[INFORMATION SECURITY]

[Assignment 2]

[11579425]
TASK 1

WHAT IS REMEDIATION?

Remediation is the process of stopping Information security and compliance risks from growing to a
point where they can no longer be managed and are nothing but harmful to computer systems within
organisations. The process aids in defence against any data breaches disallowing any private or
sensitive data to be attacked, which will conclude in the containment of risk and its eventual removal.

REMEDIATION STRATEGY FOR BLIND SQL

Blind SQL injections are a type of SQL injection which attack a system via the use of true or false
queries. It is an attacking style mostly used on web pages, however, for my report, I will portray how it
can target an operating system and how to prevent it with remediation.

A remediation strategy to prevent any potential Blind SQL attacks is configuring a firewall. The reason
I have to choose this strategy is that a firewall will provide a set of rules to reject any dangerous or
potentially dangerous web request. This will catch and detect any attempt to try to sneak a SQL
through a web channel.

Within my Virtual Machine, I decided to install an Uncomplicated Firewall (UFW). The screenshots
below will detail how I installed this firewall onto my Linux Virtual Machine, and the necessary
configurations I made to it.

As a UFW was not pre-installed onto my Linux software, I had to issue this command ‘sudo apt-get
install ufw -y’. This command was used to install UFW on the system.

The UFW has now been installed onto my system and has been made active shown by the results of
the 'sudo ufw status' command. However, it was installed with the default policy, which allows access
to all incoming traffic. Therefore, the next step in the installation process would be to configure it to
deny all external traffic.

[11579425] Page 1 20/06/2023

The screenshot above shows me using the command ‘sudo ufw allow ssh’ to allow incoming traffic
from any machine on the same network to access my computer. This would provide some form of
protection from blind SQLs however if my router is configured to allow external traffic machines from
beyond the network can still access my computer. Therefore, I have to specify this command further
to allow specific devices access.

The command has now been specified to only allow computers with the IP address shown above, in
addition to this I added the command sudo ‘ufw deny in on enp0s3 to any port ssh’ to deny incoming
traffic from the external interface.

I decided to implement a Firewall as my remediation strategy because I felt as though as a process it

would be easy to implement. This is demonstrated in the firewall installation process as only a single
command was required to install it onto my Linux system. This remediation strategy is a specifically
good one because it allows for all external network access to be prevented this ensures defence
against blind SQLs. Although in the event you wanted to access the system from another device with
no malicious you would be rendered unable to due to the specific settings of the firewall.

[11579425] Page 2 20/06/2023

TASK 2

Wireshark is the industry standard for network packet capture. Wireshark will assist you in capturing
network packets and displaying them in detail. Users can use these packets for real-time or offline
analysis once they have been broken down. The Wireshark application allows you to examine your
network traffic under a microscope, filtering and drilling down into it to find the source of issues,
assisting with network analysis and, ultimately, network security.

For my Wireshark alarm triggering, I used a DDoS attack.

A print screen to display how many packets were captured. The source destination can be seen on the
print screen. As I was running the attack on my computer the IP displayed is the IP address for my pc.

The packets' binary information can be seen as follows.

[11579425] Page 3 20/06/2023

[11579425] Page 4 20/06/2023
Through the use of the statics menu, you can see all source destination addresses. You can use this to
view all IP addresses to identify the intruder on your system.

The source and destinations menu has been used to identify the address with the highest count and
label them as the intruder to my system. The method I just displayed for DDOS attacks on the network
is too lengthy and isn't an automated process. Ideally, you would want to trigger an alert within the
system to spot this automatically.

[11579425] Page 5 20/06/2023

By using the script shown above, Wireshark will beep three times upon detecting a packet which
meets the length requirements that were stated. This would work in providing some form of
remediation as you would be able to defences immediately after being notified about such packets.
To condlude this is the alarm technique I have decided to use as it will be simple to implement, and
many different variations of the script can be found online.

[11579425] Page 6 20/06/2023

BIBLIOGRAPHY

Tech Terms - https://techterms.com/

AULA Class Materials

Youtube

Wireshark docs - https://www.wireshark.org/docs/dfref/s/snort.html

- https://www.wireshark.org/lists/wireshark-users/201201/msg00048.html

[11579425] Page 7 20/06/2023