Free Essay

Sec280-Week1

In: Computers and Technology

Submitted By partake
Words 1279
Pages 6
Risks and Resolutions

Introduction

A Computer Network has many benefits to a company. However, it also puts a company at security and privacy risks if they are not tackled with a profound technical know-how. When a computer on a network is hacked, there is a possible threat to other systems getting effected as well. These security breaches can be severe to the organization information and privacy and resolve into a loss of information, leak of confidential data such as bank accounts, and loss of goodwill and trust.
Ping Sweeps and Port Scans Intro

Ping sweeps and port scans are two methods commonly used by hackers to detect vulnerabilities on computer networks (InfoSoc, 2014). Hackers use ping sweeps to check on which computers are active and being used; while they use port scan to find open ports which can be used to breach a network. If these two methods are used by knowledgeable hackers, they can jeopardize personal data and cause severe effects on the entire computer network.
Ping Sweep Ping is the abbreviation for Packet Internet Groper. It is a service to check if a machine on the network is up and running. In ping sweep, an Internet Control Message Protocol (ICMP) echo request is sent to a machine to see if it responds. If a machine is live, it will send an echo ICMP response. Hackers use this facility to seek targets in large networks. They use ping sweeps to continuously ping addresses, leading to a slowdown in the network. “It’s a bit like knocking on your neighbors’ door at 3 a.m. to see who’s sleeping and who’s not” (Lawrence, 2001).
Fping is a utility that is used for ping sweeps and unlike normal ping it sends one ping packet to one IP address, and then proceeds immediately to the next IP address. Fping navigates through the IP addresses from the top to the bottom, then back to the top and so on. This tool was actually made so that system administrators can use it in scripts for checking network issues among other issues. However, hackers can take advantage of Fping to hijack a machine on the network. NMAP is also another tool that does ping sweeps.
Port Scan If an IP address is live and responds to a ping sweep, the hacker uses port scan method to check for open ports. This process involves probing each port on a host to determine which ports are open. Once an open port is found, then usually it is a matter of breaking the username and password to get it.
Intruders or hackers can connect to a series of ports on the target server or machine and find out what services are running. The target here is a service that is less secure: easy to hack. According to Lawrence Teo, in another type of port scan, the hacker can connect to the port and immediately close the connection. Since a full connection does not happen, the transaction is not logged in the target machine. If the hacker gets an open port in the scan, he will be able to get into the network and steal or create havoc. Financial information and customer information can be compromised and the hacker can illegally transfer money from the financial system to his accounts. To protect a company from these threats, a company must have a robust security system for its network. Preemptive measures should be established and tools should be in place to ward off malicious attacks. There should be guidelines on what to do in the event of a successful attack. There should also be tools configured to recover from attacks and minimize the losses that arise from attacks like port scans and ping sweeps. Preemptive measures include having an established written security policy. There should be a robust authentication and authorization system. The network should also have a properly configured firewall to help block these attacks by preventing any outside IP addresses from accessing the network. The firewall performs SYN flood protection that drops SYN packets, which resemble denial of service attacks. Network and Host IDs should be configured appropriately as well.
“However, due to the way that port-scanning tools send thousands of SYN packets are very high speeds, these packets are often dropped by SYN flood-protection mechanisms…Attackers can still port-scan and map your network and its services, but tools such as nmap and SuperScan must be reconfigured to increase the delay between sending SYN packets” (Chris, 2004). In addition, the publicly accessible servers must be kept in a (Demilitarized) DMZ zone where very few services can be accessed by the general public. This means that users can get into the network only by using a secure VPN connection. For the networks that mainly use IIS webservers (Microsoft), Microsoft provides a tool called URLScan, which filters all URLs that are known to attack IIS web servers. The ISP allows limited ICMP messages into the company's network so that ping sweep attacks can be contained. There are also open source tools that the company can take advantage of their services. According to RedHat, article Securing your system with Snort, Snort is a powerful network-intrusion prevention and detection system. Snort works by utilizing a rule-based language that combines the benefits of signature inspection, protocol inspection, and anomaly-based inspection. You can configure Snort to run in a few different modes Sniffer mode, Packet Logger mode, Network Intrusion Detection (NIDS) mode. It monitors and analyzes network traffic in real time and sends and logs alerts for suspicious packets.
As well, ping sweep detectable tools should be configured in the firewall. For example, ippl is an Internet protocol logger that logs packets that enter the network and logs them accordingly.
If there is a threat of attack, ICMP packets can be disabled temporarily. Once the attack phase is over, they can re-enabled again.
Conclusion
In conclusion, computer networks of companies have to face the threat of network attacks and cyber attacks by devious people. Our network may not be as secure as we need it to be. Therefore, we need to look into threats like ping sweeps and port scans with serious intention to improve network security.
The company must have a robust security system in place that is constantly monitored and make sure that latest technology is used to protect the network. The company cannot rely on existing security mechanisms. There are newer and more dangerous ways of attacking the network. As such, security is an ongoing activity. Companies have to be on top of these changes by visiting mainstream security related websites. It is also important to update firewalls. The company should ensure that the security policy is adopted and adhered to by all employees. This helps in making the network and the company secure and in ensuring that critical and vital information to the companies and their clients is safe and secured.
"Yes, this is something we should be concerned about."

References

InfoSoc (2014, July). Ping Sweeps and Port Scans; Analysis http://richyrich7573.wordpress.com/2014/07/13/ping-sweeps-and-port-scans-analysis/ RedHat, (2005, November). Securing your system with Snort http://www.redhat.com/magazine/013nov05/features/snort/ Pillai, Sarath. (2013, March). What is ping sweep and how to do a ping sweep. Retrieved from http://www.slashroot.in/what-ping-sweep-and-how-do-ping-sweep
Teo, Lawrence. (2000, December). Network probes explained: understanding port scans and ping sweeps. Retrieved from http://www.linuxjo
McNab, Chris (2004, March). Top ten tips to make attackers’ lives hell. Retrieved from http://www.onlamp.com/pub/a/security/2004/03/25/ntwksecurityassess.html…...

Similar Documents

Premium Essay

Week1

...Management and leadership go hand and hand. Leadership and management are not the same but they are link. Management’s job is to plan, organize and control people and resources. Management focuses more on the systems and the structure of the organization. In this position they are in usually there to maintain order and assure proper protocol is being followed. For example in technical support manager don’t necessarily have to be technical but just make sure agents are following the companies’ policies. They are more concerned with 1 :) Reaching the bottom line 2 :) Pleasing the customer 3:) Developing Strategies and gathering the resources necessary to accomplish the company’s goal. Leaders are responsible for motivating the employees to accomplish the organizations goals. People in leadership roles are usually people persons. Because of the different personalities that exist in the workplace leaders will have to relate effectively to those personalities they clarify company policies and explain multiple routines to the employees. In my opinion leadership is the backbone in a sense to management because they help enforce the policies. They also are responsible for training, coaching and ensuring the employees are following the companies’ policies. Unlike management leaders don’t usually just tell people what to do but they try to appeal/inspire them in order to get them to follow there, in my opinion both leadership and management are important to the company’s success. In......

Words: 260 - Pages: 2

Premium Essay

Week1

...Exective Summary: Research shows there is an excellent opportunity for growth and thus increasing the companies’ revenues tremendously. Majority of the company’s researched showed a 30% or higher increase in sales within 5 years which is great for expansion. Building an exceptional customer service program will Increasing sales and return customers and also expanding to new customers. Some background: On-line gaming in the US and global market increased over the past 5 years has been more than 30%. We also found that CanGo customer satisfaction rate is under 50% which threatens the company poetical for growth. Solution: To Expand into the gaming market using a Strategic planning process as part of company operations utilizing internal personnel with external training to get people qualified where they are needed. Identify the companies’ capabilities through Opportunity analysis by replace communication system with a lean, to the point customer service system with operators as needed then build a return customer base by offering rewards and discounts. Market analysis shows the increase of revenue 38% in the US and 30.8% in the global market. Finically CanGo Return on assets is 2.3% and return on sales is 10.94% , excellent. Capital raised the cost of the online gaming to 30,000. With an increase in the market and customer base, CanGo estimates can exceed the 30,000 yearly. SWOT Analysis: Strengths: The e-service that CanGo has offered its customers is a......

Words: 4052 - Pages: 17

Premium Essay

Week1

...I followed the instructor’s suggestions and altered my thesis statement, by editing the first phrase and reorganizing my sentence. My thesis statement is now more clear and concise. I am still in the process of writing my paper, hence, I do not know if I can reach the target word count however. I will accept the suggestion and search for an appropriate fourth point of discussion. I will go thru the entire paper and convert it to the appropriate third person point of view, I will review my topic sentence and make sure they support my thesis statement and my central idea. I have thoroughly proofread my paper to correct grammatical errors, arising from punctuations errors and active/passive voice errors. I plan to request another person to proof read my paper. I will also use the writing tools from CWE to help proofread my paper. I will use sentence variety to break up the monotony in my paragraphs and liven up my text, I will thoroughly proofread my paper to remove all punctuation errors. I will also use all resources in CWE to proofread my paper. There was some confusion on the proper use of the words affected or effected. I had used the word affected when it really should have been effected, I had some confusion on the proper use of these words fortunately, write point did point out my error. There were some typographical errors I failed to proofread, I had corrected these errors. Write point has suggested that I use declarative statements, instead of......

Words: 344 - Pages: 2

Premium Essay

Week1

...During the last decade, the United States experienced the largest wave of immigration in the American history: the latest figures from the 2000 census reveal that out of a total population of 281.4 million Americans, 31.1 million were born abroad or have parents who were born abroad, 11.3 million more than in 1990 an increase of 57%. Added to this, countless people have entered the U.S. by means paralegals (over 12 million illegal immigrants in the country). No country has yet faced such a pace of immigration. Immigration can be defined as the phenomenon of entry into a host of individuals or non-Aboriginal population of individuals, usually to find a job or with the intention of settling there in the prospect of a better quality of life (Collins English Dictionary , 2012). The history of settlement in the United States is inseparable from that of immigration. The real national minorities are indigenous (Amerindian, Inuit and Aleut). Since the arrival of European settlers in the sixteenth century, more than 50 million immigrants settled in the United States. Vast majority of immigrants came from Europe. First Anglo-Saxon immigration widened in the last quarter of the nineteenth century, the countries of Mediterranean Europe (especially Italy) and Central Europe. More than 23 million immigrants streamed between 1880 and 1920. A new form of immigration developed after the Second World War. It was mostly political refugees from Eastern Europe, and anti-Castro Cubans. Today,......

Words: 367 - Pages: 2

Premium Essay

Sec280 Week 6 Case Study

...SEC280 Week 6 Case Study Gem Infosys, a small software company, has decided to better secure its computer systems after a malware attack shut down its network operations for 2 full days. The organization uses a firewall, three file servers, two Web servers, one Windows 2008 Active Directory server for user access and authentication, ten PCs, and a broadband connection to the Internet. The management at Gem needs you to formulate an incident-response policy to reduce network down time if future incidents occur. Develop an incident-response policy that covers the development of an incident-response team, disaster-recovery processes, and business-continuity planning. Gem Infosys Incident Response Policy To ensure timely response to a network disruption, an Incident Response Team has been formed. This team comprises contacts in several departments throughout the organization. The following policy outlines who to contact and what steps to take in case of an incident involving network related tasks. Incident Response Team Contacts DUTIES TEAM MEMBERS EXTENSION Team Lead Edward Einright 7001 Network Analysts Dave Firuzio 7002 Paul Gerschadt 7003 Security Analysts Rob Jensen 7004 Natalie Pierson 7005 Legal Affairs Frank Saddich 7006 Public Affairs Michelle Davenport 7007 Duties Team members will establish and implement policies in the following areas: a) Worm response procedure b) Virus response procedure......

Words: 870 - Pages: 4

Free Essay

Sec280

...Case Study: Network Infrastructure Security It is important to secure the Windows and Unix/Linux servers for many reasons. Leaving the servers open to shortcomings and vulnerabilities can open a door for those who seek to damage, destroy, or obtain sensitive information from the company. It’s important to identify any possible vulnerability and secure each one quickly and efficiently to protect information, and the system itself. Preventative measures are the best defense against attacks, and securing the network servers before they are breached will help to ensure that those who seek to gain unauthorized access will be kept out. Information stored such as personal information, salaries, social security numbers, and even credit card or bank information are all susceptible to theft if the system is not secure. Identity theft is a very serious and prominent threat; proper measures should be taken to ensure the safety and security of this type of information. The company also stores sensitive information about its employees, business practices, legal and financial information, all of which also need proper safeguarding. Secondly, a breach in the server could do irreparable harm to your corporate image, profits, and daily activities. Once infected, a server will generally “revert to a backup image, which may affect the availability of key, revenue-generating applications and services”. (Bit9) It is vital that the servers be secured and that patches, upgrades and updates are......

Words: 451 - Pages: 2

Premium Essay

Sec280

...SEC280 | Week 1 | Case study on Port scans & sweeps | | Jared's | 11/3/2012 | Brief description of what they are and are they dangerous to company! | To answer the main questions for the concerns of our network, NO. These items that have been heard about do not require immediate attention as they are considered normal. We are protected behind our firewall as well as if the employees do as asked at the end of their shift, we will have absolutely nothing to worry about. As more in likely that situation was handled when we brought the network online. Here is a brief rundown on your concerned areas: Ping Sweeps and Port Scans are the two most common network probes that serve as important clues in sensing invasions or intrusions that can harm any type of network. Network probes are not actual intrusions, although, they could be potential causes of actual intrusions. Port scans and ping sweeps can lead to an intrusion of companies’ network system, however, with today’s technological advancements, these activities can be detected and prevented. Ping Sweeps; Ping sweeps are a set of ICMP Echo packets that are sent out to network of computers, actually a range of IP addresses, to see if there are any responses. As an intruder sends out the ping sweeps, he looks for responses so he can figure out which machines he can attack. “Note that there are legitimate reasons for performing ping sweeps on a network—a network administrator may be trying to find out......

Words: 1129 - Pages: 5

Premium Essay

Week1

...APPLICATION FOR STATE EMERGENCY RELIEF Michigan Department of Human Services Case Name: Case Number: Date: DHS Office: Specialist: Phone: Fax: Specialist ID: Client ID: I hereby make application for the State Emergency Relief (SER) Program. I understand that the following information will be used in the determination of my eligibility for SER. If this application is for burial services, I understand that it must be received by the DHS office in my area no later than 10 calendar days after the burial, cremation or donation takes place. ADDRESS INFORMATION 1. 2. Check where you live: House/apartment/mobile home Homeless Other Address where you live (number, street, rural route, apartment/lot number) City 3. Mailing Address (if different from above, or PO box) City 4. Home phone State Cell phone Zip code County Work phone Whose phone number is it? (name/relationship) Email address State Zip code County Phone number where we can leave a message TDD/Other number Check the service(s) you are requesting and the amount needed to resolve the emergency – PROVIDE PROOF 1. Energy/Non-Energy Services 1a. 1b. Rent $ Security Deposit $ 1c. 1e. 1g. 1i. 1k. Moving Expense $ Electricity $ Water/sewer or cooking gas $ Taxes $ Home Repairs $ What Needs Repair? 2. 3. Burial services $ Migrant hospitalization $ 1d. 1f. 1h. 1j. 1l. Heat $ Furnace Repair $ Mortgage $ Insurance $ Food $ Deliverable fuel % HOUSEHOLD INFORMATION List below all members of your household,......

Words: 2019 - Pages: 9

Premium Essay

Week1

...Dream Analysis and Interpretation Concordia University- Wisconsin KA October 9, 2012 COUN-554 All human beings are also dream beings. Dreaming ties all mankind together. - Jack Kerouac Humans have been studying and trying to understand the meaning behind dreams and what exactly they mean. Although, dream interpretations have been around since 3000-4000B.C., there is still great controversy over analyzing and understanding dreams. According to (Word IQ, 2010), dream interpretation is the art of determining the meaning of the symbolic content of a dream. During the Greek and Roman periods, dreams were believed to be direct messages from their gods or the dead. They believed that dreams forewarned and predicted the future, and therefore, provided them with solutions on how to handle situations. The Greek and Roman people had self-help techniques for inducing certain dreams. They also believed in the significance of dreams, and used interpreters to work alongside both military and political leaders. Dream interpretation is also a part of psychoanalysis; psychoanalytical therapists analyze the content of the dream, perception of dream, hidden content of a dream, and the meaning of the dream and the reasons the dream occurred. Sigmund Freud’s pioneering psychoanalytic approach to interpreting dreams is currently used in Modern-day therapeutic settings. Another approach to dream interpretation is from a Christian biblical perspective. Dream interpretation......

Words: 1585 - Pages: 7

Premium Essay

Week1

...Generally accepted accounting principles (GAAP), created with authoritative support, are principles, rules and guidelines required to follow by accountants when preparing financial statements. The Hierarchy of GAAP is a structure consists of four different categories of well- developed accounting principles. The categories are from A to D with category A containing principles with the most authoritative support and category D having the lease. Major sources of The Hierarchy of GAAP are FASB Standard, Interpretations, and Staff Positions; APB Opinions; and AICPA Accounting Research Bulletins. This hierarchy is important because it minimize the financial data from being biased and inconsistency by using multiple sources of the GAAP instead of just one. For example, if two or more sources in a given category do not agree with a specific transaction, then a higher category should be followed. Two primary qualities that make its accounting information effective are relevance and reliability. Relevant information has predictive value, which help users foretell the outcome of events in the past, present, and future. Another reason relevant information is effective is that it is presented in a timely manner early enough for the user to consider when making a decision. It also helps users clarified and adjusted expectations in the past because relevance information has feedback value. Reliability is another quality that makes its accounting information effective.......

Words: 741 - Pages: 3

Premium Essay

Week1

...Week 2 Knowledge Check Study Guide Concepts Mastery Score: 11 / 12 Questions TECHNOLOGIES FOR BUSINESS 100% 1 100% 2 3 100% 4 5 6 80% 7 8 9 100% 12 COMMUNICATION PLANNING BUSINESS MESSAGES BUSINESS COMMUNICATION WRITING BUSINESS MESSAGES COMPLETING BUSINESS MESSAGES 10 11 Concept: TECHNOLOGIES FOR BUSINESS COMMUNICATION Mastery 100% Questions 1. Email communication A. is characterized by low control. B. is characterized by little coordination. C. is a rich communication medium D. incurs high cost Correct: The Correct Answer is: B. 1 Concept: PLANNING BUSINESS MESSAGES Mastery 100% Questions 2 3 2. Which of the following is the first step in the AIM planning process for developing influential messages? A. Idea development B. Message structuring C. Audience analysis D. Message review Correct: The Correct Answer is: C. 3. In the context of the AIM planning process, which of the following tends to be the single most important planning step for many messages? A. Identifying reader benefits and constraints B. Making the message easy to navigate C. Estimating your credibility D. Ensuring the communication is fair Correct: The Correct Answer is: A. Concept: BUSINESS COMMUNICATION Mastery 100% Questions 4 5 6 4. George, the marketing manager at Regal,......

Words: 793 - Pages: 4

Premium Essay

Week1

... Statute of Frauds Dustin Heuck Week 1 Grantham University This case would be held as a Statue of frauds case. That means that the requirement of certain kinds of contracts are memorialized in a writing, signed by the party to be changed, with sufficient content to evidence the contract. These are traditionally required in different cases that affect more than one party. Examples of this would be consideration of marriage, contracts that cannot be fulfilled on one year and contracts for the sale of goods totaling $500 or more. In these cases, if a defendant is going to use Statute as a defense, must be raised in a timely manner. If the defendant claims that a contact existed, under oath, it may ne be used by the defense under the UCC but can be used by common law. Exceptions to this are Admission which was just discussed, Merchant conformation rule, and Easements by implication. Every state has a Statute that requires individual contracts which are most commonly used for sale of land, and other types of contracts that cannot be completed within one year. In this particular case the oral contract would be upheld as long as it was documented. Any oral contract such as the one made by Mark and Johnny, would be upheld in the courts s long as it was documented. The purpose of this contract is that it can be proven to be reliable. These contracts must fall under 6 categories to be binding and require such a contract. The six categories are as follows. Any contract......

Words: 527 - Pages: 3

Premium Essay

Sec280

...HOME NETWORK SECURITY Most home users know that there are hackers, but they do not believe that their computer is constantly under attack. Attackers use home computers, not only to get personal information, but as a way to attack other networks without being discovered. We install antivirus software, firewalls, and keep our software updated to secure our systems from potential attackers. The problem is that everyone is not educated in the many ways a computer can be hacked. Family and friends are probably the biggest threat to home network security. Most people are willing to give full access to their computers to people that they think are trustworthy. It is easy for a trusted friend to steal your personal information or mistakenly download a virus, Trojan horse, or worm. The best known way of attacking a system is with a computer virus. A computer virus attaches itself to a program or file allowing it to spread to every computer it encounters. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. (The Difference Between a Computer Virus, Worm and Trojan Horse, 2011) One of the most common ways an intruder use to invade your home computer is a Trojan horse program. A Trojan horse program will be hidden, in what appears to be legitimate software or files from a legitimate source. The effects of a Trojan horse vary from......

Words: 397 - Pages: 2

Premium Essay

Week1

...This is a review of the article titled The Enormous Cost of Medical Errors by Bernard Healey and Michele McGowan. The Institute of Medicine reports that as many as 98,000 patients die each year from preventable medical errors. Medical errors are a serious problem which have gotten very little attention by leaders in the health care industry. In many instances physicians and hospitals are actually reimbursed for having the error and then reimbursed again for rectifying the error if the patient lived. These errors included diagnostic and treatment errors, surgical errors, drug errors, hospital acquired infections and delay in treatment to name a few. When these errors are investigated the cause quite often is lack of communication among health care staff. The lack of cooperation among employees in health care delivery systems is one of the major reasons for the epidemic of medical errors in medical care; too many patients are the victims of preventable medical errors and infections that occur in the hospital. The article clearly supports the course material by citing the primary causes of medical errors and supporting them with statistical data. The Institute of Medicine (IOM) (1999) released a study revealing that as many as 98,000 of the 33 million individuals hospitalized each year die and many more receive secondary infections because of poor quality health care while hospitalized. Medical errors are estimated to be the eighth leading......

Words: 595 - Pages: 3

Free Essay

Week1

...Wikipedia is a Credible Source of Information Dalia Alawami MGT/521 June 18, 2012 Ms. Sandra Griffin Wikipedia is a Credible Source of Information “I have always viewed the mission of Wikipedia to be much bigger than just creating a killer website. We're doing that of course, and having a lot of fun doing it, but a big part of what motivates us is our larger mission to affect the world in a positive way”.(Jimmy Wales) When Jimmy Wales and Larry Sanger lunched the web based encyclopedia Wikipedia, the basic idea which they wanted to provide is offering considerable source of information that is affordable to anyone who has an access to the internet. The main theme of Wikipedia is the editable tool available in the web site, any internet user who has an account in Wikipedia can edit or add information to any article or writing new article. However, this point itself is the most controversial aspect of Wikipedia. Since normal users are writing & editing articles that means accuracy of mentioned information can’t be considered in researches, well this is the claiming of people who are against the idea of Wikipedia. Those claims lead to several studies & comparisons done by experts & academic figures through the last 10 years. Since the creation of the site 2001 the argument has been started and still ongoing. Too many questions been aroused, “Who is writing those articles?”, “Why some articles are not supported with resources?” “Why identity of the......

Words: 888 - Pages: 4