This network security assessment solution focuses on identifying vulnerabilities in web-based applications, with a specific emphasis on cross-site scripting (XSS) attacks and denial of service (DoS) attacks. The assessment reveals critical vulnerabilities in Kirandeep’s blog contact form and the network’s firewall configurations. Recommendations for mitigating these vulnerabilities are also provided.
Network security Assessment Solution
3a. Cross-site scripting is the most common of all vulnerabilities on web-based applications.
This type of attacks do not affect applications instead use server (application) code to perform
attacks. Kirandeep’s blog contact form serve the purpose of receiving comments/suggestions
from the users. Instead contact form was used by the hackers/spammers to send emails to
number of people via it, even only Kirandeep’s email id is stored in the code. The fields in
the contact form serve as the platform for executing additional (hackers’) scripts to send
mails or perform any other spam or hacking activities.
3b. “Your email address” field can be used to send mails to number of people associated or
not associated with the blog. PHP code uses “mail” [3] function to send
comments/suggestions to site owner, which has additional header such as Cc, Bcc.
Your Email Address xyz@xyz.com; CC: abc@abc.com; BCC: def@def.com
Even the “message” field can be used to execute any web page, URL or script to send spam
emails.
Message URL:sendmail.com
send_mail.php
send_mail.exe
3c. James should disable additional header or filter out line breaker/separator from “your
email address” field to restrict spam emails.
Disabling additional header will stop/restrict to email addresses in Cc and Bcc.
mail ($to, $subject, $message, null]
The “message” field should be in plain text instead of HTML to disable any active URLs and
echo command should be used only to display messages.
3d. Hackers may use contact form only once to send spam emails to number of people. But,
the spam emails can have hazardous affects on the recipients. The script in message can be
used to steal confidential information.
2a. The Denial of service attack has occurred in the network by using most of the network
bandwidth by creating fake addresses. There are a lot of ping request from source with no
response from the destination.
2b. Attacker should have used Unix/DOS command for initiating ping attack with deficient
packet size.
2c. IP address of host: 138.77.216.136
Attack has initiated from a personal Dell system (Dell_99:dc:92) from Australia.
2d. Filters used are TCP, DNS and ICMP. TCP is used to check connection between
application and IP, UDP to get checksum of port numbers and ICMP for checking error
messages from devices.
1a.
1b.
External Firewall (FW1)
Rule Protocol Transport
Protocol
Source IP Source
Port
Destination IP Destination
Port
Action
1 6 TCP 200.27.27.10/24 Any 10.0.0.10/24 Any Allow
2 6 TCP 10.0.0.10/24 Any 200.27.27.10/24 Any Allow
3 6 TCP 10.0.0.20/24 Any 200.27.27.10/24 Any Allow
4 6 TCP 10.0.0.30/24 Any 200.27.27.10/24 Any Allow
5 6 TCP 192.168.1.253/28 Any 200.27.27.10/24 Any Allow
6 6 TCP 200.27.27.10/24 Any 10.0.0.20/24 Any Allow
7 6 TCP 200.27.27.10/24 Any 10.0.0.30/24 Any Allow
8 6 TCP 200.27.27.10/24 Any 192.168.1.253/28 Any Allow
9 Any Any Any Any Any Any Deny
Internal Firewall (FW2)
Rule Protocol Transport Source IP Source Destination IP Destination Action
Protocol Port Port
1 6 TCP 192.168.1.254/28 Any 10.0.0.254/24 Any Allow
2 6 TCP 10.0.0.254/24 Any 192.168.1.254/28 Any Allow
3 6 TCP 192.168.1.240/28 Any 192.168.1.254/28 Any Allow
4 6 TCP 192.168.1.254/28 Any 192.168.1.240/28 Any Allow
5 6 TCP Proxy 3028 192.168.1.240/28 Any Allow
6 Any Any Any Any Any Any Deny
External Firewall
Rules Explanation
1 Allow Incoming connections from Internet to DMZ
2 Allow Outgoing connections from DMZ to Internet
3 Allow Outgoing connections from Email Services to Internet
4 Allow Outgoing connections from Web Services to Internet
5 Allow Outgoing connections from Special Host to Internet
6 Allow Incoming connections from Internet to Web Services
7 Allow Incoming connections from Internet to Email Services
8 Allow Incoming connections from Internet to Special Host
9 Deny any other connections
Internal Firewall
Rules Explanation
1 Allow outgoing connections from Internal Network to DMZ
2 Allow incoming connections from Internal Network to DMZ
3 Allow outgoing connections from Clients to Internal IP
4 Allow incoming connections from Clients to Internal IP
5 Allow outgoing connections from Clients to Internal IP for Internet access
6 Deny all other connections