network security assignment sample

Assignment Four: Network Security (Group Assignment)

This project will introduce you to common network protocols, network packet trace analysis, and the basics of network penetration testing. This is a group assignment and must be done in groups of two or three only. You will complete three parts in this assignment, and each group member must contribute to all of the parts.

This project asks you to perform several tasks that would be considered network attacks in many situations. For this project, you have our permission to target a network that we are providing for this purpose. Attempting the same kinds of attacks against other networks without authorization is prohibited by law and university policies. You must not attack any network without explicit permission from an authorized administrator of that network. Understand what actions are considered “out of scope” for Part 3 of the assignment.

You must also understand that observing the work of other groups (even if visible on shared network infrastructure) will be considered academic misconduct. See “Rights, Rules, and Responsibilities” on the Princeton University website for official policies regarding privacy and property rights.

Getting Started

Please follow the Student VM Instructions to setup a virtual environment with pre-installed tools needed for this project. Once the setup is complete and you are able to log into the virtual machine, download the assignment files to the virtual machine and proceed to the following parts. You will answer questions in the text files found in that starter zip archive.

Part 1: Exploring Network Traces

Security analysts and attackers both frequently study network traffic to search for vulnerabilities and to characterize network behavior. In this section, you will examine a network packet trace (commonly called a pcap or “packet capture”) that we recorded on a sample network for this assignment. You will search for specific behaviors and relevant details using the Wireshark network analyzer, which is installed on the provided VM image.

Examine the part1.pcap file from the assignment files. Familiarize yourself with Wireshark’s features. Try exploring the various options for filtering and reconstructing data streams. Don’t be afraid to search for introductory tutorials or guides about these features.

Concisely answer the questions below. Each response should require at most two or three sentences. Use the provided part1.txt file for your answers.

• Multiple devices are connected to the local network. What are their MAC and IP addresses? Who manufactured these devices?
• What type of network does this appear to be (e.g., a large corporation, an ISP back- bone, etc.)? Point to evidence from the trace that supports this.
• What is the DNS hostname of the server it connects to?
• Is the connection using Active or Passive FTP?
• Based on the packet capture, what is one major vulnerability of the FTP protocol?
• Name at least two network protocols that can be used in place of FTP to provide secure file transfer.
• What is the domain name of the site the client is connecting to?
• Is there any way the HTTPS server can protect against the leak of information in (a)?
• During the TLS handshake, the client provides a list of supported cipher suites. List the first three cipher suites and name the crypto algorithms used in each.
• Are any of these cipher suites worrisome from a security or privacy perspective? Why?
• What cipher suite does the server choose for the connection?
• Even though logins are processed over HTTPS, what is insecure about the way the browser is authenticated to Facebook?
• How would this let an attacker impersonate the user on Facebook?
• How can users protect themselves against this type of attack?
• What did the user do while on the Facebook site?

Part 2: Network Anomaly Detection

In Part 1, you manually explored a network trace. Now, you will programmatically analyze a pcap file to detect suspicious behavior. Specifically, you will be attempting to identify port scanning.

Port scanning is a technique used to find network hosts that have services listening on one or more ports. It can be used offensively to locate vulnerable systems in preparation for an attack or defensively by researchers and administrators. In one kind of port scanning technique, known as a SYN scan, the scanner tends TCP SYN packets and watches for hosts that respond with a SYN+ACK packets ( see the NMAP documentation for more details on this type of scan ). Since most hosts are not prepared to receive connections, most of the SYN packets will be unanswered. This means you will likely observe a host who is scanning the network will send many more SYN packets than the number of SYN-ACK packets it receives.

Your task is to develop a Python program that analyzes a pcap file in order to detect possible SYN scans. To do this, you should use a library called dpkt . This library is included in the provided VM image. You can find helpful tutorials on its documentation website .

Your program (called detector.py ) must take as a command-line argument the path of a pcap file to be analyzed. A skeleton file for detector.py is included in the assignment files. For example:

The output should be the set of IP addresses (one per line) that sent more than three times as many SYN packets as the number of SYN+ACK packets they received. Your program should silently ignore packets that are malformed or using another protocol besides TCP.

A large (~350 MB) sample pcap file is included in the assignment files. It is called part2.pcap . You can examine the packets manually by opening this file in Wireshark. For this input, your program’s output should be these lines (in any order):

We will test your program using a variety of input pcap files to make sure your program works with arbitrary network traces. Although the above instructions are for a Python program, you may use another programming language. If this is the case, simply make a post on Piazza to inform the AIs of which programming language and which packet parsing library you plan to use.

Part 3: Penetration Testing

In this section, you are tasked with providing penetration testing services to a fictional company called SketchyCorp. Each project team will conduct a thorough penetration test of the company’s networks and exposed systems.

SketchyCorp recently created a remote office for its employees to work. SketchyCorp is concerned that its remote office may be more vulnerable than its headquarters since it uses a wireless network to provide access to its remote employees.

Your objective is to test the security of SketchyCorp’s networks and systems. In this engagement you will be authorized to break into SketchyCorp’s systems and explore any vulnerabilities you find. As in a real-world penetration test, you will be expected to use your ingenuity and technical skills to discover clues and techniques for meeting your objectives.

SketchyCorp employees connect to the wireless network using WPA2-PSK security. From there, they can access the SketchyCorp firewall, which allows company employees to log into and gain access to company mainframe. The investigators believe the infrastructure works as shown in this figure.

We have sent an investigator to the remote office for wireless access analysis. However, they are foiled by the WPA2-PSK security. They have managed to capture the wireless authentication handshake, which is found in part3.pcap in the assignment files. They have also determined that the password is in the form of either cos432-XYZ or COS432-XYZ where X, Y, and Z are alphanumeric characters. Provide them with the correct WPA password with the form at this website , and they will provide you with your next lead there.

Concisely answer the questions below. Each response should require at most two or three sentences. Use the provided part3.txt file.

• How many possible Wi-Fi passwords are there that fulfills the password format?
• What is that actual Wi-Fi password used? How did you obtain that password?
• What are their IP addresses, respectively? (If a machine has multiple interfaces, report all IP addresses.) How did you get these addresses?
• What services are currently running on these machines respectively? On which port is each service running? How did you obtain this information?
• What does the unencrypted conversation say? Please paste it here and briefly describe how you found and obtained the content.
• (extra credit) Can you decrypt the encrypted messages? If so, what does the plaintext say? Describe how you determined the plaintext contents of the encrypted messages.
• List all of the clients of the company. Briefly explain how you gained access to this client list.

Pentesting Scope

There will be certain systems and networks that are in scope for this project. Everything else should be considered out of scope . If you have any questions about what is in or out of scope for this project, get clarification from one of the course AIs before you act.

These are in scope :

• Connecting to the SketchyCorp network.
• Capturing network traffic from the SketchyCorp firewall.
• Using automated network scanning tools from the SketchyCorp firewall.
• Logging into SketchyCorp systems with any credentials you obtain.
• Brute forcing or cracking SketchyCorp passwords with your local machines.

Here are a few guidelines to avoid going out of scope during this project:

• DO NOT brute force any passwords if it means sending large amounts of traffic over a network connection.
• DO NOT use vulnerability scanners or packaged exploits (e.g., you cannot use Metasploit)
• DO NOT capture traffic on you local machine with Wireshark or tcpdump . Additionally, nmap may not be run on your local machine at all. You may only use Wireshark on your local machine to review packet capture files.
• DO NOT perform actions that cause difficulty for other users or that interfere with the project infrastructure (i.e., executing a denial of service attacks).
• DO NOT attempt to elevate your shell privileges on the SketchyCorp firewall.
• DO NOT do anything else that is not specifically designated as in scope . If you are unsure, please ask for clarification on Piazza.

A note about cheating: There may be backdoors you discover along the way. DO NOT SHARE THEM. If you have questions about whether you may use a particular backdoor, post a private question on Piazza before using it.

Submission Requirements

Submit the following files to Gradescope :

• part1.txt - Answers to questions regarding Part 1.
• detector.py - Source code for your Python script (or another program) for SYN scan detection.
• part3.txt - Answers to questions regarding Part 3.

CS 4740/6740 - Network Security

News & announcements.

• Provide a solid understanding of the design and analysis of network security architectures, protocols, and services. Most of these protocols are based on cryptographic primitives and can be used as building blocks for more sophisticated networked systems. Such theoretical knowledge also provides the foundations to understanding attacks from password cracking to recent SSL/TLS BEAST and CRIME exploits.
• Provide a indepth coverage of today's network security standards, their functionality and limitations e.g., SSL/TLS, Kerberos, IPsec, OAuth, WPA.
• The course covers how industy and international standards are used as part of state of the art systems such as in Single Sign On, email (e.g., S/MIME, DKIM), web (e.g., HTTPS), DNS (e.g., DNSSEC), online social networking platforms (e.g, facebook), 2G/3G/4G/WiFi wireless/mobile communication systems protocols, streaming platforms (e.g., netflix). We will also discuss recent trends in network security attacks, and cyber-attacks in general, and analyze variety of attacks from the analysis of worms spreading, to SSL/TLS session renegotiations/compression, DNS security, to spam and it's crypto-based countermeasures.
• The course has a substantial hands-on component. In addition to the conceptual problem sets, each team of students is required to perform several laboratory assignments on a sandboxed network of virtual machines. Such labs include netowrks scanning, host/network intrusion detection, buffer overflow attacks, passwork cracking, sql injection, and cross site scripting. The course culminates in a project where the students apply the acquired conceptual and practical knowledge of network security protocols and applications to designing, prototyping and deploying a networked application (typically a secure instant messaging application). Each team is also required to analyze other teams designs and implementations, identify potential vulnerabilities and demonstrate exploits.

Instructors interested in using the course material (including laboratory setup, configs, and solutions) are welcome to contact me.

Guevara Noubir (noubir ATA ccs DOTA neu DOTA edu) Office: 238 West Village H

Amirali Sanatinia (amirali ATA ccs DOTA neu DOTA edu) Office: 208 West Village H a -->

Class Information

Laboratory assignments will be on the course sandboxed network of virual machines and infrastructure (See Laboratory 1).

List of books . List of useful links .

Class Materials

• [ PDF ; Handouts ] Review of Internet architecture and protocols.
• [ PDF ; Handouts ] Non-cryptographic network security: tools, etc.
• [ PDF ; Handouts ] Review of cryptography concepts, algorithms,and security services.
• [ PDF ; Handouts ] Authentication Protocols I: Basics
• [ PDF ; Handouts ] Authentication Protocols II: Mediated Authentication Protocols (KDC)
• [ PDF ; Handouts ] Authentication Protocols III: Strong Password-Based Authentication
• [ PDF ; Handouts ] Kerberos.
• [ PDF ; Handouts ] Secure Socket Layer SSL/TLS.
• [ PDF ; Handouts ] Public Key Infrastructures (PKI).
• [ PDF ; Handouts ] IPsec: AH, ESP, IKE.
• [ PDF ; Handouts ] Multicast Security.
• [ PDF ; Handouts ] DNS Security.
• [ PDF ; Handouts ] Email Security.
• [ PDF ; Handouts ] Viruses, Worms, etc.

Test Your Knowledge

• You can access the weekly Test Your Knowledges here.

Assignments

PS1 [ solution ]

PS2 [ solution ]

PS3 [ solution ]

PS4 [solution]

Introduction

Buffer Overflow

Port Scanning

Network Intrusion Detection

Host-based Intrusion Detection

Password Cracking

Host Hardening

Man-in-the-Middle Attacks

Local Exploits

Vulnerability Scanning

Application Exploits

The exam will take place on November 6th and 8th. Please mark your calendars and make sure that you will be able to attend.

The main goal is to get a hands-on experience with securing networks and designing/developing secure network. The lab assignments will help the teams to prepare for the competition by gradually building a secure network.

• Application guidelines
• Competition Rules

Teams Final Designs and Implementations:

• Previous years teams A and B: Design and Source
• Systems Competition Requirements
• Systems Competition Rules
• Using the GUI on the attacker machine

Late submissions will result in a 10% penalty per day (e.g.: 2.5 days late result in 25% penalty.)

Students may discuss the problem sets with one another, but solutions should be written up separately .

If a key idea is obtained from another person (other than the TA or the instructor) or from another book or paper (other than the course textbook), then the source of that idea should be cited. Solutions should be presented in a clear and concise manner.

Teams consist of two students. All the team member should participate actively to the labs and application development. For each laboratory each group member should document his contribution .

Undergraduate teams must complete 5 lab (including the Introduction Laboratory 1).

Graduate teams must complete 7 lab (including the Introduction Laboratory 1).

The course grade will be based on:

• 20%: 4 problem sets on network security theoretical concepts
• 10%: 3 quizzes
• 30%: Midterm exam
• 15%: Laboratory assignments
• 20%: Presentations, final project report (design and analyis of other teams), code, and demonstrations
• 5%: Class participation

Northeastern University. College of Computer and Information Science. XHTML 1.0 Strict .

• Skip to content
• Skip to search
• Skip to footer

What Is Network Security?

Network security is the protection of the underlying networking infrastructure from unauthorized access, misuse, or theft. It involves creating a secure infrastructure for devices, applications, users, and applications to work in a secure manner.

• Why Network Security is Important (4:13)
• Cisco Secure Firewall

Contact Cisco

• Get a call from Sales

Call Sales:

• 1-800-553-6387
• US/CAN | 5am-5pm PT
• Product / Technical Support
• Training & Certification

How does network security work?

Network security combines multiple layers of defenses at the edge and in the network. Each network security layer implements policies and controls. Authorized users gain access to network resources, but malicious actors are blocked from carrying out exploits and threats.

How do I benefit from network security?

Digitization has transformed our world. How we live, work, play, and learn have all changed. Every organization that wants to deliver the services that customers and employees demand must protect its network. Network security also helps you protect proprietary information from attack. Ultimately it protects your reputation.

Types of network security

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Cisco offers both threat-focused firewalls and unified threat management   (UTM) devices. 

• Explore Cisco Secure Firewall

Workload security

Workload security protects workloads moving across different cloud and hybrid environments. These distributed workloads have larger attack surfaces, which must be secured without affecting the agility of the business.

• Explore Cisco Secure Workload

NetWORK security

NetWORK security is Cisco's vision for simplifying network, workload, and multicloud security by delivering unified security controls to dynamic environments.

• Explore our NetWORK vision

Network segmentation

Software-defined segmentation puts network traffic into different classifications and makes  enforcing security policies  easier. Ideally, the classifications are based on endpoint identity, not mere IP addresses. You can assign access rights based on role, location, and more so that the right level of access is given to the right people and suspicious devices are contained and remediated.

• Learn about network segmentation

A virtual private network encrypts the connection from an endpoint to a network, often over the internet. Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to authenticate the communication between device and network.

• Explore VPN and endpoint security clients

Access control

Not every user should have access to your network. To keep out potential attackers, you need to recognize each user and each device. Then you can enforce your security policies. You can block noncompliant endpoint devices or give them only limited access. This process is network access control (NAC).

• Cisco Identity Services Engine

Anti-virus and anti-malware software

"Malware," short for "malicious software," includes viruses, worms, Trojans, ransomware, and spyware. Sometimes malware will infect a network but lie dormant for days or even weeks. The  best antimalware programs  not only scan for malware upon entry, but also continuously track files afterward to find anomalies, remove malware, and fix damage.

• Learn about Cisco Secure Endpoint

Application security

Any software you use to run your business needs to be protected, whether your IT staff builds it or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities, that attackers can use to infiltrate your network. Application security encompasses the hardware, software, and processes you use to close those holes.

• Full-stack Observability
• AppDynamics APM
• Cisco application-first products
• Security Advisory Services

Behavioral analytics

To detect abnormal network behavior, you must know what normal behavior looks like. Behavioral analytics tools automatically discern activities that deviate from the norm. Your security team can then better identify indicators of compromise that pose a potential problem and quickly remediate threats.

• Cisco Secure Network Analytics
• Built-in security analytics across Cisco

Cloud security

Cloud security is a broad set of technologies, policies, and applications applied to defend online IP, services, applications, and other imperative data. It helps you better manage your security by shielding users against threats anywhere they access the internet and securing your data and applications in the cloud.

• Explore cloud security solutions

Data loss prevention

Organizations must make sure that their staff does not send sensitive information outside the network. Data loss prevention, or DLP, technologies can stop people from uploading, forwarding, or even printing critical information in an unsafe manner.

• Learn about data loss prevention

Email security

Email gateways are the number one threat vector for a security breach. Attackers use personal information and social engineering tactics to build sophisticated phishing campaigns to deceive recipients and send them to sites serving up malware. An email security application blocks incoming attacks and controls outbound messages to prevent the loss of sensitive data.

Industrial network security

As you are digitizing your industrial operations, the deeper integration between IT, cloud, and industrial networks is exposing your Industrial Control Systems (ICS) to cyberthreats. You need full visibility into your OT security posture to segment the industrial network, and feed IT security tools with rich details on OT devices and behaviors.

• Explore Cisco industrial/OT security
• Learn about Cisco Cyber Vision

Mobile device security

Cybercriminals are increasingly targeting mobile devices and apps. Within the next three years, 90 percent of IT organizations may support corporate applications on personal mobile devices. Of course, you need to control which devices can access your network. You will also need to configure their connections to keep network traffic private.

• Learn about Cisco Meraki

Security information and event management

SIEM products pull together the information that your security staff needs to identify and respond to threats. These products come in various forms, including physical and virtual appliances and server software.

• Identity Services Engine with SIEM

Web security

A web security solution will control your staff's web use, block web-based threats, and deny access to malicious websites. It will protect your web gateway on site or in the cloud. "Web security" also refers to the steps you take to protect your own website.

• Cisco Secure Web Appliance

Wireless security

Wireless networks are not as secure as wired ones. Without stringent security measures, installing a wireless LAN can be like putting Ethernet ports everywhere, including the parking lot. To prevent an exploit from taking hold, you need products specifically designed to protect a wireless network.

• Cisco Aironet AP Module for Wireless Security

Gain unified segmentation of workloads: a single pane of glass from the workload to the network and cloud, supporting all workload types without limitations. 

• Watch now (1:43)

Connect with us

• Explore Cisco Cybersecurity Viewpoints
• Security resilience
• Cloud Security
• Security Software
• Network Security Products
• Secure Firewall
• Latest Cybersecurity Report
• Small Business Security
• Industrial/OT security
• Watch: NetWork Security

Get started

• Web Security - Try Umbrella for free
• Trusted Access 2FA - Try Duo for free

Related network security topics

• What Is Vulnerability Management?
• What Is Antivirus Protection?
• What Is Ransomware?
• What Are Cyberattacks?
• What Is Phishing?
• What Is Cybersecurity?
• What Is Email Security?
• What Is a VPN?
• What Is Zero Trust?

Cisco blogs

• Cisco Network Security Blog

Follow Cisco Secure

Browse Course Material

Course info.

• Prof. Ronald Rivest

Departments

• Electrical Engineering and Computer Science

As Taught In

• Computer Networks
• Cryptography
• Security Studies

Learning Resource Types

Network and computer security, network and computer security, problem set 1.

This file contains the information regarding Network and Computer Security, Problem Set 1.

You are leaving MIT OpenCourseWare

Information Technology Assignment Sample on Network Security

You can download the sample Information Technology essay on Network Security with the following question for free at the end of this page. For further assistance in Information Technology Assignment help, please check our offerings in Information Technology assignment solutions. Our subject-matter experts provide online assignment help to Information Technology students from across the world and deliver plagiarism free solution with free Turnitin report with every solution.

(AssignmentEssayHelp does not recommend anyone to use this sample as their own work.)

Information Technology Assignment Question

Question 1         .

In this part of the assignment you are to give a demonstration about how the Asymmetric RSA algorithm works. You can find information about the RSA algorithm in the Ciampa textbook 4 th edition p. 427, or in Chapter 8 of the Handbook of Applied Cryptography (Menezes et al., 1996) available at http://cacr.uwaterloo.ca/hac/ . A summarised description of the algorithm follows.

• Choose two large random and distinct prime numbers p and q
• Compute the value of n as: n=p*q . In terms of RSA, n is called the modulus .
• Compute f as: f =(p-1)*(q-1)
• Select a random integer e, 1<e< f, such that the greatest common divisor (gcd) between e and f is 1. That is to say: gcd(e, f)=1 . This implies that e is such that e and f have no common positive divisors other than 1. In terms of RSA, e is called the encryption exponent .
• Choose d so that e*d º 1 (mod f ), where º is known as the congruence operator and (mod f) is known as the integer module. This implies that e*d – 1 is evenly divisible by f. In other words if the integer module is k, then [e*d – 1]/ f should be k. In terms of RSA, d is called the decryption exponent .

The Public Key is the combination of (e,n), used to encrypt the message. The Private Key is the combination of (d,n) used to decrypt the ciphertext and reveal the original message.

Given a Message M , to encrypt into ciphertext C , we use the following formula: C = M e mod n.

Given a Ciphertext C , to decrypt into plaintext message M we use the following formula: M = C d mod n.

• Based on the information given, illustrate the RSA algorithm using the information extracted from your student number to obtain the message M, and to choose p and q. To do that follow these steps:
• Take your student number and add all the numbers in it. From the result, take the least significant digit. This will be the message to encrypt. For example if your student number is s0209593, then the addition of the numbers is: 0+2+0+9+5+9+3 = 28 with the least significant digit being 8. The message is then M=8.
• Take the two least significant digits of your student number and from there choose p and q such that: p< two least significant digits <q. In our example, the two least significant digits of the student number are 9 and 3, therefore p<93<q.

Once you have chosen M, p and q, fill the following Table:

Do not forget to show your working. If you do not show your working then you will not have marks. To calculate C = M e mod n and M = C d mod n you may need to use the Modular Exponentiation algorithm. Information about this algorithm can be found in the web using a search engine like Google and searching for 'Modular Exponentiation') (2 marks)

• Based on your illustration of RSA and your research in the field, write a 200 word essay that addresses the following questions: what are the weaknesses of the RSA algorithm? How close p and q should be. How big are they supposed to be? How is n supposed to be in terms of factoring? What happens when e is small? What are the optimum values for e and d? All your references should be cited using the Harvard or APA format (3 marks)

You are a security specialist working for ABC Incorporated.  ABC use SNORT as their NIDS which protects their IP sub-network being in the range of 203.40.27.128 – 203.40.27.255.

A recent security vulnerability has been found in OpenSSH.  A junior staff member within the security team developed a new SNORT rule to detect this attack.  Your supervisor has asked you to check the work of the junior staff member to ensure there are no errors in the SNORT rule.

The security vulnerability is described as follows:

A buffer overflow has been detected in the OpenSSH server.  Exploits have been released and exhibit the following characteristics:

• A payload positioned 100 bytes from the start of the data with a string message 'You are mine'
• After the above payload, there is a variable field of 4 bytes specifying a return address.  These 4 bytes can be any value.
• Following the variable 4 bytes return address is the exploit code signature given in HEX as AB 8F 23 8A BC 92

The rule should:

• when triggered, drop and then log the packet only.
• detect attacks from inside and outside their private network.
• include a message with the log entry as 'OpenSSH exploit attempt'.
• include a reference to the CVE number CAN-2006-06-3318
• Have a classification of attempted-admin

The rule written by the junior staff member is as follows:

alert udp !203.40.27.0/24 any -> 203.40.27.128/24 23 (msg: 'OpenSSH exploit attempt'; cve:CAN-2006-06-3318; classtype: attempted-admin; content: 'You are mine'; depth: 12; offset:100; content: 'AB 8F 23 8A BC 92'; depth:6; offset:4;)

The rule above contains 10 syntax or logic errors .  Your task is to review the above rule and identify these errors which may prevent the rule from detecting legitimate attacks, or will cause false positives.  For all the mistakes, identify the error, explain why it is wrong, and then fix the error.

Here is a sample rule with a mistake in it.

alert udp any 53 -> any 53 (msg: 'DNS attack'; content: 'XYZ';)

Here is an example of the solution format:

Error 1: alert udp any 53 ->

The source port is given as 53, however requests to a DNS server from a client will use ephemeral ports, and therefore should be given as any.  To correct this mistake, the rule should read:

Solution 1: alert udp any any -> any 53

Question 3: Workshop Projects

Provide evidence that you have completed the following projects from the workshops:

Workshop 7: Project 11-3 in the Ciampa (4 th edition, 2012) textbook, pages 441-443

Workshop 7: Project 11- 4 in the Ciampa (4 th edition, 2012) textbook, pages 443

Workshop 7: Project 12-1 in the Ciampa (4 th edition, 2012) textbook, pages 480-481

Workshop 10: Project 8-1 in the Ciampa (4 th edition, 2012) textbook, page 320-321

Workshop 10: Project 8-3 in the Ciampa (4 th edition, 2012) textbook, page 323-324

Information Technology Assignment Solution on Network security

Student number is s0227801.

Addition of the numbers is: 0+2+2+7+8+0+1 = 20 with the least significant digit being 0. Hence the message is taken as the next least significant bit i.e. M=2.

Solution 1 b:

The inherent weaknesses of RSA Algorithm are that if the value of p & q and e are small then they are prone to attacks like man-in-the-middle attack, as the values can be easily guessed. Usually, the Key generation process in RSA operation is slow when compared to symmetric key operations. It is also vulnerable to impersonation if hacked.

Read more in the complete solution PDF document at the end of this page.

Solution 2:

The errors are highlighted and the explanation is provided below.

drop tcp any any -> 203.40.27.128/25 22 (msg: 'OpenSSH exploit attempt'; reference:cve,CAN-2006-06-3318; classtype: attempted-admin; content: 'You are mine'; offset:100; depth: 12;  content: '|AB 8F 23 8A BC 92|'; offset:116; depth:6;)

Workshop 7: Project 12-1 in the Ciampa (4th edition, 2012) textbook, pages 480-481

The significance of this project as a practice of Network Security helps us to understand the use of Digital Certificates as an important step for ensuring security through encryption.

Digital Certificates helps in safeguarding your private message or email from the risk of unauthorized disclosure. It uses a pair of files comparable to that of digital equivalent of handwritten signatures or sealed envelopes and is divided into two parts.

• Enter your Email Address (required) *
• This form collects your email so that we can correspond with you through our newsletters. Checkout our Privacy policy for more information.
• Yes, i consent to this conditions.
• Challenge question: 9+8=?

(Some parts of the solution has been blurred due to privacy protection policy)

• [email protected]
• +91-97 91 62 64 69

Network Security Project Topics

Network security is the method towards ensuring safety and protection to shield the fundamental system administration from getting affected by unapproved access, data alterations, physical damage, obliteration, and many other potential attacks. Network security project ideas are gaining importance due to the causes arising out of large-scale network usage . Reach our expert panel team for interesting novel network security project topics . Because issues in network security can lead to many problems which include the following

•      Loss of data
•      Disruptions in the system functioning due to virus and hacking
•      Breach in security leading to  malfunctioning

Think about a virtual private network. It is one of the important  mechanisms that establish a   safe connection  to secure the data sent and got. Let us first start by understanding the constraints in network security.   

WHAT ARE THE LIMITATIONS OF NETWORK SECURITY?

There are a few limitations existing in present-day network security systems which demand in-depth research and analysis to be carried out to get them solved. The following is a detailed description of certain important network security constraints.

• A large number of methods used for the authentication of users are not entirely reasonable for safe system operations.
• The absence of multifaceted validation plans lead to a less protected CPS framework
• As a result, unapproved claims can access the network
• The firewall arrangements are not truly pertinent and appropriate in many work areas of cyber-physical systems
• Dynamic firewall solutions like next-generation application-oriented firewalls can be the best replacement option
• Only the methods that are proposed recently can be explicitly embraced to ensure security frameworks like CPS
• Notwithstanding the recent methods, honeypot approaches in industry 4.0 needed much advancement.
• Assets and latency in overhead is introduced
• Due to the asymmetric nature of cryptography, the constant working of the CPS is in the client to organize some overhead issues and latency in the network because of the encryption and decoding deferral
• The different types of intrusion detection systems based on behavior, signature, and anomaly are available in network security systems
• Even though these systems are present they are not by and large applied inside the internet of things based areas and or not explicitly intended for securing the CPS framework

From the research works that happened recently in network security, our technical team enriched themselves with the possible solutions suggested overcoming the above limitations . It can be quoted here that such efforts of our technical team are retaining us still in the mainstay of cyber security research guidance. Now let us see about the various factors that are prominent in detecting cyber-attacks.

This article will give you a complete picture of network security concepts and implementations that are successful among researchers in different parts of the world.  

WHAT ARE THE FACTORS IMPORTANT IN THREAT DETECTION?

Detection of threat is the major part of any network security system to be declared more efficient by network users . The following five factors are common to all threats which should be identified efficiently by any attack detection mechanisms

• Accidental threats are those dangers that were cost and intentionally through some real network organization segments
• Adversarial threats present vindictive expectations of the people, associations, a state, or a nation
• The environmental dangers incorporate the following.
• Events of calamities like floods and seismic tremors
• Destructions caused by humans like blasts and flames
• Failures due to supporting frameworks like the malfunctioning of broadcast communication and power loss
• The objective of the attackers is the motive to any network security threats
• Criminal and terrorist actions
• Political intentions
• Components of the networks
• Network applications
• Interception, intrusion, alteration, and fabrication are the different mechanisms based on which any network security attack rely
• Network integrity
• Confidentiality of information
• Availability and accessibility

So creating the best framework for protecting a network from malicious attacks involves many different types of measures and strategies . Look into the following threats and proper strategies used to overcome such issues in network layer security.

• Hijacking the session
• Collection of data by unauthorized users
• Classifying the security zones
• Maintaining remote security
• Detecting invasions
• Isolation of firewall

It is as a result of our professional online research guidance on network security project topics that many PhD candidates around the world reported higher accuracy and performance of their model . We are always happy to extend you the necessary support for your research work. Get in touch with us to avail one of the top reliable research guidance in the world. Now let us have a detailed outline of network security systems.   

OUTLINE OF NETWORK SECURITY

As you might know, there are various technologies involved in cyber security systems . It becomes now important for us to understand such technologies and the various elements involved in ensuring network security along with their benefits.

• Internet of things
• Big data analytics
• Machine learning protocols
• Augmented reality
• Cloud computing applications
• Artificial intelligence
• Theft of intellectual property
• Physical damages in cyber networks
• Production loss
• Spear phishing
• Ransomware attacks
• Threats by malware
• Reliability loss
• Threats to safety and health of the network
• Issues related to the integrity of network and data
• Other common cyber attacks
• Security in application
• Securing the data
• Planning the continuation of business
• Security in operations
• End-user about cyber security mechanisms
• Network security protocols

With these elements, researchers include many new technologies into network security projects for enhancing the system as a whole. Why should one do research in cyber security? The answer to this question lies in its benefits. Let us see the  merits  of network security systems below.

• Improving the confidence of an organization
• Protecting the end-users from potential attacks on networks
• Enhancing the time of recovery after meeting with a security breach
• Protecting the network and information
• Cyber security mechanism to prevent malware attacks, phishing threats, and ransomware

The advantages of cyber security systems extend well beyond this list and researchers must take the responsibility of exploring and expanding the scope of network security systems existing these days. For this purpose, you need to have access to a high level of research data with multidimensional objectives.

You can reach out to our technical team at any time and get the necessary literature need to carry out your research. We will also provide you with all essential information in formulating network security project topics. Now let us look into the vulnerabilities existing in a network that has to be rectified by network security researchers.   

VULNERABILITIES OF NETWORKS

Here we categorize the network vulnerabilities into different heads as listed below.

• Vulnerabilities of devices and networks
• Susceptibility due to flaws in the system security
• Man in the middle attacks
• Threats in manipulating packets
• Network layer
• Application layer
• DoS and DDoS attacks
• Back door attacks
• Eavesdropping

The wired and wireless communications security features are compromised due to cyber security flaws.

• Configuration
• Absence of guidelines due to security
• Procedure lack
• Deficiency of policies of security

Having looked into the above aspects of vulnerabilities present in any network, you should now understand the practical and real-time faults that can become potentially vulnerable zones.   

VULNERABILITIES IN REAL-TIME NETWORK APPLICATIONS

The cyber-physical systems and their vulnerabilities are listed below. Have a look into the following aspects of vulnerabilities in which we gained the enormous potential to solve them.

• Protocols for open communication
• Attacks based on web
• Wired and wireless communications
• Insecure protocols
• Interconnected devices (exposed)
• RTOS and OS insecurity
• Insecurity in secondary access points
• Physical sabotage of different network equipment
• Software vulnerabilities
• DoS attacks (software)
• Invasion of privacy of the patients
• Noise issues
• Injection attacks
• Replay issues
• Communication protocols
• Field devices that are interconnected
• Smart meters that are insecure
• Physical sabotage of the equipment
• Insecure algorithms
• Intrusion into privacy
• Tracing GPS
• CAN bus insecurity
• Flaws in communication software
• Components that are not protected (physically)
• Exploitations of the media player
• Flaw due to authentication of Bluetooth

The vulnerabilities are the checkpoints that act as the mode of entry for an attacker to have access to network data. So your network security project topics should be modeled in such a way as to act as a barrier for major attacks. Now let us talk about different kinds of attacks on network security

WHAT ARE NETWORK SECURITY ATTACKS?

A network security attack is nothing but an attempt to compromise the defense system deployed in a network and make alterations to the network and its data.

      Prevention  of such attacks at the first hand is the major  objective  of a network security system. An attack can be both active and passive based on the methodologies and techniques used by the attacker. So the scope of any network security model should be to  detect and prevent all types of security attacks.

We have successfully modeled plenty of projects with the above-stated objective. To interact with our research experts and get access to the details of our projects . Now let us look into different network security methods.

SECURITY METHODS FOR NETWORKS

Usually, a network is secured by following one or more methods mentioned below.

• The mechanism for data encryption
• Cryptographic protocols and algorithms (lightweight)
• Anti-malware
• Consistent maintenance
• Hashing methods (advanced)
• IPS and IDS
• Spread spectrum
• Multi-factor authentication (by answering too much personal information like your name, occupation, qualification, and possession)

It is not a must that all the above features are included in the same network security system because the demands and objectives of network security vary with the customers. We gained huge credit for our  customized research support to craft novel information security project ideas .  If you want your queries to be solved by research experts then reach out to us. Now let us have a look into the topmost preferred research network security project topics .  

TOP 10 RESEARCH IDEAS IN NETWORK SECURITY

From the experience of rendering project guidance in network security for more than two decades we have come up with the following  list of top 10 network security research ideas

• Security solutions based on artificial intelligence
• Protected audit (ensuring security)
• Authentication based on multiple factors (strong entity)
• Cryptographic algorithms (lightweight dynamic key-dependent)
• Definition of privileges
• Classification and prioritizing based network security
• Dynamic hashing process along with strong passwords
• Noncryptographic solutions (enhanced with latest technologies)

You can have a dialogue with us before choosing your network security project topics . The efficiency of your system should not be at the cost compromise on any network security threats. That is we insist that safety protocols in place should be capable of handling network threats in any real-time situation . For this, you should have some idea on simulation methods in network security research. Now let us see about it below,  

NETWORK SECURITY ATTACKS SIMULATION

Simulation methods are the advanced techniques that are used to check the efficiency of any network security system to any kind of attack. To achieve this objective the simulation tools take advantage of imitating the possible network security threats from different kinds of hackers and attackers data and check the reaction of our model to them.

In spite of many simulators used by researchers, there are demands for some novel approach in network simulation incorporating the following characteristics.

• Generating automatic attacks based on profile
• Giving proper report on traffic analysis
• Supporting the detection algorithm plugins
• Ability to test the algorithms designed to detect intrusions
• Detailed analysis on security measures included in the network
• Overlay security frameworks development

One of the famous simulators based on OMNET++ that incorporates the above features is  NETA or network attack . You might have used this tool earlier. We helped our customers build the research gap by providing them with the technical details on all  implementation tools . Now let us look into some of the most important simulation tools used by network security researchers.  

NETWORK SECURITY SIMULATION TOOLS

The following is a list of some of the most advanced network security simulation tools that you can use for your project.

• SSL decryption devices
• Forensics boxes (for data capture)
• Proxy servers
• Data collection tools for IDS
• ProVerif 1.93
• NetLogo 3.5

The trend of imputing network security project topics, design to simulation is becoming quite significant. Because from the output of a proper simulation you can get the indication of network performance towards any kind of threat. With that data, you can work towards enhancing your systems’ efficiency . Get in touch with us to have a consideration of the perspectives of research scholars and students from top universities of the world who are our customers too. We encourage the exchange of authentic research data while  maintaining professional secrecy.  So you can confidently rely on him for entire research guidance.

Opening Hours

• Mon-Sat 09.00 am – 6.30 pm
• Lunch Time 12.30 pm – 01.30 pm
• Break Time 04.00 pm – 04.30 pm
• 18 years service excellence
• 40+ country reach
• 36+ university mou
• 194+ college mou
• 6000+ happy customers
• 100+ employees
• 240+ writers
• 60+ developers
• 45+ researchers
• 540+ Journal tieup

Payment Options

Our Clients

Social Links

• Terms of Use

Opening Time

Closing Time

• We follow Indian time zone

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Network security groups

• 16 contributors

You can use an Azure network security group to filter network traffic between Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

This article describes the properties of a network security group rule, the default security rules that are applied, and the rule properties that you can modify to create an augmented security rule .

Security rules

A network security group contains as many rules as desired, within Azure subscription limits . Each rule specifies the following properties:

Security rules are evaluated and applied based on the five-tuple (source, source port, destination, destination port, and protocol) information. You can't create two security rules with the same priority and direction. A flow record is created for existing connections. Communication is allowed or denied based on the connection state of the flow record. The flow record allows a network security group to be stateful. If you specify an outbound security rule to any address over port 80, for example, it's not necessary to specify an inbound security rule for the response to the outbound traffic. You only need to specify an inbound security rule if communication is initiated externally. The opposite is also true. If inbound traffic is allowed over a port, it's not necessary to specify an outbound security rule to respond to traffic over the port.

Existing connections may not be interrupted when you remove a security rule that allowed the connection. Modifying network security group rules will only affect new connections. When a new rule is created or an existing rule is updated in a network security group, it will only apply to new connections. Existing connections are not reevaluated with the new rules.

There are limits to the number of security rules you can create in a network security group. For details, see Azure limits .

Default security rules

Azure creates the following default rules in each network security group that you create:

AllowVNetInBound

AllowAzureLoadBalancerInBound

DenyAllInbound

AllowVnetOutBound

Allowinternetoutbound.

DenyAllOutBound

In the Source and Destination columns, VirtualNetwork , AzureLoadBalancer , and Internet are service tags , rather than IP addresses. In the protocol column, Any encompasses TCP, UDP, and ICMP. When creating a rule, you can specify TCP, UDP, ICMP or Any. 0.0.0.0/0 in the Source and Destination columns represents all addresses. Clients like Azure portal, Azure CLI, or PowerShell can use * or any for this expression.

You can't remove the default rules, but you can override them by creating rules with higher priorities.

Augmented security rules

Augmented security rules simplify security definition for virtual networks, allowing you to define larger and complex network security policies, with fewer rules. You can combine multiple ports and multiple explicit IP addresses and ranges into a single, easily understood security rule. Use augmented rules in the source, destination, and port fields of a rule. To simplify maintenance of your security rule definition, combine augmented security rules with service tags or application security groups . There are limits to the number of addresses, ranges, and ports that you can specify in a rule. For details, see Azure limits .

Service tags

A service tag represents a group of IP address prefixes from a given Azure service. It helps to minimize the complexity of frequent updates on network security rules.

For more information, see Azure service tags . For an example on how to use the Storage service tag to restrict network access, see Restrict network access to PaaS resources .

Application security groups

Application security groups enable you to configure network security as a natural extension of an application's structure, allowing you to group virtual machines and define network security policies based on those groups. You can reuse your security policy at scale without manual maintenance of explicit IP addresses. To learn more, see Application security groups .

Azure platform considerations

Virtual IP of the host node : Basic infrastructure services like DHCP, DNS, IMDS, and health monitoring are provided through the virtualized host IP addresses 168.63.129.16 and 169.254.169.254. These IP addresses belong to Microsoft and are the only virtualized IP addresses used in all regions for this purpose. By default, these services aren't subject to the configured network security groups unless targeted by service tags specific to each service. To override this basic infrastructure communication, you can create a security rule to deny traffic by using the following service tags on your Network Security Group rules: AzurePlatformDNS, AzurePlatformIMDS, AzurePlatformLKM. Learn how to diagnose network traffic filtering and diagnose network routing .

Licensing (Key Management Service) : Windows images running in virtual machines must be licensed. To ensure licensing, a request is sent to the Key Management Service host servers that handle such queries. The request is made outbound through port 1688. For deployments using default route 0.0.0.0/0 configuration, this platform rule will be disabled.

Virtual machines in load-balanced pools : The source port and address range applied are from the originating computer, not the load balancer. The destination port and address range are for the destination computer, not the load balancer.

Azure service instances : Instances of several Azure services, such as HDInsight, Application Service Environments, and Virtual Machine Scale Sets are deployed in virtual network subnets. For a complete list of services you can deploy into virtual networks, see Virtual network for Azure services . Before applying a network security group to the subnet, familiarize yourself with the port requirements for each service. If you deny ports required by the service, the service won't function properly.

Sending outbound email : Microsoft recommends that you utilize authenticated SMTP relay services (typically connected via TCP port 587, but often others, as well) to send email from Azure Virtual Machines. SMTP relay services specialize in sender reputation, to minimize the possibility that third-party email providers reject messages. Such SMTP relay services include, but aren't limited to, Exchange Online Protection and SendGrid. Use of SMTP relay services is in no way restricted in Azure, regardless of your subscription type.

If you created your Azure subscription prior to November 15, 2017, in addition to being able to use SMTP relay services, you can send email directly over TCP port 25. If you created your subscription after November 15, 2017, you may not be able to send email directly over port 25. The behavior of outbound communication over port 25 depends on the type of subscription you have, as follows:

Enterprise Agreement : For VMs that are deployed in standard Enterprise Agreement subscriptions, the outbound SMTP connections on TCP port 25 won't be blocked. However, there's no guarantee that external domains will accept the incoming emails from the VMs. If your emails are rejected or filtered by the external domains, you should contact the email service providers of the external domains to resolve the problems. These problems aren't covered by Azure support.

For Enterprise Dev/Test subscriptions, port 25 is blocked by default. It's possible to have this block removed. To request to have the block removed, go to the Can't send email (SMTP-Port 25) section of the Diagnose and Solve settings page for the Azure Virtual Network resource in the Azure portal and run the diagnostic. This will exempt the qualified enterprise dev/test subscriptions automatically.

After the subscription is exempted from this block and the VMs are stopped and restarted, all VMs in that subscription are exempted going forward. The exemption applies only to the subscription requested and only to VM traffic that is routed directly to the internet.

Pay-as-you-go: Outbound port 25 communication is blocked from all resources. No requests to remove the restriction can be made, because requests aren't granted. If you need to send email from your virtual machine, you have to use an SMTP relay service.

MSDN, Azure Pass, Azure in Open, Education, and Free trial : Outbound port 25 communication is blocked from all resources. No requests to remove the restriction can be made, because requests aren't granted. If you need to send email from your virtual machine, you have to use an SMTP relay service.

Cloud service provider : Outbound port 25 communication is blocked from all resources. No requests to remove the restriction can be made, because requests aren't granted. If you need to send email from your virtual machine, you have to use an SMTP relay service.

• To learn about which Azure resources can be deployed into a virtual network and have network security groups associated to them, see Virtual network integration for Azure services
• To learn how traffic is evaluated with network security groups, see How network security groups work .
• If you've never created a network security group, you can complete a quick tutorial to get some experience creating one.
• If you're familiar with network security groups and need to manage them, see Manage a network security group .
• If you're having communication problems and need to troubleshoot network security groups, see Diagnose a virtual machine network traffic filter problem .
• Learn how to enable network security group flow logs to analyze network traffic to and from resources that have an associated network security group.

Was this page helpful?

Additional resources