SEC311 + NETW204 discussion

Name one concern you may have when segmenting a network logically. Explain why you are concerned and what you would do to mitigate those concerns in the network.

A concern I would have with segmenting a network logically is potentially misconfiguration of a VLAN resulting in packet loss under implementation is to be expected in contemporary network architectures. A concern is if I cannot change the infrastructure where misconfiguration easily possible in complex architectures with can result in the slowness of the VLAN. If noise is not an issue, check for excessive collisions. If there are collisions or late collisions, verify the duplex settings on both ends of the connection. Much like the speed setting, the duplex setting is usually auto-negotiated. If there does appear to be a duplex mismatch, manually set the duplex on both connection ends. It is recommended to use full-duplex if both sides support it. Overloaded or Oversubscribed VLAN Notice if there are bottlenecks (oversubscribed segments) anywhere on your VLANs and locate them. The first sign that your VLAN is overloaded is if Rx or Tx buffers on a port are oversubscribed. If you see outdiscards or indiscards on some ports, check to see if those ports are overloaded. (An increase in indiscards does not only indicate a full Rx buffer.) In Catalyst OS (CatOS), useful commands to issue are show mac mod/port or show top [N]. In Cisco IOS® Software (Native), you can issue the show interfaces slot#/port# counters errors command to see discards. The overloaded or oversubscribed VLAN scenario and the traffic loop scenario often accompany each other, but they can also exist separately. Most frequently, overload happens on the backbone ports when the aggregated bandwidth of the traffic is underestimated. The best way to work around this problem is to configure an EtherChannel between the devices for which the ports are bottlenecked. If the network segment is already a channel, add more ports into a channel group to increase the channel capacity. make a data transfer between user PCs on the same collision domain, and compare this performance with the performance of another collision domain, or with its expected performance. If problems only occur on that collision domain, and the performance of other collision domains in the same VLAN is normal, then look at the port counters on the switch to determine what troubles this segment may be experiencing. Most likely, the cause is simple, such as a duplex mismatch. Another, less frequent cause is an overloaded or oversubscribed segment. The reluctance to take on a massive segmentation project is to be expected. To start, planning for such a project requires organizations to know and understand all of the assets communicating on each of their networks. Next, they have to determine what boundaries or zones make sense based on business and/or compliance needs. Then they have to begin the actual work of implementing VLANs. The potential for misconfiguring a VLAN during implementation is high due to the complexity of today's network architectures, especially those in cloud or virtual environments where the user organization does not own and often cannot alter the infrastructure on which the network is administered. This runs parallel to the problems with implementing firewalls in modern data centers. According to Security Metrics, approximately 52% of firewalls were configured improperly in 2017, exposing organizations to a high risk of exploit. Unfortunately, configurations aren't the only problem organizations encounter when trying to segment the network with VLANs and secure the segments with firewalls. Both VLANS and firewalls traditionally use address-based network paths to facilitate communication between hosts, servers, or applications. In modern networking environments, though (especially virtual and cloud networks), where network traffic is coming from or going to cannot adequately determine whether that traffic should be allowed into a segment. Additionally, the possibility of address tampering (e.g., address resolution protocol attacks, MAC attacks) could result in malicious activity on traffic that is already inside a segment.

Based on your understanding of gray hackers. Should we appreciate what gray hackers do to the public?

Answer B is incorrect because gray hat hackers are those individuals who cross the line between legal and questionable behavior. Gray hat hackers: These individuals usually follow the law but sometimes venture over to the darker side of black hat hacking. It would be unethical to employ these individuals to perform security duties for your organization because you are never quite clear where they stand. Think of them as the character of Luke in Star Wars. While wanting to use the force of good, he is also drawn to the dark side. Gray hat hackers are individuals who vacillate between ethical and unethical behavior. Answer B is incorrect because ethical hackers do not violate ethics or laws. Answer C is incorrect because crackers are criminal hackers, and answer D is incorrect because white hat hackers is another term for ethical hackers. An ethical hacker is an individual who performs security tests and other vulnerability-assessment activities to help organizations secure their infrastructures. Sometimes ethical hackers are referred to as white hat hackers. Hacker motives and intentions vary. Some hackers are strictly legitimate, whereas others routinely break the law.

Now that is the right direction. These issue will almost always occur with a WAN connection. For example a WAN connection may be 200 Mbps, or 300 Mbps, but the internal LAN will most likely be 1 Gbps. Even with very few users on the LAN the outgoing network traffic could be rather large compare to the WAN bandwidth. How would you handle this issue?

As for how to decide which final ratio to attain when designing / upgrading a network, it can be tricky. This is why, from its vast experience and analysis of real networks, Cisco make some recommendation, such as the one you quoted, or the one quoted by @RonMaupin in a comment: the access to distribution oversubscription ratio is recommended to be no more than 20:1 (for every 20 access 1 Gbps ports on your access switch, you need 1 Gbps in the uplink to the distribution switch), and the distribution to core ratio is recommended to be no more than 4:1 But the correct values for a given network highly depend on the traffic pattern. For existing network, a close monitoring of the bandwidth used on each port should give enough insight. You can also use netflow / sflow to analyze further what use the bandwidth. When designing a new network you need to assess the expected traffic. You can see now that it is not something we configure, but it is a design choice. Note:The ports speed is not always the limiting factor. Most often the switch hardware is not capable of handling the full bandwidth on all its ports simultaneously; this is indeed a kind of internal over-subscription (once again mostly driven by real usage patterns and costs). Let's say the link from your ISP can technically handle 100 Mbps, but you have only purchased 50 Mbps; the ISP will configure your devices to ensure you will only be able to push 50 Mbps worth of traffic. Anything more than that 50 Mbps will typically be dropped. Another cause of network congestion is when an ISP intentionally oversubscribes a link. The thought process is that not all subscribers will be using the link simultaneously. What happens, however, is during peak periods when many people are using the service at the same time, there will be packet loss due to the congestion. This oversubscription can happen in enterprise networks as well depending on the design of the network and the application use. If end users have 1gig connections to a 24port switch at the edge, and there are 10gig connections upstream, if more than 10 end users flood their links, the upstream trunk can become fully saturated. You can have links that show less than 5% utilization that can have oversaturation problems. Imagine if you had a 5-lane freeway that was completely empty most of the time. If you checked the status of the freeway every hour on the hour and saw it as mostly empty, you would think that there were no issues. However, if you had a rock concert let out at 2:30pm that had the freeway massively overloaded for 20 minutes with lots of people complaining, that might mean you have a capacity issue. This type of even is called a Microburst Link Flood. If you see a number of Deferred Transmission errors, followed by a number of Outbound Discards, that will tell you that packets are being buffered and then discarded.

is it possible for an IoT device to be put into a botnet without using a local computer?

I think what you're refering to is a IoT botnet which is a collection of smart devices hijacked by cybercriminals. Today there's Linux/IRCTelnet that's a IoT botnet that does'nt require an on site device designed from IoT botnet predecessors. Mirai is a IoT botnet that has showed up quite a few times recently and part of it is built into the Linux/IRCTelnet. This would make Linux/IRCTelnet the upgraded version of Mirai given that it's built from other IoT botnet parts. Linux/IRCTelnet can uses ELF so a local computer isn't needed because of cross platforming capabilities and more.

Linux is an open source, and the choice for hackers to develop and use tools. Discuss the reasons?

Linux A popular open source version of UNIX that offers a much more user-friendly GUI than previous versions of UNIX offered. Different Linux distributions ship with different software packages, but users decide what stays in their system by installing or removing packages. The graphical interface in Linux is comprised of a number of subsystems that can also be removed or replaced by the user. Although the details about these subsystems and their interactions are beyond the scope of this course, it is important to know the Linux GUI as whole can be easily replaced by the user. As a result of the extremely large number of Linux distributions, this chapter focuses on Ubuntu when covering Linux. This open source is the choice for hackers mainly because the various versions that are out there with different software packages. The reasons for why hackers prefer to develop/use tools on Linux is because it's user friendly. A user can seamlessly replace a Linux GUI whenever they want. And with a plethora of Linux distributions it's not that hard to imagine why hackers prefer to use Linux. Also Linux is essential for hackers in general given that Linux is a part of almost everything we use today. From Android, computers, servers, device accessories and more are using Linux OS's. Linux because it's stable and efficient in connotation to various Linux versions. open source OS to which varies depending on the use of Linux. Linux operating systems are used in practically every platform, including embedded-systems, wearable devices, smartwatches, cellphones, netbooks, PCs, servers and super computers. Although Linux is getting a larger user base, Android, a modified version of Linux, may be responsible for the operating system's spread throughout the consumer market.

Identify different ways a Windows system can be hacked, with an example.

spyware crack Windows log-in passwords. target Windows desktops, networked servers, Active Directory, and primary domain controllers. Down-level software is of interest to the attacker because it's old. The older something is, the more likely that many vulnerabilities have been found. If they have not been patched, they represent a juicy target for the attacker. Trojans are not written just for Microsoft systems. Whereas Trojans used to be widely transmitted, today's malware creators focus on much more targeted attacks, sometimes limiting a specific Trojan to be deployed to only a few victims. This technique makes detection and eradication much more difficult.