Assignment On Internet Security Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The firewall that is between the internal network and the DMZ, we can change the rules to block all incoming traffic (i.e., traffic originating from the Internet or DMZ). This change would ensure that if abusers gained control of servers within the DMZ, the abusers could not access servers within the internal network.

We can allow all outgoing traffic (i.e., traffic originating from the internal network to the DMZ or Internet). Because many employees used the Internet connection for a variety of reasons and the IT staff had to support the servers located within the DMZ, this configuration was easiest to support.

For the firewall that sat between the DMZ and the Internet, we can allow incoming Web, e-mail, and VPN traffic. All other traffic would be blocked until a valid business need arose. These rules would block a majority of traffic that abusers could use to attack.

The same external firewall, we can allow only outbound traffic for Web, e-mail, VPN, DNS, and a handful of other categories of network protocols that employees used. This restriction is mainly designed to ensure that attacks could not easily be launched using internal servers

Different networking components used in this network architecture are described below:

Major components are: Switch, Internet router, Firewall, Web and database server, VPN server DMZ


Switches are layer two devices. Here switches are used for creating plans and different networks. A network switch is a small hardware device that joins multiple computers together within one local area network (LAN). Technically, network switches operate at layer two (Data Link Layer) of the OSI model. Network switches appear nearly identical to network hubs, but a switch generally contains more intelligence (and a slightly higher price tag) than a hub. Unlike hubs, network switches are capable of inspecting data packets as they are received, determining the source and destination device of each packet, and forwarding them appropriately. By delivering messages only to the connected device intended, a network switch conserves network bandwidth and offers generally better performance than a hub. As with hubs, Ethernet implementations of network switches are the most common. Mainstream Ethernet network switches support either 10/100 Mbps Fast Ethernet or Gigabit Ethernet (10/100/1000) standards.


Routers are layer three devices. They can communicate with different plans and networks. A device that forwards data packets along networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISPs network. Routers are located at gateways, the places where two or more networks connect. Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they use protocols such as ICMP to communicate with each other and configure the best route between any two hosts. Very little filtering of data is done through routers. When multiple routers are used in interconnected networks, the routers exchange information about destination addresses, using a dynamic routing protocol. Each router builds up a table listing the preferred routes between any two systems on the interconnected networks..


A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. For example, at a company with 50 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet.

Web Server and database server:

In computing, the term server is used to refer to one of the following:

a computer program running as a service, to serve the needs or requests of other programs (referred to in this context as "clients") which may or may not be running on the same computer.

a physical computer dedicated to running one or more such services, to serve the needs of programs running on other computers on the same network.

a software/hardware system (i.e. a software service running on a dedicated computer) such as a database server, file server, mail server, or print server.

A server computer is a computer, or series of computers, that link other computers or electronic devices together. They often provide essential services across a network, either to private users inside a large organization or to public users via the internet. For example, when you enter a query in a search engine, the query is sent from your computer over the internet to the servers that store all the relevant web pages. The results are sent back by the server to your computer.

VPN Server:

A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization. It encapsulates data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks. There are many different classifications, implementations, and uses for VPNs.This functionalities can be implemented using a VPN server.


In computer security, a DMZ, or demilitarized zone is a physical or logical sub network that contains and exposes an organization's external services to a larger entrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.


Task 3


There are many web application attacks. Some of the the most common web application attacks are illustrated below.

Injection of SQL code

Execution of Remote code

Scripting of the Cross Sites (XSS)

Enumeration of the Username

Exploiting vulnerabilities and formatting strings

Injection of SQL code

SQL injection is a very common approach of web attack among the attackers. It is also known as SQL insertion attack. This is a technique which allows an attacker to retrieve confidential information from a database or Web servers. The impact of this attack can vary. This depends on the some important mater such as application's security measures. SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is increased when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.


Minimum users with optimum privileges should be given to perform the assigned task. We can also avoiding connection to the database to mitigate this attack.

PHP has two functions for MySQL. It actually takes the input from user. we must ensure that we are running the PHP 4 or 5 or later version.

Execution of Remote code

In remote code execution an attacker runs system level code arbitrarily on the vulnerable server to retrieve the confidential information. This is because of improper coding errors lead to this vulnerability. In computer security, arbitrary code execution is used to describe an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. It is commonly used in arbitrary code execution vulnerability to describe a software bug that gives an attacker a way to execute arbitrary code. A program that is designed to exploit such vulnerability is called an arbitrary code execution exploit. By using these vulnerabilities attackers execute machine code and most exploits therefore inject and execute shell code. This gives an attacker an easy way to manually run arbitrary commands. The ability to trigger arbitrary code execution from one machine on another (especially via a wide-area network such as the Internet) is often referred to as remote code execution. It is the worst of web attacks. Because it allows an attacker to completely take over the vulnerable machine. This give the attacker the opportunity to take complete control over the machine the process is running on. Arbitrary code execution vulnerabilities are commonly exploited by malware to run on a computer without the owner's consent.


Recently resealed PHP versions by default have register_globals set to off. with some the options that the users can change this option. Administrators can consult developers who insist on using register_globals.

Scripting of the Cross Sites (XSS)

In this method the attacker tries the victim to attract to perform a threating URL. This can be created in such a manner to attract the victim and appear to be very safe at first try. When the victim visits such kind of a URL, Now the attacker gets the opportunity effectively to execute something malicious in the victim's browser or PC or servers. Attacker runs many malicious Javascript so that the web site which possesses the XSS bug looks very safe.


Code can be added like below to avoid XSS attacks, and thus we can mitigate the problem:

 <?php $html= htmlentities($_GET['name_1'],ENT_QUOTES, 'UTF-8'); echo "<p>Your Name<br />"; echo ($html); ?>

Enumeration of the Username

The backend validation process informs the attacker whether the username supplied by the attacker is correct or not. In this type of attack, the attacker tries with lots of different arbitrarily generated usernames and try to determine valid the ones with the help of these different error messages and also exploiting some of the vulnerability.


We can mitigate this problem by taking the following steps:

By displaying consistent error messages, we can prevent disclosure of valid usernames.

The trivial accounts can be created for testing purposes only. These accounts should be removed after our desired testing is over.

Exploiting vulnerabilities and formatting strings

Sometimes we use unfiltered user input. These reduce the security and increase vulnerability. Compiler C has such function printf().

An attacker can try with the %s and %x formatting tokens to import desired data from the servers or other possible locations or memory. Again an attacker can search different arbitrary locations by the use of %n format token such as printf() and similar other functions to know the number of bytes that is formatted.


Warnings for dangerous or suspect formats can be produced by many compilers statically by checking format strings. In the GNU Compiler Collection, the relevant compiler flags are, -Wall,-Wformat, -Wno-format-extra-args, -Wformat-security, -Wformat-nonliteral, and -Wformat=2. This is very useful for detecting bad format strings. The application must validate the format string before using it if the format string may come from the user or from a source external to the application.


Task 4


NIDS can easily monitor malicious events within a network. We can have a better understanding of activity taking place on the network. Network IDS system will monitor the critical attack avenue from the Internet also. On the other hand, we can now go for a few HIDS to monitor some network elements which are vulnerable to attack such as web servers and mail servers. After installing the HIDS sensor software on each servers we can reroute all the alerts to the database servers which Intrusion detection in a computer network is very essential for ensuring security of a particular network. By intrusion detection one can monitor the harmful traffic travelling through the network and take necessary steps to mitigate the harmful effect. By examining each network packet, security professionals can catch malicious activity before it reaches an internal system. This type of examination is known as intrusion detection.

There are several types of IDS system is available. The most common are described below.

Network intrusion detection systems (NIDS)

host intrusion detection systems (HIDS)


Network intrusion detection systems (NIDS)

Network IDS refers to computer systems or network devices that are deployed at various locations on the network to monitor network traffic. Different packet examining software can be deployed on a network segment to monitor and inspect data traffic. Network administrators review header details and peer into the contents of network packets to troubleshoot network problems. NIDS systems consist of at least one sensor, a collector or manager, a database, and a console. Each component has a specific function.

Deciding on the optimal placement of the sensor is crucial to building an effective IDS architecture. Each organization has different needs; however, there are several general guidelines that should be considered:

â-  Multiple sensors should be deployed. For example, if a router divides the network into three logical segments, companies should deploy three separate NIDS sensors.

â-  A sensor should be deployed in a manner that ensures the sensor is not overwhelmed by network traffic. Massive amounts of traffic can cause the NIDS sensor to drop packets, which can allow malicious activity to go undetected.

â-  A NIDS sensor should be placed at every Internet access point. Because an Internet access point offers the greatest avenue of attack, each Internet connection should be monitored.

â-  A NIDS sensor should be placed at every extranet connection. As with Internet access points, connections with other networks also open unwanted avenues of attack.

â-  NIDS sensors should be positioned on both sides of a firewall, one in front of a firewall (e.g., connected to the Internet) to see all incoming attacks and one behind a firewall to view only attacks that have made it past the firewall.

The information analyzed by managers is directed to the console for more action. Managers store information in the database and pass real-time alerts to the console. At the console, security professionals react to alerts, run reports on stored information, modify signatures and generally coordinate all NIDS activity. In some organizations, multiple consoles are necessary to facilitate monitoring by multiple console operators.


Simple to implement.

Easy to maintenance and upgrade.

Easy to monitor malicious events within a network.

Cost effective.

Do not use system resources of network elements.


Cannot monitor a particular host.

Require extra hardware installation.

Require investigation to deploy network sensors correctly.


Host intrusion detection complements the functionality of network IDS by monitoring activity on computer systems. HIDS sensors monitor traffic on the host itself. However, much like NIDS, the HIDS sensor can compare data to a list of known signatures and generate an event for any data that matches a signature.


Easy to monitor malicious events within a single host.

Simple in design.

No hardware setup is required.


Cannot monitor network malicious events.

Complex to implement.

Difficult to maintenance and upgrade.

Not cost effective as we have to installed software in every servers or computers that we want to monitor.

Use system resource on which machine it runs.


Honeypot refers to a computer system masking its identity and inviting abuse to collect information on attackers. There are a number of tools that can be installed on a honeypot, and a honeypot can serve any number of purposes. For example, A Linux server that is configured to respond like a Windows machine to record malicious attacks against Windows hosts by using honeypots.


Honeypots is they are easier to configure.

There are no industry standard software packages for honeypots; instead, honeypots are installed with whatever tools are necessary.

They can buy times against intruders attacks.


Its flexibility may lend itself to many labour hours in maintenance.

A honeypot that is constantly attacked may require frequent rebuilds and software updates.

Recommendations to the company about Intrusion Detection and Prevention with justification:

After analyzing all the IDS system we can come to conclusion that since we cannot detect intrusion by a single software or hardware or IDS system, therefore we need to design a combine system which includes NIDS, HIDS and Honeypots to make our system cost effective.

Information required during a breach:

We can gather different type of information during a breach of depending on the nature of attacks. There are many factors that go into making this determination:

Every network develops its own "personality" and a false positive on one network may be an attack on another network.

To form a larger picture of a possible attack, the operator looks at other events, such as those generated at approximately the same time period, or events from the same source IP address, or destination IP address.

If an operator is still unsure, he performs his own analysis or hands off the information to an IDS analyst.

If the malicious activity is determined to be an attack, the operator or analyst takes responsive action.


Task 5


Mental Poker

Computer networks and especially the Internet have allowed some common activities such as shopping or gambling to become remote (e-shopping and e-gambling). Mental poker is a card game. This is played over telephone or internet with two or more persons. Here is no trusted third party for shuffling the cards. There are between 2 and 10 players and an (imaginary) pack of 52 standard cards. Each player is dealt 5 cards, then there is a round of betting after which all players hands are revealed. This last requirement is not a desired situation as in poker the ability to bluff is important.. In this game the player have disjoint hands. So, players can have any possible hand. No player can discover another player hand.

Basic of poker and how it is played:

Here we briefly describe the basic of poker and how it is play.

Card Abbreviations with Ranks

Here is a list of card abbreviations and their ranks used in poker games:

A - Ace ("bullet")

K- King ("cowboy")

Q - Queen

J - Jack ("hook")

T - Ten

9 - Nine

8 - Eight

7 - Seven

6 - Six

5 - Five

4 - Four

3 - Three

2 - Two ("deuce" "duck")

AA - Pair of aces

AK - Ace and king ("big slick")

Q9s - Queen and nine, suited

Here we discuss some strong and weak hands.

Royal Flush: With the ace as the highest of five cards is known as a royal flush is a straight flush. For example: A-K--Q-J-T.

Straight Flush: All of the same suit is known as a straight flush. For example: 8-7-6-5-4.

Four of a Kind:  when Four cards of the same rank is found it is called the four of a kind. For example: -9-9-9-9. It is also known as "quads."

Three of a kind: Three of a kind is often called a "set" or "trips." Three of the same rank. For example: Q-Q-Q.

Two Pairs: When four cards of two ranks occurs. For example: J-4-J-4 This is called "Jacks up." The highest pair wins when two players holding two pairs at the same time.

One Pair: When two cards of the same rank occurs. For example: 6-6.

High Card: The hand with the highest card is the winner when no player has a hand containing at least one pair. The rank of cards starting from highest is ace, king, queen, jack, 10, 9, 8, 7, 6, 5, 4, 3, 2, and 1 if the ace is used as a 1.

Full House: When three of a kind and two of a kind occurs a full house is made. For example: K-K-K-6-6. This would be called "kings full of sixes." If there are two full houses during one hand, the one with the largest three of a kind wins.

Flush: Five cards of the same suit is called a flush consists of. For example: K-J-9-8-3. The flush with the highest card wins In the event of two flushes during one hand. If they are the same rank, it goes to the next highest card, and on down to the fifth card if necessary. The pot is split between the winners if the two hands are identical,

Straight: five cards of any suit in order is known as a straight. For example: Q-J-T-9-6. When two straights occur, the one that starts with the highest rank wins. Aces can be used as a high card above a king or as a low card below a two to make a straight. We can't use a king, ace, two sequence; and an ace below a two cannot be used as the high card.

Problem associate with mental poker:

Cheating is very difficult to catch in mental poker. It is called the collusion. In the time of odds a player tries to share his cards with other to help them make better choices. For the most of the part of the game, this kind of cheating is not very beneficial to the cheaters except in few situations. But in other situations this can be actually helpful. It may start to become a problem when 4 players are all sharing information about their cards with each other. This is very hard to catch this kind of cheating because in this case, the cheaters will be folding their hands whenever they know that another one of theirs has a stronger handoff cards. As we can't see cards online, it's very difficult to know that people are folding or not. However, the poker sites often fails to detect this type of cheating play.

For example, when a flip showed K/A/2 and cheater #3 held KK while cheater #4 held KA, if cheater #4 now fold to a bet from cheater #3, then there should (we would hope) be some alarming bells should be raised from the server end.

Problem Solving Scheme:

Better performance through increased trust

In poker the requirement is that every player should encrypt every card that is dealt. It can be bounded by different mental poker protocols that are available. This kind of protocols depends on the players to perform the encryption. Again, significantly more efficient protocols can be realized by reducing the trustworthiness of third parties. The encryption can be handled by two or more servers. This is can happen when we choose cards without shuffling. A protocol is secure when the servers are non-colluding.

Let we have two servers S1 and S2 that can encrypt and shuffle a deck of cards. Then it can publish permutation of encrypted cards to the players. Several well-understood cryptographic protocols can be used for this purpose.

A random number in {0,..., 51} is generated. This is combined to a players also compute independent random numbers in {0,...,51}. This random number is used as an index for the random permutation. The appropriate player gets "ownership" of the specified set of card, and the servers also send that player a key so that he can read the card's value.

In this protocol, we can only know the values of any cards in the time when server S1 and S2 both collude. Furthermore, non-trustworthy servers and other intruders find it difficult to influence the game to the extent that is possible in traditional online poker. This is because the players already have decided which cards are being dealt.