Essay: Replay Attacks And Secure Networking Goals.

Discuss replay attacks and ways to thwart them.

Critique the four general goals for secure networking using suitable examples.

UDP is connection-less. How is it possible for an SPI firewall to handle UDP connections? Explain.

What is a security baseline? Why is it important in the context of organisational security?

Replay Attacks and ways to thwart them

Discuss replay attacks and ways to thwart them.

Basically, replay attacks take place when a hacker eavesdrops on a secured network while there is a communication process in progress, intercepts that communication and the fraudulently delays and resends the message after altering it in order to lure the receiver to do what the hacker wants (Alegre, Janicki & Evans, 2014). The dangerous fact about this hacking method is that the hacker does need to have decrypting skills after capturing the message from the network because the attack is fully successful by simply sending the whole message.

Considering a real world example of an attack where a staff member in a company sends a message to another staff member requesting for financial transfers with an encrypted message, when an attacker eavesdrops on the message and captures it and later resends it, the receiver on the other end of communication channel with take this message as legit because it is correctly encrypted and the possibility of responding to this new message is very high unless he or she is very conscious (Hoehn & Zhang, 2016).

Preventing this type of an attack entails having right encryption methods. This is in consideration to the fact that en encrypted message has keys within it and when it is decoded at the other end of transmission, the message is opened. So in this case, it doesn’t matter whether the attacker intercepting the original message can read it or decipher the key. All he has to do is to capture and resend the whole thing, message and the key (Hoehn & Zhang, 2016). To prevent this, both the receiver and the sender are supposed to establish session keys which are random in form of codes that are valid for only one transaction and can’t be used anymore after the first transaction.

Also, replay attack can be prevented by the use of timestamps on all the messages being send from the sender to the receiver and vice versa. This hinders the attacker from resending messages after certain time duration elapses, hence minimizing the chances of the attacker for a successful eavesdrop, message siphoning and resending of that message (Hoehn & Zhang, 2016).

Critique the four general goals for secure networking using suitable examples.

The first Network Security goal is Confidentiality and whose role is to protect organization data (both in storage and in motion) from landing on unauthorized hands. Confidentiality ensures that data is only available to the intended and the authorized persons (Behringer et al, 2015). Organization data can therefore be accessed by only the individuals who are permitted. However, this goal has a weakness in that it does not cover the personification aspect. For that matter, if an unauthorized person manages to steal passwords from an authorized person, he or she will be able to access the system.

Critique the four general goals for secure networking using suitable examples

Integrity is the second goal after confidentiality; this goal aims at assuring and maintaining data accuracy and consistency. Its role Integrity is to ensure that system data is both accurate and reliable and that it cannot be changed by any unauthorized person (Ambrosin et al, 2016). The data being received by the second party in a case of communication must be same just as the one which had been sent, without any alteration. This does not take care of the incidences of eavesdropping.

The third goal is the availability. This goal ensures that Data, all the network resources and other services are readily available to the authorized users at any time they require it. For that matter, if an unauthorized person manages to steal passwords from an authorized person, he or she will be able to access the system (Luan, Lu, Shen & Bai, 2015).

The last goal is Nonrepudiation, that ensures the identity of network users is recorded and kept safely for future responses and that any person who might have been involved in any suspicious activity won’t be able to deny (Luan, Lu, Shen & Bai, 2015).

UDP is connection-less. How is it possible for an SPI firewall to handle UDP connections? Explain.

SPI firewall which fully stands for Stateful Packet Inspection is a high level security mechanism used to check packets and keep track of all the connection states within a network. SPI firewall provides various advantages within a network environment. First, it keeps track of all the states of different network connections, enables detailed inspection on the packet states within a network environment and lastly but not least, it enhances dynamic protection against malicious packets that may penetrate into a network through the connections.

SPI firewalls can treat UDP communications as if they were stateful by treating some certain UDP messages as connection opening attempts (Vijayakumar, Dade, Thomas & Verma, 2014). If subsequent messages match the connection table for the UDP packet, the incoming UDP packet will be passed.

In other words, the information on connectionless sessions will be kept within the same session table just like in the case of TCP traffic. Then, timeout values are used to allow closure of the sessions if either application layer protocols are unknown, are hindering execution of termination commands or have encountered communication errors. If the application layer gateway is applied, then the firewall understands the protocols under this layer and can therefore see when the session closed shut, the session will therefore get closed out immediately.

How SPI firewall handles UDP connections

What is a security baseline? Why is it important in the context of organizational security?

Security Baseline refers to the set of rudimentary security objectives that must be upheld by any information system. Those objectives must be pragmatic and fully complete to ensure that they don’t impose other technical means (Schory, Raz & Gonda, 2015). For that matter, the details outlining how those security objectives are met by any system are documented in a different Security Implementation Document. The details depend on the functional environment where the system is arrayed into, creatively using and applying all relevant security measures. There is also a possibility of derogations from security baselines which must be clearly marked (Bauer et al, 2016).

Importance of security baselines in the context of organizational security

Monitoring Unusual Network Activity

If there is a huge spike on network traffic, there could arise some form of volumetric denial of service attack. But security baselines are able to do more than that. For instance, a normal traffic pattern within a network indicates that a network is being used to access a CRM system, e-mail, and maybe Internet. However, if there is a sudden traffic from the user’s computer to an accounting server could mean that such a computer has been hacked and a certain malware is trying to access and interfere with financial information (Schory, Raz & Gonda, 2015). Any abnormal traffic is therefore first directed towards the quarantining endpoint courtesy of security baseline and that greatly helps in mitigating risks on the network as well as minimizing the damages which would occur as a result of breach.

Measuring Changes within a Network

Baselines help in measuring the impacts of architectural changes within an organization network infrastructure. For instance, a company using traditional MPLS network can set its baselines to monitor traffic flow over its WAN links (Schory, Raz & Gonda, 2015). The baseline can be used to help in understanding whether the business is spending the network rightfully or over-spending it. Also, for an organization that is aspiring for WAN optimization, the baseline can be reset to measure its bandwidth ‘before’ and ‘after’ use.  Through that, the organization can adjust the circuit size being purchased in order to reduce high spending on network.

References

Alegre, F., Janicki, A., & Evans, N. (2014, September). Re-assessing the threat of replay           spoofing attacks against automatic speaker verification. In Biometrics Special Interest   Group (BIOSIG), 2014 International Conference of the (pp. 1-6). IEEE.

Hoehn, A., & Zhang, P. (2016, July). Detection of replay attacks in cyber-physical systems.        In American Control Conference (ACC), 2016 (pp. 290-295). IEEE.

Behringer, M., Pritikin, M., Bjarnason, S., Clemm, A., Carpenter, B., Jiang, S., & Ciavaglia, L.      (2015). Autonomic networking: Definitions and design goals (No. RFC 7575).

Ambrosin, M., Conti, M., Ibrahim, A., Neven, G., Sadeghi, A. R., & Schunter, M. (2016,    October). SANA: secure and scalable aggregate network attestation. In Proceedings of          the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 731-  742). ACM.

Vijayakumar, R., Dade, N. S., Thomas, J., & Verma, A. (2014). U.S. Patent No. 8,826,413.            Washington, DC: U.S. Patent and Trademark Office.

Schory, O., Raz, O., & Gonda, O. (2015). U.S. Patent No. 9,137,204. Washington, DC: U.S.            Patent and Trademark Office.

Bauer, E., Schluga, O., Maksuti, S., Bicaku, A., Hofbauer, D., Ivki?, I., ... & Tauber, M. (2016).     Towards a Security Baseline for IaaS-Cloud Back-Ends in Industry 4.0.

HE, L., JIA, Q. J., LI, C., & XU, H. (2016). College of Land and Resources, Agricultural    University of Hebei; College of Rural Development, Agricultural University of Hebei;      College of Resources and Environmental Sciences, China Agricultural University;     Baoding Institute of Ecological Civilization of Hebei;; Calculation on ecological security             baseline based on the ecosystem services value and the food security [J].

Luan, T. H., Lu, R., Shen, X., & Bai, F. (2015). Social on the road: Enabling secure and efficient    social networking on highways. IEEE Wireless Communications, 22(1), 44-51.

Vijayakumar, R., Dade, N. S., Thomas, J., & Verma, A. (2014). U.S. Patent No. 8,826,413.            Washington, DC: U.S. Patent and Trademark Office.