IS-Assignment

Iqra Tabassum
2018-CS-622

Chapter 6 Exercises
1. Using the Web, search for “software firewalls.” Examine the various alternatives
available and compare their functionality, cost, features, and type of protection. Create a
weighted ranking according to your own evaluation of the features and specifications of
each software package.

Visit: http://www.toptenreviews.com/software/privacy/best-personal-firewall-software/

I think the best software firewall programs depend on the type of computer you
have and also how much you use the Internet. The link above lists the top 10
software firewalls. I personally would pick Avira because it is free and is top-rated
and still receives high scores for protection.

2. Using figure 6-18, create one or more rules necessary for both the internal and
external firewalls to allow a remote user to access an internal machine from the Internet
using the Timbuktu software. Your answer requires researching the ports used by this
software packet.

One rule that should be necessary for both internal and external firewalls to allow
a remote user access in an internal machine from the Internet would be: Any
ports for Timbuktu Pro Windows should be opened or forwarded in your
router/firewall to allow proper connection to an online server or dedicated server
and/or when you want to host an online multiplayer game or application from
your computer or local area network.

3. Suppose management wants to create a “server farm” for the configuration in Figure
6-18 that allows a proxy firewall in the DMZ to access an internal Web server (rather
than a Web server in the DMZ). Do you foresee any technical difficulties in deploying
this architecture? What are the advantages and disadvantages to this implementation?

I think that this a good solution because it protects Web severs from compromise
and places proxies in the DMZ to carry requests. This also allows HTTP traffic to
reach the Web server and prevents non-HTTP traffic from reaching the Web
server. Some disadvantages would be the Web response time and an increase of
traffic through the internal firewall.
4. Using the Internet, determine what applications are commercially available to enable
secure remote access to a PC.

Using the Internet, the following applications are commercially available to enable
secure remote access to a PC: (Not listed in any particular order)

1. GoToMyPC

2. LogMeIn

3. TeamViewer

4. PCnow

5. Radmin

6. Anyplace Control

-I’ve only head of GoToMyPC and LogMeIn before, the other applications are
new to me.

More details on these applications can be found at:

5. Using a Microsoft Windows system, open Internet Explorer. Click Internet Options
on the Tools menu. Examine the contents of the Security and Privacy tabs. How can
these tabs be configured to provide: a) content filtering and b) protection from unwanted
items like cookies?

a) You can configure Internet Explorer to control the kind of content users
can view in the browser. You can control content by either using content
rating systems or specifying Web sites.

b) You can configure your privacy settings in Internet Explorer by clicking the
Privacy setting and then by choosing: Block All Cookies, High, Medium High,
Medium (which is the default), Low, and Accept All Cookies.

Source: http://support.Microsoft.com/kb/283185

Chapter 7 Exercises
1. A key feature of hybrid IDPS systems is event correlation. After
researching event correlation online, define the following terms as they are used
in this process: compression, suppression, and generalization.
a. Compression is the degree to which redundant or inconsequential
data can be removed to compress the result dataset.
b. Suppression is the ability of a correlation engine to suppress false
positive triggers from raising an unwarranted alarm.
c. Generalization is the ability to induce a known exploit signature into
a general purpose alert.
2. Zone Alarm is a PC-based firewall and IDPS tool. Visit the product
manufacturer at www.zonelabs.com and find the product specification for the
IDPS features of Zone Alarm. Which Zone Alarm products offer these features?
a. After visiting the PC-based firewall and IDPS tool website located at
www.zonelabs.com and doing some research, I found the product
specification for the IDPS features. Two Zone Alarm products that offers
these IDPS features are the Zone Alarm Pro Antivirus + Firewall and also
the Zone Alarm Extreme Security 2013. These are very popular products
and can be purchased directly from the site. I have never used this website
before, so it was interesting to do this research.
3. Using the Internet, search for commercial IDPS systems. What
classification systems and descriptions are used, and how can they be used to
compare the features and components of each IDPS? Create a comparison
spreadsheet to identify the classification systems you find.
a. IDPS technologies can be classified based on different parameters
such as: the methodologies that they employ to detect intrusions which
include 1. signature-based detection 2. anomaly-based detection and 3.
stateful protocol analysis.
b. The functionalities they provide ultimately differentiate passive
systems from reactive systems.
c. The type of events they monitor, which are closely related to the
type of systems they guard: a wired network, a wireless network or a single
host.
d. In addition to these, a fourth type of IDPS may be identified, which is
known as Network Behavior Analysis (NBA) IDPS.
4. Use the Internet to search for “live DVD security toolkit.” Read a few Web
sites to learn more about this class of tools and their capabilities. Write a brief
description of a live DVD security toolkit.
 a. Network Security Toolkit (NST) is a Linux-based Live DVD/USB
Flash Drive that provides a set of free and open-source computer security
and networking tools to perform routine security and networking diagnostic
and monitoring tasks. The distribution can be used as a network security
analysis, validation and monitoring tool on servers hosting virtual
machines. The majority of tools published in the article "Top 125 security
tools" by Insecure.org are available in the toolkit. NST has package
management capabilities similar to Fedora and maintains its own
repository of additional packages.
5. Several online passphrase generators are available. Locate at least two on
the Internet and try them. What did you observe?
a. Automated Password Generator, Password Boy, Pass Creator, Random
Password Generator, and Strong Password Generator are some of the online
passphrase generators available. I noticed that with all of these passphrase
generators, the length of the password can be changed. I also noticed an option
to include symbols, numbers, lowercase and uppercase letters. Also, there is an
algorithm to generate passphrase as pronounceable or completely random,
which is hard to crack. I have never used these passphrase generators before,
so it was interesting to try them out.