SPYON TECHNOLOGIES SECURITY ASSESSMENT

1
 Table of Contents
Question 1 3

Question 2 6

Question 3 6

Question 4 7

Question 5 9

Question 6 10

Question 7 11

Question 8 13

Question 9 19

Question 10 21

Question 11 22

Question 12 23

Question 13 24

Question 14 26

Question 15 27

Question 16 28

Question 17 29

Question 18 30

Question 19 31

Question 20 32

Question 21 32

Question 22 34

Question 23 34

2
Question 24 35

Question 25 36

References 40

3
Question 1

There must be a procedure in place to ensure the business company's security. There must be no
unauthorized access to the overall network of technology-based functioning in that specific firm.
The severe security procedures could have the similar process that could be recognized by
unique effects pushed in a special manner with an extremely developed method of software
validation functionality and its network of dependence I insecure procedure function. Locally
active user accounts should be formed and manufactured in accordance with the other
organizational system specifications (Akinyemi et al. 2018). HMAC should be constructed using
a procedure that is dependent on each and every numerical manner of possibilities under a
contemporary interface with IPSec allowed settings.
To sustain a manner technology-dependent structure under the influence of WAN functionality, a
specific coding-based activity should be constructed. There must be no unwelcome method of
obtaining every small piece of processing techniques in respect to progress with enhanced VPN
connections. It must be an encrypting where most of the elements are associated to encode the
current technique generated under its effective means of powerful connection technique among
all parties concerned (Atieh, 2021). There must be an encrypting where most of the elements are
linked to encode the existing technique produced underneath its practical meaning of powerful
connection technique among the parties focused. Public key formation is needed for safety
traffic. Depending on the validated process, another third-party server might do the similar study.
a. Spyton Technologies security needs is High. The cause behind this is that the company is
secured hence ensuring the privacy system with high degree as well as its uniqueness at the time
of operating or handling the services (Bongiovanni et al. 2019). Spyon Technologies' safety
regulations would be classified as "high" since the firm works on secret projects for military's
services with governments all over the globe that might cause enormous devastation if data is
exposed, which is why maintaining data secrecy is critical.
b. The software related operations such as backup data, firewall, anti-viruses along with
cryptography are a few safety measures that would have been employed in addressing safety
needs that are listed.

4
Security requirement Security measures

This process is mainly

maintained through a corporate The security protocols can have the same types of access that
company. Therefore, any types can be understood through using advanced software. It also
of unwanted access that should can be used to verify the process to generate process related
not be used to describe the functions.
whole system. It is also based
on the operations of the
company. The users also will create accounts as well as produce different
types of systems.

HMAC has to be a factorial process to maintain different types

of modern IPsec.

It is also a process that can help to make advanced VPN

It also comes under a coding
connections. That also reduces the chances of unwanted
based operation. It also
signals.
generates some dependent
WAN.

5
Question 2

Threats/Attacks Impact Level Likelihood Risks Level

Phishing Critical Likely High

Bot High Moderate Moderate

Password Critical Likely Extremely

Insider High Likely High

AI-Powered Critical Almost certain Extremely

DoS Attack Critical Intentionally Extremely

ICMP Critical Intentionally Extremely

IP packet problems High Almost certain High

and bad options of IP

SYN Fragments Critical Almost certain Extremely

Question 3

6
Threats/Attacks Defense

Phishing Firewall ICMP

Bot IP source guard

Password Firewall ICMP

Insider IDP settings along with Firewall ICMP

AI-Powered IP source guard along with Firewall ICMP

DoS Attack Deployment of the firewalls

ICMP Strengthen ICMP protocols

IP packet problems and bad options of IP Inspecting the incoming packets by using a
router.

SYN Fragments ICMP message containing the value of MTU

Question 4

Internal zone: workstations used by organizational staff or departments (Corporate LAN /

Trusted Network).
An idea of the internal zone refers to several platforms out of the company's inner users,
including such separate machines from the actual network divisions or other networks of
different corporate workers. Internal zone platforms are often linked by trusted networks and
LAN operations inside the system.
External Zone: The exterior zone is made up of several systems from various industry external
consumers. Manufacturers, consultants, and other industrial third-party services are examples of
connected external users. This exterior zone is built using internet connectivity, as well as the
components are connected with a powerful internet connection (Enoch et al. 2020). This exterior
region should be correctly sustained in respect to defend the systems from additional external
attacks.

7
Maintain as few guidelines as necessary which enable traffic in between DMZ as well as an
internal network. Very frequently, administrators attempting to diagnose an issue set a rule
permitting unrestricted access among the DMZ systems as well as an internal networking back-
end server (or the entire internal network). It basically combines the DMZ by the internal
network, defeating the objective for the DMZ (Hyun et al. 2018). Developing specialized
firewall rules which facilitate interaction only between particular servers upon specific ports
needed by the company.
Method of securing traffic from site to site:
On the basis of the research, it will be planned to employ several approaches including firewall
security measurements, encryption rules and authentication security to protect the organization's
assets. Site-to-site trafficking for the security modules aids inside the flow for website-based
information inside the systems. The phenomena of site-to-site transmission of data become
vulnerable to a wide range of security vulnerabilities, including external assaults from rogue sites
(Kadhim et al. 2018). Whenever data moves via the data and information traffic of several
websites at the time of using the internet, it will be more susceptible.
Methods of Securing traffic from the public internet

I'll utilize “VPN (Virtual private network)” because I understand it produces the encrypted
structure and preserves the data. I would use “VPN” to access public infrastructure while
retaining security in the organization, as well as the platform will give tunneling methods to the
organization.
There are several successful data protection techniques for public internet connectivity. A broad
public entity can readily gain access to classified firm data over the internet (Kaur and Rao,
2017). Businesses can function inside the virtual private network which is only available from
the company's internal systems in effort to stop third parties from accessing critical data.

8
Name Tag Typ Zon Add Use Pro Zon Add App Pro Ser Options Action
s e e ress r file e ress licat file vice
ion

Zone- non inter L3- any any any L3- any ssh non any correct approved
to- e zon trust trust teln e
zone- e L3- L3- et
mgmt untr untr
ust ust

trust- non intra L3- 192. any any intra any any non any correct approved
intra e zon trust 168. zon e
e 168. e
0/24

RDP-in non univ L3- any any any L3- Des ms- non RD correct approved
e ersa untr trust ktop rdp e P
l ust - t.12
PA2 0
00

allow- non univ L3- any any any L3- any any non any correct approved
out e ersa trust untr e
l ust

Question 5

The juniper SRX configuration sets to jinstall-ex-4200-10.0S10.1-domestic-

Signed.tgz files from Switch1-Switch2.

9
 Zone Dev Address Interf
ice Book ace
na
me
Trust vr1 172.20.106. fe-
06 0/24 0/0/4.
106
Web vr2 172.20.206. fe-
06 0/24 0/0/4.
206
Mail vr2 172.20.207. fe-
07 0/24 0/0/4.
207
UC vr2 172.20.208. fe-
08 0/24 0/0/4.
208
Untr vr1 172.20.105. fe-
usty 05 0/24 0/0/3.
vr2 172.20.215. 0
05 0/24
srx 172.18.1.0/
C-1 30

Question 6

Sessions as well as configuration synchronization is performed through “high availability (HA)”

connectivity. In the event of a system breakdown, the “high availability (HA)” continually
synchronizes state first from the singular, operational firewall toward an identical, as well as
precisely designed, passively firewall, as shown in the picture above.

10
 Figure 1: Juniper Failover Cluster Diagram
(Source: juniper.net/documentation/images/g031183.png)
The SRX devices in the chassis cluster mainly use the transmission of the heartbeat for
determining the health of the link. If the missed heartbeat numbers have only reached the
threshold configuration the system mainly assesses whether a condition of the failure mainly
exists in the condition.
The system mainly monitors the link of the control status by default. For the dual control links,
they are basically supported on the SRX5600 and the lines of SRX5800. The redundancy
protocol process mainly sends and mainly receives the heartbeat control messages on controlling
both the links. As long as the number of heartbeats are received on controlling the links. The
Junos OS mainly considers the node to be alive. The main product of the threshold of heartbeat
properly defines the time to wait before triggering the failover.

Question 7

Set every device's ports and save the settling fings. FPC 1/13 should be chosen (slot 0). Isolate
the controlling ports from the centre point on such a different SPC (slot 1)
• Configure the “chassis cluster control-ports to fpc 1 port 0 (on node 0)”

11
• Configure “chassis cluster control-ports fpc 13 port 0 (on node 0)”
• Configure chassis cluster control-ports fpc 13 port 0 (on node 0)
• Configure the chassis cluster control-ports to fpc 13 port 0 (on node 1)
Configure all two devices in the workplace in cluster mode.
• Configure the chassis cluster cluster-id 1 node 0 reboot
• Configure the chassis cluster cluster-id 1 node 1 reboot
The clusters ID both on the system will be similar, however the nodes ID should be separate
since one unit is node 0 while the other one will be node 1.
• configure chassis cluster redundancy-group 0 node 0 priority 110
• Configure the chassis cluster redundancy-group 0 node 1 priority to 100.
• Configure chassis cluster redundancy-group 1 node 0 priority 110
• Configure the chassis cluster redundancy-group 1 node 1 priority to 100.

Figure 2: Configuration file

(Source: net/documentation/images/g016922.png)
The files are mainly located in the config directory. It is basically the archived configuration that
has the juniper.
The selection process mainly occurs in the sequence.
● /config/juniper. conf
● /config/rescue. conf.

12
 ● /config/juniper. conf

Question 8

“root# show |no-more system { root-

authentication {
encrypted-password "$1$/tHNNUX/$cuFTY00qbssob9zpEDEyv1"; ## SECRET-DATA

services { ssh;
telnet; xnm-
clear-text;
}

syslog { archive size

100k files 3; user *
{ any emergency;

file messages
{ any critical;
authorization info;

file interactive-commands { interactive-

commands error;

13
} interfaces { ge-
0/0/0 { unit 0
{ familyinet
{ address
100.1.1.2/24;

ge-0/0/1 { unit 0
{ familyinet { address
192.168.2.1/24;

} }
st0 { unit
0
{ familyin
et;

} } routing-options { static { route

0.0.0.0/0 next-hop 100.1.1.1; route
192.168.1.0/24 next-hop st0.0;

} security { ike { proposal ike-

phase1-proposal
{ authentication-method pre-

14
shared-keys; dh-group group2;
authentication-algorithm sha1;
encryption-algorithm 3des-
cbc; lifetime-seconds 86400;

policy ike-phase1-policy { mode main; proposals ike-phase1-proposal; pre-

shared-keyascii-text "$9$6qsMAtOrlMXNbp0MX"; ## SECRET-DATA

gatewaygw-chicago{ ike-policy
ike-phase1-policy; address
100.1.1.1; external-interface ge-
0/0/0.0;

ipsec{ proposal ipsec-phase2-proposal

{ protocolesp; authentication-algorithm
hmac-md5-96; encryption-algorithm
des-cbc; lifetime-seconds 28800;

policy ipsec-phase2-policy
{ perfect-forward-secrecy
{ keys group2;

15
proposals ipsec-phase2-proposal;

vpnike-vpn-
chicago{ bind-
interface st0.0;
ike{ gatewaygw-
chicago; proxy-
identity { local
192.168.2.0/24;
remote
192.168.1.0/24;
service any;

ipsec-policy ipsec-phase2-policy;

establish-tunnels immediately;

policies { from-zone trust to-

zone untrust { policyvpn-tr-untr
{ match { source-
addresssunnyvale; destination-
addresschicago; application any;

16
then
{ permit;

from-zoneuntrust to-zone trust

{ policyvpn-untr-tr { match
{ source-addresschicago;
destination-addresssunnyvale;
application any;

then
{ permit;
}

zones { security-zone trust

{ address-book
{ addresssunnyvale
192.168.2.0/24;

host-inbound-traffic { system-
services {

17
all;

interfaces {

ge-0/0/1.0;

security-zoneuntrust{ address-
book { addresschicago
192.168.1.0/24;

host-inbound-traffic { system-
services {

ike;

interfaces {

ge-0/0/0.0;
st0.0;

18
 }

}”

Question 9

In current times technologies and science are improving rapidly. There are numerous types of
computing tools which have been exposed to enhance the easiness of several works.VPN stands
for "virtual private network," which indicates that within this study, one firm or a set of
companies perform their task of sharing information and money extremely secretly without
exposing this to the community. It makes the entire method more safe and decreases the
possibility of data as well as money being hacked. IPSec is commonly referred to as "internet
protocol security." That is among the most popular VPNs in latest days. The key functioning
principle of this method is that it links two devices with very strong online security measures
using validated encryption and authentication. Therefore, the major goal of this system is to
assist in the sharing of different types of secret secrets and highly essential data and funds
secured methods without being attacked through unknown third parties.
“Asymmetric encryption” is used to secure network activity passing via the “VPN” of IPSEC.
The sole distinction would be that the “symmetric encryption” employs the similar keys inside its
functioning, but “asymmetric encryption” utilization separate keys in “cipher text” as well as
information transmission (Kim, 2020). To name some of the testing will be done to ensure that
security precautions including VPN are working properly, and also run the AV-test and unplug
the internet cables whilst leaving VPN as well as other security procedures running.
Symmetric encryption is one sort of key that is utilized inside this kind of encryption of the both
encrypt and decrypt processes. This procedure is mostly employed at this location to expedite the
transfer of data, communications, and funds. This procedure is not as secure as the Asymmetrical
approach, but it is much quicker. Both procedures are now applied in a variety of scenarios in
this context. Usually, the sizes of the variables employed in this operation range from 128-256
bits, depending upon the security requirements.
This sort of encryption relies on two distinct kinds of keys of the encryption as well as
decryption processes. Various types of keys are already in use (Lainjo, 2020). These secret keys

19
are utilized for encryption, whereas the public keys have been utilized for decryption. In overall,
this form of encryption method is far safer than Symmetric versions.
A security association is an establishment that can happen between the IPSec peers. There are
two different types of parameters that will be included with the security protocol. Therefore, an
SA mainly identifies three different types of parameters like security protocol ID and security
parameter index. It is mainly generated by the value that can identify an SA to transmit the ESP
header. There are some core protocols that can happen between two different types of
technological peers. The encoding information is mainly three types like:
IPsec authentication header
It is only used to generate authentication services. It is only available for the IPsec. It also uses
the recipient to verify the message. If the message comes from the originator. It is also an
enroute of unchanged data. This message also can be captured through recent as well as
unauthorized data.
Encapsulating security payload
It also can ensure that integrity can come through data. It also can’t come under private policy. It
also can show some data diagram.

Figure 3: Overview of IPsec protocols and components

(Source: cdn.ttgtmedia.com)
There are different types of VPN that help to protect the data on the internet. Therefore, one can
also see that android tested VPNs can also be leaked. Some VPNs have broken features that can
be used as kill switches to block the traffic. There are two different types of tests like advanced
tests as well as basic tests.
Advance tests

20
It is mainly required to generate more technical proficiency that helps to identify the leaked
VPN. Through the express vpn is mainly available to test some suits.
Basic Tests
It is an easy test. Everyone can run this test. One can do it through connecting some testing sites.
It also does not identify some data that can be reconnected through leaked sites.

Question 10

Encryption is the process of ciphering data sent and received by a user, along with data stored on
endpoint and server. Mail encryption refers to the process of converting normal text messages
within encrypted text which only the recipient with the right cypher code could decrypt and read.
For encrypting and decoding the communication, both the receiver and sender should use the
similar encryption key. The ciphering coding and also algorithm, ensures that the internal email
is incomprehensible by the third parties, though it gets out of control. A better encryption
technique encrypts all email communications at such a high degree of ciphering that it would
take a terrible actor several decades to decipher even the easiest message. Through this research,
"PGP email encryption" may be employed in the continuing Technology-based network
discovering computers (Lu et al. 2018). The data within the database gets encrypted using a
specific point of access in which the users may rely on the specific PGP operations for many of
the components that must be given. PGP is the most complex and crucial email setting and
encryption methods in prevailing research technology.
There are some benefits that can be used to open a PGP security. Those are:
● It can give some valuable information that can come under protection. Therefore, the
information also can be protected. It also can come under the company's departments.
● There is also a way to prove that documents are authorized.
● It mainly works under an email application. The user also will use this in a compatibility
mode. Some data can come under the legalization.
● Smalls files also can be sended through the encryption that can concentrate on more
secure tests.
● It also can be approved through the country’s government. That way it can be easily
controlled over the security policy.

21
Integrity is mainly involved in a trustworthiness, consistency and accuracy that can go through a
lifetime process. Therefore, data also can evolve in the change that can be altered through
unauthorized data. It comes under confidentiality. There also some vision that can come to detect
the data. It also has some permission to access the controls that can cause some server crashes.
The data also can come under the integrity that helps to restore the data at a correct state. It
mainly helps to manage the digital signature that generates some logins to review the data. The
process also can’t be dyed to measure the logins.
There are different types of data encryptions available. That also can come under several
encryptions.
Advanced encryption standard is mainly used by the government that can be extremely
effectable in 128-bit. There are different types of purposes to use these methods. That is also
considered to conduct some brute force attack that can help to generate some value.
Therefore, in the triple Des it mainly comes under the original data encryption algorithms. It also
generates some gradual process to allocate some ATM PINs.

Question 11

Many algorithmic methods could ensure that the authenticity of Email is maintained. It is among
the most critical and sophisticated comprehensive techniques in complete software evaluation.
There are numerous online communications procedures in which those email encryption
techniques might be components. Among the most beneficial in modern technology, in which the
capacitive fingerprint module creation with face detection procedure may also be built (Lu et al.
2018). Each of these various elements might have a similar Outlook in many procedures
for security management strategies. In which the "engineering system technology" along
with software execution are similar as the algorithms in the technological process.The "message
digest algorithm" and the "Secure hash" method could be utilised inside this specific integrity
management system. " Message digests" and considers it as a "cryptographic hash" technique,
with the construction of communication network "mesh topology" under the path information
certification for System administration recognised with the management program "accounting
process" (Miloslavskaya et al. 2017). Md5 method has a better likelihood of acceptability
amongst user verification systems, and any beneficiaries Technology oriented programming
languages may utilize the same procedure in which the interface is as simple as the person can

22
control the vulnerabilities as per the technology. The secure hash algorithm does have a
functionality in which the technique of cascading value as well as its parameters have the
similar balancing approach along with the resulting value would be identical inside the security
Service base of Technological oriented approaches.
This process is technology oriented and can implement different processes. Users also generate
some vulnerability in the system. Through that way, algorithms also help to cascade the
parameters that balance the methods. It is based on agency technology methods that can apply on
any type of data source. Therefore, the process also can generate some passed out data to get
verified. Email security is also needed to generate protection from unwanted hazards. Here also
can use different types of algorithms to maintain a flow of working process. It is also encrypted
to generate an integrity to use the encrypted email.

Question 12

A specific application based technique of technological improvement can generate the recipient
authentication procedure. To progress a digitized validation analytical process, the needed
application programming algorithms in programming methods as well as in other authentication
along with method of procedure could be utilized. This way of identification inside
every programming functions may be utilized to accelerate the verification system of such
Revolt activity in secure communications of organization Technologies. Asymmetric
Cryptography with Hash Functions are among the most sophisticated and enforces full wave
in the safety of messages could be noticed that the system's functionalities with their creation
may be utilized. There are many advancements where most of variables and there are several
breakthroughs in which every variables are adjoined to generate a single application
programming functions through all the users that could have the easiest "user interface" receiver
but most of these methodologies could have the greatest performance towards that. " Data
privacy and data security" protection is among the most important functioning capabilities of
such multiple authentication procedures, as well as the "hash functions" to assure efficiency and
recipients recognition verification procedure may also be within its portion of postponement
(Misuri et al. 2019). Epidermal computer programming Technology also does have the
identical interfaces advantageous to most of these elements and associated keywords around the

23
same project management wherein these could be comprehended in a straightforward manner by
its whole factorial procedure system validation and check technique of the analysis.
With the hash algorithm, all following steps are taken to use a secret (Private) key:
1. The technique of sequencing communication of activity must include a "m" indicator bit.
2. The procedure method Private Key should be utilized.

3. The process design method that was made public should be used.

4. The technology-oriented encrypting technique plays an important role in ensuring data

protection variations.
The cryptography of the public key mainly allows someone to send the public key in the open or
insecure channel. A public key that belongs to encrypting messages to them. The private key is
mainly used to decrypt the message that has been encrypted to them. HASH encryption can be
termed as the process that mainly creates a related hash of the proper information numerically.
The code is mainly irreversible in a theoretical way. The code is used to help just to ensure the
document which has not been tampered properly. One of the most trusted ways for encrypting
the document is for using a given string to text just for encrypting it. To encrypt a document, the
private key encryption has been used. This has been encrypted using the private key that must be
taken to ensure that the password of the encrypted text remains safe.

24
Question 13

25
Digital 1 year Types Validation 90 days Benefits
Certificate cost of free
Levels
PCI
scanning

Thawte $169.00 One Domain X

● “World’s first
Domai
international CA
n
(Certificate
Authority)”.

● Complete sort of

SSL productions.

Go Daddy $79.99 One Domain X

● Protected card data
Domai
as well as other
n
dealings.

● Guarantee complete

data encryption.

Comodo $69.95 One Domain Contemplate to become

Domai the #1 amidst a
n safety substitutes. It
provides SSL
Certificates which
are reasonable to
protect the
production and also
26
Question 14

“NTLM” refers to the term “Windows New Technology LAN Manager” and it is a collection of
safety protocols provided by “Microsoft” to authenticate users’ individuality and defend the
reliability and privacy of their action. At its basic, “NTLM” is the “single sign on
(SSO)” apparatus which depends upon a challenge-response procedure to verify the user devoid
of needing them to propose a password (Nife et al. 2018). Despite documented flaws, NTLM is
still commonly used, including on software changes, to provide compliance between legacy
servers and clients. Although Microsoft decides to maintain NTLM, this has been supplanted as
the standard access control in Windows 2000 as well as following “Active Directory (AD)”
networks by “Kerberos”. NTLM uses the challenge-response system to authentication method.
This procedure includes three texts:

● The customer's negotiating messages

● The server's challenging messages

● The customer's authentication messages

“Kerberos authentication” is recently the standard authorization technique utilized by Microsoft

Windows”, along with accomplishment of Kerberos is present in Apple OS, UNIX, FreeBSD,
along with Linux. “Microsoft” established their edition of “Kerberos in Windows2000”. This has
also developed into a default for web pages and “Single-Sign-On” execution across the system.
The Kerberos Consortium maintains Kerberos be an open-source scheme. Kerberos is a
significant advancement over preceding authorization innovations. Cyber - criminals will find it
considerably harder to access company's network because to the robust encryption and third-
party ticketing authorization. Kerberos authentication procedure is indicated as the fastest along
with consumer based authentication method development through the complete system
functionalities and verification. Progressive scientific development is pretty much influenced
towards the “cardboard authentication” method where every factor and its parameters are evenly

27
helpful to comprehensive the inclusive technique of the system’s functions and the “VPN and
LAN” techniques methods also relying upon the constraint on the basis of the user’s list topology
(Oh et al. 2017). There are a few organizational methodologies to progress the system
processes of activities so that the users could be satisfied through the optical system procedures
via the clients and also their specific methods could have the similar outlooks towards the ticket
a provided segments for the memory based systematizing aspect of the network based
technologically sophisticated procedures. Mutual authentication can be termed as preventing the
spoofing attacks as the main server will be authenticating the main user as well as verifying that
they mainly have the proper key session just before allowing the further communication and the
access. The both sides are required to connect and to authenticate the mutual authentication that
mainly ensure only those users who are legitimate that are connected to the main network,
application and the server. It is mainly termed as the process by which each of the parties in the
online communication verifies the main identity of the other party.

Question 15

“Biometric authentication” is among the most helpful techniques of identification for

maintaining safety inside any business or significant location where high-tech protection is
required. By possibility, there are numerous methods of "biometric authentication"; the primary
sophisticated structure is implemented using artificial intelligence as well as the software
mechanisms device to really be signified by a comprehensive overall phases of Model
management purposes. Biometric authentication methods may be performed in a variety of ways,
including fingerprint identification, voice control, and face identification (Sood et al. 2019).
Every searching user may be formed wherever the input statement is supplied by creating the
transformations of this statement with the program code of development in which the result is
designated because of the payment process to preserve system security through overall
Identification and security validation.
Advantages of the biometric authentication
● It basically deals with higher security and gives higher assurance. The identification of
biometric processes mainly provides all the answers and it mainly helps to verify the
identities.

28
 ● It gives the users the best experience one can have along with the fast user interface
experience.
● It is basically a non transferable process that everyone has the access to the unique sets of
the biometrics.

Question 16

An authentication system seems to be a method of gaining access towards the open

infrastructural permission towards access. Jupiter place electronically permission is created by
every certificate producer getting higher instrumentation amplifier passwords as well as
validation is conducted all across the electronically forces of program implementation projects.
Inside the recent era of operating system development, it can even be stated that perhaps the
subscriber can still have the economic advantages of accessing anyone of with their access
management, but this would be basically put in quite a methodology of something like the
credential made available by the regulatory agency is now and about their task in Bloodstream of
certification authority can now have between the strength to remarkably offered a waterfall root
component in which all subscriber can authenticate their record out from distinguishability of
distinguish different prior consent.

Certificate authorities owner procedure where the entire infrastructure-based framework situation
is reliant all across the channel as a development where the last related technology as well as
their preparation transfer could have the similar perspectives at the lowest in part constructions
are produced all across the fairly progressive proposed system as well as their accessible to the
public system website (Sung and Hsiao, 2020). Registration authorities aren't like qualified ticket
officials; those who are already at the finish of the activity with the racial group which is needed
to purely place the pass code registration along with they are an openly "domain system
interface" where the most verifying information and data could not be obtained by all consumers
and the certified authorities.

Digital Certificate Repository refers to a procedure of all the authenticated system components to
be implemented up to a specific parts of collection where the writing code and improved by the
internet consumers approved troublesome differentiation as well as root certificate along with sol

29
certificate have been also added in the validation process of other coding perspectives and also a
good compilation manner of the system authenticated generation Authority.

The user certificate mainly plays a trust chain which is in between a certificate entity and the root
certificate. The root certificate mainly signs the intermediate root with the use of a private key
which makes it trustable. Thus the certificate mainly uses the private key to sign and the issue of
the SSL certificates between the end user. A SSL certificate is mainly a certificate issued by the
trusted authority certificate.

The main role of the Certificate authority is for guaranteeing the fact that the individual has
granted a unique certificate which is mainly claimed by them. The digital certificate mainly
provides the authentication that serves as the credential just for validating the main identity
which has been used as the identity which is issued properly.

The registration authority can be termed as an authority in the network that mainly verifies all the
user requests for the digital certificate and it basically tells the authority certificate for issuing it.
It basically validates the users or the devices that authenticates the users or the devices and
basically revokes all the credentials if some of the certificates no longer remain valid.

The certificate repository mainly contains the main system which holds the information about the
unexpired certificates that includes the information of revocation and the certificate.

Question 17

Presently, there are major two factors which are contributing to the strength of encryption. Those
factors are: the private keys along with the configuration of the server.
Private Keys: When it matters, there are two major options: “RSA or ECC (Elliptic Curve)”.
First one is the system which has been a decades-old method that is exceptionally stable and
extensively accepted across servers as well as browsers. “2048-bit keys” means it has to be RSA.
If the users are not certain what they are looking for, RSA is the secure bet, as it is supported by
every SSL certified vendors. ECC is indeed a modern technique that is pushing the boundaries
for encryption speed and strength. Whether users are looking for the best performances, ECC has

30
been the way to go. If users are using outdated web servers, the ECC function could be
unavailable.
Configuration of the servers: Whether the users use an RSA or perhaps the ECC keys, the
communications would be safe. What is even more important is the setup of the server. the users
are focused with the configurations for cipher suites including SSL/TLS protocols
implementations in this section. Once a secured link is restored among the server along with
the client's browsers, the cipher package governs the encryption technique which would be
utilized. Whilst there many more possibilities exist for cipher sets, users may modify the suites
which will be used at any moment by simply editing the necessary configuration settings on the
servers. Whenever it relates to cipher suites, people are primarily focused with the server
capacities rather than client browsers capacities (Valenza and Lioy, 2018). Certain servers have
really been sluggish to implement different for the most recent and powerful ciphers, but perhaps
more concerning is the standard setup of certain servers that allows combinations which are
recognized to be insecure.
The key length has to be measured properly. The main difference can be explained using the
RSA encryption public key. In the encryption process, the cipher has to be used as a 512 bit key
which is cryptographically strong. On the other hand the ciphers of the symmetric key can
approximately achieve the proper level of the strength with a key of 64 bits. On the algorithm,
the strength of a key mainly depends. In this case, the size of the key is considered along with the
process of generation of the key. It also depends upon the key exchange procedure.

Question 18

Specific procedures must be performed in order for every emails would be included, which are
outlined below the steps outlined:
1. The layout part inside the emails must always be accessed, and there would have to be a
quality informs signatures that the opening email then there must not be any critical and
significant method that the fundamental attack could not occur inside the system.
2. The name of the users should be validated, but every sender could have the alignment of such
users or where the handling section of the characteristic must be appropriately formed.

31
3. There are some individuals known as contacts. That individual should be accessible at all
times, as well as every contact details must be supplied, as well as any risks and any unpleasant
things that are unauthorized or unverified, which must be prevented.
4. The procedure for delivering a thorough report In ID, the standard ID must be supplied,
followed by clicking or forming, as well as in the middle choice, data should be discovered in the
computer or could not rely upon the beta signatures processors. All system requirements were
separated into that.
The main issue is on the algorithm and the traffic generated by the device in the web server. The
traffic has to be cleared and maintained so that the text protocols can deliver their work and
services to the DNS servers. On the other hand the algorithm of the keys has to be properly made
so that it can contain the stronger problem of the user and also the authority certificate has to be
properly checked so that the main issue for the email system can be identified and resolved
properly along with the accordance of the DNS servers protocols.

Question 19

There are separate types in the category of a cyber attack into a network interface that may occur
by the hackers. The system operates where most of the desired taxation and safety data may be
given by a dealership system method. It could also occur to include the system legs operations
but they are providing information procedures that might needlessly postpone this to the access
control authentication.

● The name of the users should be validated, but every sender could have the alignment of

such users or where the handling section of the characteristic must be appropriately
formed.

● There are some individuals known as contacts. That individual should be accessible at all

times, as well as every contact details must be supplied, as well as any risks and any
unpleasant things that are unauthorized or unverified, which must be prevented.

● The procedure for delivering a thorough report In ID, the standard ID must be supplied,

followed by clicking or forming, as well as in the middle choice, data should be

32
 discovered in the computer or could not rely upon the beta signatures processors. All
system requirements were separated into that.
A reply attack that is mainly a cybercrime that needs to come under a secure network. it
also can be resent through misdirecting the leads. It also can generate some skills that
also capture a successful attack. Through that way, encrypted messages can be captured
through legimete. This also comes under a correct Through financial administrator to also
capture the positions.
It is an essential method to protect the potential application that can help to identify the
technical information. Another method is mainly to prevent hackers. It also can ensure
that the attacker message has to be recorded. The transactions also can be avoided to
discard the whole thing. These types of attack can be prevented from a certain length.

Question 20

Five safety threats which are caused by the problems are social engineering methods,
downloading unauthenticated content accessibility, and cyber attacks process, validation of data
leakage techniques and illegal activities. The procedure for social engineering could be defined
upon the internet could be some other individual could be at eventuates in the procedure of the
illness could be affected by the thread of distinctive facts of communities as well as the
theoretical social engineering incredibly simple modify a factor through taking a mechanism
validated on introduced with the unauthorized data. Unauthorized downloading process could be
recommended for the procedure wherever the visibility for those downloading contents could be
authorized with the users regarding the junk files accession and also implementation through the
whole procedures of the compilation (Yaokumah and Dawson, 2022). Unauthorized
downloading process could be recommended for the procedure wherever the visibility for those
downloading contents could be authorized with the users regarding the junk files accession and
also implementation through the whole procedures of the compilation.

33
Question 21

The WPA2 procedure could be done well by WP. This is a methodical cyber scheme generation
procedure where the complete procedure factors are confirmed via the Wi-Fi networking system
management as well as the authentication procedure for the practice and exterior function threads
through the overlapping process of wireless networking procedure for people to it. “WPA SD”
reliability protocols of disparity of generation for keys along with their services which scheme
necessities into that. Whilst there many more possibilities exist for cipher sets, users may modify
the suites which will be used at any moment by simply editing the necessary configuration
settings on the servers (Zhang et al. 2018). WPE effectiveness is more fluid than wpa2
performances; this is largely validated with the "local area network", as well as the specific
system procedure may be performed with routers configuration state of customized peripherals.

34
 WEP WPA WPA2

Purpose Security has to be The standards of the New IEEE standards

provided that WEP is required have been
contracts the wired without the implemented with the
networks requirement of the enhancements of the
new hardware WPA.

Privacy of the data RC4 Temporal key Using CCMP and

integrity protocol AES, the
(TKIP) authentication has
been provided

Integrity of the data CRC-32 The integrity of the CBC-MAC

data is provided using
the security code of
the message.

Management of the It is not provided The mechanism of The mechanism of

key handshaking is handshaking is
basically used to basically used to
provide for the provide for the
management of the management of the
key. key.

Question 22

The procedure of the authorization could be defined as a method for identifying authorized
persons at every user beneficiaries as well as their specific data, details that could be validated
and accused throughout a specific system of advancement assessment for those authenticated
procedure system mechanism that could be ascertained with the username and passwords. The
radius servers were integrated through the complete software procedure (Zheng et al. 2017). The

35
authentication mechanism could be defined as the procedure by which all paired
data components are evaluated to a specific radius server technique, but also the charged
component variables could be obtained throughout an overall improvement of this specific
system validated authority towards it rejects the beneficiary technique.
Integrity is primarily concerned with trustworthiness, consistency, and accuracy over the course
of a lifetime. As a result, data can change and be changed as a result of unauthorized data. It is
classified as confidential. There is some eyesight that can be used to detect data. It had some
access to the control system that can cause the server to keep crashing. The data can also fall
under the integrity category, which aids in restoring the data to its original state. It primarily aids
in the management of the digital signature, which creates a few login information to review the
data. The process cannot also be dyed to track logins.
The government primarily employs advanced encryption standards that could be extremely
effective in 128-bit. These methods can be used for a variety of purposes. This is also thought to
be a brute - force attack act of aggression that can help generate some value.
As a result, it falls primarily under the initial encrypting data algorithms in the triple Des. It also
creates a gradual process for allocating ATM PINs.

Question 23

MPLS VPN

● a personal network

● Any topology can be connected to any other topology.

● Help for "Quality of Service (Quality of Service)"

● Levels of service are granular per program.

● Assistance for jitter and essential for both data and voice.

● End-to-end traffic isolation

IPSec VPN

36
 ● Control any internet connection although the single backbone will be recommended.

● Use any accessible connections, from such broadband internet circuits to complete 1Gbps

Ethernet - as long as the links exist, users are ready to go along with quick start execution
and convenient of setup.

● Connect to a diverse range of productized public cloud-based solutions

● Divide tunneling provides links to both the Internet as well as a VPN over a single path.

IPSc mainly stands to maintain internet protocols that can help to provide the functions.
Therefore, functions also can be provided to maintain different types of methods that can be
secure to develop a network. It also focuses on the degree of fight that can be used as a distance
force.
MPLS VPN is mainly used to explain the switching level. It also switches to a virtual network
system that can be eligible for different types of sections. It also can be used to connect the VPN
part to divide the locations. It also can analyze different types of processes that can interface the
systems.
Therefore, the difference will be that the IP address has private access on the MPLS VPN. On
the other hand, IP addresses can be verified through different sources on the IPSC.

Question 24

Chap is a challenging handshake authentication scheme through the development of separate

stages and completely random functionalities produced by a combination mode of production as
well as no information service procedure could be transferred using the secretive process takes
validated techniques (Zhu, 2021). PAP could be supplied as both the password authentication
procedure in which the pass code should be validated including some digit changing and the
intention would be every password systems Administrator could be at the similar output
confirmation and the sensitivity and the operation systems mode of analysis could have also been
beneficial production manner of portion that validated towards the authenticated technique.
There are some differences between CHAP and PAP.

37
 CHAP PAP

● This protocol comes under a three-
pronged process. It also comes under a
secret exchange.
● Authentication is mainly used to
generate a link. That also can be
requested to build connections.
● It also can be secure to implement an
actual password that can be submitted
via link.
● The usernames and passwords are
encrypted.
● This protocol comes under a two-step
process. It is also use to verify the
identification of clients.
● Authentication is mainly used to
generate time as well as develop a
connection.
● It is a less secure process that can be
submitted without having any code or
pattern.
● The usernames and password can be
unencrypted.

Question 25

I am writing in regard to encouraging improvement of data security in “Spyon Technologies

Limited”. The issue may worsen as a consequence of escalating cyber-attacks that interfere
through what is currently staffed and helpful to the company inside one or many ways.
Administrators are growing upset as a result of the similar issue, as well as the requirement to
check the amount of tasks which are piling up.
Throughout these contexts, it is in need of improved digital equipment that are outfitted with
software applications including SSL certificates. It would preclude this severe issue from
recurring, as it does have in present years. As a consequence, SSL certificates including
GeoTrust, Symantec, and GoDaddy which have a budget of around a thousand along with five
hundred pounds are required.
Finally, with all that in mind, data privacy and security enhancements would no longer pose a
danger to this organization. The reasons for this are because this will put a stop towards the
attacks against the organization, resulting in its international exposure.
Introduction

38
Network protection is exceptionally fundamental seeing the Spy as they are answerable for the
assembling of weapons for military administrations. Cybercrime is exceptionally normal
nowadays where the other foe nations attempt to hack into the organization of this organization
to get the whole data about the assembling of the weapon. This can end up being exceptionally
hurtful to the organization and for the public authority and individuals of a few nations. Thusly
network wellbeing and security are exceptionally essential. Along these lines the organization
should be appropriately scrambled so it very well may be less helpless against digital assaults.
The appropriate programming is needed to be used to foster this network with the goal that it
very well may be utilized to distinguish assuming any cybercrime is suspected and keep it from
additional harm.
Phase Different week
sort of
Task
Make definition of the Objectives must be stated properly. 1
Client
Collect data in terms of needs and risks about 2
Resources or the needs
requirements and

Design Understanding the design requirements 3

Project Execution Installation of the cabling for security 4

access.
Installation for the system of CCTV 5
security.
There should be a system for the process of 6
backup.
6
Configuration of the antivirus and firewall
rules 7

39
 Project evaluation Examine all the servers that are combined into
7
the system.
Scrutinize VLANs are on the “correct trunk”
8

Inspect the “balance” in the load

8

Survey about the redundancy of failover “on

8
the 2 firewalls”

Hardware and Software system analysis

The wide region network is an arrangement interaction that can be created to block the
continuous framework fortune to produce the hypertext move convention inside it. The central
procedures are made in an equipment capacity to be carried out towards a specific period that
conveys between the two cross section geography functions. IP is an interaction for rules in
directing and tending to the parcel information development can be clarified as the web
convention framework. There are different ways of decreasing this specific web convention
framework like more modest pieces, bigger parts, and cal bundle framework and investigation.
Every single piece and related frameworks of the organization are associated all through the
specific course of web task yet all the parcel related information is moved between the
appearance cycles of the framework required capacity.
VoIP region system process
Fundamentally, these are delivered for a low scope to allow obtained application to even out in
view of the waste model of procedures in such manner both equipment and programming process
used to dissect the real course of the framework making investigation by their improvement
framework innovatively Variants. There is likewise a specific work process for the framework
check is called IP caricaturing. central powers of IP parodying are to create the bundle Control
web convention for all the inner framework blunder that is created under the normal peculiarity
in light of the points where the designated gadget is produced through a specific document
sectional way with failed to remember framework system examination.
Domain name system allocation process

40
The DNS plays an enormous part in sending information from the source network objective
organization asset network process are created with the web control message convention and
furthermore with the web bunch the board convention where the 128 digits at this framework
creation are created through a specific named delivering factors and their systems administration
framework investigation all through the transportation layer. Multihoming framework support is
a course of framework support where the associations can be addressed by the particulate
undeniable level information connect control strategy. The variety of studies framework import a
summed up specific document move convention framework wide the straightforward mail move
additionally utilizing general with ZIP is upheld conventions. The transmission capacity
directing and furthermore the application impacted information charge framework review can be
created by the product framework execution and advancement reason for procedure.

41
References

Journals
Akinyemi, B.O., Jekoyemi, O.V., Aladesanmi, T.A., Aderounmu, G.A. and Kamagaté, B.H.,
2018. A Scalable Attack Graph Generation for Network Security Management. Journal of
Computer Science, 6(2), pp.30-44.
Atieh, A.T., 2021. Assuring the Optimum Security Level for Network, Physical and Cloud
Infrastructure. ScienceOpen Preprints.
Bongiovanni, I., 2019. The least secure places in the universe? A systematic literature review on
information security management in higher education. Computers & Security, 86, pp.350-357.
Enoch, S.Y., Hong, J.B., Ge, M. and Kim, D.S., 2020. Composite metrics for network security
analysis. arXiv preprint arXiv:2007.03486.
Hyun, S., Kim, J., Kim, H., Jeong, J., Hares, S., Dunbar, L. and Farrel, A., 2018. Interface to
network security functions for cloud-based security services. IEEE Communications
Magazine, 56(1), pp.171-178.
Kadhim, Q.K., Mahdi, H.S. and Ail, H.K., 2018. Storage Architecture for Network Security in
Cloud Computing. Diyala Journal for Pure Science, 14(1), pp.1-17.
Kaur, I. and Rao, A.L.N., 2017. A framework to improve the network security with less mobility
in MANET. Int. J. Comput. Appl, 167(10), pp.21-24.
Kim, H., 2020. 5G core network security issues and attack classification from network protocol
perspective. J. Internet Serv. Inf. Secur., 10(2), pp.1-15.
Lainjo, B., 2020. Network security and its implications on program management. International
Journal of Safety and Security Engineering, 10(6), pp.739-746.
Lin, H., Yan, Z., Chen, Y. and Zhang, L., 2018. A survey on network security-related data
collection technologies. IEEE Access, 6, pp.18345-18365.
Lu, Z., Qu, G. and Liu, Z., 2018. A survey on recent advances in vehicular network security,
trust, and privacy. IEEE Transactions on Intelligent Transportation Systems, 20(2), pp.760-776.
Miloslavskaya, N., Morozov, V., Tolstoy, A. and Khassan, D., 2017, August. DLP as an integral
part of network security intelligence center. In 2017 IEEE 5th International Conference on
Future Internet of Things and Cloud (FiCloud) (pp. 297-304). IEEE.

42
Misuri, A., Khakzad, N., Reniers, G. and Cozzani, V., 2019. A Bayesian network methodology
for optimal security management of critical infrastructures. Reliability Engineering & System
Safety, 191, p.106112.
Nife, F., Kotulski, Z. and Reyad, O., 2018. New SDN-oriented distributed network security
system. Appl. Math. Inf. Sci, 12(4), pp.673-683.
Oh, S., Kim, E., Jeong, J., Ko, H. and Kim, H., 2017, January. A flexible architecture for
orchestrating network security functions to support high-level security policies. In Proceedings
of the 11th International Conference on Ubiquitous Information Management and
Communication (pp. 1-5).
Sood, K., Karmakar, K.K., Varadharajan, V., Tupakula, U. and Yu, S., 2019. Analysis of policy-
based security management system in software-defined networks. IEEE Communications
Letters, 23(4), pp.612-615.
Sung, W.T. and Hsiao, S.J., 2020. IoT network security and applications via long range
technology. Sensors and Materials, 32(1), pp.115-134.
Valenza, F. and Lioy, A., 2018. User-oriented Network Security Policy Specification. J. Internet
Serv. Inf. Secur., 8(2), pp.33-47.
Yaokumah, W. and Dawson, A.A., 2022. Network and data transfer security management in
higher educational institutions. In Research Anthology on Business Aspects of
Cybersecurity (pp. 514-532). IGI Global.
Zhang, H., Yi, Y., Wang, J., Cao, N. and Duan, Q., 2018. Network security situation awareness
framework based on threat intelligence. CMC: Comput. Mater. Continua, 56(3), pp.381-399.
Zheng, S.Y., Li, Z. and Li, B., 2017, March. Campus Network Security Defense Strategy.
In International Conference on Mechanical, Electronic, Control and Automation
Engineering (pp. 30-33).
Zhu, X., 2021. Self-organized network management and computing of intelligent solutions to
information security. Journal of Organizational and End User Computing (JOEUC), 33(6), pp.1-
16.

43