This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In this report I documented all the mistakes made by Acme Widgets Inc., which allowed Darth Vader to take over the companies networks. I analyzed and documented all the configuration mistakes, network architecture mistakes, Policies and Ethics which allowed intruder to take over the network. I gave solutions to fix the present vulnerabilities to save Acme's network by proposing new network design, correcting configuration mistakes. New network policies and ethics were written to stop attackers from entering into the company's local network.
Intrusion, network architecture, network attacks, policies, ethics, configuration mistakes.
A cyber geek popularly known as Darth Vader was very upset because of the widget he bought from a local tech shop named Widgets-R-Us store. That widget he bought was developed by Acme widgets Inc. That company currently doesn't have an online shop but its website has static webpages containing the details of its products. The reason behind Darts dissatisfaction is, the widget he bought is not like the one he had seen in the company's official website.
Darth wants to take revenge on Acme widgets Inc., by intruding into its network. He used various techniques to enter into the network of the company and successfully took over the entire network without being detected. There are many defects in the company's network which made Darth's work easy to hijack the network.
In this report I described about various problems like network policies, ethics and network & configuration errors present in the network. New policies, new network design, new configuration settings and ethics were proposed to make the network secure from similar attacks. The analysis of all the vulnerabilities and solutions to avoid them are described in next sections.
ANALYSIS OF VULNERABILITIES
There are several mistakes in network architecture of Acme Widgets Inc., which allowed Darth to take over the entire network. All the mistakes made in network architecture are listed below.
The description tells that Darth used Dsniff sniffing tools and detected the presence of switch in the network. This switch was used in the construction of De Military Zone (DMZ). It is not a good practice to use switches in big networks. The presence of boarder gateway router enhances the security of the internal network.
The present network has tri-home firewall between ISP end and company's end. This firewall has a single point of failure. This firewall can be replaced with dual firewall to increase the security. This firewall has two layers of security making network difficult to compromise.
The 'clueless system' is the main reason for Darth's entry into the company's network. There is no proper identity for that system. All the systems, network devices in the network should be properly identified and named according to their position and priority.
In the network there is no description about the usage of virtual local access networks (VLANS). We can understand that all the devices like management console, internal Domain Name Server (DNS) in the Acme's network are connected in a single network. The VLAN's logically divides the network and hides management traffic from other local users.
From the description it is clear that there is no internal intrusion detecting system configured in Acme's network. Darth's usage of Nessus Vulnerability-scanner was undetected because of this backdrop. The presence of IDS could have detect Darts presence in the network.
Darth used Nmap program to scan the firewall. This scan detected an open port helping Darth to take over the firewall. All the network devices should be properly configured by closing unnecessary ports.
Darth got response from an old router during. His THC-Scan successfully opened virtual doors to enter a 'Clueless' computer. This could have been avoided by configuring that router with username and password.
The present network have some password configuration problems. There is no password for PCAnyware (PCA) software in 'Clueless user' computer which helped Darth to easily take over that system and thereby take over the entire network.
Policy and Ethics:
There are several other mistakes made by Acme Widgets. This section describes those mistakes.
Different operating systems were used in the network. Microsoft Windows NT OS is one of the old operating systems which has many known vulnerabilities. Clueless system has this OS. Usage of new operating systems reduces the risk of network attacks.
Clueless system has very bad operating system in it. Darth deactivated the anti-virus program installed in clueless system. A good anti-virus has to restart itself after a certain time interval to give good protection to the system.
Darth's Nessus scan discovered that the network has an internal DNS server running with Solaris operating system with old version of BIND. This version has a buffer overflow problem which comes under gain root remotely category. Avoiding this vulnerable operating systems would have improved the security of the network.
Clueless system and local DNS server may have administrative rights enabled. This helped Darth to easily access both the systems. He even manipulated the kernel of the DNS server. Creating admin and user rights may have decreased the effect of attack.
Telnet was used to communicate between the management console and http server. Dart was successful to take over http server by analyzing the telnet sessions as they have clear text communication. The usage of other techniques like secure shell (SSH) would hide the session details from attackers.
The usage of internal firewall could stop http traffic from entering into the local network. This technique eliminate the effect of Reverse WWW shell installed by Darth.
Thinking before acting is a good practice. The network administrator entered network details twice without thinking why it prompted second time.
Darth easily created a fake webpage of the firewall. Using some complex design for login screen could made Darth's wore a bit difficult.
NEW NETWORK POLICY
The present network implemented in Acme Widgets Inc., is not secure. So I proposed new network policy to detect and eliminate the security breaches which allows people like Darth to intrude.
Network Architecture Policy:
The network should be designed using Dual firewall. This dual firewall protects the local network from external intruders. The http traffic which is intended for web server in DMZ will be stopped by Dual firewall from entering into the company's local network. Routers should be used in network design as they are more complex than switches.
VLAN's should be used so that the management information and the other local information are logically separated. VLANs usage adds encryption to the network. All systems in the network should be named based on location or their priority in network. All the unnecessary ports should be disabled. THC-war drivers should be detected and stopped from entering the network. This can be achieved by configuring the modems to stop the calls made in serial numbers.
AAA means Authentication, Authorization and Accounting. All the users in the network should be given privileges according to their position in the organization. For example the person with user rights can't modify the system files where as administrator can alter those files. All the users in the organization should login with their respective unique username and password to access their respective computers. This policy restrict users from logging from different locations at same time.
A proper accounting of network usage should be maintained and monitored at regular intervals. This accounting helps to detect any abnormality in the network. Techniques like MAC address lock should be used to restrict the unauthorized changes of systems in the network.
Operating System Policy:
Latest operating system should be used in all the computers at the organization. Usage of the old operating systems increases the chances of security breach as they have some known bugs or vulnerabilities. Auto update of operating system should be always enabled and the users should not be given access to alter this option. Latest patches which contain bug fixes should be installed at regular intervals. This policy should be implemented to all the network devices like switches and routers.
Anti-virus and Anti-Spyware Policy:
All the devices in the network should have properly installed anti-virus and anti-malware software. These software protect the computers from various malicious programs like Trojans, Viruses, malwares, etc. Some software's have both these features in them. These software should be updated as soon as new update is released by the vendor. Right to deactivate antivirus programs should not be given to the users. It would be more advantage to use antivirus software having features like firewall, intrusion detecting system and intrusion prevention systems.
Communication without encryption is not recommended as it uses free text. This free text is easily sniffed with the help of sniffer software. All the communications having confidential information like usernames and passwords should be properly encrypted. There are various encryption algorithms which encrypt username and passwords before transferring them.
Pirated software will always have some vulnerabilities in it. So the usage of pirated software should be restricted. All the operating systems and the antivirus programs should by genuine. Genuine software will always have support from its vender in the form of updates and tech support.
Additionally all the USB ports should be disabled for users. This eliminates the entry of viruses from user side.
In this report I listed various vulnerabilities which helped Darth to enter into the network of Acme Widgets Inc., and take over it. I analyzed all the vulnerabilities and the solution to avoid it. I proposed new network policies to increase security for Acme Widgets Inc.,
I thank my teacher Mr. Muhammad Khurram Shahzad Raja for giving sufficient time to complete this assignment.