Analyze the detected attacks and create a report that descri

Analyze the detected attacks and create a report that describes each attack, explains the threat it presents, and if an IDS or an IPS is suited to dealing with it. Specifically, your report should include: ANSWER THE 3 QUESTION IN BOLD BY LOOKING AT THE CHART BELOW

1 A description or name for each attack

2 A description of what the attack is trying to do

3 Whether an IDS could or should be used to detect it and whether it can be blocked using an IPS

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Network Attacks and IDS/IPS Analysis

The following is a compiled list of odd network behaviors reported by network engineers and system administrators of Aim Higher College:

1) Network traffic analysis shows that a single host is opening hundreds of SSH sessions to a single host every minute.

2) Network traffic shows that hundreds of hosts are constantly sending only SYN packets to a single Web server on campus.

3) A system administrator reports that a single host is attempting to log on to a campus SSH server using a different username and password combination thousands of time per day.

4) A new PDF-based exploit is announced that uses a malformed PDF to exploit Windows XP systems.

5) Spam e-mail is being sent to campus users claiming to be from the campus helpdesk. It asks them to send their username and password to retain access to their e-mail.

6) A DNS changer malware package has been detected on several workstations.

7) A JavaScript vulnerability is being used to exploit browsers via ad networks on major news sites, resulting in systems being infected with malware.

8) A zero-day vulnerability has been announced in the primary campus backup software’s remote administration interface.

9) A virus is being sent via e-mail to campus users.

_{1) As the host is trying to open so many sessions to the other host this thing is denial of service (DOS) attack. The security mechanism to use for this is IDS(intusion detection system as well as IPS(intrusion protection system) .}

_{2) Network traffic shows that hundreds of hosts are constantly sending only SYN packets to a single Web server on campus.so this attack is TCP SYN Flood attack a kind of DOS attack only which is used to shut down the user’s Internet Web server and can do to even other servers also if the host operating system is not patched(make the connection) .The attack disturb the feature of the (TCP), which in return makes the server processes unable to answer the client request for a TCP connection . As TCP is a secure medium the application mostly affected is email. The best thing to use is IDS/IPS for security.}

_{3) This is a like a Brute Force Attack. A Brute Force Attack is like a simplest kind of attack to gain access to a website. The technique is like it tries random usernames and passwords, over and over again, until it gets in and if the username or password or both are to simple then it use to catch it that’s why it is said to make a strong password or use almost every key like {numeric, caps letter, special symbol} as the more complex password more time taken or difficult to break. IDS is more effective for brute force attack.}

_{4) the best work for this to update the antivirus in the system or fully update the windows .}

₅₎ _{Email spam can be secured as the end users or the administrators should use various anti-}_{spam techniques. Some of these technique are in-built in services or software or product so to secure the users or others.}

₆₎_{DNS changer a malware, once infected a millions of computer systems worldwide.this technique is generally used by the cyber criminal people to take access of the web server and if they have the control over web server they can direct a user to any of the unwanted or malicious site they wanted user to visit. As the user gets infected what a attack want only those website the user will access , the every IP of user will be changed to the one which the attacker wants the user to visit. an IPS is required with the help of routers to secure the port and medium. trojan horse attack creates the same scenario}

₇₎ _{This attack is a Cross-site- script (XSS). As it is the modification of the script as the code is changed into some invalid or malware code so it tries to breakdown the processes or website can create redundancy with the original data to steal the original and the best way to deal is to use valid vunrability scanners or ti check for invalid code among the webpages.}

_{8) this can be protected by IDS as} _{A zero-day attack exploits an unknown vulnerability which nobody is aware of as it occurs on day zero (the starting day) awareness of the} _{vulnerability. It focuses on any loop hole if left by the developers and attacks at the starting itself leaving no time for anyone to react}

₉₎_{spam or phishing attack is getting access to users personal info like password to access money .IPS should be used with router as it is able to filter the spam as well the traffic.}

Analyze the detected attacks and create a report that describes each attack, explains the threat it presents, and if an IDS or an IPS is suited to dealing with

Analyze the detected attacks and create a report that descri

Solution

Get Help Now

Submit a Take Down Notice