ITE 3242 – Information Security

ASSIGNMENT 1 - 22S2

1. As a security professional how would you mitigate,

i. DHCP snooping attack?

When a rogue DHCP server is connected to the network and gives bogus IP configuration
parameters to clients that are legal, this is known as a DHCP spoofing attack.

As security professional we can mitigate the attack by carry out followings.

 Using Port Security, we can easily mitigate DHCP server attack. Gobbler
employs a distinct MAC address for every port security and DHCP request. This
could be mitigated by configuring port security. Gobbler can, instead, be set up to
use a different hardware address for each request while still using the same
interface MAC address. Port security would become meaningless as a result.
 DHCP snooping on trusted ports can be used to counteract DHCP spoofing
attacks. Through rate-limiting the quantity of DHCP discovery messages an
 untrusted port can receive, DHCP snooping also aids in mitigating against DHCP
hunger attacks. The switch can filter DHCP messages from untrusted sources by
using the DHCP snooping binding database, which is created and maintained by
DHCP snooping. For every untrusted switchport or interface, the binding type,
VLAN number, client MAC address, IP address, DHCP lease time, and interface
details are included in the DHCP snooping binding table.
 By using Dynamic ARP Inspection (DAI) verifying that ARP packets originate
from reputable sources, DAI aids in the prevention of ARP spoofing attacks.
ii. ARP spoofing attack?
ARP spoofing attack - In order to find out the MAC address of a host with a specific IP address,
a host often broadcasts an ARP Request to other hosts. The ARP Request is received by and
processed by each host on the network. An ARP Reply is sent by the host whose IP address
matches the one in the ARP Request.

As security professional we can mitigate the ARP spoofing attack by carry out followings.

 A switch needs to make sure that only legitimate ARP requests and answers are
transmitted in order to stop ARP spoofing and poisoning. Using the attacker's MAC
address and the default gateway's IP address, a malevolent user can transmit unsolicited
ARP replies to other computers on the subnet in a conventional attack.
 Using ARP inspection - By not sending unnecessary or invalid ARP replies to other ports
in the same VLAN, dynamic ARP inspection aids in the prevention of such attacks. On
the untrusted ports, dynamic ARP inspection catches all ARP requests and answers. The
validity of the IP-to-MAC binding of each intercepted packet is confirmed. ARP
poisoning attempts are stopped by the switch by either dropping or logging ARP replies
from invalid devices for auditing purposes. The quantity of ARP packets can also be
restricted using DAI rate limitation, and if the rate is exceeded, the interface can be error-
disabled.
 DHCP snooping is required for DAI. A valid MAC address to IP address bindings
database created by DHCP snooping is the basis on which DAI assesses the legitimacy of
an ARP packet. DAI may also verify ARP packets against user-defined ARP ACLs in
order to manage hosts that use statically assigned IP addresses.
2. What is a next-generation firewall? How does it differ from a traditional legacy
firewall? How AI can be used with NGFW to classify threats.

Firewall - Manage and regulate internet traffic inside a private network with a firewall, a type of
network security device. Data packets can be allowed or denied based on predetermined security
rules, and it can be implemented as either software or hardware. Using packet characteristics to
filter incoming and outgoing traffic, the firewall serves as a barrier between the private network
and the public network. Blocking unwanted access, and guarding against malicious activity are
its primary goals. Due to its ability to protect confidential data, enforce corporate standards, and
reduce the danger of cyberattacks, firewalls enhance network security as a whole.

Next-generation firewall - In addition to a firewall, a next-generation firewall is a multifunction

device (MFD) that combines various security features. Integrated components of an MFD may
include web filtering, QoS management, bandwidth throttling, NATing, VPN anchoring,
intrusion prevention system (IPS), web filtering, web filtering, and online security software.
Modern cyber dangers are now being addressed by next-generation firewalls (NGFWs), which
have advanced beyond traditional firewall functionalities. Companies today frequently use
NGFWs to successfully defend against sophisticated malware and application-layer threats.

A next generation firewall is important in many ways.

 Fine-grained recognition, visibility, and management of actions within applications

 Limiting access to websites and web applications according to their reputation; taking
proactive measures to safeguard against online dangers
 Application type, user, device, role, and threat profile-based policy enforcement
 Implementing stateful protocol inspection (SPI), NAT, and VPN;
 Making use of an integrated intrusion prevention system (IPS)
Image source: https://www.arubanetworks.com/faq/what-is-next-gen-firewall

The features of Next-Generation Firewalls (NGFWs) and Traditional Firewalls are contrasted in
the table below, along with the benefits of NGFWs in reducing the risk of cyberattacks.
Capability Traditional Firewall Next Generation Advantages of NGFW
Firewall (NGFW)
Inspection Stateless Stateful prevents traffic that varies from
the intended standard in relation to
connections that have been made.

Visibility Rudimentary, only Deep, includes all allows for a more thorough and
lower TCP/IP layers TCP/IP layers detailed examination of traffic

Services Basic comprehensive includes packet filtering as well as

UTM services like content
filtering, packet filtering, packet
filtering, IDS/IPS, and logging.
 Protection Limited Enhanced recognizes, stops, and reports a
wider range of assaults

Next-generation firewalls (NGFWs) and conventional firewalls are contrasted in the following
table:
Feature Next generation firewall Traditional firewall
Layer of operation Application layer – layer 7 Data link layer and transport
layer – layer 2 and layer 4

Port/Protocol Inspection Yes Yes

Packet Filtering Yes Yes

Behavioral Analysis Yes Limited or None

Application Awareness Yes Limited or None

Dynamic Filtering Yes Limited

Virtualized Network Support Yes, supports complex Limited support for

virtualized network virtualized networks
environments
External Threat Intelligence Yes, leverages external data Limited or none
to identify threats

AI can be used with NGFW to classify threats

With NGFWs, real-time threat classification is possible with the application of artificial
intelligence (AI). AI is used to examine network activity and traffic patterns in order to find
anomalies and possible dangers. NGFWs powered by AI are better able to react and adjust to
new and changing threats.
  Intelligence feeds on threats - Real-time information on developing threats can be
obtained through the integration of NGFWs with threat intelligence streams. In order to
enable the NGFW to identify and react to the most recent threats, AI can be utilized to
evaluate this data and apply it to its rule sets.
 Behavioral Analysis - AI-powered NGFWs are able to track and examine user behavior
as well as network traffic trends. Artificial Intelligence can identify possible hazards by
detecting deviations from established norms of behavior. For instance, abrupt, peculiar
increases in login attempts or data transmission can be seen as suspicious.
 Generation of Dynamic Rules - AI can help with the dynamic creation and modification
of firewall rules in response to threats that are identified. For instance, the NGFW may
automatically create rules to block new threats without the need for human participation.
 User and Entity Behavior Analytics (UEBA) - AI-driven network group firewalls
(NGFWs) can utilize User and Entity Behavior Analytics (UEBA) to detect anomalous or
hazardous user behavior, like data exfiltration or unauthorized access. By monitoring user
activity over time, UEBA can build behavioral profiles of users and identify departures
from them.
 Continuous Learning: By continuously learning from new threats and adapting to
changing attack strategies, AI-driven NGFWs help enterprises stay one step ahead of
cybercriminals.

3. Briefly explain about physical access control methods which are using to secure
Information Systems.

Security measures known as physical access control techniques are employed to manage and
limit access to locations that are deemed secure. Protecting sensitive data and information
systems requires the use of these techniques.

Advantages of Physical Access Control System

Increased security is the main advantage of a physical access control system. Installing a PACS
system offers operators control over every part of a facility and enhances the possibility that
unauthorized individuals won't be able to enter restricted areas. Operators have fine-grained
control over which personnel are allowed entry to certain areas of a facility due to the ability to
create security measures. Both internal and external security breach risks can be reduced with the
use of a PACS.

Typical physical access control techniques include biometric authentication, which makes use of
distinctive behavioral or physical traits, such fingerprints or retinal scans, to identify a person.
Personal Identification Numbers (PINs) can be used to further secure access cards and smart
cards, which are commonly used to allow access and have embedded chips or magnetic strips.

Unauthorized entry is prevented with mantraps, which are enclosed areas with two sets of
interlocking doors. Security personnel respond to security breaches and authenticate those
requesting access. While badge readers verify users' identities using their access cards or badges,
surveillance cameras keep an eye on entry points. Access Control Lists, or ACLs, define which
users are allowed access to which systems or locations. To improve physical security, other
measures including alarms, intrusion detection systems, and physical obstacles are used.

These are a few popular techniques for physical access control that are used to protect
information systems.

 Biometric authentication - Biometric authentication is a security technique that uses

distinctive behavioral or physical traits, such fingerprints, voice recognition, retinal scans,
or facial recognition, to confirm the identity of someone requesting access. Since it is
extremely difficult for unauthorized individuals to duplicate or fabricate these specific
biometric traits, this strategy gives a high degree of protection.
 PINs and Passwords - Passwords and Personal Identification Numbers (PINs) are
popular access control techniques that demand users enter a secret code in order to access
restricted areas or information systems. The purpose of these codes is to verify the
identity of the user.

 Alarms and Intrusion Detection Systems - These are installed to sound an alert in the
case of an unwanted entry, allowing security staff to react immediately. In order to
discourage intrusions and stop security breaches, these systems can also start automated
reactions.
 Smart Cards - These tangible tokens with embedded chips or magnetic strips that permit
admission are known as access cards and smart cards. In order to provide an extra degree
of protection, smart cards frequently require a PIN or password.

 Physical Obstacles - There is a noticeable separation between protected areas and the
rest of the building thanks to physical obstacles like walls, gates, and turnstiles. Their
principal role is to restrict access to just those who are permitted, so improving security
by impeding unauthorized entry. These obstacles serve as a strong deterrent to prevent
unwanted entry to sensitive locations.
 Mantraps - Mantraps are safe enclosures featuring two doors that lock together. People
have to go through authentication before they may enter through the second door.
Through the use of a technique known as tailgating, which involves an unauthorized
person attempting to follow an authorized person into a protected area, this design blocks
unauthorized access.