Premium Essay

Sec280

In:

Submitted By jonesto
Words 1129
Pages 5
SEC280 | Week 1 | Case study on Port scans & sweeps | | Jared's | 11/3/2012 |

Brief description of what they are and are they dangerous to company! |

To answer the main questions for the concerns of our network, NO. These items that have been heard about do not require immediate attention as they are considered normal. We are protected behind our firewall as well as if the employees do as asked at the end of their shift, we will have absolutely nothing to worry about. As more in likely that situation was handled when we brought the network online. Here is a brief rundown on your concerned areas:

Ping Sweeps and Port Scans are the two most common network probes that serve as important clues in sensing invasions or intrusions that can harm any type of network. Network probes are not actual intrusions, although, they could be potential causes of actual intrusions. Port scans and ping sweeps can lead to an intrusion of companies’ network system, however, with today’s technological advancements, these activities can be detected and prevented.

Ping Sweeps;
Ping sweeps are a set of ICMP Echo packets that are sent out to network of computers, actually a range of IP addresses, to see if there are any responses. As an intruder sends out the ping sweeps, he looks for responses so he can figure out which machines he can attack. “Note that there are legitimate reasons for performing ping sweeps on a network—a network administrator may be trying to find out which machines are alive on a network for diagnostic reasons. Ping sweeps are detectable using special tools as well. IPPL is an IP protocol logger that can log TCP, UDP and ICMP packets. It is similar to SCANLOGD, where it sits in the background and listens for packets. Be careful when using IPPL though—if you're on a busy Ethernet network, you might find that your IPPL log files may fill up

Similar Documents

Premium Essay

Sec280

...HOME NETWORK SECURITY Most home users know that there are hackers, but they do not believe that their computer is constantly under attack. Attackers use home computers, not only to get personal information, but as a way to attack other networks without being discovered. We install antivirus software, firewalls, and keep our software updated to secure our systems from potential attackers. The problem is that everyone is not educated in the many ways a computer can be hacked. Family and friends are probably the biggest threat to home network security. Most people are willing to give full access to their computers to people that they think are trustworthy. It is easy for a trusted friend to steal your personal information or mistakenly download a virus, Trojan horse, or worm. The best known way of attacking a system is with a computer virus. A computer virus attaches itself to a program or file allowing it to spread to every computer it encounters. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. (The Difference Between a Computer Virus, Worm and Trojan Horse, 2011) One of the most common ways an intruder use to invade your home computer is a Trojan horse program. A Trojan horse program will be hidden, in what appears to be legitimate software or files from a legitimate source. The effects of a Trojan horse vary from something...

Words: 397 - Pages: 2

Free Essay

Sec280

...Case Study: Network Infrastructure Security It is important to secure the Windows and Unix/Linux servers for many reasons. Leaving the servers open to shortcomings and vulnerabilities can open a door for those who seek to damage, destroy, or obtain sensitive information from the company. It’s important to identify any possible vulnerability and secure each one quickly and efficiently to protect information, and the system itself. Preventative measures are the best defense against attacks, and securing the network servers before they are breached will help to ensure that those who seek to gain unauthorized access will be kept out. Information stored such as personal information, salaries, social security numbers, and even credit card or bank information are all susceptible to theft if the system is not secure. Identity theft is a very serious and prominent threat; proper measures should be taken to ensure the safety and security of this type of information. The company also stores sensitive information about its employees, business practices, legal and financial information, all of which also need proper safeguarding. Secondly, a breach in the server could do irreparable harm to your corporate image, profits, and daily activities. Once infected, a server will generally “revert to a backup image, which may affect the availability of key, revenue-generating applications and services”. (Bit9) It is vital that the servers be secured and that patches, upgrades and updates are diligently...

Words: 451 - Pages: 2

Free Essay

Sec280-Week2

...Dear CIO, It has come to my attention that you are wondering why I should secure Windows and our Unix/Linux servers from shortcomings and vulnerabilities. I will explain to you what I plan to do about these. So, you can understand what these are I will explain to you first what shortcomings are and how they work. Next, I will explain what vulnerabilities are and how they work. Then, I will explain to you what my plan of action to ensure our network infrastructure is strong and make sure it stays that way. First, you are wondering what a shortcoming is. A shortcoming is the quality or state of being flawed. What this means is that there is kind of flaw occurring in the network whether it be one of our employees connecting their personal devices to our network to possible steal our information about the company. Same another example is people thinking the company's computers are their owns and using it to share photos on either Facebook, Twitter or Youtube. These are some examples of short comings that could affect the network. Next, your wondering what vulnerabilities is. Vulnerabilities is essentially being open to attack or damage. Now, your probably wondering what vulnerabilities we have on a network. For instance, we could have one of employees could save information not only on our servers but one a flash drive giving away are information to another company. Other examples might be hackers that work inside the company. Another example is when some one attempts to hack...

Words: 602 - Pages: 3

Premium Essay

Sec280 Week2

...There are some basic safeguards that are important in ensuring that the network infrastructure remains secure for both of the Windows based server and the UNIX/Linux based server. Although both servers utilize the basic level of security, there are vulnerabilities that exist that could be exploited if additional measures are not taken to address them. The following information outlines the steps that are currently in place to address server and other network vulnerabilities. The first step in addressing vulnerabilities that exist within the Windows and UNIX/Linux servers, and the firewall, is making sure that all the latest updates and service patches are installed on all hardware. The Windows based server is utilizing the automatic update feature, and has been configured to allow the download and install all security, reliability, and compatibility updates. The UNIX/Linux based server is also configured to automatically update, downloading and installing updates daily. These updates will enable the servers to obtain the latest patches and updates. This makes sure the firewall will protect our network against the latest viruses, worms, Trojan horses or bugs that would have been created since the last update of the program. Scheduling these services to automatically update our equipment will ensure that the current and newly discovered vulnerabilities are dealt with immediately and considered a must to secure us against these types of problem and intrusions. The next step...

Words: 805 - Pages: 4

Free Essay

Sec280-Week1

...Risks and Resolutions Introduction A Computer Network has many benefits to a company. However, it also puts a company at security and privacy risks if they are not tackled with a profound technical know-how. When a computer on a network is hacked, there is a possible threat to other systems getting effected as well. These security breaches can be severe to the organization information and privacy and resolve into a loss of information, leak of confidential data such as bank accounts, and loss of goodwill and trust. Ping Sweeps and Port Scans Intro Ping sweeps and port scans are two methods commonly used by hackers to detect vulnerabilities on computer networks (InfoSoc, 2014). Hackers use ping sweeps to check on which computers are active and being used; while they use port scan to find open ports which can be used to breach a network. If these two methods are used by knowledgeable hackers, they can jeopardize personal data and cause severe effects on the entire computer network. Ping Sweep Ping is the abbreviation for Packet Internet Groper. It is a service to check if a machine on the network is up and running. In ping sweep, an Internet Control Message Protocol (ICMP) echo request is sent to a machine to see if it responds. If a machine is live, it will send an echo ICMP response. Hackers use this facility to seek targets in large networks. They use ping sweeps to continuously ping addresses, leading to a slowdown in the network. “It’s a bit like knocking on your...

Words: 1279 - Pages: 6

Premium Essay

Sec280 Week 1

...Week 1 Boss, Regarding your recent inquiry regarding ping sweeps and port scans, I wanted to provide some information to assuage any apprehension you may have had regarding the subject. Port scans and ping sweeps are common networking tools used by admins to perform common functions, such as checking to see if a server is running a particular service or if a desktop is on to receive an important update. It is also true that this same functionality can provide information to hackers who may use it for nefarious purposes, but you will see why that is less of a concern than it may seem. Port scans, like I stated earlier, are used to discover what services are running on a target machine. Each service offered by our servers makes use of “ports” by which TCP/IP requests are sent; for example our company’s website accepts connections on port 80. Hackers use this information to determine what types of vulnerabilities they can make use of, which is why we only leave the ports we are using open, so that there are no unnecessary openings. Additionally, because the majority of our network is inaccessible to the outside world a hacker would already need to be inside our network to gain access to any of the critical systems. Ping sweeps are often used in conjunction with Port scans in a similar discovery process. Ping sweeps instead are used to see what targets are available on the network. For instance, we may be on a 192.168.1.0 vlan with only a dozen or so machines. Typically the...

Words: 406 - Pages: 2

Premium Essay

Sec280 Week 3

...Key to Security SEC-280 61093 DeVry University March 23, 2013 ABC Institute of Research requires a special need to secure their private information from rivals. We are currently partnering up with XYZ Inc. in a research project dealing with genetics. I have researched a wide variety of possible solutions for the company. I will describe a proper security solution for protecting our information using symmetric encryption, advantages of symmetric encryption...

Words: 667 - Pages: 3

Free Essay

Sec280 Week 1

...Dear Sir, It has come to to my attention that you are curious about ping sweeps, and port scans. In the next couple of paragraphs I will explain what each of them are. Next, I will also tell you about the different types of port scans. Then, I will go about explaining how they can impact the company. Next, I will tell you based on the information I provided to you if it is something you should be worried about. First, what is a ping sweep? A ping sweep can also be called an ICMP Sweep. ICMP stands for Internet Control Message Protocol, its primilarily designed to work with our companies operating system and send an error message indicating that a service request is not available. It also can also check and see if the computer's on a domain is not able to connect to the hub or router. Now, a ping sweep is essentially the computer sends a "ping" to a particular destination whether its the domains router, hub switch, etc.. Now, you maybe wondering what is a "ping" is. It is essentially an echo where a computer sends a message and sees if it gets anything back. And if it does it assigns the message back as a protocol number. Sir, there are different ways to perform a ping sweep, I can always go in the command prompt and type the following in; fping,gping and nmap, now I can only use this for the Unix operationg system and I can use pinger software for Windows operating system. You also need to be aware that when I send out a ping it sends out multiple pings to see if a message...

Words: 946 - Pages: 4

Premium Essay

Sec280 Week 6 Case Study

...SEC280 Week 6 Case Study Gem Infosys, a small software company, has decided to better secure its computer systems after a malware attack shut down its network operations for 2 full days. The organization uses a firewall, three file servers, two Web servers, one Windows 2008 Active Directory server for user access and authentication, ten PCs, and a broadband connection to the Internet. The management at Gem needs you to formulate an incident-response policy to reduce network down time if future incidents occur. Develop an incident-response policy that covers the development of an incident-response team, disaster-recovery processes, and business-continuity planning. Gem Infosys Incident Response Policy To ensure timely response to a network disruption, an Incident Response Team has been formed. This team comprises contacts in several departments throughout the organization. The following policy outlines who to contact and what steps to take in case of an incident involving network related tasks. Incident Response Team Contacts DUTIES TEAM MEMBERS EXTENSION Team Lead Edward Einright 7001 Network Analysts Dave Firuzio 7002 Paul Gerschadt 7003 Security Analysts Rob Jensen 7004 Natalie Pierson 7005 Legal Affairs Frank Saddich 7006 Public Affairs Michelle Davenport 7007 Duties Team members will establish and implement policies in the following areas: a) Worm response procedure b) Virus response procedure c)...

Words: 870 - Pages: 4

Free Essay

Sec280 Disaster Recovery - Case Study

...Considering the recent attack it is imperative for Gem Infosys to have a plan in place for incident-response / operational readiness in the event of an info security breach. This policy is to coincide with our current group and policies and procedures while expanding on how Gem Infosys will develop an incident-response team (interchangeably IRT), disaster recovery process (interchangeably DRP)and business-continuity plan (interchangeably BCP). The goal is for this to be considered a blueprint / foundation in the event Gem Infosys must deploy resources out in the event of an incident and even more importantly the steps and procedures so that down time is at a near zero time during such security risk. Even though “It takes the enterprise some time to assess the exact effects of the disaster” (Disaster Recovery: Best Practices, 2008). Gem Infosys’ is a small software company with a smaller computing environment currently consist of 10 pc’s, and 6 servers that range from file servers, web servers, and AD servers. At present there is a firewall protecting the network but from running an analysis of response time after the recent attack it took responders 6 hours to realize the breach, 24 hours to determine all the components that have been breached and an additional 24 hours to resolve the issue. This length of response time resulted in Gem Infosys networks being down for 48 complete hours (2 business days). This downtime resulted in great corporate loss and was quite costly...

Words: 987 - Pages: 4

Premium Essay

Sec280 Devry Threats to Home Computer Systems

...Threats to Home Computer Systems I sometimes imagine a way of life as simple as sitting on a rock, watching the sky, tending to a cave. Could there have been anything complicated in those times, many millennia ago? In fact, there was: security. It must have been an enormous stressor to guard your cave dwelling from other primitive beings looking to gain something they were not entitled to. Maybe they suspected personal items such as weaponry or stored food, or to take a peek at your secret glyphs—directions to a source of something valuable. Today, we may not live in caves, and as such our secret information may be stored in sophisticated machinery rather than drawings on cave walls. However, human nature to steal and protect is still as common as it was in early humans. It was not so long ago that the home computer was in its primitive stage. In a few decades, this “advanced typewriter/calculator” has evolved into a way of life, along with its own set of threats to our security. These threats can be categorized as either software or behavioral, and can certainly be combined. Social engineering is a behavioral type of threat. It does not need to apply just to computers. Some social engineers call you on the telephone attempting to get you to reveal personal information, such as your social security number. But this can be done through email, as well. You may think the email is from someone you trust and you respond with information, such as passwords. Passwords, however...

Words: 945 - Pages: 4

Premium Essay

Sec280 Week 6 Case Study

...In today’s business world it could be a catastrophe if your network was out of commission due to a disaster. Disasters can range from hurricanes to a server failure to a virus that shuts down the network. In order for your business to survive these disasters it is essential to develop process that plan for these situations. No network is full proof that’s why it’s essential to have a plan in case of such a disaster but it’s not just enough to have a plan, you have to practice the plan. You have to have a team of people that practice the processes in order to keep your business up and running. I. Security Incident Response Team (SIRT) A. Identify a group of people (about 5-6) that will be essential to bringing the network back online in case of security breaches. This team should have a wide-range of knowledge and should include a leader to designate a task list to each member. They should also be given adequate authority to make decisions in security breach situations. This team will conduct random drills with other employees to ensure that everyone knows what to do in case of an emergency. Drills that need be conducted should include natural disasters such as a fire, network outage due to a hacker, and an onsite intruder. II. Disaster Recovery Processes A. Offsite backups provide businesses a redundancy safe guard in case of a disaster. This service can usually be done with just a monthly fee and includes automatic backups of your entire network. Tape drives which...

Words: 564 - Pages: 3

Premium Essay

Week 6 Case Study

...Kent Johnson SEC280 Instructor: R. Booth Week 6 Case study Here at gem security, it is important for our network and its resources to be kept secure from possible intrusion from outside sources. Installing of an IDS policy is an important thing in keeping the network safe. Installing a Network IDS (NIDS) onto a network requires a significant amount of thought and planning. In addition to the technical issues and product selection there are resource issues, from product cost to manning the sensor feeds and supporting the infrastructure that must also be considered. When installing an IDS a policy needs to be developed to ensure responsibilities are clearly defined. This is especially important when delivering an IDS capability remotely or to another organization's network. On the subject of failing hardware, people administering the target network must be made fully aware that if network taps are used, even fail safe taps can take up to a second for the interfaces to re-negotiate and could potentially disrupt services, though recent improvements have reduced this latency considerably. If the network is remote then it is advisable for the policy to reflect that the target network manpower can be called upon for a predefined duration for power resets, etc. Attempting this retrospectively through contractual alteration, if required, can be expensive and time consuming. If you rely on the distant network for support, ensure you have a telephone authentication system...

Words: 537 - Pages: 3

Premium Essay

Case Study: Creating an Ids Policy.

...SEC280 Week 6 Assignment – Joseph Ercole Case Study: Creating an IDS Policy. As the need to secure corporate networks continually increases, the task of ensuring the security of sensitive company data so that it is not compromised becomes increasingly difficult with each day. Gem Infosys, a small software company, has decided to secure their computer systems. The organization uses ten PCs and a broadband connection to the Internet. The management at Gem needs to formulate an IDS policy. We need to identify the steps to be performed when formulating the IDS policy. One of the best ways to protect company networks and data from attackers is to have an Intrusion Detection System in place. Today, IDS’s are an integral part of many organizations’ network infrastructure. But having the IDS in place and not understanding why it’s in place, how it works or who will deploy and run it or how to respond in the event of an attack is counter-productive to its existence. This is why we need to formulate the IDS policy. Before the IDS is deployed, we will create a basic outline of what we are trying to accomplish with the IDS and from there, devise a strategy. So, what are we protecting the network from and how strict will we make accessibility? Sometimes beginning with the end in mind is a good way to execute the first step of any plan or strategy. Knowing how tightly or loosely you want to allow traffic to flow on the network in order to have better control over it is a good start. We...

Words: 831 - Pages: 4

Premium Essay

What Does Forensic Mean?

...1. What does forensic mean? From Latin forensis ‘in open court, public,’ - Relating to, used in, or appropriate for courts of law or for public discussion or argumentation. - Of, relating to, or used in debate or argument; rhetorical. - Relating to the use of science or technology in the investigation and establishment of facts or evidence in a court of law: a forensic laboratory. http://www.thefreedictionary.com/forensic 2. Define forensic accounting. Forensic accounting is a type of accounting which unites investigation accounting and litigation support to provide an accounting analysis that is suitable for court. 3. What are the key components of the definition of forensic accounting? Forensic, accounting, time, purpose - legal forum, peremptory. 4. How does a forensic audit differ from a regular audit? According to Ronald L. Durkin, the following differences in a forensic audit versus a traditional audit: •Not limiting the scope of the engagement based upon materiality. •Not accepting sampling as evidence. •Not assuming management has integrity. •Seeking the best legal evidence. •Melding the requirements of the evidential matter standard with the rules of evidence R.L. Durkin, "Defining the Practice of Forensic Accounting," CPA EXPERT (Special Edition, 1999). 5.Who may have been the earliest expert witness? Hercules De Cordes may have been an early expert witness. 6. What impact did the IRS have on forensic accounting in...

Words: 3750 - Pages: 15