ORDER NEW COPY OF MN502 SECURITY IN NETWORKED SYSTEMS ASSIGNMENT & GET HIGH QUALITY SOLUTIONS FROM SUBJECT'S TUTORS!
MN502 Overview of Network Security - Melbourne Institute of Technology
Security in Networked Systems
Learning Outcome 1: Explain the major methodologies for secure networks and what threats they address;
Learning Outcome 2: Identify and report network threats, select and implement appropriate countermeasures for network security.
ARE YOU LOOKING FOR RELIABLE MN502 SECURITY IN NETWORKED SYSTEMS ASSIGNMENT HELP SERVICES? EXPERTSMINDS.COM IS RIGHT CHOICE AS YOUR STUDY PARTNER!
A. Google Dorking
Q1. How the following advanced Google search engine operators are used:
allintext, allintitle, allinurl, cache, filetype, inanchor, intest, intitle, link, site, +, |, and *
Sno
|
Google Dork
|
Explanation
|
1
|
allintext
|
The search is limited to only those links which contains the search keywords in the text of the web page. For example: if you search "allintext: cloud computing" then only those pages will be displayed in which the text matter contains these two words.
|
2
|
allintitle
|
All the keywords are searched in the titles of the page only. For example: if you search "allintitle: cloud computing", then only those pages will be shown whose title contains the key words cloud computing.
|
3
|
allinurl
|
The search is restricted to results those containing the keywords in the url of the page. For example: if you search "allinurl: gmail inbox" then it will return only those url which contain the key words.
|
4
|
cache
|
It will display the google's cache web pages. For example: "cache:www.abc.com" will display only the cached pages.
|
5
|
filetype
|
It will restrict the results to a specific filetype. For example: if you search "abcfiletype:pdf" then the results will also contain the links having pdf files.
|
6
|
inanchor
|
It will limit the results to pages containing the searched keywords in the anchor text or links to the page.
|
7
|
intext
|
Returns the results containing the keyword in the text. For example: if you search "python intext: big data", it will return the pages which mentions the word big data in text and python anywhere in the page.
|
8
|
intitle
|
Liimts the results with search keyword strictly in the title.
|
9
|
link
|
Returns the results that directly points to the link in googlesearch .
|
10
|
site
|
Restrict the results to the specific domain of search.
|
11
|
+
|
Try to finds the exact match with the search keyword
|
12
|
|
|
It indicates the OR operation. It includes either or both the terms mentioned on the side of OR operator. For example: python|bigdata.
|
13
|
*
|
It considers one or more words mentioned in the search list.
|
WORK TOGETHER WITH EXPERTSMIND'S TUTOR TO ACHIEVE SUCCESS IN MN502 SECURITY IN NETWORKED SYSTEMS ASSIGNMENT!
Q2. Use at least four of the operators to create potential Google dorking searches and provide discussion with snapshots.
1. Filetype:
Example: python filetype:pdf
2. Intext
For example: intitle:android
3. allinurl
For example: allinurl:redmi smartphone
4. allinanchor
For example: allinanchor:data science
DONT MISS YOUR CHANCE TO EXCEL IN MN502 SECURITY IN NETWORKED SYSTEMS ASSIGNMENT! HIRE TUTOR OF EXPERTSMINDS.COM FOR PERFECTLY WRITTEN MN502 SECURITY IN NETWORKED SYSTEMS ASSIGNMENT SOLUTIONS!
Q3. Identify and discuss how easy is it for a threat actor to use Google dorking?
Google dorking, enable the hackers to steal the user information which is available on the internet or even in the user's computer system. It is a technique which allows the hackers to identify the loop holes or vulnerabilities in the website and then attack those vulnerable points to get the access of some key information such as, debit/credit card number, cvv number, email id, phone number, passwords etc. The hackers are basically interested in the metadata part of your webpage and they can easily get the access to metadata using the dorking tools.
Hackers use googledorking for stealing users or company's information which they generally do not prefer to reveal globally. This technique can be used to find out the vulnerability in the system, getting the users credentials or any financial codes for any users. The working of this method is very simple, the web crawlers are the one which crawls the whole page depending upon the search criteria, but in the backend they also crawl the information which the users might not want to give public. This is what the hackers are more interested in stealing. They can easily get the access to the following-
• Cache memory of the browser containing the google search history, stored passwords etc.
• Online surfing details of the users.
• Exposing the directories containing sensitive information.
DO YOU WANT TO EXCEL IN MN502 SECURITY IN NETWORKED SYSTEMS ASSIGNMENT - ORDER AT EXPERTSMINDS!
Q4. Provide recommendations for users and organizations to combat Google dorking.
Following are the recommendations to the end users and organizations to fight against googledorkingare as follows:
As an organization you must scan your website for various vulnerabilities using the vulnerability scanner tools.Such vulnerabilities should be hidden from the hacker.
Keep cleaning your google index. You must very frequently keep on removing your site from the google's index.
Continuously keep on updating your software, specifically the browser which is used for searching. The browsers cache also must be continuously cleaned.
Avoid posting your sensitive information in internet.
Recommended Cryptoperiods
Crypto periods:
Crypto period is defined as the life time or life cycle of a key in any cryptographic algorithm. It is nothing but the time span for which the particular key can be used for encryption and decryption of data. The cryptographic algorithms are classified into three broad categories as follows:
• Hash Functions
• Symmetric Key Algorithm
• Asymmetric Key Algorithm
Key length becomes one of the most important parameter in these algorithms. There are many organizations (private + government) that provide recommendations for the crypto periods for various algorithms. However, it is the responsibility of security engineer to choose the best crypto period for securing their network. As per National Institute of Standards and Technology (NIST) the crypto periods in this broad category of algorithms is as follows:
Hash functions works in a monotonous way and does not require any key for encryption and decryption. So for every transaction there is a separate key generated using the hash function. Symmetric algorithms are completely dependent on the keys which are generated and shared among all the users on the client and server side. Any third party is unaware of these keys. The crypto period for this keys as per NIST is <= 2 years. In case of asymmetric algorithms, there are two keys which are generated called as public key and private key. Both the keys are used for encrypting and decrypting the data. Some of the popular algorithms or functions under these categories are-
• Hash Function: MD5, SHA
• Symmetric: Blowfish, RC4, RC5, RC6, AES, DES
• Asymmetric: RSA, DSA, Deffie-Hellman Key Exchange
There are various websites which have already implemented various formulas for the calculation of key length based on the recommended crypto period.
Following are the different sources for algorithms and their respective crypto periods
• German federal office for information security, BSI (2015)
• NSA Fact Sheet (2015)
• Security Agency (ANSSI) (2014)
• NIST (2012)
• ECRYPT II (2012)
Source
|
Symmetric
|
Hash
|
German federal office for information security, BSI
|
128
|
SHA256, SHA384
|
Security Agency (ANSSI) (2014)
|
100
|
200
|
NSA Fact Sheet (2015)
|
256
|
384
|
Below is the table showing list of algorithms and the recommend time
Crypto period
|
Minimum of strength in bits
|
Symmetric Algorithms
|
Asymmetric Algorithm
|
Crypto period
|
Hash Type A
|
Hash Type B
|
2010
|
80 bits
|
2TDEA symmetric algorithm
|
1024 bits
|
160 bits
|
SHA-1bit SHA-224bits SHA-256bits SHA-384bits SHA-512bits
|
SHA-1bit SHA-224bits SHA-256bits SHA-384bits SHA-512bits
|
In the range of 2011 - 2030
|
112 bits
|
3TDEAsymmetric algorithm
|
2048 bits
|
224 bits
|
SHA-224bits SHA-256bits SHA-384bits SHA-512bits
|
SHA-1bit SHA-224bits SHA-256bits SHA-384bits SHA-512bits
|
Up to 2030
|
128 bits
|
AES-128 bits symmetric algorithm
|
3072 bits
|
256 bits
|
SHA-256bits SHA-384bits SHA-512bits
|
SHA-1bit SHA-224bits SHA-256bits SHA-384bits SHA-512
|
>>beyond 2030
|
192 bits
|
AES-192 bits symmetric algorithm
|
7680 bits
|
384 bits
|
SHA-384btis SHA-512bits
|
SHA-224 SHA-256 SHA-384 SHA-512
|
>>> 2030
|
256 bits
|
AES-256 bits symmetric algorithm
|
15360 bits
|
512 bits
|
SHA-512bits
|
SHA-256 SHA-384 SHA-512
|
Recommendations for the crypto periods:
As per German federal office for information security, BSI (2015)
Date
|
Symmetric
|
Factoring Modulus
|
Elliptic Curve
|
Hash
|
2015
|
128 bits
|
2048 bits
|
224 bits
|
SHA-224 SHA-256 SHA-512/256
|
2016
|
128 bits
|
2048 bits
|
256 bits
|
|
2017 - 2021
|
128 bits
|
3072 bts
|
256 bits
|
|
SAVE TOP GRADE USING MN502 SECURITY IN NETWORKED SYSTEMS ASSIGNMENT HELP SERVICE OF EXPERTSMINDS.COM
Cloud Computing
All the business domains are using cloud computing for improving their business logic. One of most important reason for companies to adapt cloud computing is the reduced cost of executing their business. It has reduced the software and hardware cost drastically. Companies now a day are storing their data over the cloud and using the cloud infrastructure to manage and analyze their data for further decision making. Because of this the productivity has increased. In the earlier days, most of the human resources were utilized in maintenance of the infrastructure, software, data backup tools etc. now with the involvement of cloud all these resources are freed up an can be utilized in an effective and efficient manner. The cloud also supports multiple storages options and also allows keeping a backup of the data; this has made people life easy.
The four models of cloud computing is as follows:
1. Infrastructure-as-a-Service (IAAS)
In these types of service model the cloud company provides computing resources on the virtual platform. The end user need not to worry about the infrastructure for running his application program.
2. Platform-as-a-Service (PAAS):
Under this category of service the cloud provider provides the software and tools as a platform for running the users application. The provider will host the entire hardware and software requirements which are essential for running the application.
3. Software-as-a-Service (SAAS):
Under this service the provider directly provides the software to the end user over the internet.
4. Storage-as-a-Service:
In this service, the company rents out its space to the other company to store their data.
Explain one security protection for cloud computing used in an organization.
Security in cloud is one of the biggest concerns which are to be looked upon by the developer of the cloud. One of the most key challenges is Denial-of-Service> it is a type of attack which stops the users to use certain service. To mitigate this type of attack one of the solution could be use of CDNetwork suites, it monitors the DoS attacks and prevent the users from it. It analyzes the DoS attack request and based on the report it prevents the cloud in future.
Compare Microsoft Azure with Amazon Web Services (AWS). Create a table that lists at least five options. Include the advantages and disadvantages of each. Which would you recommend? Why?
Microsoft Azure and Amazon Web Services are two very popular cloud extensively used in the industry.
Comparison between Azure and AWS is shown in table below.
Sno
|
Microsoft Azure
|
Amazon Web Services
|
1
|
The support to big data applications Is not extensive and needs improvement.
|
Provides extensive support for big data
|
2
|
Management of tools is less efficient
|
Tool management is simple
|
3
|
Pricing in Azure is per minute basis
|
Pricing in AWS is per hour basis
|
4
|
It is a public cloud open for all.
|
It Is a cloud used on-demand.
|
5
|
Less flexible financial model.
|
Flexible Pricing
|
6
|
Azure supports hybrid cloud
|
Do not have support to hybrid cloud.
|
Advantages and Disadvantages of Microsoft Azure:
All the services in Azure are highly available. It ensures the availability of data as it has high replication factor. It also has a strong security model implemented keeping a focus on all the major security threats. In addition, it also supports scalability to a great extent.
The major drawbacks with azure are that it requires a lot of management to be done and also need a skilled resource to use the platform.
Advantages and Disadvantages of Amazon Web Services:
AWS is a very cost effective cloud service which has a very flexible pricing chart. Migration from AWS to any other application is very simple and does not involve a lot of hard work. AWS is elastic and scalable. It does not has no capacity limit on the usage of services. It provides agility with high speed and also it is secure and reliable. The major drawbacks with AWS are that it has some security concerns and it do not support the hybrid cloud services. They also charge the users for technical support fee.
After discussing the pros and cons of both the cloud services, I would recommend AWS because of its flexibility in pricing, reliability and ease of migration from platform to platform.
Would you recommend the cloud computing for your school? Justify your recommendation.
Yes, I would recommend cloud computing for my school. The school has to store the submissions of assignment from students on Moodle. This process needs a lot of space in terms of storage because the students' submissions sometimes are huge in size. For this, we can recommend the school to rent the storage on cloud to store all the student submissions and also allow students to access the same as and when required.
Compare Protocol Analyzers
SAVE YOUR HIGHER GRADE WITH ACQUIRING MN502 SECURITY IN NETWORKED SYSTEMS ASSIGNMENT HELP & QUALITY HOMEWORK WRITING SERVICES OF EXPERTSMINDS.COM
Analyze and discuss the importance of protocol analyzers.
For an enterprise the protocol analyzer also called as network analyzer plays an very importance role as it helps in maintaining the security of data which is coming in and going out from the enterprise's network. All such monitoring tools support the administrator of the network in trouble shooting the problems and to resolve the issue effectively. The problem diagnosis can be done with any network device like servers, cables, switching and routing devices etc. Data over the network is transmitted in small chunks called as packets and for carrying the packet from one device to the other device various protocols are used at different layers of the TCP/IP model. Also, every protocol has its own header and information. The protocol analyzer scans the protocol headers and information in order to check the authenticity of data and keep a log of the same. Some of the key responsibilities of the protocol analyzer are as follows:
• It keeps the track of all the recent and past activities in the network.
• Tests the application for any malware before executing them in the network.
• Checks the unusual flow of data packets over the network.
• Identifies the change in the characteristics of the packet.
• Keeps a check on the utilization of bandwidth.
• Search for the patterns on data string to finds its authenticity.
• Logs the source and destination of the packet.
• Provides a user-friendly GUI for maintain and understanding the statistics.
Research any two protocol analysers (such as Wireshark, ColasoftCapsa, and Microsoft message Analyser) and compare their features.
Wire shark:
Wire shark is an open-source system used for network analysis. It is a graphical based tool which allows tracking the status of live packets flowing across the network. Some of the key features of wire shark are as follows [6]
• Based on the specific input data the tool filters the data by removing the malicious data.
• It creates the stream of packets by collecting all the packets together and allows a better statistics.
• Shows the results of captured packets into various formats.
Which analyzer would you recommend? Justify your recommendation.
I would suggest using the ColasoftCapsa because of its user friendly user interface. It is very simple to understand the GUI of this tool and analyze the statistics. It also allows multiple instances to be used which helps in running the parallel tasks. In addition to this, it also shows the visuals of packets in terms of seven layers of OSI model which increase the readability. It supports the identification of forged data and also analyzes the behavior of abnormal data packet. Because of all this reason, Colasoft is better to be used instead of Wire shark or any other tool.
• Allows the correlation among different packets before providing the statistics.
Limitation:
It requires a deep knowledge f the different data packets and protocols for understanding the statistics of wire shark; because it shows a very technical analysis of data packets.
ColasoftCapsa:
It is also an open source network analyzer used in monitoring and troubleshooting the network.
Limitation: used only on windows.
Comparison on the basic of features:
S.No
|
Feature
|
Wire shark
|
ColasoftCapsa
|
1
|
Operating System
|
Windlws& Linux
|
Windows
|
2
|
User Interface
|
GUI & CUI
|
GUI
|
3
|
Support for multiple instances
|
No
|
Yes
|
4
|
Identification of abnormal packet
|
No
|
Yes
|
5
|
Forged Data identification
|
Yes
|
Yes
|
DO YOU WANT TO EXCEL IN MN502 SECURITY IN NETWORKED SYSTEMS ASSIGNMENT? HIRE TRUSTED TUTORS FROM EXPERTSMINDS AND ACHIEVE SUCCESS!
Access our Melbourne Institute of Technology Assignment Help services for below mentioned courses like:-
- MN501 Network Management in Organisations assignment help
- ME605 Cloud Engineering assignment help
- MN610 Virtual Private Networks assignment help
- MN506 System Management assignment help
- MN601 Network Project Management assignment help
- MN507 Overview of Software Engineering assignment help
- MN623 Cyber Security and Analytics assignment help
- MN604 IT Security Management assignment help
- MN504 Networked Application Management assignment help
- MN621 Advanced Network Design assignment help