Running head: COMPUTER NETWORK SECURITY 1

Computer Network Security

Name of the student

Institutional affiliation

Date
COMPUTER NETWORK SECURITY 2

SECURITY ANALYSIS BASELINE

Vulnerability assessment is a process where an individual or an organization. Works to

defines, identify classify and prioritize vulnerabilities that can be exploited in a computer system,

computer and mobile applications and network infrastructure. And use the analysis outcome in

providing the associated organization with the necessary information on risk backgrounds and

knowledge to understand the threats to it's to their computer system. While suggesting the

appropriate ways to counter the problem. Such outcomes are used to prevent attacks or

exploitation in case cybercriminals tries to exploit the vulnerabilities found in a computer system

A system or computer network layout plan or policies should put first-hand consideration

the fact that system security should be given primary concern. These layouts should provide an

essential security foundation (Baloch, 2017). By first creating a physical security feature, not

giving physical access to the computer network or system that can be used as access points for

attacks. These will be achieved by creating a system where a stranger cannot easily access all the

access points to the network system without being noticed. Also, if they manage to have slight

access, they cannot get access to a point where they are not likely to cause any harm to the

system. These ensure a primary security feature in the system. A system layout should create a

format where following security features can be put in place without experiencing any difficulty

or obstacles. Also, software development and implementation should employ some basic security

features in the system that does not make it easy to have access to the system network ( Fisch,

White & Pooch, 2017).

Computer systems can be attacked in different varied ways. These are based on the

attacker's skills and interest also attacker takes a certain form of attack can also be adopted base

on the vulnerability in a system. These forms of attacks can include trojan horse attack. There is
COMPUTER NETWORK SECURITY 3

a form of attack where malware or spyware is deployed into the system. Malware is usually

deployed in a manner that makes it look like a legitimate system application. Such that when one

is installing an application, they unknowingly install the malware file into their system. After it is

successfully installed into the system, it can be used to gain access to the system network. And,

the attacker can perform any form of manipulation or access on the system (Backers et al., 2017).

Trojan opens a backdoor in a system that can be used by an attacker to have unlimited access on

the system.

The other form of attack that can be used by cybercriminals is the deployment of a virus

into a system. These are mainly applicable when one wants to destroy or corrupt files in a

system. A computer virus is malicious codes that when deployed in a system, it replicates by

copying itself to other programs and alters or corrupts the working applications of those

programs. The virus is mainly spread through attached emails. And also when one opens the

executable file in the attachment also, it can be installed by opening an infected website or

installing an application that has virus setup files. In the case of a virus attack company may lose

a lot of essential files, worms can also be used. These are a type of malware that spread over a

computer network through the exploitation of operating system vulnerability (Baloch, 2017).

Worms usually harm their host network through destruction of its bandwidth and cause

overloads on web hosts. Worms also deploy payloads that damage its host devices. These corrupt

system files and may cause great information loss in the system.

Denial of service attack. These are a form of attack where the attacker gets access to the

system and block other legitimate users of the system from having access to the system services.

Here, the attacker takes control of the server and programs the system to authenticate requests
COMPUTER NETWORK SECURITY 4

that give invalid return address to any legitimate user trying to use the system. These may bring

the whole system operations into a standstill.

Session hijacking is another form of cyberattack where a user session over a protected

network is hijacked, and the attacker takes control of the system. Or the attacker can be

monitoring user activities and trafficking without taking over the system. With this attack,

sensitive system credentials can be leaked to the attacker where they can be used to gain access

to a system and finally, social engineering. There is a form of attack that mainly involves human

interactions with the system. Where they manipulate the system to suit their needs while

breaking security procedures publishes by the system owner. Such manipulations may include

creating backdoors that will enable them to have access to a network system.

Network Infrastructure

This network infrastructure has adoption of Local Area Network simulation; Where the

network is connected to the devices available in the company to facilitate telephony, internet

access and access to printers. Its interconnection is made of cable and Wi-Fi signal. Security risk
COMPUTER NETWORK SECURITY 5

involved I this system is that in case a worm virus or a trojan horse is deployed at one point of

the network. It can be easily spread throughout to all the devices that are connected to the system

— making it hard to control the spread of malicious files from one device to another.

Such a network system should have regular testing and analysis to inspect the availability

of malware and virus files. Inspection can be done daily since file transfer, and mail sharing is

done regularly on the system. In the case of trojan and malware detection, all its related files

should be quarantined and blocked from spreading further in the system for system security

check (Kaewunruen et al., 2018). Firewalls and files filters installation makes network

surveillance and management of malicious files easy as the report is collected and automatically

outputted by the system for necessary action to be taken. With a self-responsive system, one does

not require any special skills to identify viruses in the system. Instead, they should just be able to

follow instructions in the user interface. And, they can keep the system safe and uninfected

through a well-monitored data flow and transit from one device to another. And, also in making

sure that all access points and data endpoints are disinfected of virus and any malicious files.

And the creation of network restoration files after every inspection of the system. These ensure

that in case of a virus attack and files corruption system can be restored to its initial point.

NETWORK DEFENSE STRATEGY

Computer defense is the most effective is the means through which data acquisition

becomes the sole responsibility to secure (Kang & Kang, 2016). The information security bases

on the knowhow of the users who should have prior knowledge to help them prevent

unnecessary interactions. the intermediary between the civilian and the military is the computer

network operations, which is a proactive component. It is, therefore, essential to understanding

what is being defended. The content explained here shows types of information protected and
COMPUTER NETWORK SECURITY 6

indicates the cyber-attacks security principles – namely, AAA covering the auditing,

authentication and authorization, and the CIA triad of availability, integrity and confidentiality.

Several security awareness that comes along with user awareness. These security awareness

features enable the user’s mindset to be stronger through training. The security awareness

strategies used in defending against the cybersecurity attacks include defense-in-depth, disaster

recovery planning, penetration testing, vulnerability assessment, prevention, intrusion detection

and pattern matching are among the top-notch. The standard tactic used to defend information is

the computer network defense (CND) whose functions are to respond, protect, detect, analyze

and monitor unauthorized access to the network systems.

When conducting the assessment for application or system, the aim should be on specific

areas, which are the highest value, highest impact, and highest volatility. After the determination,

the next focus is on the entire system. An assessment verifies a particular security control

whether it meets the requirements, while other system files intend to exploit, assess, validate and

identify security weaknesses.

Testing procedures inadequate system security are following the security assessment

policy (Kaewunruen et al., 2018). The policy manages both the implementation of the

assessment from the client and the organization while maintaining appropriate accountability for

the individuals (Hoffmann, 2015). These approaches aim to make sure that requirements are in

line with the policy regulations. The areas that the policy has to cover include the elements of the

organization with which they must confer with, adherence, responsibility and roles to an

established frequency, methodology and documentation requirements of the assessment.

Design a documented and repeated assessment reports which expedite new staff

transition provides a structure and consistency in assessment paving the way to further
COMPUTER NETWORK SECURITY 7

operations. Using this methodology enable the company or the organization to maximize its

potential and to minimize the risks associated. Security issues related to the type of risks may

result from lack of information gathered, thus causing dysfunctionality of the system and

sometimes the availability of the network. To help reduce the occurrence of such cases, there is a

procedure that needs to follow. The processes of minimaxing the risks apply the techniques such

as testing duplicates of the system production, performing system testing off-hours, logging

assessor activities, skilled assessor, and building comprehensive assessment plans. It is,

therefore, the responsibility of each organization to consider the levels of risk they can tolerate

and develop a working plan to approach them accordingly.

Organizational risk levels depending on the available resources that the company has and

customized according to the specific resources, levels of risk and objectives (Hoffmann, 2015).

A combination of techniques forms up the organizations best limit on resources and dangers.

For the process of assessment to be completed, the organization must come up with a

mitigation plan (Kaewunruen et al., 2018). Once the risks and the weaknesses of the security

network are provided, immediate actions should follow to eliminate the emergence of these risks

from within and without the company. The mitigation plans will see the techniques into

actionable things. Hence the result will show how the organization addresses not only the

weaknesses in the processes of the organization but the technical weaknesses involved within the

system procedures as well.

THE PENETRATION TESTING ENGAGEMENT

Now that you've completed your test plans, it's time to define your penetration testing

process.
COMPUTER NETWORK SECURITY 8

Include all involved processes, people, and timeframe. Develop a letter of intent to the

organization, and within the letter, include some formal rules of engagement (ROE). The process

and any documents can be notional or can refer to actual use cases. If actual use cases are

included, cite them using APA format.

Organizations need to conduct system penetration to evaluate the threats and

vulnerabilities in the firm's network system (Backers et al., 2017). A penetration test is essential

for an organization as it could provide vulnerability and weaknesses in the system where hackers

can exploit. Primarily, penetration testing focuses on securing the business opportunities that an

attacker can take advantage of compromising the company's productivity. Network penetration is

categorized into two broad categories: Professional penetration tester and organizational internal

security team. For the two groups of testers, certain aspects should be considered before

conducting a penetration test (Hoffmann, 2015).

Penetration Testing Engagement is a process that aims at finding out how an attacker can

access the company's system. Penetration testing is like a form of legal hacking intending to help

an organization regulate the control of threats to their system. There are several means in which

network testers can engage a system to find out vulnerable and explorable areas in a particular

network. Penetration testing would require an understanding of the scope where a proposal

would be generated to analyze the approach, effort and the cost outlines for penetration tests.

Among the processes of testing include test authorization, which allows the network tester to

gain access to the company's system and conduct the test (Baloch, 2017). The test authorization

legalizes the process of test penetration, which would have otherwise been illegal according to

the Computer Misuse Act.

COMPUTER NETWORK SECURITY 9

Planning for penetration testing is a critical process because it involves the collection of

people, timeframe and processes. People involved in the category include; testers, IT manager

and the business shareholders. The roles of IT managers and shareholders are basically to

approve the test. On the other hand, the role of the testing team is to perform the test on the

system. The timeframe required for conducting a penetration test depends on the nature of

requests the client’s needs to be done (Fisch et al., 2017).

The rules of engagement contain plans and documentation that aids the penetration testers

can conduct their work. Fundamentally, some of the focuses of the rule of engagement include

the following;

The types of testing largely influence the results posted by the testing team to the

management o the organization. For example, there are different types of testing including; black

box testing, white box testing and an intermediate gray box testing (Hoffmann, 2015). The

selection of the test type come to play depending on the nature of the information provided to the

testing team (Kaewunruen et al., 2018). Black box testing involves penetration testing, where the

testing team behave just like the hackers who operate from external sources. In this form of

testing the tester is assumed to have the liberty of obtaining information from the employees and

former employees who may have access to the information about the system. White box testing

is a process where the testers are provided with information about the areas to cover are

vulnerable and exploitable areas.

The testing team needs to have the client's contact details because they are likely to

communicate often (Backers et al., 2017). Penetration testing involves exposing the computer to
COMPUTER NETWORK SECURITY 10

perform different tasks and hence, at the time, it could go wrong. For example, when there is a

denial of service attack in one of the client's computers, the testing team can correct immediately.

This form of penetration testing involves notifying the client on or before launching an

attack on their network. Some of these attacks include testing the readiness of the stuff in case

there is an intrusion or attack. Such penetration testing should be communicated to the clients as

there should be communicated as announced or unannounced (Baloch, 2017).

During the process of penetration testing, the testers may be provided with sensitive

information about the company, and hence, data handling should professionally handle. Data

handling techniques should be specially handled in the rules of engagement for penetration

testing.

Regular meetings should be done between the client and the testers to improve effective

communication (Fisch et al., 2017). Penetration testing takes time, and therefore, communication

should be explaining how far the project should be handled and what is to be done.

NETWORK PENETRATION TEST

Penetration testing tools must learn new processes of attacks from the associated risks. As

time goes by, the attackers’ changes tack, and so should is the penetration tools. The tools are

machines that can learn new things through their intelligence as well as practicing the routine.

Thus, these systems have to update and continuous cycles (Kaewunruen et al., 2018).

Metasploit powered by PERL is a penetration tool that offers the users or the system

tester the chance to customize the exploits either through creation or modification. The

functionality of the Metasploit depends on the development of java graphical user interface and
COMPUTER NETWORK SECURITY 11

the web-based support. The tool allows for conventional payloads and many exploitations such

as reverse shell when establishing the concept (Hoffmann, 2015). The device has a DNS server,

built-in sniffer and access point to facilitate and mount attacks.

When mounting the attack, the Metasploit takes the following structures:

i) selects the specific exploit

ii) synchronize the exploit selected to the remote port number and remote IP.,

iii) chooses a payload.

iv) synchronize the local IP address and the port number to the payload

v) runs the exploit.

The Metasploit penetrating testing tool is characterized by the built-in shell, which

enables it to collect highly critical data such as the remote vital loggers and hash dump

passwords to show how the system severity and vulnerability. Wireshark comes in as the second

tool exploiting things such as lack of input validation, SQL injection, pollution and as well as the

overflow of the buffer. If such attacks become successful, then this will mean significant damage

to the internal systems and the database of any organization. At times the system can go without

detecting any vulnerability, but he does not say that there is no threats or chances for an attack

(Hoffmann, 2015). The tool used might be weak or cannot test for the specific vulnerability.

Hence, there is a need to continually check the threats and keep on improving the penetration

tools to have the latest updates (Backers et al., 2017). Once the risks and the weaknesses of the

security network are provided, immediate actions should follow to eliminate the emergence of

these risks from within and without the company.

Black box testing is the process of testing network penetration when the testing team is

provided with zero or less information about the system. Black box penetration testing requires
COMPUTER NETWORK SECURITY 12

the tester to gain access to the network before making a compromise to the system. the tester,

just like the hacker, has little or no information about the network. the first step in testing the

network penetration is by, first, gaining a connection to the network. A Payload is developed and

sent to the client's computers through an email to check whether the emails in the company has a

trojan virus (Fisch et al., 2017).

Black box penetration testing involves a myriad of steps that generates reasonable and accurate

results on a company's network. the steps include the following;

Profiling

This is the initial process of gathering information about a particular network. the

information collected includes concerns such as the DNS information, platforms running, web
COMPUTER NETWORK SECURITY 13

server’s versions, operating systems en masse (Kang & Kang, 2016). Gathering information can

be done using google searches. Social media sites and emails.

Discovery and Enumeration

Discovery is the process of determining the network's operating systems through banner

grabbing, presence of open ports, services running, & versions of the services, technology

information (Kang & Kang, 2016). Discovery helps identify the host that is present in the

network. Backbox penetration testing provides the tester with the use of enumeration where the

internal network allows the tester to identify resources and users, groups, routing tables and

service audits. Identifying information would allow the tester to understand the system attack

points.

Scanning

Scanning is an essential process which allows the tester to understand the vulnerabilities

in the network service. Security controls and information systems. Scanning identifies the

network topography and the operating system's vulnerabilities and service vulnerabilities.

Exploitation

Exploitation stage uses the already collected information on the active ports with related

vulnerabilities to exploit the services exposed safely. Exploitation engages research and

launching of payloads against the target environment with regards to the penetration test (Fisch

et al., 2017).

Reporting
COMPUTER NETWORK SECURITY 14

Reporting stage involves recording all the vulnerable and exploitable point to the client.

A thorough assessment is done on the vulnerable areas and a clear recommendation made.

RISK MANAGEMENT COST-BENEFIT ANALYSIS

These are systematic formats of estimating strengths and weaknesses of a security system

adopted by a company and provides the best approach for involved parties to experience reduced

costs in their investment. And make the best out of their money.

Risk management analysis is the evaluation of all the risk involved in a security system

installation and implementation. These entail the study of the cost of installation, and

management labour requirement, this can be used to determine whether the installation of certain

security measure in a company is cost-effective. These are useful in determining a suitable

security measure to install in a company. To provide maximum security while experiencing a

minimum cost. A selected security measure should completely prevent a company’s network

from cybercriminals. And also should consider instances of risk management in cases where the

security features put in place fails to keep away attacker. A security feature put in place should

be able to regain control of security. Also, in case of any information loss, it should be able to

recover all the lost information and data. It should ensure that the company does not need to

incur other costs to regain control of their system in case of an attack or to recover their lost data.
COMPUTER NETWORK SECURITY 15

References

Backers, M., Hoffmann, J., Künnemann, R., Speicher, P., & Steinmetz, M. (2017). Simulated

penetration testing and mitigation analysis. arXiv preprint arXiv:1705.05088, 6.

Baloch, R. (2017). Ethical hacking and penetration testing guide. Auerbach Publications.

Bayer, S., Enderle, T., Oka, D. K., & Wolf, M. (2016). Automotive security testing—the digital

crash test. In Energy Consumption and Autonomous Driving (pp. 13-22). Springer,

Cham.

Fisch, E. A., White, G. B., & Pooch, U. W. (2017). Computer system and network security. CRC

press.

Goel, J. N., & Mehtre, B. M. (2015). Vulnerability assessment & penetration testing as a cyber

defence technology. Procedia Computer Science, 57, 710-715.

Hoffmann, J. (2015, April). Simulated Penetration Testing: From" Dijkstra" to" Turing Test++".

In Twenty-Fifth International Conference on Automated Planning and Scheduling.

Kaewunruen, S., Alawad, H., & Cotruta, S. (2018). A decision framework for managing the risk

of terrorist threats at rail stations interconnected with airports. Safety, 4(3), 36.

Kang, M. J., & Kang, J. W. (2016). Intrusion detection system using deep neural network for in-

vehicle network security. PloS one, 11(6), e0155781.

COMPUTER NETWORK SECURITY 16

LAB REPORT

During the lab report, it was clear that there were vulnerable situations where the

penetration tools could not predict the attacks, but an attacker could quickly bring it on.

Virtual Private Network Over WAN.

Attackers are the technique by which an attacker or unauthorized group accesses the

network and does not cause the system to be generated or modified, but listens to what is

happening. An attacker discovers the policy by monitoring the exchange, communication, and

content passed from client to server through a technique called interception.

Below is the screenshot of the code that accessed the remote system of the servers.

WLAN traffic isolation through a separate firewall for the VPN connection.
COMPUTER NETWORK SECURITY 17