Proactive Network Defence 7CS017

Table of Contents
1. Executive summary........................................................................................................................2
2. Data Flow Decomposition Diagram...............................................................................................2
3. Threat Modelling Approach...........................................................................................................3
Web server—Threat and vulnerability...............................................................................................3
Wireless access..................................................................................................................................6
Threats on email server.....................................................................................................................9
4. Threat Mitigation Plan.................................................................................................................10
Threat mitigation plan for web server.............................................................................................10
Threat mitigation for wireless..........................................................................................................10
Threats mitigation for email server.................................................................................................12
5. Legal and Ethical Considerations.................................................................................................13
6. Conclusion...................................................................................................................................13
References...........................................................................................................................................15
 1. Executive summary
The corporation is aware of the protection specifications of the Control System (CS), but the
Idaho National Laboratory (INL) has observed that security procedures and hardware are
not implemented consistently and sufficiently in on-site tests. The Department of Homeland
Security (DHS) National Cyber Security Division (NCSD) developed the Control Systems
Protection Center (CSSC) at INL to help business and government strengthen the security of
the CSs used in the nation's vital infrastructures. One of the CSSC's main priorities is to
recognise vulnerabilities in the control mechanism and create appropriate mitigation for
them. Our analysis tackles the challenges and vulnerabilities contained in on-site CS tests
and familiar methods of relief by supplying resource owners with knowledge that they need
to make sure that their frameworks are more readily secured from usual protection
blemishes.

We have selected the three realms in which there is an extremely chased assault to occur
for this case study centred on CNI/ IT systems, i.e. According to our report, we have also
done research on threat reduction and threat susceptibility in the selected specific domain,
following which we also have research on legal and ethical concern. We have also done
research on threat mitigation and threat vulnerability in the selected specific domain.

2. Data Flow Decomposition Diagram

Trusted Domain (TD1): Web server
 Trusted Domain (TD2): Wireless access server

Trusted Domain (TD3): Email server

3. Threat Modelling Approach

Web server—Threat and vulnerability
a. Injection
Injection defects arise from an iconic inability to remove untrusted input. This can
happen if you pass unmoderated data to your SQL server (injection of SQL), browser,
 LDAP server (injection of LDAP), or anywhere. The concern was that the intruder
might inject these entities with instructions, culminating in data loss and clients
being hijacked by the browser.
b. Broken authentication
This is a set of complications, although not all of them are exacerbated by the same
root cause, which happens when authentication is disabled. A error has happened
c. cross site scripting
This is an unwillingness to sanitise inputs that is relatively normal. An intruder offers
the web application JavaScript tags for input. As this input is returned to the user
without sanitisation, the user's browser is executed. Building a link and persuading
an individual to click on it can be so easy, or it can be something more sinister. The
script runs on the loading page and can, for example, be used to publish the cookies
of the attackers.
d. Security misconfiguration
o In creation, execute the debug-enabled software.
o A directory listing on the registry that leaks sensitive information has been
allowed.
o Outdated Operating Machine (think WordPress plugins, old PhpMyAdmin).
o Having the software run wasteful services.
o It does not alter any default keys or passwords.
o Searching for error detection information, such as stack traces, for attackers.
e. DOS Attacks
When reacting to user requests in a timely way, typically within seconds, a Web
server is at its peak efficiency. In order to do the reverse, a Denial of Service (DoS)
attack is planned. In this manner, attackers flood the site server with demands that
discourage legitimate users from accessing the website by impacting the server's
capacity to react promptly. The intruder sending an excessive amount of
documented invalid requests accomplishes this. The site server may try to serve
these requests upon receipt. Invalid demands, when the server wants to close the
links, are prone to delays. As soon as the connection is removed, further invalid
requests are submitted (Shaikh, Pardeshi and Dalvi, 2020). A dramatically high number
 of these invalid requests creates a bottleneck in link termination, delayed response
time and poor output on the server, blocking connections to legal users.
f. SQL Injection Vulnerabilities
In their front-end implementations, each website contains feedback fields and forms
that promote collaborative processes with the customer. For moving data via SQL
queries to enter and query the database, certain input data fields/forms are used. If
these data input fields are not properly validated, this flaw may be used by attackers
to transfer malicious scripts to query the database in a SQL Injection attack. There is
little limit for how much harm may be incurred by these bugs to the website and its
servers (Shaikh, Pardeshi and Dalvi, 2020).
g. XSRF (Cross Site Request Forgery) Attacks
XSRF (Cross Site Request Forgery) is an assault that successfully redirects a website's
legitimate visitors to an alternative malicious website that appears like an official
website but attempts to capture username, confidential and other confidential
details from users (Sridevi, 2011). Having acquired the certificates of the perpetrator,
they use them on the victim's behalf to conduct undesired acts.
h. Directory Attacks
A directory attack arises when in the Web root directory and over and via the
exposed front-end and back-end interfaces of the application, a hostile assailant is
able to access data on the base file system. The operating system and its related
computers and applications illustrate that this lack of privacy causes highly sensitive
information to be leaked.
i. Attacks due to poor system configuration
To prevent these types of assaults, correct server installations and adherence to
industry standards are key. Attackers will quickly hack such a device if unnecessary
or inactive programmes are allowed or known default configuration parameters or
configurations are used.
j. Web Server Monitoring
The conscious management of applications hosted by the database server is one of
the keys to managing web server-related bugs and problems. Vulnerabilities
connected with these online resources represent a clear threat to the programme
and database, as mentioned earlier. Because ports and services are the key windows
 from which web server programmes are accessible, it is important to cope with this
problem and control connections to resources and attempts to access disallowed
ports and services to interact.
k. Black Box Testing
Some penetration checks, also known as black box research, include the method of
testing web servers for problems and weaknesses. We will look at three simple
strategies used to evaluate and locate the applications running on a webserver and
how to solve problems that allow these probes.

Wireless access
a. Establishing a rogue point of entry
A rogue AP is a wireless AP that is installed on a secure network without the
authority of a network administrator.
In the event of potential ruin of the enterprise, the rogue AP is usually created by a
hostile hacker on the company or government network.
This is a common vulnerability to protection since criminals often use it to trick
companies into assuming that they are related to a valid AP. They eventually fall into
a pit built by an unauthorised intruder to directly intercept the organization's private
and vital data (Kropp, 2006).
b. Poor twin points of entry
A rogue connector will conveniently release the same SSID (network name) as the
legitimate AP.
It would easily trick local WiFi users to bind to them, since the lawful and rogue APs
will not be alerted at any moment.
It is not really difficult to create an evil twin AP for nefarious purposes. Methods like
the Karmetasploit really made it almost as plain as a cake. It helps us to construct
fake APs, gather passwords, gather details and carry out browser-based client
attacks.
c. WiFi interface attacks robbed or destroyed (Kropp, 2006).
This threat is little known and thus the remainder of the lot is ignored.
 We might have locked our Wi-Fi business with the finest security on the market, but
it is the system that may be something from a smartphone, a laptop or even a
mobile or a PC if CNI always fails the machine it used to attach to the same network.
As anyone retrieves the machine, if they can crack the device's password
themselves, they can reach the network on the basis of data obtained on the server
(if the password is not available, that will be much easier).
d. Problems with settings
 Config issues often apply to glitches that can establish a significant security
problem for CNI or WiFi IT devices as a whole.
 Typically, these problems arise when persons actually handle standalone APs.
The dilemma is restricted to a certain degree of power now with the
installation of a more central wireless network.
 A variety of security advantages are offered by centrally regulated wireless
internet.
 Using periodic audits and standardised warnings on TCO reduction.
e. Inability to customize safe
 In growth, run the debug-enabled software.
 The directory listing on the registry that leaks sensitive information has been
activated.
 Overdated programmes that function like: WordPress plugins from
PhpMyAdmin.
 Having the software run wasteful services.
 There are no changed default keys and passwords.
 Searching for error detection information, such as stack traces, for attackers
f. Exposure to confidential data
Encryption and resource safety are Web security flaws. At all points, both in motion
and at rest, sensitive information can be encrypted. Exceptions should not exist.
Never unencrypted, haze passwords, fly or store credit card details and credentials
for the account. The crypto/hash algorithm will definitely not become faint - it will
mean AES (256-bit) and RSA protection requirements if you have a concern (2048
bits and up).
 Although it goes without noting that it is difficult to apply session and private URL
information with a protected flag, this is sincerely necessary and not over-
emphasizable.
g. Regulation of the loss of access level feature
This is a non-allowance, basically. This indicates that the proper authorization has
not been carried out as a process is called on a device. Many developers depend on
the backend to create the UI, which they claim will not reach the features provided
by the user from the server. It's not that easy, because the 'hidden' function can still
be queried by an attacker, and the UI doesn't bother with this feature. Imagine that
the /admin panel is open and if you are a client, the UI is just allowed. Nothing
prevents an attacker from detecting this feature if permission is missing.
h. Firewall Cross Site Framework (CSRF)
This illustration is a nice depiction of a legislative delegate condemning someone
else who misuses the browser. A third-party website can exploit a user's browser by
doing stuff with an attacker, for example.
A third party website utilises a CSRF cookie/session browser that issues software on
the goal platform (i.e. our bank). For example, if we log into a tab on the homepage
of the bank that is vulnerable to the assault, a different tab will misuse the attacker's
privileges that add to the administrator's problem. The member is a browser that
uses the legitimacy of the intruder to do something (session cookies).
i. Usage of identified vulnerability components
More on service/deployment problems. Conduct some checking, even some auditing
before implementing a new code. It can be extremely beneficial to use Random
GitHub code or some other forum, but risks a major vulnerability in terms of site
security.
For eg, there are many situations in which a third party gains managerial access to a
computer, not because the devices are stupid, but that third-party software has
been unbundled in its production for years. For eg, this is always the case with
WordPress plugins. If you felt your secret phpmyadmin installation could not be
found.

Threats on email server

a. Malware
 Criminals are constantly utilising emails to carry out a range of assaults on
organisations by using ransomware or 'malicious software,' including bugs, worms,
Trojan horses and spyware. If efficient, these attacks would grant control to the
malicious party over workstations and servers that can be used to modify privileges,
gain access to sensitive information, monitor user habits, and conduct other
malicious activities.
b. Spam and phishing
 Sending unwanted mass commercial e-mails, commonly referred to as spam, is
unrequested commercial e-mail. These messages may interrupt user functionality,
use IT resources improperly and be used as a distributor of malware.
 Spam is phishing, relating to using disappointing computer-based ways to get people
to respond to e-mail and communicate confidential data.
c. Social engineering
An hacker can use e-mails to gather sensitive information from users of an
organisation instead of breaking into a computer.
Spooofing via e-mail is a standard social engineering attack where one user or
application is effectively masked by falsifying the sender information presented in e-
mails.
d. Entities with malicious intent
Malicious organisations can gain unauthorised access to services anywhere in
the organization's network on a mail server. For example, an attacker can
retrieve user credentials when the mail server is compromised and enable the
attacker to reach other hosts on the organization's network.

e. Threat Mitigation Plan

Threat mitigation plan for web server
 It's all a matter of "filtering the information correctly and worrying whether an input
can be trusted to defend against injection. But the bad news is that all data must be
carefully screened before it can undoubtedly be believed."
 The easiest approach to prevent this web protection flaw is to utilise a system. This
will need to be executed correctly, but it is much better for the former. If people
want to try their own technology, be exceedingly paranoid and remind themselves
what the disadvantages are.
  There is an easy solution for site protection: do not return the client with HTML tags.
Javascript, a similar assault, is the advantage of this additional injection security,
which enables the intruder to upload simple HTML material, not high-impact but
definitely annoying ('please avoid it as photos or invisible, destructive flash players.
This has the added benefit of securing HTML. Usually, all HTML entities are
converted using the workaround, so <script> is restored as <script>. The other form
of sanitization is often used to strip HTML tags of regular sentences, but because
many users understand the corrupted HTML wrong, this is dangerous. All can turn
back to their remaining equivalents (Downs, 2016).
 Have a good (preferably automated) "build and deploy" mechanism that can run
deployment checks. Post-commit hooks are the poor guy's security misconfiguration
fix, to keep the code from going out with default credentials and/or development
stuff installed in.

Threat mitigation for wireless

 A WIPS unit to track the radio spectrum of unwanted APs (Wireless Intrusion
Prevention System) can be installed by CNI/IT and necessary steps can be taken.
 Server authentication is the only feature that can serve as a barrier against the Evil
Twins AP assaults.
 If a computer is missing, particularly if it is a mobile or a desktop or even a tablet, if it
is specifically connected to the system, try to remotely lock or delete the device
without any more advertisements.
 If the malfunction comes to your notice, it is also recommended that all WiFi keys in
the CNI/IT network be changed.
 A centrally controlled WLAN is safer and more effective.
 Have a good (preferably automated) "build and deploy" mechanism that can run
deployment checks. Post-commit hooks are the poor guy's security misconfiguration
fix, to keep the code from going out with default credentials and/or development
stuff installed in.
 In storage: This is harder. We need sensitivity to be minimised, first and foremost.
Shred it if sensitive data is not needed by the CNI. It's not necessary to steal
information that we don't have. Don't ever store credit card papers, as we don't
 want to contend with PCI compliance, clearly. Use a payment processor to sign up,
such as Stripe or Braintree. Second, if the CNI has sensitive information that it really
wants, store it carefully and ensure that all keys are hashed. The usage of Bcrypt for
hashing is recommended. Learn from rainbows and salting tables if you're not using
bcrypt.
 In the server hand, authorisation also has to be done. Uh well, never at all. No
exceptions or flaws may cause significant challenges.
 Store a coded token that can not be accessed from the other party's website in a
secret location. This hidden area must be checked by the latest CNI/IT programmes.
When changing sensitive settings, some areas still need password, however I suspect
that this is available to prevent the exploitation of abandoned sessions.
 Be precautionary. Be precautionary. Beyond obvious caution, when using these bits,
don't be a copy-paste coder. Inspect the code piece closely, since it can be
compromised after reparing (or in certain instances, purposely harmful – network
attacks are often unintentionally requested).
 Keep up to date. Keep up to date. Make sure that the latest changes are needed by
your CNI/IT and you are dedicated to updating them on a regular basis. In the very
least, submit to a report on emerging vulnerabilities in product security.

Threats mitigation for email server

a. Malware security
The capacity to check malware and filter spam at the mail consumer and mail
application level is provided in CNI/IT systems. In order to better teach users to
identify and handle suspicious communications and attachments, CNI/IT will also
include information and instruction for users, including telecommuters (Downs,
2016).

b. Perform routine protection checks

Periodic inspections of the security of the mail system show the accurate
implementation of protective protocols, the process as scheduled, and the
production of the necessary outcome with regard to the safety requirements of the
functioning mail system. CNI/IT may recommend the use of a number of techniques,
such as vulnerability testing, in the sense of the mail system and its support
environment.
c. Maintenance of a secure postal infrastructure
The safeguarding of an email system is a continuous mechanism that needs
continual attention, time which alertness and typically involves:
Log files setup, safe, and evaluate
 Log files are always the only unusual activity record for CNI/IT.
 The logging framework permits the use of data gathered to identify failed and
active intrusions, to trigger alarm alerts if further analysis is necessary, and to
help device retrieval and post-event study.
 Both procedures and instruments are required by CNI/IT to process, evaluate
and examine log files.
d. Frequently back up details
The most important feature of a mail server administrator is to maintain the integrity
of mail server information. This is critical because one of the most relevant and
exposed servers is also the mail servers on the CNI/IT network. In the event of mail
service breaks and in compliance with data and knowledge retrieval and archival
rules, including those found in e-mail, the mail server should be regularly backed up
by the mail administrator to avoid downtime.

e. Legal and Ethical Considerations

 The web hosting contract is an agreement between a web hosting business
and the user/customer that allows web hosting and related services such as
web server-related email capability, domain name registration and other
services set up by the web hosting company. Web Hosting is the home of one
or more websites, running and fixing the business. Site Networking Web host
services offer space for a leasing price on a server to provide Internet
connectivity. There will also be space for data centres for web server
companies.
 There are no legal provisions for safeguarding privacy when it comes to an
accessible network that offers free network connectivity for searching or
importing etc. and GPS equipment, but testing nodes is not prevented in
accordance with US laws. When it comes to node scanning, the issue is where
 the person or access point is. The question of privacy of the consumer or the
location of an access point may also occur.
 Workers also feel that their messages are private, but on a routine basis, the
number of employees monitor emails from organisations' accounts or
computers. The 1986 Electronic Communications Division Act bans the
intentional surveillance of any cable, oral or electronic contact, notes that in
email monitoring, the federal statute is ambiguous. However, this Act
provides a clause for corporate use that allows organisations to document
emails from employees.

f. Conclusion
Web Server is for software as well as hardware. Yet, irrespective of its meaning, it is a
critical feature of the Internet that we remember today. We also ensure that details can
be stored on a network-connected device and that this information is made visible to
any other system, such as TCP/IP, via internet and network protocols. Cellular
Networking can be predicted internationally as technology advances. There are many
benefits of wireless networking that can increase the planet's competitiveness.
Nevertheless, even with all the other new advancements made in the world today, there
remain questions. Any of the things that obstruct the progress that wireless technologies
may produce are the privacy issues related to the access or negative effects of personal
information on an entity on the organisation. More experiments and tests would
remove the difficulties associated with wireless networking and make it a significant part
of the community. The need for wires connecting individual users will be very necessary
for wireless technology in the near future.

The mail distribution approaches on multiple servers offered here are a flexible solution
for applications where it is challenging to host mails on a single server from a particular
domain. By adding a hop to the wait and effectively multiplying the usage of the network
for the mail, this method typically costs postal delivery and retrieval. For every multi-
stage method, the first is an inherent dilemma. Multiple physical interfaces on one
device and the flow of traffic between interfaces will mitigate the second.
References
‌ owns, C. (2016). Networks, trust, and risk mitigation during the American Revolutionary
D
War: a case study. The Economic History Review, 70(2), pp.509–528.

Kropp, T. (2006). System threats and vulnerabilities [power system protection. IEEE Power
and Energy Magazine, 4(2), pp.46–50.

Shaikh, A., Pardeshi, B. and Dalvi, F. (2020). Overcoming Threats and Vulnerabilities in
DNS. SSRN Electronic Journal.

Sridevi, S. (2011). Wireless Lan Vulnerabilities, Threats and Countermeasures. Indian

Journal of Applied Research, 3(9), pp.123–126.

Threats and Vulnerabilities to IoT End Devices Architecture and suggested remedies.
(2020). International Journal of Recent Technology and Engineering, 8(6), pp.5712–5718.

Web security under threat. (2011). Network Security, 2011(10), pp.1–20.