CASE STUDY
Source: www.sunny.ch Author: Silvia Hagen Company: Sunny Connection AG, Staubergasse 9, 8124 Maur / Switzerland The IP Version we are all using in our day, in our corporate networks and in the Internet, is IP Version 4, short IPv4. It has been expanded in the early seventies by a numeral of pioneers who desired to unite some educational and government networks in the United States. At the time when they started expansion, a network like our Internet today was beyond thoughts and consequently to meet such a requirement was not part of their design goals. All the more fascinating it is, that they administered to create a networking protocol, which is still - 30 years later - competent of running today's Internet! But now it has reached it's age and cannot be shoved any further. Time for the next generation to take over! When the Internet was switched overnight to use TCP/IP instead of the formerly used NCP in 1983, IPv4 was not exactly the protocol we know today. It was, in the core. But many of the extensions and additions that we use today have been expanded much later. The basics of IPv4 were defined in RFC (Request for Comment) 791 in 1981. Path MTU Discovery was defined in RFC 1191 in 1990. Super netting, which was designed to help easiness the issue with overloaded routing tables, was distinct in RFC 1338 in 1992. DHCP, which was designed to help administer the addresses in a larger IP network, was clear in RFC 1531 in 1993 and Private Addresses which we use to build our NATs (Network Address Translation) today were named in RFC 1597 in 1994.
The grounds I am mentioning this, is not to turn off your interest with numbers of papers that you never desire to read. What I would like to point out is that when IPv4 was first introduced, it was not the mature protocol we know today. Many of the extensions to IPv4 that help us supervise and maintain our IPv4 networks were introduced later, when the need arose. Based on the need, the additional rooms were distinct in the international working groups and defined as RFCs. So when people dispute today, that IPv6 is not mature and cannot do what IPv4 can, this is only partially true and above all, not a reason not to use IPv6. Development for IPv6 started in 1991. The central part of IPv6 was standardized in 1995 and updated in RFC 2460 in 1998. Based on that standard we have many implementations around since many years. Most hardware and router traders have implementations since the late nineties and have tested them intensely. 6to4, a main changeover mechanism, that makes co-existence and migration much easier, has been standardized in 2001. DHCP Version 6 has been harmonized in summer 2003. Mobile IPv6, which is going to be one of the technologies that make you decide IPv6 over IPv4, is in the process of being harmonized in early 2004. The equivalent is true for ISATAP, another example for a transition mechanism. IPv6 has been build up based on the rich experience we have with IPv4. IPv6 is an evolution of IPv4, it is mature in the core, it has been applied and tested powerfully up to the network layer. The developers produced a protocol, which takes everything that was great about IPv4 and added litheness to extend it, to make it the network protocol of the future. IPv6 is capable of handling the Internet growth rate and to hold up the new types of services, especially in the area of mobility that we have to expect in the coming years. There are things that we are missing in IPv6 these days that is true. But you do not need to switch today and all these additions will be defined in the coming years, just as it come about with IPv4. But you ought to become aware of how IPv6 will impact your commerce and your network. If you plan early, you will save money and headaches. You will be prepared when it is time for you and more importantly, you will be able to determine the right moment for not extending your IPv4 infrastructure anymore, but putting your speculations into the future technology.
QUESTION 1
a) "All the more enthralling it is, that they managed to create a networking protocol, which is still - 30 years later - capable of running today's Internet! But now it has reached it age and can't be shoved any further. Time for the next generation to take over!".
What are the two key reasons for the above declaration?
b) 10.1.0.3 is my IPV4 ip address.
i. Can you fit in this address in an IPV6 address arrangement?
ii. How will it look like after implanting the above V4 address?
c) "IPv6 has been developed based on the rich acquaintance we have with IPv4"
From the above we can say that IPV4 has been beneficial as well as detrimental to some major implementation. Elucidate in detail (with diagram where appropriate) four of the practical problems of IPV4
d) According to RFC 4291, explain the different types of addresses.
QUESTION 2
a) Before starting a network safekeeping design there are 12 important steps that a safekeeping specialist need to lay down as ensure list. Name ALL of them.
b) "DNS carry on to be a nice target for hackers. The ubiquity of BIND as DNS server software around the world, and the possibilities a hacker can be expecting should he succeed in taking over a server or simply use DNS implementation to reorient ate traffic, are some of the things which make DNS a basis of safekeeping issues."
Source: Extract from http://www.sans.org/reading_room/whitepapers/dns/safekeeping-issues-dns_1069
i. After reading the small haul out we note that DNS is indeed a very vital part of the internet. How does DNS work? Your respond must contain appropriate diagram to support your answer.
ii. To stop the above safekeeping issues, a new version of DNS came in.
1. Define the new technology that can be used to stop the above.
2. According to the new version of DNS, four new resource records were putting in and two new header flags. You are required to name and briefly clarify them.
QUESTION 3
a) A hacker will find all ways and means to attack a network. As a safekeeping forecaster you should be aware of the kind of attack a hacker can use and what vulnerabilities they are looking at in your network.
You are needd to explain the vulnerabilities that a hacker will to develop when performing the listed below attacks:
i. TCP SYN attack
ii. Ping of Death
iii. Land attack
iv. Teardrop attack
v. Smurf attack
vi. Fraggle attack
b) "Defence-in-Depth is an IA construct in which multiple, related, organizational acts and controls are applied to minimize failures and intrusions and their propagation.
In spirit, it is a multi-pronged protection strategy. When Defense-in-Depth is achieved, dependability and resilience-the ability of IT systems to withstand attacks with minimal impact on services- are also achieved. Defense-in-Depth can be broken down into constituent containers-conceptually defined areas that each focus on a particular aspect of the big picture, such as identity management or availability management. These element containers allow IT professionals to more easily appreciate the larger requirements and thereby identify appropriate actions and controls in the context of their own organizational environment." Elucidate the diverse components of Defense-in-Depth?
Question 4
a) "INCREASING THE HACKER'S WORK FACTOR". Shed light on this quote.
b) Case Study 2: confirmation of hacking was discovered on a web server with HIPAA data...
1. Client: Major Healthcare Company
2. Incident: After the unique web application development firm departed for a new venture, the newly hired web development firm discovered traces of facts from hacking groups.
a) - The web server had been compromised.
b) - The database and the web server were on the same physical server, and HIPAA regulated information was involved.
c) - The incident take place 4 months prior and over the course of a 5 day period, based on the preliminary findings of the new development firm.
d) - No logs were available other than the web server logs for those 5 days.
e) - The client needed to know the extent of the damage, and whether they were needed to take legal measures such as provide violate notification(s) and report the breach(s) to the attorney general.
Source: Extract from http://www.klcconsulting.net/cyber-safekeeping-case-studies/forensics-analysis.html after reading the above case study, we note that an attack has occurred and the objective machine is a web server. You are required to design and explain a network topology with the three network zone obviously labelled that would remediate to the above.
c) In the layered safekeeping model, there are safekeeping levels and related safekeeping measures. Name all of them.