SIT716: COMPUTER NETWORKS AND SECURITY
Assessment 1d: Bi-weekly Report
Weight: 4% of total mark for this unit
Word limit: 1 to 2 pages
Short answer questions to assess and reinforce learning of the concepts of Weeks 7-8 by exploring firewalls for securing networks, and use of network telemetry data for identifying cybersecurity attacks.
Consider a scenario where you are working for a Small-Medium Enterprise (SME). To help improve the security of their network, the SME has recently installed a single expensive next generation firewall/router which is installed in a screened subnet architecture. The SME has also subscribed to the vendors threat intelligence service which has a good reputation and automatically updates the firewall and IPS rules to block new attacks. The SME is confident they have fully secured their network.
SIT716: Computer Networks and Security
Assessment ID: Bi-weekly Report
Firewall is a security device that can be in the form of hardware or software. Firewall is basically safeguarding our network from potential threats at our network or system end. At least one firewall is needed to protect the small network where security is not the main concern. But for larger network, it will not satisfactory to use a single firewall. When security is the main concern, we need more than one firewall in a network that should be configured from starting of the network (at the edge), at every end user location and end of the network segment. Firewall is basically working on the configured rules and filter network traffic. When multiple firewalls are used it can efficiently defend the network against threats. At user end or end of network segment, it can provide required access control and department or user level protection. Use of a single firewall, that possibly installed at the starting of the network, can only provide initial security of inside to outside data traffic or vice versa. It will not able to provide department level protection or access control. Also, single firewall may be vulnerable to some type of attack or threat that can be eliminated by using more than one firewall. When one firewall is not able to identify a threat, another one can identify and defend from that threat. Single firewall can be also less protective towards a well-crafted attack but two or multiple firewalls can be. As a conclusion, use of multiple firewalls than single firewall will provide better protection. Single firewall configuration will not able to fully secure the network
A single firewall security can be vulnerable of so many network attacks. Here we discuss, some attacks types that can be done through out a firewall. Spoofing attack – in this attack type and outside attacker send multiple IP packets to the internal network through the firewall with internal IP address by identifying internal range of IP address. Routing attack can be done to fool the firewall by specifying a route of a packet by the attacker. Fragmentation attack is a type of attack where an original packet is divided in to multiple tiny fragments and sent to the firewall. In Port scanning attack, the attacker scan for open port through the firewall. When a well-known open port will be identified to the attacker, he can use it to form a specific attack type. Malformed network packets is a type of attack which identify a packet need to retransmit using a security tool and can form a DDoS attack on the target system to wait it longer than usual. This cause the system to irresponsive to other packets and make down its services. In Traffic flooding attack, the attacker did not try to find any weakness in the system. He just sends large amount of sync packets to the target using several flooding applications. This cause the target system to overload of its responding capacity. The attacker will bypass the firewall and reach the target system and use all these attack mechanisms.