infinity. If you want to send some of the desired number of packets instead of infinity then you can set the number.

Thefield of size will be specifies the sent data bytes and then the delay will specifies the interval of time in the milliseconds.

Then Click on the send button and the result which you will be able to view will be shown as below:

On title bar you will be able to view the number of packets which will be sent

Then you can click on the halt button so as to stop program from sending packets of data.

Task manager of the computer for target user can be monitored to view the activities of network.

Solution for these issues:

Vulnerability will be known.

We will get a lesson from DDos and its hacktivist group which is sister of Lulzsec use will be that some site which will be used is at high risk. “The sector of finance, which will not be considered as itself the major target, will be forced urgently and be hit to tackle the circumstances of threatening”.
DoS attacks will be cheap for launching, rather than tough to stop them.
"DDos 5,600 zealots will be blasted at once," as this was boasted by Anonymous on the Twitter, which will be taken down by websites of everybody from the Department of Justice and FBI to Picture Association of Motion for the America and the Industry of Recording Connection of the America
Plan ahead.
Preparation will be required for stopping the DDos attacks. "It requires doing all which can be used to boost availability and resiliency."
Secure the potential bottlenecks.
The survey in which 135 people data was used will be conducted by Radware with expertise of security of information --containing CIOs, managers of IT as well as the CISOs--observed that the bottlenecks which they have skilled incorporated the attack on server (for 30%), the pipeline of Internet (27%), thefirewall (24%), a prevention which is intrusion or system detection (8%), the SQL server (5%), or the balancer used for load (4%).
Watch what is going to happen on network.
If the prevention—which will include infrastructure securing and ensuring that it will scale reasonably for handling sharp will be increased in the traffic of packet—will be the first step, second step will be monitoring the network actively.
Look past huge attacks.
Traditionally, most accepted sort of the attack of DDoS --and one of the majority used by the Anonymous-- been the flood of packet.
Beware application-layer attacks.
As per Radware's report, "it is greatly easier to identify and block the flood network attack--which will be used for sending the huge quantity of the inappropriate traffic like floods of UDP, TCP floods and SYN floods.
Watch for the attacks which are blended.
Identification can provide still trickier if the attackers will create targeting for more than one of the purpose at the time, possibly jointly with the package overflow. "Attackers will be frequently probable to unite together attacks of the package overflowing with the layer of application of DDoS, which will raise their success probability”.
Construct friends of upstream.
Huge attacks canoverpower the major network of enterprise. "Employment very personally with the Service provider of Internet --or for the international. They will construct the associations and in advance the communication lines.
Believe the countermeasures.
As the validity of definite sort of the attack of the countermeasures is considered as an open question, as per Radware the network mechanism will be capable to automatically alleviate which will suspect the attacks of DDoS. Just for an example, it can noiselessly drop the packets questionable, or it will send the reply of TCP to the attacker which will advertises "where size of the window will be equals to 0," which states that for the time being, none of the new data will be acknowledged.
Security stacks for TCP/IP:
Stack of TCP/IP is the communication protocols set which is used for few others networks which are similar and Internet. TCP/IP surrounds 4 layers.

Application Layer (process-to-process):

This is range within which request will be created by user of data and it will communicate the data to additional applications or processes on same or another host. The partners of communications are frequently known as peers. This is somewhere the protocols of "higher level" like FTP, SSH, SMTP, etc. operate.

Transport Layer (host-to-host):

The Layer of Transport comprises the networking command between hosts of two networks, either on network of local or on networks of remote estranged by the routers. The Layer of Transport gives an interface to uniform networking which will hides definite topology (layout) of connections with underlying network.

Internet Layer (internetworking):

The Layer of Internet has task of exchanging data grams athwart boundaries of network. It is consequently known to as layer which will found internetworking, certainly, it establishes and defines the Internet. This Internet layer describes the structures of routing and addressing used for protocol suite of TCP/IP.

Link Layer:

This Link layer describes the methods of networking within the range of network link which is local on which hosts will communicate without routers intervening. This Link layer defines the protocols which are used to define the network topology which is local and the boundary required to influence transmission of Layer of Internet datagrams to hosts the next-neighbor.

Tor Bridging:

Using the bridge which is helpful when it need to connect to network of Tor, still ISP is jamming the connections to called Tor communicates. Because overpass will not be planned in directory of Tor, ISP didn’t identify their IPs and it can’t jam them. ISP has access of blocking to network of Tor; we can motionless avoid the filters of ISP’s by using the bridge of Tor. Primary we require finding bridges of Tor in sort to obtain the address of IP to which we’ll attach. Find the bridge of Tor by appointing the Bridges of Tor in the browser of web; we can view that we got two relays of bridge, one on port 80 and the other on port 443:

Bridge is 194.38.106.35:80

Bridge is 81.91.1.81:443

Use of the tools:

The Multi-layered protection to defend websites alongside the frequency which is increasing, sophistication, and the scale of attacks. Site Defender Akamai's Kona extends the security of web beyond the center of data while maintaining the availability and site performance in face of the threats of fast-changing. It will leverage the power of Akamai Intelligent Platform™ to identify, detect, and alleviate the Denial-of-Service (DoS), also the Distributed Denial-of-Service (DDoS), and some other attacks of application-layer before they will arrive at the origin.

Key Benefits of Kona Site Defender:

  • Protect applications of web and websites from DDoS and attacks of DoS with massive capacity and scale of Akamai's Intelligent Platform™
  • Preserve availability of website and its performance during the attacks of DDoS through Akamai's architecture of globally-distributed.
  • Decrease the data risk which will be breach with the highly scalable and high-performance of the firewall of web application.
  • Decrease the operational and capital costs which are associated with the security of web by leveraging the security service by Akamai's cloud.
  • Acclimatize to the changing threat of landscape with the continuous rules of security which are updated and refined by the Intelligence team of Akamai's Threat. (Dark, 2014)

Summary

  • The denial of the service attack’s intent is to deny legitimate users access to a resource such as a network, server etc.
  • There are two types of attacks, denial of service and distributed denial of service.
  • A denial of service attack can be carried out using SYN flooding, Ping of Death, Teardrop, Smurf or buffer overflow
  • Security patches for operating systems, router configuration, firewalls and intrusion detection systems can be used to protect against denial of service attacks.

References:

1. IT Professionals, 2014, IT Security Ethical Hacking,
2. Mathew, 2012, 10 Strategies To Fight Anonymous DDoS Attacks,
3. Prolexic, 2013, DDOS PREVENTION,
4. Cricket Liu, 2013, The ultimate guide to preventing DNS based ddos attack,
5. Victoria Roddel, 2012, Botnet,
6. James, 2015, The Ultimate Guide to Protecting Your Site from a DDoS Attack,
7. theterribletrivium, 2014, How do major sites prevent DDoS?,
8. Francis tan, 2011, DDoS attacks: Prevention and Mitigation,
9. Ron Meyran, 2012, DDos Attack Myths: Does size really matter?
10.Aleksey, 2013, 5 Strategies to Fight Anonymous DDoS Attacks,
11.Netsparker, 2014, Ping of Death,
12.Cayman, 2012, Ping of Death,
13.Stellios, 2009, The PING of Death and Other DoS Network Attacks,
14.Matthew prince, 2012, How to Launch a 65Gbps DDoS, and How to Stop One,
15.Mark Wilson, 2014, Want to launch your own DDoS attacks?,
16.Donald, 2013, DNS & DDoS – Using DNS To Launch a DDoS Attacks,
17.Dark, 2014, Akamai Upgrades Kona Site Defender WAF,
18.Stephanie, 2012, Akamai releases Web security monitoring platform Kona Site Defender,
19.Kona site, 2014, Kona Site Defender,
20.Steve, 2015, Ethical Hacking and countermeasures to Become Certified,

How to cite this essay: