StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Robot Network as a Specific Network or Server - Assignment Example

Cite this document
Summary
The focus of this paper "Robot Network as a Specific Network or Server" is on the reason for using an open-source operating system. It is to customize and select appropriate technology that was set to default. New prevention techniques are invented for maximum prevention…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91% of users find it useful
Robot Network as a Specific Network or Server
Read Text Preview

Extract of sample "Robot Network as a Specific Network or Server"

of the of the 1st July Answers Robot network or BOT NET is also known as a ‘Zombie army’ and is considered asa group of computers that are compromised and controlled by the hacker to attack a specific target (Botnet.2011). Likewise, these group of compromised computers will broadcast spam, relay unwanted emails, viruses or excessive request against any service associated with a specific network or server. The compromised zombie army is invaded by a Trojan, which is known as a remote application that installs itself within the system memory or kernel and provides data or connectivity to the hacker. Moreover, Trojan is operational by initiating an Internet Relay Chat (IRC) that waits for any action from the hacker who has full control over the botnet (Rapoza, 2008). Apart from IRC, hackers utilize root kits to compromise weak system with no updated security patches and have security loop holes that facilitate hacker’s objectives. As there are countless computers connected to the Internet, they use tools to capture and identify vulnerable systems and uses IP spoofing for (Spoofing.2011) manipulating the original IP addresses for gaining access in to the system. Furthermore, these compromised systems are from different geographical locations, it is difficult to identity suspicious traffic, as it represents different time zones. As botnets are considered as a major player in a Denial of Service attacks, it can be prevented by honey pots and bastion hosts that will identify suspicious broadcast at the initial level. As mentioned previously, that a zombie army initiates flooding and broadcasting attacks from various locations to the specific target. The characteristic of this attack encompasses threats from distributed source and is known as distributed denial of service attacks (DDoS). Computer network encyclopedia describes it, as the incorporation of hundreds or even thousands of computers that were previously compromised used for transmitting huge volume of unwanted traffic to the target. DDoS attacks are considered to be lethal in the world of Internet has imposes significant risks for businesses, governmental organizations, army networks etc. (Ghazali & Hassan, 2011) research on DDoS attacks has revealed vulnerabilities not only in the network architecture or infrastructure, but also in the protocol specifications along with Internet. Exhibit 1.1 demonstrates types of flooding DDoS attacks along with protocols: Attack Name UDP Flood TCP Flood LorDAS Shrew Induced-Shrew Quiet Attack Rate High High Low Low Low Low Attack Traffic UDP Flow TCP Flow No information TCP Flow Optimistic ACK packets Short-lived, TCP flows Attack Target UDP or TCP clients UDP or TCP clients Application servers Routers in TCP Flow Internet Access, Routers Routers in TCP Flows Attack Goal Exhaust resources at target machines Consume Bandwidth Reduce availability and capability of servers Deny bandwidth TCP Flows, close session Dos at Internet access routers Reduce throughput Exhibit 1.1 Source: (Ghazali & Hassan, 2011) High rate flood attacks: This type of attack is achieved by traffic generation from many machines that may be in total of hundreds or thousands dispersed globally. The flooding of unwanted traffic degrades the performance of the target system or network by utilizing all the resources (Ghazali & Hassan, 2011). Low rate flood attacks: This type of attack is not similar to a high rate flood attack, as the attacker broadcast intelligently constructed packets. These packets are designed to bypass traditional flood detectors by varying the traffic rate (Ghazali & Hassan, 2011). Low Rate DoS Attack against Application Servers (LoRDAS): This type of attack targets iterative servers and augments its capacity against synchronized or iterative servers. Likewise, the LoRDAS attack utilizes the capacity of these servers by sending a broadcast intelligently so that the servers begin to process the request of the hacker and overloading the server to fulfill any new legitimate request (Ghazali & Hassan, 2011). Shrew attack: This type of attack silently denies the bandwidth of a TCP data steam. Likewise, a short broadcast of large volume of traffic is generated for a limited time. This short burst artifice the TCP that the data stream is congestion and buffer of the targeted router overflows that result in packet drops (Ghazali & Hassan, 2011). Induced-shrew attack: this attack dominates a remote host that is called as a slave and the controller of this system or slave is called as a master. Likewise, the slave is responsible for attacking low rate broadcasts and must be incorporated with TCP i.e. any application or network service operating on the Internet or associated with file transfer service (Ghazali & Hassan, 2011). The reason for using an open source operating systems is to customize and select appropriate technology that was set to default. In this rapidly changing digital world of advanced hackers, new prevention techniques are invented for maximum prevention along with minimizing risks. One cannot predict that the blowfish encryption algorithm will also be replaced by the new and more secure algorithm known as two fish that will also be replaced at some period of this information age. Security requires constant and periodic changes to pace up and counter the threats that are ever increasing. Similarly, cryptography also goes with the same approach of upgrading new state of the art encryption algorithms one after another and from safe to the safest, so that it cannot be cracked. Lastly, the future concerns for blow fish encryption algorithm are associated with minimizing the use of S boxes along with less iterative processes along with sub key calculation on the fly. Two fish that is considered to be the next state of the art encryption algorithm after blow fish will be considered as AES final with 128 bit block size and can handle more operations. Two fish incorporates a 16 round structure with additional options for inputs and outputs, as the plain text is converted in to 32 bit words. The inputs incorporates four key words followed by sixteen rounds and each round, two words on the left are utilized as inputs to the function donated by ‘g’. The tool utilized in this scenario is ‘keepass’ that is an open source tool for storing all the passwords in a database that is encrypted (Popov). The database can also be encrypted by blow fish, as it incorporates no weak keys and the design is simple and understandable that supports analysis, algorithm integrity and repeatable block ciphers. Likewise, block ciphers are 64 bits in length with variable length keys. S-boxes are dependent on large keys that are more resilient to cryptanalysis. Moreover, permutations are key dependent with a support of diverse operations associated with mathematics that is integrated with XOR and addition. For attacking the encrypted files, workstation B can use many attack methods for retrieving the password files stored in the database maintained by ‘keepass’. The plaintext and cipher text methods of attacks incorporates a cryptanalyst that has an access to plaintext and the conforming cipher text and pursues to find association in between the two. Whereas, a cipher text is associated with an attack in which cryptanalyst is accessible to cipher text and do not have access to conforming plaintext. Workstation B can use generic ciphers such as Caesar, frequency analysis for cracking the cipher on workstation A. Moreover, workstation B can also use a plaintext and chosen cipher text attack for retrieving the passwords. This type of attack incorporates a cryptanalyst that is capable of encrypting a plaintext of choice and examines the results of cipher text. This type of attack is most generic for asymmetric cryptography, as workstation B can gain public key via cryptanalyst. Workstation B can also choose cipher text attack that incorporates a cryptanalyst selecting a cipher text that seeks for a similar plaintext. Workstation B can decrypt oracle that is a machine for decrypting data without exposure of key. Moreover, workstation B can also execute the attack on public key encryption, as it initiate with a cipher text and seeks for similar matched plaintext data available publically. Workstation B can also utilize adaptive attacks, as these attacks incorporate a cryptanalyst that selects plaintext or cipher text on the basis of previous results. Side channel attacks can also be utilized for data available in workstation A. These types of attacks extracts information associated with the physical deployment of cryptographic algorithm along with the hardware utilized for encrypting or decrypting data. These cryptographic methods mentioned earlier presume that access to plain text and cipher text is available to cryptanalyst and often to both types of data along with a possibility of cryptographic algorithms. Moreover, a side channel attack initiated by workstation B expands its scope such as CPU cycles utilize or time taken for calculation, voltage utilization etc. Apart from this attack, workstation B can also use network based attacks against Open SSL, as it utilizes two types of multiplications.one of them is called as Karatsuba that is used for words having the characteristics of equal size along with multiplication of those words that are not equal in size. Karatsuba is robust as the variation is speed can be validated by utilizing SSL TCP/IP data connection, however, information can be hacked by an hacker by using this type of multiplication methodology. For instance, a research team located at Stanford initiated a side channel timing attack for recovering the 1Mega Bit RSA key located on OpenSSL server. Likewise, the researchers utilized two hours and one million queries for the attack. Workstation B can utilize brute force attack that will try to retrieve every reachable key in a systematic manner. Likewise, this type of attack is associated with plain text or cipher text type of attacks. Workstation B can attack workstation A by a 4 bit key. Workstation B will allocate a limited length of key along with adequate time for a successful brute force attack. Likewise, encryption algorithms may become vulnerable to brute force attacks as the time passes by because CPU utilization increases. A single DES encryption incorporates an effective length key comprising of 56 bits, as the key can be cracked within two or three days by utilizing dedicated hardware components such as Electronic Frontier Foundation’s Deep Crack. workstation B will not be able to crack a 168 bit key in the similar fashion because it incorporates Advanced Encryption Standards. Workstation B must ensure when the success of brute force attack on only cipher text is accomplished. One of the examples of a brute force attack is demonstrated in Fig 1.1. Figure 1.1 Source: (Anonymous) Workstation B can use yet another type of attack for retrieving encrypted passwords available on workstation A. Man in the middle attack can be executed by workstation B for attacking algorithms that are utilized for multiples keys associated with encryption. One of examples incorporates a successful man in the middle attack against double DES. For augmenting the solidity of 56 bit DES, double DES was suggested. As man in the middle attack is associated with plain text attacks, the cryptanalyst has accessibility to plaintext and the output cipher text. One of the examples incorporates plaintext is ‘passwords’ and the double DES cipher text is named as ‘ABC’. The primary objective of cryptanalyst is to retrieve two keys i.e. Key 1 and Key 2 that were utilized for encryption. workstation B will first initiate a brute force attack on Key 1 by utilizing all 256 single DES keys for encrypting the plaintext of ‘passwords’ and stores all intermediate outputs of cipher texts and every key in a table. Secondly, Workstation Bie will impose Key 2 and decrypts ‘ABC’ for 256 times. During the process of decrypting the intermediate cipher text available in the table for the second brute force attack, objective is accomplished and both keys are now visible to the cryptanalyst. Workstation B was able to attack 256 attempts to retrieve the passwords. Conclusion For attacking workstation A that is maintaining encrypted passwords via an open source tool, workstation B can deploy and execute various attack methods as discussed in the body of the paper. Some of the attack methods discussed incorporates Meet-in-the-Middle Attack, Brute Force Attacks, Side Channel Attacks, Adaptive Chosen Plaintext and Adaptive Chosen Cipher text Attacks, Chosen Plaintext and Chosen Cipher text Attacks and Known Plaintext and Cipher text-Only Attacks. Work Cited Botnet.(2011). Computer Desktop Encyclopedia, , 1. Denial of service attack.(2011). Computer Desktop Encyclopedia, , 1. Ghazali, K. W. M., & Hassan, R. (2011). Flooding distributed denial of service attacks-A review. Journal of Computer Science, 7(8), 1218-1223. Rapoza, J. (2008). Botnets vs. botnets Ziff Davis Enterprise. Spoofing.(2011). Computer Desktop Encyclopedia, , 1. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Systems Security IT Assignment Example | Topics and Well Written Essays - 2000 words - 1”, n.d.)
Systems Security IT Assignment Example | Topics and Well Written Essays - 2000 words - 1. Retrieved from https://studentshare.org/information-technology/1622354-systems-security-it
(Systems Security IT Assignment Example | Topics and Well Written Essays - 2000 Words - 1)
Systems Security IT Assignment Example | Topics and Well Written Essays - 2000 Words - 1. https://studentshare.org/information-technology/1622354-systems-security-it.
“Systems Security IT Assignment Example | Topics and Well Written Essays - 2000 Words - 1”, n.d. https://studentshare.org/information-technology/1622354-systems-security-it.
  • Cited: 0 times

CHECK THESE SAMPLES OF Robot Network as a Specific Network or Server

NPS Deploying Network Policy Server

This report "NPS Deploying Network Policy server" gives details on implementing the Network Policy server in one central park.... The access may prove dangerous as the client data would be reviewed during the transfer to a third party and it would be difficult to track as the activity is a part of the process created for a particular server and hence the severity of this activity is high.... A database server that stores employee information uses student's identification details as the only form of security....
8 Pages (2000 words) Report

Computer Glossary - Internal and External LAN

"Blocking scheme" is used, while form updates are collected together on the user's workstation without consuming any network or server resources, and are submitted en masse when the SUBMIT tag is selected.... The office LAN comprises Windows XP/Vista and Mac workstations, managed by a Windows server 2008 and has hot-desk provision for laptops.... If you change the root password, your work may be lost, which you will have to recreate on a new installed server....
13 Pages (3250 words) Essay

Risk Management (Firms and organisations within the healthcare sector)

Firms and organisations within the healthcare sector store highly sensitive information on their networks and databases.... This information is confidential, due to its highly personal nature and, indeed, the anonymity of service users and the confidentiality of the information in question is protected by law....
4 Pages (1000 words) Essay

Samba Server Analysis

This paper "Samba server Analysis" presents the Samba server which can be installed on the Linux server or Microsoft windows server.... If printing services are required from the Linux machine to the Windows Platform, or either way, the Samba server will do it for you.... These days most of the organization wants to provide access to the data which has been maintained on the Linux server.... Apart from the Linux server, all the servers and workstations are running on the Microsoft Windows environment....
9 Pages (2250 words) Case Study

EDirectory Protocols

There may be existence of a DNS server available in a closer geographical proximity to the access provider which maps the domain names in the user's internet request or directs them to other servers.... The associated service is removed if the server fails (Kallinikos, 2009).... Stronger Domain Name System Thwarts Root-server Attacks.... Edirectory has traditionally utilized service location protocol (SLP) and service advertising protocol (SAP) to advertise and search for network services....
1 Pages (250 words) Essay

The Patterns in Acme Enterprises Data Network

"The Pattern in Acme Enterprise's Data network" paper examines the patterns which establish a firm foundation, understanding, and approach to design and implementation of full redundancy to the enterprise data network.... The computing and network infrastructure have become critical to the sales force; headquarter employees, remote offices and connectivity to external partners.... Any network downtime impairs the productivity of employees, inhibits the ability of employees to do their jobs, and impacts the company's ability to conduct business....
9 Pages (2250 words) Term Paper

Overview of Unix System

UNIX back end server support the automatic generation of enterprise java beans facilitated the development teams to develop the J2EE application more efficiently.... By the UNIX fast XML proxy support, web services are developed in no time on a distributed system as compared to the previous server architecture.... This UNIX server is capable of self-healing technology and decreasing system failures.... he Client-server model of UNIX was the core component for the growth of the Internet and reshaping of the distributed systems networks....
4 Pages (1000 words) Essay

Virtual Private Networks

In the setup wizard for routing and the remote access services, make a selection of virtual private network server from the common configurations list.... very computer is configured manually with the appropriate subnet, IP Address as well as DNS server IP address.... his is a computer that runs windows server 2003, standard edition, which provides RADIUS authorization, authentication as well as accounting for the VPN server computer....
5 Pages (1250 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us