...Brandon Moore LOT2 Task 1 09/14/2011 Diagram Below is a diagram which illustrates how the attack overwhelmed the Web Server. Executive Summary The attack performed on the network had the intention of making the online services provided to students unusable during a critical time of need for those systems. The attack was first performed by acquiring the Administrator password for the systems and using each system to perform a large quantity of requests for service to the web servers. By dissecting what occurred steps can be put in place to prevent such an attack in the future. This attack can be summarized in a few bullets: The attacker was allowed to install software without having Administrator rights The software used sniffed out the Administrator password either via the wire or possibly keystroke logging. Each client computer was able to send a large amount of HTTP requests to the web server. The web server accepted and processed each request. To begin with, it needs to be made mandatory that users on a machine cannot install new software to a machine. Instead, each machine should be preloaded with the tools that would be needed for a typical student to perform their work. In addition, the use of a file monitoring program, such as Tripwire, can be used to detect and notify if any changes have occurred to files or entire folders that shouldn't experience any changes. Next, if the software installed did indeed discover the password over the wire and was able...
Words: 725 - Pages: 3
...Recently the university web-based registration system was the subject of a DDoS (Distributed Denial of Service) attack. This type of attack is characterized by flooding the target system(s) with more network traffic than it can process, thereby forcing the system offline or limiting its ability to respond to legitimate traffic to a negligible level. It is different from a DoS (Denial of Service), in that multiple computers (potentially thousands) are used to increase the amount of traffic sent to the victim. The result of the recent attack was the complete shutdown of the web registration server and the inability of any student to register for classes for approximately 24 hours. It was further determined that the attack originated from inside our internal network; no evidence has been found that an outside attack was able to penetrate our protective layers. To that end, we have compiled a report detailing proposed protective measures that may help prevent such attacks in the future. The investigation determined that he attacker was able to obtain an administrator level password using a password-sniffing application. These applications scan network traffic and pick out username and password combinations. It is believed that since this software was deployed on a large section of our computers, it was simply a matter of time before it detected a password used by our Information Systems staff. Once the password was obtained by the attacker, he/she was then able to log into...
Words: 678 - Pages: 3
...Brandon Moore LOT2 Task 1 09/14/2011 Diagram Below is a diagram which illustrates how the attack overwhelmed the Web Server. Executive Summary The attack performed on the network had the intention of making the online services provided to students unusable during a critical time of need for those systems. The attack was first performed by acquiring the Administrator password for the systems and using each system to perform a large quantity of requests for service to the web servers. By dissecting what occurred steps can be put in place to prevent such an attack in the future. This attack can be summarized in a few bullets: ← The attacker was allowed to install software without having Administrator rights ← The software used sniffed out the Administrator password either via the wire or possibly keystroke logging. ← Each client computer was able to send a large amount of HTTP requests to the web server. ← The web server accepted and processed each request. To begin with, it needs to be made mandatory that users on a machine cannot install new software to a machine. Instead, each machine should be preloaded with the tools that would be needed for a typical student to perform their work. In addition, the use of a file monitoring program, such as Tripwire, can be used to detect and notify if any changes have occurred to files or entire folders that shouldn't experience any changes. Next, if the software installed did...
Words: 724 - Pages: 3
