...and why? While both Wireshark and NetWitness Investigator can be used to capture network traffic, the freeware version of NetWitness Investigator has a limitation of 1G of protocol capture per session. Wireshark does not have a limitation on the size of the capture file, which makes it better suited to protocol capture. Wireshark can be used to analyze capture files, but NetWitness Investigator is a seven-layer protocol analyzer that provides detailed protocol analysis and protocol behavior analysis and is much more user-friendly in terms of understanding protocol behavior and protocol analysis. 2. What is the significance of the TCP three-way handshake for applications that utilize TCP as transport protocol? A three-way handshake (SYN > SYN-ACK > ACK) is performed between the IP source and IP destination to establish a connection-oriented connection. 3. How many different source IP host address did you capture in your protocol capture? 8 including 0.0.0.0, otherwise 7 4. How many different protocols did your protocol capture session have? What function in Wireshark provides you with a breakdown of the different protocol types on the LAN segment? There were 10 protocols that the protocol capture session have. Click on: Statistics → Protocol Hierarchy In order to see the breakdown of the different protocol types on the LAN segment. 5. How and where can you find Wireshark network traffic packet size counts? Can you distinguish how many of each packet size was transmitted...
Words: 625 - Pages: 3
...Hardening Operating Systems When hardening an operating system one of the first things you should do is establish a baseline and have a traffic monitoring system to watch network traffic. Baseline is to find the standards for your network and can help you figure quickly what is out of the ordinary in terms of traffic for your network. Having a baseline established is great to identify malicious behavior and helps you react quicker in defense of a possible zero day attack or DoS attack. Another important step when hardening is to close ports not being used. This will prevent unessential ports to be used as a back door to your data. It is very important to make sure your operating system stays up to date this is because new malware and spyware are discovered constantly and if you are not up to date your systems can get infected (Techotopia, 2009). Also it is good for the team, including the administrator to have strong passwords. Nothing that is easily guessable such as a birthday or name of spouse. It should have a deep combination of letters, numbers, symbols, lower case and upper case. Any unnecessary accounts such as guess accounts should be eliminated. Make sure you are using the Access Control List (ACLs) and file permissions, all files and directories need to be controlled from this (Techotopia, 2009). A few extra things you can do in defense of your Network and data you can set up a DMZ or Demilitarized zone this way you can put information out to the internet such as...
Words: 414 - Pages: 2
...Stephen Leider, Markus M. Möbius, Tanya Rosenblat, Quoc-Anh Do DIRECTED ALTRUISM AND ENFORCED RECIPROCITY IN SOCIAL NETWORKS The Quarterly Journal of Economics, November 2009 Lana Shifrina Groups in Economic Decision-Making Jingjing Zhang 14.05.12 The authors of the paper choose a real world social network (Facebook) to conduct a prosocial behavioral experiment. The motivation behind the experiment is to expand on the previous studies, examining peoplesʼ underlying altruism vs. granting favors in exchange for expected future returns. The authors observe that measuring underlying altruism empirically is quite difficult because people tend to socialize within their social circles and the decisions they make are based on feelings toward individuals within these circles and not on the true nature of the decision maker. In order to overcome these prejudices, the authors believe that this experiment was designed in such a way, that the personal favoritism can be removed and individualsʼ baseline altruism can then be measured. The real world application and the goal of the experiment is to help economists better explain disturbances within systems of informal insurance, provided by social networks, and to predict the necessary measures required to stabilize the system. The paper identifies three natures of prosocial giving: “(1) baseline altruism toward randomly selected strangers, (2) directed altruism that favors friends over random strangers, and (3) giving motivated...
Words: 1364 - Pages: 6
...Network Behavior Anomaly Detection (NBAD) is a safety technique used in monitoring network for signs of bizarre activity. This program is enacted by establishing a baseline, overseeing at in situations of normal network and user behavioral characteristics. Using Network behavior anomaly detection you can obtain a baseline of system or network behavior? If an attacker is using a spoofed source address, legitimate traffic from that address will be blocked as well. A common way to gain control over a remote system is by installing a small application on a target machine. A Trojan horse is an application that is hidden in some other type of content, such as a legitimate program. It can be used to create a new, secret account called a back door, or it can be used to run spyware, which collects user keystrokes for analysis. Trojan horses can also be used to infect and control affected systems, destroy and expose valuable company information, or use your systems as launching pads for further attacks from the inside. Investigation is vital as it aids in triggering quick detection of viruses and worms that replicate on the server system, cause unscheduled reboots of the system and great data losses. If you have antivirus software installed on that server, the virus can turn off that antivirus software and firewall which was configured by antivirus. And that means your computer is not protected. Log Files contain complete records of all security events (logon events, resource access, attempted...
Words: 618 - Pages: 3
...1. What common security system is an IDPS most like? In what ways are these systems similar? P293 IDPS (Intrusion Detection/Prevention Systems) are most like a burglary alarm or other type of situation where one is alerted of an attack. Burglar alarms and IDPS are similar in that they both use any means possible to alert ‘you’; such as noise and lights, silent (via email or pager alert). 2. How does a false positive alarm differ from a false negative one? From a security perspective, which is least desirable? P294 A false negative alarm fails to react to an attack event where a false positive reacts when there is no threat. In my opinion, I would say a false positive is least desirable because the admins or those in charge of following the IDPS ‘lead’ becomes lackadaisical in performance because they begin to ignore the TRUE attacks. 3....
Words: 1428 - Pages: 6
...Intrusion Detection System in Cloud Computing TOPICS * Introduction * What is IDS? * What is Cloud Computing? * Intrusion Detection System in Cloud Computing * Conclusion * References 1. Introduction Today, many organizations are moving their computing services towards the Cloud. This makes their computer processing available much more conveniently to users. However, it also brings new security threats and challenges about safety and reliability. In fact, Cloud Computing is an attractive and cost-saving service for buyers as it provides accessibility and reliability options for users and scalable sales for providers. In spite of being attractive, Cloud feature poses various new security threats and challenges when it comes to deploying Intrusion Detection System (IDS) in Cloud environments. Most Intrusion Detection Systems (IDSs) are designed to handle specific types of attacks. It is evident that no single technique can guarantee protection against future attacks. Hence, there is a need for an integrated scheme which can provide robust protection against a complete spectrum of threats. Therefore, in this term paper, I will emphasize on recent implementations of IDS on Cloud Computing environments in terms of security and privacy. I propose an effective and efficient model termed as the Integrated Intrusion Detection and Prevention System (IDPS) which combines both IDS and IPS in a single mechanism. Mine mechanism also integrates two techniques...
Words: 1673 - Pages: 7
...DRMS | Drewes Restaurant Marketing Solutions ¡°Build Your Brand. Drive Your Sales¡± www.drmsmarketing.com Transactional Marketing: The evolution of Direct-to-Consumer Marketing Intro: For decades, Marketers have sought after the next best way to efficiently and effectively reach loyal or potential consumers with offers and rewards. Consider the ideal tool for a marketer. The ideal tool would offer the following features and benefits: Scale: Ability to reach a large scale audience and have significant impact Targeting: Target based on a consumer.s actual or potential behavior Engagement: Interact with the consumer in their most receptive environments Attribution: A consumer.s involvement and self-acceptance on an offer Measurement & Validation: Accurately measure & analyze results to gauge impact and incrementality Impact: Significant results & efficient pricing that enables a positive ROI model Privacy: Welcomed, non-intrusive communication that respects consumer.s privacy Now, consider today.s marketing options: - Mass Media (TV, Radio, Print) - Newspaper Inserts / FSI - In-Store Communications - Direct Mail (solo & co-op) - Database Marketing - Email Marketing - Social Media - Daily Specials Not one of today.s options are able to provide all the desired features. Introducing the age of transaction-based marketing. Debit and Credit cards have long been generating transactional data that personify and identify a cardmember.s purchase history. In the past few years,...
Words: 1273 - Pages: 6
...Security and Baselines When dealing with security and baselines, you will always want to consider your security logs as a kind of timeline for when security events and baseline anomalies occur. The security log can provide such details as the time bandwidth use began to skyrocket, indicating a possible brute-force attack, transfer of large amounts of data, or other type of undue network activity. The security log may also provide you with a glimpse of how an attack occurred, such as logging the ports accessed, failed password attempts, systems and files accessed at any given time, etc. When dealing with security breaches, it’s always best to keep ahead of the game, and know what you would do to better prevent or mitigate damage from such a breach. For instance, if the employees use laptops in the field during the course of their day, there is always a chance that laptop may be lost, stolen, or hacked. If the information on the laptop is not encrypted, you may be leaving valuable company data at the hands of whoever winds up with the laptop. An easy, affordable way to limit access to your company’s data would be to encrypt the hard drive of the laptop, as well as any storage devices plugged into the laptop, and any data transmitted to or from the laptop. What if one of your employees has been browsing the internet, even when they feel they were being discrete with their browsing, and their computer wound up infected with a virus? This virus could, unbeknownst to the...
Words: 544 - Pages: 3
...Designing a new network from the ground up requires the input from many stakeholders of the project. Failure to follow a standard requirements analysis model often leads to network architectures and design that are outside of the scope of the project. For example, the resulting network may not be what the users expected, it may not support applications envisioned, and the technology the design is based on may not support certain devices. Failure to communicate during the requirements analysis process can end up with a network designer doing whatever he/she/ or they feel comfortable with. What the resulting product may become is a network based on proprietary technology of a single vendor, making the network difficult to expand or upgrade in the future. In this paper, the requirements analysis sections will be thoroughly discussed as they apply to the network design process, and how following each one to its completion improves the entire process. In addition, the specific tools for determining performance requirements and the importance of stakeholder input will also be addressed. It is often the case that strict timelines and budgetary concerns result in shortcuts to the requirements analysis process, shortcuts that can become expensive headaches down the road. The process of analyzing requirements is composed of five sections that include gathering and listing requirements, developing service matrices, characterizing behavior, developing requirements, and mapping these requirements...
Words: 1017 - Pages: 5
...On-Chip Networks from a Networking Perspective: Congestion and Scalability in Many-Core Interconnects George Nychis†, Chris Fallin†, Thomas Moscibroda§, Onur Mutlu†, Srinivasan Seshan† † Carnegie Mellon University {gnychis,cfallin,onur,srini}@cmu.edu moscitho@microsoft.com § Microsoft Research Asia ABSTRACT In this paper, we present network-on-chip (NoC) design and contrast it to traditional network design, highlighting similarities and differences between the two. As an initial case study, we examine network congestion in bufferless NoCs. We show that congestion manifests itself differently in a NoC than in traditional networks. Network congestion reduces system throughput in congested workloads for smaller NoCs (16 and 64 nodes), and limits the scalability of larger bufferless NoCs (256 to 4096 nodes) even when traffic has locality (e.g., when an application’s required data is mapped nearby to its core in the network). We propose a new source throttlingbased congestion control mechanism with application-level awareness that reduces network congestion to improve system performance. Our mechanism improves system performance by up to 28% (15% on average in congested workloads) in smaller NoCs, achieves linear throughput scaling in NoCs up to 4096 cores (attaining similar performance scalability to a NoC with large buffers), and reduces power consumption by up to 20%. Thus, we show an effective application of a network-level concept, congestion control, to a class...
Words: 13410 - Pages: 54
...capitalized upon by persons with malicious intent. Therefore, security within the information systems realm has introduced a number of new devices and software to help combat the unfortunate results of unauthorized network access, identity theft, and the like – one of which is the intrusion detection system, or IDS. Intrusion detection systems are primarily used to detect unauthorized or unconventional accesses to systems and typically consist of a sensor, monitoring agent (console), and the core engine. The sensor is used to detect and generate the security events, the console is used to control the sensor and monitor the events/alarms it produces, and the engine compares rules against the events database generated by the sensors to determine which events have the potential to be an attack or not (Wikipedia, 2006, para. 1-3). IDS generally consist of two types – signature-based and anomaly-based. Signature-based IDS operate by comparing network traffic against a known database of attack categories. In fact, signature-based IDS work much in the same way that antivirus software does, except network traffic is examined instead of files. This type of IDS is extremely effective against known attack types. Anomaly-based IDS observe actual system behavior against “baselined” behavior. Any activities that contradict otherwise standard system use may be considered an attack and generate an alert....
Words: 1749 - Pages: 7
...University of Massachusetts Boston Carla Herrera Public/Private Ventures, Philadelphia, Pennsylvania Associations between youths’ relationship profiles and mentoring outcomes were explored in the context of a national, randomized study of 1,139 youths (54% female) in geographically diverse Big Brothers Big Sisters school-based mentoring programs. The sample included youths in Grades 4 –9 from diverse racial and ethnic backgrounds, the majority of whom were receiving free or reduced-price lunch. Latent profile analysis, a person-oriented approach, was used to identify 3 distinct relational profiles. Mentoring was found to have differential effects depending on youths’ preintervention approach to relationships. In particular, youths who, at baseline, had satisfactory, but not particularly strong, relationships benefited more from mentoring than did youths with profiles characterized by either strongly positive or negative relationships. Implications for research and practice are discussed. Keywords: youth mentoring, parent relationships, teacher relationships, latent profile analysis Youth mentoring programs such as Big Brothers Big Sisters (BBBS) pair youths with volunteers who are trained to provide support and guidance. Such programs have experienced tremendous growth in the past 2 decades. Millions of volunteer mentors are involved in youths’ lives, and the numbers are continuing to rise (Mentor/National Mentoring Partnership, 2006). Anecdotal reports of mentors’ protective...
Words: 12031 - Pages: 49
...Manufacturing, transportation, warehousing (beverage packaging components & logistics services) Network of 8 Regional Distribution Centers (RDC’s) – 4PL Operating over 8 million sq. ft. Rail deployment – Truck fulfillment 20+ facilities in 6 states Six 3PL operators 1,200 associates plus flex staff Variety of business systems – EDI Organizational structure and processes Relationship of Saddle Creek and G-3 Enterprises Saddle Creek began working with G-3 in 1997 Operate (3) RDC’s – DFW, ATL, FLA Warehouse, transportation & value-added 15MM cases annually throughput Metrics Program (KPIs) developed in 1999 Goals of this session What makes KPIs/Metrics Programs effective from Customer and Provider perspective? Case Study – Understanding the G-3 Metrics from both perspectives Determining if your KPIs are focused and standardized Distinguishing Metrics & KPIs G-3 Supply Chain Metrics Perfect Order Product Availability Inventory DOS Product Quality G-3 RDC KPIs Order Accuracy Inbound Timing Inventory Accuracy SCC Operation Metrics Damage/Hold Metrics/KPIs from the 3PL perspective What is an effective Metrics Program for the 3PL Operation? Relevant / Measurable / Focused / Timely Consistent across long time period Consistent across multiple “like” operations – drives competition Develops desired behaviors – no cheating to make numbers How does a good Metrics Program add value? Improves communication...
Words: 1027 - Pages: 5
...Recommended Network and suggestions Student’s name University name Instructor’s name 8th August 2014 What is the first step you will take in developing a strategy to respond to this situation? The reviewed of the client requirements and their existing architecture it sounds like there is no wireless architecture in place also security policies. As described on the requirements Richton’s intent to resolve a large scope of network performance and security issues by doing a simple quick fix to enhance their network. The first step I will take in developing a strategy to respond to this situation. During the meeting I would like to discuss with Richton Toy management team the security risk installing 802.11b wireless...
Words: 1357 - Pages: 6
...BYOD (Bring Your Own Device): Hot or Not? Andrea Ferguson CGS1016-39433 BYOD is the hottest acronym in IT since ITIL. Professionals want to know what’s going on with BYOD, regardless of whether they’re on a team supporting such a program, considering adding such a program, already a part of a BYOD program or simply just interested out of personal curiosity. This paper will explore a few of the pros and cons of a BYOD program. Cisco sponsored a survey of 600 IT and business leaders. The results of this survey showed that 95% of their businesses permit corporate network access by employee-owned devices. Out of the 600 surveyed, 48% support a select list of devices, while 36% allow all devices. Additionally, 11% of those businesses allow employee-owned devices access to enterprise networks but do not offer any type of IT support. It’s clear that businesses have a drive to implement BYOD programs. It’s also clear that these programs are highly popular with both company and employee. Mobile devices, powerful yet inexpensive and easy-to-use tools, help employees to be productive regardless of their location. Collaborative efforts and information exchange can increase, allowing a business to step up their reaction to market changes and/or customer needs. Another plus is that virtually every employee owns some sort of personal mobile device. While mobile technologies use does have the potential to transform business, it can also disrupt IT. Today’s employee expects...
Words: 1194 - Pages: 5