Professional Documents
Culture Documents
Technology Involved in Setting Up Information Technology in An Organization
Technology Involved in Setting Up Information Technology in An Organization
1.0 INTRODUCTION
SIWES (Student Industrial Work Experience Scheme) was setup to enhance
undergraduate with industrial skills. It requires student to dedicate a particular
portion of their academic pursuit to engage with industries in their industrial
operations.
1
1.1 Background of the Study/Report
In challenging the need of forming credible graduates, the federal government saw
it necessary to engage undergraduates with industrial skill so as to become familiar
with the industry while in school and be prepared to meet such after graduating.
Having carried out such exercise, the experience and technology of the
organization I worked with needs to be documented.
Every organization has a prior motive of making profits. It begins to wonder why
to make these profits; more money needs to be spent. In recent times, it has been
observed that most expenses are used to incubate Information Technology (IT) in
the organization and facilitate the IT with state-of-the art facilities. Such expense is
positively correlated to high profit.
Hence, there is a need to explain the technology that drives the implementation and
maintenance of Information Technology (IT) in an Organization while maintaining
the ideal of the setting up of the SIWES program.
2
6. To elaborate the technology involved in setting up Information Technology
in an organization.
7. To discover creative and efficient solutions, as regards IT, to improve
activities for ultimate organizational goal.
COMPANY VISION
Our vision To expand the world of Technology in sales/service, software design,
web-design & hosting, networking, v-sat installation, renting of projectors, video
coverage/editing & animation, security systems and trained dommies to
professional standard in Networking (CCNA, CCNP) Web-Design (HTML, PHP,
JAVASCRIPT, SQL) Software (JAVA, C++) and lots more.
SOFTWARE WEB
ENGINEER
CHIEF SERVICE
ENGINEER NETWORK/ TELECOM ENGINEER
CHIEF
EXECUTIVE
MARKETING OFFICER3 FIELD MARKETING OFFICER
OFFICER
SERVER MGT
CHIEF TRAINING OFFICER
TRAINER
CHIEF IT CONSULTANT
SECTION TWO
4
via taking down popular web sites. Because of easy-to-use DoS tools, such as
Trinoo, can be easily downloaded from the Internet, normal computer users can
become DoS attackers as well.(Gu & Liu, 2010)
They sometime coordinately expressed their views via launching DoS attacks
against organizations whose policies they disagreed with. DoS attacks also
appeared in illegal actions. Companies might use DoS attacks to knock off their
competitors in the market. Extortion via DoS attacks were on rise in the past years.
Attackers threatened online businesses with DoS attacks and requested payments
for protection.(Gu & Liu, 2010)
In a DDoS attack, the attacker makes a huge impact on the victim by having
multiplied power of attack derived by a large number of computer agents. It
becomes possible for an attacker because he takes large number of computer
machines under his control over the internet before applying an attack. In fact,
these computers are vulnerable machines in the public network and attacker can
exploit their weaknesses by inserting malicious code or some other hacking
technique so that they become under his control. These compromised machines can
be hundreds or thousands in number. They behave as agents of the attacker and are
commonly termed as ‘zombies.’ The entire group of zombies is usually named as a
‘botnet.’ The size of botnet decides the magnitude of attack. For larger botnet
(increased number of zombies in a botnet), attack is more severe and disastrous.
5
Figure 2: Architecture of DDoS Attack
From trying to flood a target with ping command based ICMP echo request to
multi-vector attacks, DDoS attacks have grown bigger and sophisticated over the
years. According to Vishnu, (2016), the following are examples of various types of
DDoS attack:
DDoS attacks can target a specific application or a badly coded website to exploit
its weakness and take down the entire server as a result. WordPress and Joomla are
two examples of applications that can be targeted to exhaust a server’s resources –
RAM, CPU, etc. Databases can also be targeted with SQL injections designed to
exploit these loopholes. The exhausted server is then unavailable to process
legitimate requests due to exhausted resources. Websites and applications with
security loopholes are also susceptible to hackers looking to steal information.
6
This is a standard term (like John Doe) used to describe an attack that is exploiting
new vulnerabilities. These ZERO Day DDoS vulnerabilities do not have patches or
effective defensive mechanisms.
3. Ping Flood
An evolved version of ICMP flood, this DDoS attack is also application specific.
When a server receives a large amount of spoofed Ping packets from a very large
set of source IP it is being targeted by a Ping Flood attack. Such an attack’s goal is
to flood the target with ping packets until it goes offline. It is designed to consume
all available bandwidth and resources in the network until it is completely drained
out and shuts down. This type of DDoS attack is also not easy to detect as it can
easily resemble legitimate traffic.
4. IP Null Attack
Packets contain IPv4 headers which carry information about which Transport
Protocol is being used. When attackers set the value of this field to zero, these
packets can bypass security measures designed to scan TCP, UDP and ICMP.
When the target server tries to process these packets, it will eventually exhaust its
resources and reboot.
5. CharGEN Flood
7
this protocol enabled by default and can be used to execute a CharGEN attack.
This can be used to flood a target with UDP packets on port 19. When the target
tries to make sense of these requests, it will fail to do so. The server will eventually
exhaust its resources and go offline or reboot.
6. SNMP Flood
Like a CharGEN attack, SNMP can also be used for amplification attacks. Snmp is
mainly used on network devices. SNMP amplification attack is carried out by
sending small packets carrying a spoofed IP of the target to the internet enabled
devices running SNMP. These spoofed requests to such devices are then used to
send UDP floods as responses from these devices to the target. However,
amplification effect in SNMP can be greater when compared with CHARGEN and
DNS attacks. When the target tries to make sense of this flood of requests, it will
end up exhausting its resources and go offline or reboot.
7. NTP Flood
The NTP protocol is another publicly accessible network protocol. The NTP
amplification attack is also carried out by sending small packets carrying a spoofed
IP of the target to internet enabled devices running NTP. These spoofed requests to
such devices are then used to send UDP floods as responses from these devices to
the target. When the target tries to make sense of this flood of requests, it will end
up exhausting its resources and go offline or reboot.
8. SSDP Flood
SSDP enabled network devices that are also accessible to UPnP from the internet
are easy source for generating SSDP amplification floods. The SSDP amplification
8
attack is also carried out by sending small packets carrying a spoofed IP of the
target to devices. These spoofed requests to such devices are used to send UDP
floods as responses from these devices to the target. When the target tries to make
sense of this flood of requests, it will end up exhausting its resources and go offline
or reboot.
9. Multi-Vector Attacks
We talked about attackers combining Recursive GET attacks with HTTP flood
attacks to amplify the effects of an attack. That’s just one example of an attacker
using two types of DDoS attacks at the same time to target a server. Attacks can
also combine several methods to keep the engineers dealing with the DDoS attack
confused. These attacks are the toughest to deal with and are capable of taking
down some of the best protected servers and networks.
10.SYN Flood
This attack exploits the design of the three-way TCP communication process
between a client, host and a server. In this process, a client initiates a new session
by generating a SYN packet. The host assigns and checks these sessions until they
are closed by the client. To carry out a SYN Flood attack, an attacker sends a large
amount of SYN packets to the target server from spoofed IP addresses. This attack
goes on until it exhausts a server’s connection table memory –stores and processes
these incoming SYN packets. The result is a server unavailable to process
legitimate requests due to exhausted resources until the attack lasts.
11.SYN-ACK Flood
9
The second step of the three-way TCP communication process is exploited by this
DDoS attack. In this step, a SYN-ACK packet is generated by the listening host to
acknowledge an incoming SYN packet. A large amount of spoofed SYN-ACK
packets are sent to a target server in a SYN-ACK Flood attack. The attack tries to
exhaust a server’s resources – its RAM, CPU, etc. as the server tries to process this
flood of requests. The result is a server unavailable to process legitimate requests
due to exhausted resources until the attack lasts.
Fragmented ACK packets are used in this bandwidth consuming version of the
ACK & PUSH ACK Flood attack. To execute this attack, fragmented packets of
1500 bytes are sent to the target server. It is easier for these packets to reach their
target undetected as they are not normally reassembled by routers at the IP level.
This allows an attacker to send a small amount of packets with irrelevant data
through routing devices to consume large amounts of bandwidth. This attack
affects all servers within the target network by trying to consume all available
bandwidth in the network.
10
2.3 Mitigation approach I adopted during the course of my IT
1. Determining the Nash equilibrium for both the attack and defence in a single
or multiplayer game environment.
2. Simulating a game model on NS3 using the Nash equilibrium which will
serve as a firewall mechanism against DoS/DDoS attack on web servers.
1. Attacker (Ai)
2. Zombies (Zi)
3. Legitimate users (Li)
4. The DMZ (VRRP Network of two routers and a switch) (DMZ)
5. The firewall router (FW)
6. Target server (T)
11
ATTACKER
VICTIME
ZOMBIES DMZ FIREWALL SERVER
LEGITIMATE
USER
Internet cloud
The attacker triggers the zombies to flood the victim server with bogus packets.
This occurs while legitimate users still need to send packets to the server. The
DMZ is a network of 2 routers and one switch running a virtual redundancy
routing protocol (VRRP). The DMZ provides redundancy for the network with a
router failover network structure.
The firewall is where the mitigation scripts runs that decipher between legitimate
and illegitimate packets and drops them where needed. The victim server is the
target of the attacker/zombies and should be kept safe by the firewall as much as
possible.
Finally in this section, computational representation involves specifying
assumptions. Some of these assumptions relate to boundary or scope conditions of
the theory. But other assumptions are simplifications of the simulation itself that
12
enable the researcher to strip out complexity in order to focus on the central logic
and constructs. (Davis et al., 2007)
Certain assumptions are required to properly model the system. They include the
following:
1. Single attacker controls all of the zombies that act as attacking nodes, each
of which sends a flow of bogus packets to the server server.
2. The DMZ is a network of two routers and a switch that failover when there
is bogus packets providing some level of protection for the network. A little
latency is permitted at the DMZ.
3. The firewall has no knowledge of whether the flow is coming from the
attacker or a legitimate user.
4. The FW’s belief on the legitimacy of the flow decreases with the increase of
the flow rate.
5. Some packets of a flow f are dropped in the firewall when the total incoming
flow rate T is more than the available band- width B.
6. The attacker does not spoof a unique source address for each packet in a
single flow. Such spoofing would be extremely difficult and is highly
unlikely to occur. Note that when the spoofed source address is the same for
the entire flow, the filtering mechanism would act the same as if there were
no spoofing.
1. HOIC
2. LOIC
3. HTTP Unbearable Load King (HULK)
4. R.U.D.Y (R-U-Dead-Yet)
13
TOOLS FOR DETECTION OF DENIAL OF SERIVICE ATTACK
A tool which i used during my industrial attachment for the detection of some
of the ddos attack which i simulated is wireshark.
14
Figure 5: Software organization of ns-3
15
8. Brown
The cat5 cables are terminated and configured at both ends using a crimping tool (a
piece of hardware used together with the connectors to hold the wire firmly). There
are 2 types of cat5 cable configurations.
16
Cross Cable W
Straight Cable
17
Figure 8: Already prepared network cable
18
2. Ping IP address of host computer—verifies the TCP/IP address
configuration for the local host.
3. Ping default-gateway IP address—verifies whether the router that connects
the local network to other networks can be accessed.
4. Ping remote destination IP address—verifies connectivity to a remote host.
19
SECTION THREE
3.0 CONCLUSION AND RECOMMENDATION
3.1 Summary of Knowledge/Experiences Gained
During my Industrial Training Program, I went through training in various units of
the information and technology department. The experience was thought
provoking in the sense that I was exposed technically on the job as well as how to
handle human capital requirements.
Below is a breakdown of some of the jobs that I did in the user support unit.
3.2 Conclusion
I must confess that the program contained some shortcomings, which had
personally affected me. But despite some lapses, the program, I must say, it did me
a lot of good than bad.
The program has afforded me the opportunity to know exactly those things
expected of me by the large society as a responsible man. I must also confess that
20
the basic knowledge I obtained in the university was of tremendous help to me
during my training.
In summary, I agreed that all had not been bed of roses, but as stated earlier, the
program has done more good than bad. The program, I will therefore, say was a
successful one and was able to meet its entire objection. I strongly believe I can
effectively compete with others in the field of information technology as my
career.
3.3 Recommendations
Although I had a very eventful time at BIG DATA COMPUTER SERVICES,
these are some of my observations I believe if improve upon will enhance the
efficiency of students on Industrial training.
I recommend that the company should expose the students to train in various unit
of the information technology department, the training exercise be redefined in
order to make room for total absorption of the student into the programme when
posted.
21
REFERENCE
Aamir, M., & Zaidi, M. A. (2013). A Survey on DDoS Attack and Defense
Strategies: From Traditional Schemes to Current Techniques. Interdisciplinary
Information Sciences, 19(2), 173–200. http://doi.org/10.4036/iis.2013.173
Beitollahi, H., & Deconinck, G. (2012). Tackling application-layer DDoS Attacks.
Procedia Computer Science, 10, 432–441.
http://doi.org/10.1016/j.procs.2012.06.056
Douligeris, C., & Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms:
Classification and state-of-the-art. Computer Networks, 44(5), 643–666.
http://doi.org/10.1016/j.comnet.2003.10.003
Cresponet blog on About Cresponet Retrived on 14th December 2016 11:30PM
from URL: http://www.cresponet.com/about.html
How to stuff blog on How to test Network Connectivity Retrived on 14th
December 2016 11:35PM from URL:
http://www.howtostuff.com/testingfornetwork-connectivity.html
22