Security Systems and Security

Auditing, Monitoring, Intrusion Prevention, Detection, and Penetration Testing

The network vulnerability is a major security weakness that allows an attacker reducing computer information assurance. Vulnerability intersects three elements: a system flaw, the attacker is having access to the flaw, and ability to exploit the flaw. Thus, a security risk is classified as a vulnerability that is tied to a great significant loss. The vulnerability can erode data confidential, system integrity and availability of data.

The objective of this study is to carry out analysis of two research articles that discusses the network vulnerabilities in the IT environment. (Jackson, et al.2008, Sommer, et al. 2003). Both articles believe that attackers exploit the network vulnerabilities to inflict damages in the information systems. Moreover, the two articles agree that the traditional securities such as network IDS (intrusion detection system) (Sommer, et al. 2003) and DNS pinning (Jackson, et al.2008) are no more effective in guiding against the network vulnerabilities, and recommends effective security strategies to protect the information systems.

Summary of Article 1

This study provides the critics of the article titled "Protecting Browsers from DNS Rebinding Attacks" (Jackson, Barth, Bortz, Shao, et al. 2008 p 1). The authors identify the DNS rebinding attacks as one of the vulnerabilities of the network attacks used to subvert the "browsers and convert them into open network proxies." (Jackson, et al. 2008 p 1). In other words, the DNS rebinding attack has been identified as the core security against the internet browsers used to hijack IP address and circumvent firewalls.

Typically, hackers can use the tactics to circumvent firewall by sending the email spam as well as defrauding the PPP (pay per click) adverts. The authors also reveal that an attacker can highjack 100,000 IP addresses with less than $100. The article argues that DNS rebinding attacks and subversion are real in a real world, and can be used to penetrate browsers, Flash, and Adobe, which can have serious security implications on Web 2.0 application packing more action and code on the client. Thus, relying on the only firewall for protection is risky since attackers can subvert the firewall with the DNS rebinding attacks. The authors also explain in-depth the strategy that attackers use in manipulating the multimedia plug-ins, which include Flash Player, Microsoft Silverlight and Java bypassing the security systems of the browsers such as Mozilla Firefox, Internet Explorer, Opera, and Safari.

According to the study, the DNS rebinding attacks are able to confuse the browser and converting the browsers into open proxies. With DNS rebinding, attackers can circumvent the firewalls in order to spider the corporate intranets, compromised the unpatched internal machines, and infiltrate sensitive documents. Jackson, et al. (2008) further reveal that an attacker can send spam emails to hijack the IPs, frame clients, and commit click frauds. Thus, the DNS vulnerabilities allow attackers to write and read the network sockets, and use the Javascript-based botnets to send the HTTP requests. The authors also point out that an attacker only needs to create a website to launch an attack, and the strategy is by using the website to attract the web traffic using the DNS queries to launch the malicious Javascript to circumvent the firewall.

Jackson et al. (2008) argue that attackers can circumvent firewall by launching a request on the website, rebinding the hostname of the target server making it inaccessible to the public internet. The strategy will confuse the browser and make it thinking that the two servers are from the same source because they share the same host name. When the DNS Rebinding bypasses the firewall, it will take over the entire system and affect every file of the target network.

The authors also discuss the strategy that attackers can employ in hijacking the IP. The method is by using the DNS attack against the machine to make them inaccessible to the legitimate users. Moreover, the attacker can explicitly and implicitly abuse the public services to masquerade as the owner of the IP address, and after the hijacking, the attacker then carries out different attacks such as click fraud, spam, IP-based authentication, and framing users.

The authors suggest different strategies that can be employed against the DNS rebinding attack. While the authors mention the DNS pinning as one of the securities strategies against the DNS rebinding, however, DNS pinning is no more effective because current browsers integrate the plug-ins in order to add functionality to the web pages. The authors suggest that users should offer security to their firewall by blocking certain ports that include port 53 to prevent the outbound traffic on the port. Moreover, the authors suggest that users should constantly update the firewall patches to assist in blocking the unauthorized traffic. Essentially, keeping firewall updated is critical in assisting the users staying ahead of the attack. The authors also recommend that users should use the combination of the hardware firewall and software firewall to achieve maximum protection against the DNS rebinding attack. The authors recommend that users should constantly update their Java applet and Flash players since developers update their plug-ins as new vulnerable is identified. The authors also suggest that the users should protect the browsers against the DNS rebinding attack by changing the browser's default setting to a more tailored setting to enhance effective protection of the browsers. Critically, the default setting can open users to attacks, and by modifying the browser default setting, an attacker will face challenges in launching attacks on plug-ins and browsers.

Analysis

Overview of the article reveals that the authors enhance a greater understanding of the DNS Rebinding attacks, and the research elucidate issues relating to plug-ins vulnerabilities and solution to the problems. The strength of the research is that the authors divide the vulnerabilities into groups and subgroups to enhance an easy grasping of the problems. Moreover, the authors avoid using the technical and complex languages to make wider audience understanding the article. The study also provides the detail information of the strategy that attackers employ in implementing vulnerabilities. For example, it only needs an attacker to create a website such as www.attacker.com and use the strategy to launch a DNS rebinding attack. For example, the attacker only needs to launch the web attract traffics to the domain through an advert and attract the visiting clients to his server and then serve malicious Javascript to on the visitors. Though the information provided, users will be able to develop an effective strategy to identify vulnerabilities and protect their IT and computer infrastructures. Despite the strategy the authors employ in elaborating the security systems against the vulnerabilities, the authors fail to ignore the impact of the malware in aggravating vulnerabilities in the contemporary business environment. Recent trends in the network vulnerabilities show that malicious malware has become a sophisticated type of threats to the network and computer systems, and it can cause enormous damage the computer systems before the user is aware of the damage.

Contributions and Strengths

The major strength of this article is that it assists in educating the users on how easy to launch attacks on the network systems. Through, this information, the users can develop an effective strategy to protect their systems. For example, authors elaborate that an attacker only needs to spend $100 on the advert to hijack 100,000 IP address, with that cost, an advert of $1,000 will cause an enormous damage. Thus, information in the article will assist the users to elaborate a plan to overcome the DNS rebinding attacks. The simple and non-technical language used by the authors in solving the problems will assist the users in overcoming the DNS rebinding vulnerabilities.

Moreover, the authors enhance a greater understanding of the users about keeping the system up-to-date. For example, authors explain that keeping Javascript and flash player up-to-date is an effective tool to guide against the DNS rebinding vulnerability. The information is good because many users do not understand the security benefits of keeping the system update, thus, this information will enhance a greater understanding of the users that keeping the system up-to-date is an effective security strategy against the vulnerabilities.

Weaknesses and Limitations

The authors make the users understand that the DNS rebinding is the effective way, which attackers can use to bypass the firewall and cause IP hijacking, and system updating is an effective method to guide against the vulnerabilities. However, the security strategies suggested by the authors are not adequate because updating the system after the attack may not prevent the vulnerabilities because the users may not know that the attack has been launched, which may put the system at risk. The authors also suggest using the firewall to block or filter the unwanted packets. While the suggestion is good, the authors did not provide a recommendation to protect the router, and if hackers attack the router, it will be easy for them to manipulate the traffic to allow their intended traffics passing through the firewall where the router will helpless in blocking the traffic.

Possible Improvements

A way of improving the paper is to recommend that the users should block the flash and Java applets by the network administrators if they are not of great use. Although, keeping the system up-to-date is a good method to secure the system, however, blocking the Javascript or the flash player can be a better alternative. Moreover, the authors ought to have discussed the method of securing the router since all the traffic pass through the router. Other methods that can be used in securing the system is to use a strong password in accessing the router. Moreover, the network administrator should disable an external access to the router.

Compare or Contrast with Similar Other Articles

The article is similar to the Waliullah, & Gan, (2014) who also discuss the vulnerability that user faces when using the wireless LAN. Both articles are similar because they discuss the vulnerabilities that users in the IT environment face. Both articles also discuss the strategies of securing the vulnerabilities. While Waliullah, & Gan, (2014) suggest using the encryption method for the security of the network system, Jackson, et al. (2008) suggest updating the system.

Concepts to Strengthen the Paper

The author ought to have included the encryption as part of the security system since the encryption will prevent an attacker from getting access to the sensitive data. The author should also have discussed intrusion and prevention tools as the added security devices.

Articles and Books to Recommend

I will recommend the article titled "Multi-dimensional Analyses of 802.11 Wireless Network Security" (Saxena, & Krishna, 2010 p 40) for my classmate because the article elaborates on the security of the network system. Moreover, I will also recommend the following article:

"Dynamic pharming attacks and the locked same-origin policies for web browsers" (Karlof, et al. 2007 p 58).

"Puppetnets: Misusing web browsers as a distributed attack infrastructure" (Lam, Antonatos, Akritidis, et al. 2007 p 1). Both articles demonstrate the vulnerabilities on the internet browsers.

Discussion/Conclusion

The authors discuss the vulnerability of the browsers and the strategy to protect the system against the DNS rebinding. The authors identified the Microsoft Silverlight as part of the vulnerability, however, the authors did not discuss how Microsoft Silverlight could lead to a potential vulnerability. Nevertheless, the authors enhance a greater understanding of the users about the security benefit of updating the Flash and Java plug-in. However, the users need include addition security systems such as encryption and anti-malware to protect the network systems.

Article 2 Review

Summary

This study provides the analysis of the article titled "Enhancing Byte-Level Network Intrusion Detection Signatures with Context" (Sommer, & Paxson, 2003 p 262). The authors identify the network IDS (intrusion detection systems) as the effective IT tools to detect the malicious activities. The authors further argue that the NIDS has byte sequences used to detect the malicious intrusion in the network systems. Despite the effectiveness of the NIDS, sometimes, they suffer a high rate of false positive alerts. Thus, the authors believe that byte sequence is more effective than the NIDS. To address the security loophole, the authors discuss about the NIDS signature effectiveness in reducing the possibility of the system giving the false alarms.

Analysis

In the contemporary IT environment, the intrusion detection system is one of the security tools to protect the network systems. The authors believe that the tradition IDS is no more effective in securing the network systems because sometimes they give a false alert, which may confuse the network administrators about the imminent security threats. Thus, the authors suggest the NIDS SNORT along with Bros Signature for more intrusion detection systems. According to the authors, both Bros NIDS and SNORT are compared based on their effectiveness, however, the NIDS with conceptual signature is more effective than the traditional NIDS. Based on the results, the authors developed the signatures in the Bro NIDS in order to detect the network intrusions. Additionally, Sommer, et al. (2003) developed the Bro NIDS signatures using the regular expression. Moreover, the authors monitor the eventual vulnerabilities on the servers, and avoid false positive attack by creating an attack on the network systems. The authors also analyze the alert counting to identify possible exploits scan. Thus, the study carries out an experiment running NIDS on different systems with two different hardware configurations. The outcome of the analysis shows that both the NIDS do not perform similarly on the systems. While SNORT performed at a faster rate on the old system, the BROS NIDS perform faster on the newer system. According to the study, the Bros NIDS demonstrate better performances than the SNORT NIDS because the Bros NIDS was faster in detecting the intrusion, and is able to avoid a false alert. However, SNORT sent many false alerts compared to Bros NIDS that uses a contextual signature.

Article's main Strengths and Contributions

The authors provide an effective and elaborate discussion on NIDS revealing how the Bros NIDS can be used to guide against the network intrusion. Moreover, the authors enhance a greater understanding of how the Bros NIDS is more superior than the tradition SNORT NIDS. Thus, the signature-matching systems are preferred by many users because of their precision, simplicity and characterized to be an open source. Moreover, the signature matching is effective in identifying nuanced system threats since a large community of users harnessing a signature library combining to the strength of the systems.

Weaknesses and Limitations

While the authors enhance a greater understanding about the usage and execution of the NIDS, the article seems to be too complex for a reader with little or no technical background. Typically, the study uses the technical and complex languages that can be challenging for many readers to understand. Moreover, the article discusses Bros Signature without providing an elaborate discussion of its main functions. The article does not provide a background of SNORT and Bros Signature. The article also uses the technical abbreviation such URI and DFA without explaining the meaning of the abbreviations. Thus, the article is seemed good for people with much more technical background without taking into a consideration of novice readers.