Common Advantages Of Using Vpn Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Suggested solution for securing site to site connection between branches is by using Vitual Private Network. VPN technologies create a cure tunnel through the Internet from one office (site) to another and all the traffic transmitting in the tunnel is encrypted with designated algorithm solution.

Common advantages of using VPN are:

Cost - VPN doesn't need any cost included to buy equipment or tools to setup a secure connection. It only needs knowledge to implement it as well as skills to maintain the durability of its secure.

Scalability - With each location have Internet accessible the new connection can easily made. This differs with leased lines which the concept is greater distance between offices means higher cost due to the VPN uses a connection to the Internet and initiated the secure connection in WAN instead of a point-to-point connection between offices.

Performance - Applying VPN will not affecting the high speed connection provide to the company alongside with the site branch communicating each other.

Flexibility - If a company move one or more offices, VPN make it easy in terms of create new communication than a dedicated lease line link. The VPN can be initiated easily at the new site and apply for new secure connection certified by main branch.

VPN Protocols

To establish a connection, both the client and the server must be using the one of the same VPN protocol which stated below:

Point to Point Tunnelling Protocol (PPTP)

PPTP is a standard tunnelling protocol developed by PPTP Forum which consists of Microsoft and some other remote access vendors [3].

Layer Two Tunnelling Protocol (L2TP)

L2TP is a combination of PPTP and Layer Two Forwarding (L2F) developed by IETF.

Internet Protocol Security (IPSec)

IPSec is a framework of IETF open standards aim at securing traffic on the network layer [5].

Secure Socket Layer/Transport Layer Security (SSL/TLS)

SSL/TLS is a level 3 OSI layer security protocol developed by Netscape. SSL/TLS is commonly used with HTTP to enable secure Web browsing called HTTPS.

Question 1 (ii)

Phishing is an online identity theft which it imitate the original website and become almost fully legitimate website for user access. Not only phishing can imitate the original source of web data, it also can infect the intended users with malwares and perform unauthorized access on users' computer. For company who dictates what the securities may applied to deny the phishing problem to client, there are some approaches will be follow:

Detect and block the phishing Web sites in time

If we can detect the phishing Web sites in time, we then can block the sites and prevent phishing attacks. There are list two methods for phishing site detection.

The Webmaster of a legal Web site periodically scans the root DNS for suspicious sites (www. 1 malaysia.com.my VS www.malaysia.com.my).

Since the phisher must duplicate the content of the target site, he must use tools to automatically download the Web pages from the target site. It is therefore possible to detect this kind of download at the Web server and trace back to the phisher.

Enhance the security of the web sites

The business Web sites such as the Web sites of banks can take new methods to guarantee the security of users' personal information. One method to enhance the security is to use hardware devices such as:

PIN code and smart card for banking session

An-other method is to use the biometrics characteristic) for user authentication.

Provide SSL/TLS for company's website for HTTPS connection.

Block the phishing e-mails by various spam filters

Phishers generally use e-mails as 'bait' to allure potential victims. SMTP (Simple Mail Transfer Protocol) is the protocol to deliver e-mails in the Internet. Information related to sender, such as the name and email address of the sender, route of the message, etc., can be counterfeited in SMTP. Thus, the attackers can send out large amounts of spoofed e-mails which are seemed from legitimate organizations.

Install online anti-phishing software in user 's computers

Despite all the above efforts, it is still possible for the users to visit the spoofed Web sites. As a last defence, users can install anti-phishing tools in their computers. Nowadays, antivirus software have capability to detect spams which try to initiated access the users' computers.

Question 2 - Log Analysis

No

Time

IP address attacker

IP address victim

Type of intrusion

91

03/16-06:55:42.229046

(16 Mac 6:55 am)

61.194.38.35

62.231.131.238

BAD-TRAFFIC SSH brute force login attempt {tcp}

207

03/16-12:44:37.909380

(16 Mac 12:44 pm)

61.62.46.105

62.231.131.238

BAD-TRAFFIC SSH brute force login attempt {tcp}

BAD-TRAFFIC SSH brute force login attempt {tcp} - a possible false positive where it can be triggered by sending large numbers TCP

Overcome:

Passwords on all the accounts are well-chosen, long, and contain a mix of numbers, upper and lower case, and punctuation.

Using tools such as GNU Screen and Bitvise to monitor the SSH server log file as well as determine if there are too many failures, based on configurable criteria, from a given host and then modify firewall or tcp_wrapper rules to stop the offending host from connecting for some period of time.

Bind SSH to specific IP address - counter any unrecognized IP address which will using SSH to login.

Disable SSH root login.

No

Time

IP address attacker

IP address victim

Type of intrusion

183

03/17-01:02:16.686309

(17 Mac 1:02 am)

62.231.60.27

62.231.131.235

SHELLCODE x86 inc ebx NOOP {tcp}

69

03/23-02:54:59.223187

(23 Mac 2:54 am)

62.231.56.34

62.231.131.235

SHELLCODE x86 inc ebx NOOP {tcp}

SHELLCODE x86 inc ebx NOOP {tcp} - This event may indicate that a binary shellcode was sent to the server as part of a denial of service (DOS) attacks (typically using buffer overflow). It is possible someone was attempting a buffer overflow to gain unauthorized access to one of servers.

Overcome:

Secure the login with non-NULL password in MySQL server.

Establish port knocking daemon (nowadays use PKI certificate exchange)as additional layer of authentication for any SYN packets transmitting as well as port access.

Patches the important ports which using every everyday (telnet, http, ftp) with establish firewall as well as antivirus.

No

Time

IP address attacker

IP address victim

Type of intrusion

64

03/25-11:24:01.348497

(25 Mac 11:24 am)

62.231.131.230

204.16.208.60

ICMP Destination Unreachable Port Unreachable {icmp}

48

03/29-17:17:30.542696

(29 Mac 17:17 pm)

62.231.131.228

60.11.125.44

ICMP Destination Unreachable Port Unreachable {icmp}

ICMP Destination Unreachable Port Unreachable {icmp} - Gateways use ICMP Destination unreachable message to define datagram is not delivered. This can used even to cut some of the nodes in a network.

Overcome:

Limit the handshake initiation for re-authenticate their session(limit the accessibility of exploiting handshake by DOS)

Establish packet filtering firewall with DROP policy and add an ACCEPT rule for type 3 IMCP which exclude on the host network.

MALAYSIAN INSTITUTE OF

INFORMATION TECHNOLOGY

ADVANCED NETWORK SECURITY

IKB41103

ASSIGNMENT 1

E-COMMERCE AND LOG ANALYSIS

Prepared By:

Muhammad Haziq bin Muhammad Badri

52261210170

Prepared For:

MR. SHADIL AKIMI BIN ZAINAL ABIDIN