Wednesday, May 6, 2020

Demonstration of Network Security Tools †Free Samples to Students

Question: Discuss about the Demonstration of Network Security Tools. Answer: Introduction: Information systems need to be secure to prevent intrusion and malicious use of software that may cause them harm. There are many ways intruder tries to get into the system for different reasons. The most common threats and attacks include Packet replay, Packet modification, Internet Protocol spoofing and Mail bombing. Impersonation is when a sender of an email creates a fake return address[1]. It happens when somebody manually modifies a moving header or the sender automatically connect them to an SMTP port on the receiving node. Eavesdropping occurs when Email headers and contents are sent without first being encrypted. This makes it possible for the contents to be altered before arriving at the receiver or modification is done on the header changing or hiding the sender. A hacker will thereby manage to make a fake activity flow of the network. It will help them access sensitive information such as passwords and other relevant data. Packet modification is another vulnerability involving modification and interception of a package by a system that was not the designated receiver[2]. The packet information required may also get damaged due to the modification. Packet replay works by recording and retransmitting message packets in a given network. It affects all programs that need sequences to be authenticated and allows intruders to replay the fake authentication sequences and manage to gain access to the attacked system. Another common attack is an intrusion. It happens when a hacker uses their means, e.g., cracking tools and gains access to a system[2]. The use of a vulnerability tool would help the technicians note any intrusion occurring in the network system. Social engineering, another possible attack is employed by both outsiders and people working inside the organization since it collaborates with the help of the user. The user gets tricked to a level of revealing their security information, e.g., passwords which then used for the malicious purpose. The best solution to social engineering is educating the users and ensuring there are kept well aware of such tricks. A network can also get spoofed where a computer system will impersonate another system already in the company's network system. The spoofing system will then receive all the intended information just like it was the intended receiver. Viruses are also used by attackers to break into network systems and to gain access to information which they could have otherwise been denied[1]. It is done by developing malicious codes and spreading them by ordinary means such as emails to the system they want to harm. Password cracking is another threat that attackers use to gain access surreptitiously just like the permitted user. It can be easily avoided if the users use passwords that cannot be easily guessed or weak. A password cracker uses their knowledge of the user as a tool to predict the password a user could be using and gain access to the network system comfortably like them. Most of the vulnerabilities can be avoided and controlled by use of a vulnerability detection tool. Nessus is one of the most modern and capable vulnerability scanners which originally was built for UNIX systems as an open source software[1]. Nessus has a Tenable Network Security that does the vulnerability checks and produces results in various formats[1]. It will help in detecting and controlling access to the network system by any intruder and deny service to any malformed packets which may otherwise be used by the intruder. To download and install Nessus, visit Nessus website here to get the installer package and the installation guide. After successful download, click the installer to start installation. After the steps provided in the page above, the installer will lead you to the Ready to Install the Program screen, select the Install button[7]. After successful installation, go to settings and configure the scanner as illustrated below. References I. J. Douglas and P. J. Olson, Audit and control of computer networks, Manchester: NCC Publications, 1986. C. M. Davis, M. Schiller and K. Wheeler, IT auditing : using controls to protect information assets, Emeryville, Calif: McGraw-Hill/Osborne, 2011. U. S. D. o. H. S. O. o. I. General., Improved security required for Transportation Security Administration networks, Washington, DC: U.S. Dept. of Homeland Security, Office of Inspector General, 2011. G. E. Smith, Network auditing : a control assessment approach, New York : John Wiley, 1999. M. Carey, R. Rogers, P. Criscuolo and M. Petruzzi, Nessus network auditing, Burlington: Syngress Publishing, Inc, 2008. R. Nieva, "Nessus security tool closes its source," 25 Augus 2017. [Online]. Available: https://www.cnet.com/news/nessus-security-tool-closes-its-source/. [Accessed 26 08 2017]. I. Tenable, "Download Nessus," Nessus, [Online]. Available: https://www.tenable.com/products/nessus/select-your-operating-system. [Accessed 29 August 2017].

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.