This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In this report I documented all the mistakes made by Acme Widgets Inc., which allowed Darth Vader to take over the companies networks. I analyzed and documented all the configuration mistakes, network architecture mistakes, Policies and Ethics which allowed an intruder to take over the network. I gave solutions to fix the present vulnerabilities to save Acme's network by proposing new network design, correcting configuration mistakes. New network policies and ethics were written to stop attackers from entering into the company's local network.
Intrusion, network architecture, network attacks, policies, ethics, configuration mistakes.
A cyber geek popularly known as Darth Vader was very upset because of the widget he bought from a local tech shop named Widgets-R-Us store. That widget he bought was developed by Acme widgets Inc. That company currently doesn't have an online shop but its website has static webpages containing the details of its products. The reason behind Darts dissatisfaction is, the widget he bought is not like the one he had seen on the company's official website.
Darth wants to take revenge on Acme widgets Inc., by intruding into its network. He used various techniques to enter into the network of the company and successfully took over the entire network without being detected. There are many defects in the company's network which made Darth's work easy to hijack the network.
In this report I described about various problems like network policies, ethics and network & configuration errors present in the network. New policies, new network design, new configuration settings and ethics were proposed to make the network secure from similar attacks.
In section 2 I analyzed of all the vulnerabilities present in the Acme network and gave solutions to fix them. Section 3 has new network policies to counter similar threats. I concluded this report in section 4.
ANALYSIS OF VULNERABILITIES
There are several mistakes in network architecture of Acme Widgets Inc., which allowed Darth to take over the entire network. All the mistakes made in network architecture are listed below.
The description says that Darth used Dsniff sniffing tools and detected the presence of a switch in the network. This switch was used in the construction of De Military Zone (DMZ). It is not a good practice to use switches in the big networks. The presence of a boarder gateway router enhances the security of the internal network.
The present network has tri-home firewall between ISP end and company's end. This firewall has a single point of failure. This firewall can be replaced with a dual firewall  to increase the security. This firewall has two layers of security making network difficult to compromise.
In the case study there is no description about the usage of virtual local access networks (VLANS). We can understand that all the devices like management console, internal Domain Name Server (DNS) and local work systems in the Acme's network are connected to a single network. The VLAN's logically divides the network and hides management traffic from other local users.
From the description it is clear that there is no internal intrusion detecting system configured in Acme's network. Darth's usage of the Nessus Vulnerability - scanner was undetected because of this backdrop. The presence of IDS could have detected Darts presence in the network.
The 'clueless system' is the main reason for Darth's entry into the company's network. There is no proper identity of that system. All the systems, network devices in the network should be properly identified and named according to their position and priority.
Darth used the Nmap program to scan the firewall. This scan detected an open port helping Darth to take over the firewall. All the network devices should be properly configured by closing unnecessary ports.
Darth got a response from an old router during. His THC-Scan  successfully opened the virtual doors to enter a 'Clueless' computer. This could have been avoided by configuring that router with username and password. THC-wardriving avoidance techniques should be implemented to stop THC-Scan.
The present network has some password configuration problems. There is no password for PCAnyware (PCA)  software on 'Clueless user' computer which helped Darth to easily take over that system and thereby take over the entire network.
Policy and Ethics:
There are several other mistakes made by Acme Widgets. This section describes those mistakes.
Older operating systems were used in the network. Microsoft Windows NT OS is one of the older operating systems which has many known vulnerabilities. Clueless system has this OS. Usage of the latest operating system with frequent updates reduces the risk of network attacks.
Clueless system has a very bad anti-virus software in it. Darth deactivated the anti-virus program installed in clueless system. A good anti-virus has to restart itself after a certain time interval to give good protection to the system.
Darth's Nessus scan discovered that the network has an internal DNS server running with Solaris operating system with old version of BIND. This version has a buffer overflow problem which comes under gain root remotely category. Avoiding this vulnerable operating system would have improved the security of the network.
Clueless system and local DNS server may have administrative rights enabled. This helped Darth to easily access both the systems. He even manipulated the kernel of the DNS server. Creating admin and user rights may have restricted darth from making changes to the systems.
Telnet was used to communicate between the management console and http server. Dart was successful to take over http server by analyzing the telnet sessions as they have clear text communication. The use of other techniques like secure shell (SSH) hides the confidential details from intruders.
The use of internal firewall could stop http traffic from entering into the local network. This technique eliminates the effect of Reverse WWW shell installed by Darth.
Thinking before acting is a good practice. The network administrator entered login details twice without checking why the computer prompted second time.
Darth easily created a fake webpage of the firewall. Using some complex design for login screen could make Darth's work a bit difficult.
NEW NETWORK POLICY
The present network implemented in Acme Widgets Inc., is not secure. So I proposed new network policy to detect and eliminate the security breaches which allows people like Darth to intrude.
Network Architecture Policy:
The network should be designed using Dual firewall. This dual firewall protects the local network from external intruders. The http traffic which is intended for web server in the DMZ will be stopped by a Dual firewall from entering into the company's local network. Routers should be used in network design as they are more complex than switches.
VLAN's should be used so that the management information and the other local information are logically separated. VLANs usage adds encryption to the network. All systems in the network should be named based on location or their priority in the network. All the unnecessary ports should be disabled. THC-war drivers should be detected and stopped from entering the network. This can be achieved by configuring the modems to stop the calls made in serial numbers.
AAA means Authentication, Authorization and Accounting. All the users in the network should be given privileges according to their position in the organization. For example the person with user rights can't modify the system files where as an administrator can alter those files. All the users in the organization should login with their respective unique username and password to access their respective computers. This policy restricts users from logging from different geographical locations at the same time.
A proper accounting of network usage should be maintained and monitored at regular intervals. This accounting helps to detect any abnormality in the network.
Operating System Policy:
The latest operating system should be used in all the computers in the organization. Usage of older operating systems increases the chances of security breach as they have some known bugs or vulnerabilities. Auto update of operating system should be always enabled and the users should not be given access to alter this option. Latest patches which contain bug fixes should be installed at regular intervals. This policy should be implemented in all the network devices like switches and routers.
Antivirus and Anti-Spyware Policy:
All the devices in the network should have properly installed anti-virus and anti-malware software. This software protects the computers from various malicious programs like Trojans, Viruses, malware, etc. Some software's have both these features in them. These software should be updated as soon as a new update is released by the vendor. Right to deactivate antivirus programs should not be given to the users. It would be more advantageous to use antivirus software having features like firewall, intrusion detecting system and intrusion prevention systems.
Communication without encryption is not recommended as it uses free text. This free text is easily sniffed with the help of sniffer tools. All the communications having confidential information like usernames and passwords should be properly encrypted. There are various encryption algorithms which encrypt username and passwords before transferring them.
Pirated software will always have some vulnerabilities in it. So the use of pirated software should be restricted. All the operating systems and the antivirus programs should be genuine. Genuine software will always have support from its vendor in the form of updates and tech support.
Additionally all the USB ports should be disabled for users. This eliminates the entry of viruses from user side. Techniques like MAC address lock should be used to restrict the unauthorized changes of systems location in the network.
In this report I listed various vulnerabilities which helped Darth to enter into the network of Acme Widgets Inc., and take over it. I analyzed all the vulnerabilities and the solution to avoid it. I proposed new network policies to increase security for Acme Widgets Inc.,
I thank my teacher Mr. Muhammad Khurram Shahzad Raja for giving sufficient time to complete this assignment.