SDD UBIDS
FACULTY OF COMPUTER SCIENCE AND INFORMATIC
DEPARTMENT OF COMPUTER SCIENCE
ADVANCED NETWORK SECURITY
CSC 512
PG0124321
Mubashir-Ahmed, Iddrisu Bamie
ASSIGNMENT
1. Why SQL injection is considered as catastrophic attack?
The network security threat “SQL injection” allows the attacker to manipulate the SQL
queries that applications send to the database. The attacker may acquire write privileges
and by so doing delete or update date data and causing lasting damages to the system.
This attack can cause exposure of sensitive data to unauthorized persons and bring the
organization image into disrepute, if not even against the law.
2. Identify network device(s) involved in MAC flooding attacks and explain how MAC
flooding
attacks work in the device(s).
A MAC address is a unique address given to the interface of a network device by the
manufacturer. It is also known as the interface identifier of that device. A device may
have one or multiple MAC addresses. Devices such switches, routers, bridges, gateways
and computers all have MAC addresses. In a MAC flooding attack in a switch, the
attacker intentional feeds fake Mac addresses/ port mappings to the CAM table of the
device with the intention to consume the limited memory of the device. Once the CAM
table of the switch is full and cannot save any more Mac addresses, it enters into the fail-
open mode and starts to behave like a network hub by broadcasting frames to all devices
� connected to the switch. The attacker who would have been connected to the switch gets
access to the frames being broadcasted and could have access to sensitive data from the
network.
3. Identify technology that can be used to further lockdown a backdoor and explain how it
will be carried out.
A backdoor is any method that allows an unauthorized person to remotely access your
device. These unauthorized people can install a backdoor onto your device by using
malware, by exploiting your software vulnerabilities, or even by directly installing a
backdoor in your device’s hardware/firmware. Once hackers log into your machine
without your knowledge, they can use backdoors for a variety of reasons, such as:
Surveillance, Data theft, Cryptojacking, Sabotage, Malware attack. Backdoors are
difficult to detect, but there are a few ways one can keep device safe from backdoors
attacks, such as: using an up-to-date antivirus, downloading and installing certified
software, staying on top of security updates/patches, use a password manager and using a
firewall.
Firewalls technologies are essential for anti-backdoor protection because they monitor
all incoming and outgoing traffic on your device. If someone outside of your approved
network is trying to get into your device, the firewall will block them out, and if an app
on your device is trying to send data out to an unknown network location, the firewall
will block that app, too. Advanced firewalls can detect unauthorized backdoor traffic
even when your device’s malware detection has been fooled.
4. As the Principal System Administrator of an organization, briefly explain how network
risk incident management will be carried out.
Network risk incidences are breaches or violation on a computer network. This is not usually
handled by the systems administrator alone but a team of professional call the computer
incidence response team. This team of professionals is for the handling of network breaches.
� When an incident or breach occurs, the first step is to notify Top Management of the incident
and then invite the team to join the systems administrator to remedy the breach. The target of
the team is usually to stop further breaches and put the system on a path of recovery.
5. Discuss the following terms as used in network security:
a. Anonymity
An anonymity network enables users to access the Web while blocking any tracking or
tracing of their identity on the Internet. This type of online anonymity moves Internet
traffic through a worldwide network of volunteer servers. Anonymity networks prevent
traffic analysis and network surveillance - or at least make it more difficult.
b. Traceback
A traceback is a method for reliably determining the origin of a packet on a network. The
IP address of a packet can be relied on to traceback to the origin of the packet. The
attacker source and the path followed by attack packets can be revealed. The ICMP trace
back method, uses iTrace method, and each router selects one packet per 20,000 packets.
Then it also generates an ICMP message. The ICMP message has the same destination IP
address as the traced packet. The ICMP message also contains the IP header of the traced
packet, and the IP addresses of the incoming interface and the outgoing interface of the
current router. When the victim receives the sufficient ICMP message it can reconstruct
the traversed path of packet. This method has two basic advantages
i) Improves throughput of legitimate traffic during a DDoS attack
ii) Faster reconstruction and high accuracy
c. Forensics
Network forensics is a subcategory of digital forensics that essentially deals with the
examination of the network and its traffic going across a network that is suspected to be
involved in malicious activities and its investigation for example a network that is
spreading malware for stealing credentials or for the purpose analyzing the cyber-attacks.
�d. Encryption
Network encryption is the process of encrypting or encoding data and messages
transmitted or communicated over a computer network. It is a broad process that includes
various tools, techniques and standards to ensure that the messages are unreadable when
in transit between two or more network node.
