Site to Site VPN, Remote VPN

Virtual Private Network (VPN) is used to connect between private network and a remote network through internet connection. VPN will also provide encryption for connection that is established between one private network and a remote network (“Virtual Private,” 2012). There are two types of VPN namely, Site to Site VPN and Remote-access VPN.

Site to Site VPN are VPN that allows different LAN in fixed location to communicate over a secure communication using the internet. There are two types of VPNs namely intranet-based and extranet-based (“Virtual Private,” 2012).

Intranet based VPN will mean the company is located in multiple fixed location and they would like to combine each LAN in the company to form a WAN using intranet VPN (“Virtual Private,” 2012).

However extranet-based VPN will be referring to building a shared, secure network between two or more network. However this shared network is unable to access to others intranet. This type of intranet is used when they would like to communicate with their business partner in a secure manner (“Virtual Private,” 2012).

However remote-access VPN will be referring to establishing a secure connection in a remote location. One 

of the industries that require remote-access VPN would be insurance company. It is because one of they might require their salesperson to be able to connect to their company server in order to perform adding of sensitive data (“Virtual Private,” 2012).

There are two types of VPN component are needed in order to perform remote-access VPN. These components are, Network Access Server (NAS) and the client software. NAS could be a dedicated server or server that installs multiple programs.  NAS will then require user to provide credentials to sign in. 

Following that, they will run verify the user either using their own checking process or using authentication server that is located in the same network (“Virtual Private,” 2012).

Client software is need as well in order for remote-access VPN to work. This software is needed to establish or maintain any remote VPN connection (“Virtual Private,” 2012).

Bibliography

Virtual Private Network. (2012, May 23). Retrieved June 2, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Virtual_private_network

Public Key Infrastructure (Digital Cert)

Public Key Infrastructure (PKI) allows users to information securely over an insecure network.  This can be done through the use of public key (known to all) and private key (will not be transferred over the network) (Brayton, Finneman, Turajski, & Wiltsey, 2006). PKI provides digital certificate that can identify an individual or an organization. In some cases, revocation of certification will be necessary (Brayton, Finneman, Turajski, & Wiltsey, 2006).

Previous cryptography involves the use of single key to encrypt and decrypt the data (symmetric cryptography). However such method is not as secure because if the key is intercepted by unauthorized user, the message can be decrypted by them (Brayton, Finneman, Turajski, & Wiltsey, 2006). Hence PKI is such more preferred. It is because it provides an additional layer of protection to prevent unauthorized user from decrypting the message upon intercepting the key (Khan, n.d.). PKI is also known as the asymmetric cryptography.

The following image will be showing the details about digital certificate:

Figure 1 (Digital Certificate showing the public key)

It must comprise certain component In order for PKI to work. This includes:

• Certificate Authority, one that issue and verify the authenticity of the digital certificate. This certificate will include or provide information about public key (Brayton, Finneman, Turajski, & Wiltsey, 2006).
• Registration Authority, one that verify the authenticity of the certificate authority before issuing digital certificate to individual or organization that requests it (Brayton, Finneman, Turajski, & Wiltsey, 2006).

There are two ways to send data across the network, either ensuring high confidentiality or high integrity. In order to ensure high confidentiality of the message, the sender will be encrypting the message using the receiver’s public key. The receiver will then be decrypting the data using his/her private key (Temasek Polytechinc, 2012).

To ensure high integrity of the message, the sender will be encrypting the message using his/her private key. The receiver will then be decrypting the data using the sender public key (Temasek Polytechinc, 2012).

Reference

Brayton, J., Finneman, A., Turajski, N., & Wiltsey, S. (2006, October). PKI (public key infrastructure). Retrieved May 25, 2012, from SearchSecurity: http://searchsecurity.techtarget.com/definition/PKI

Khan, S. (n.d.). What Is PKI? Retrieved May 25, 2012, from eHow: http://www.ehow.com/about_6693189_pki_.html

Temasek Polytechinc. (2012, May 25). Cryptography. Singapore, Singapore, Singapore.

IPSec (ESP, AH, DES, MD5, SHA, DH)

Internet Protocol Security (IPSec) is a protocol that is used to authenticate and encrypt every IP packet for every communication session (IPsec, 2012). It is found in the Internet Layer of the TCP/IP Model.

There are several security protocols in IPSec. This includes Encapsulating Security Payload (ESP), Authentication Header (AH). Encryption will be Data Encryption Standard (DES). For Authentication it will be MD5 and SHA. Cryptographic protocol would be Diffie–Hellman key exchange (DH).

For ESP, it will refer to protocol that is upholds integrity, authenticity and confidentiality of the packets. In order to uphold the integrity of the packets, ESP provides optional authentication services (“System Administration Guide,” n.d.). It is advisable for all packets to enable both encryption and authentication service. It is because if the packets only enable only one service, it will be rather insecure (IPsec, 2012). However ESP is only able to protect parts of the datagram at ESP encapsulate (“System Administration Guide,” n.d.).

Figure 1 will be showing how ESP encrypts the datagram.

Figure 1 (Showing how ESP works (“System Administration Guide,” n.d.))

When both services are activated, ESP will be capable of preventing eavesdropping and cut-and-paste attack¹.

AH will ensure connectionless integrity as well as the data origin authentication of IP address (IPsec, 2012). AH will helps to protect packets from IP header to transport header. This will helps to prevent cut and paste attack (“System Administration Guide,” n.d.)..

DES is previously one of the best encryption algorithms. In addition DES was highly influential in the cryptography industry (“Data Encryption,” 2012). However in today world, DES is considered “weak” in encryption. It is because COPACOBANA is able to crack DES in less than one day (“Data Encryption,” 2012). Therefore to encrypt the data, Advanced Encryption System (AES) is would be a better choice since it is the industry standard for encryption (Deutsch, n.d.).

MD5 is one of the widely used hash algorithm. It is used to check the integrity of the data. However in the recent years, MD5 flaws have been surfaced and US-CERT decided to stop using MD5 function since it is seriously flawed (MD5, 2012). As a result, most of the U.S. government decides to use SHA-2 family hash function (MD5, 2012).

SHA function is designed by the National Security Agency (U.S.). Currently there are two well-known SHA family created by National Security Agency, namely SHA-1 and SHA-2 (SHA-1, 2012). SHA-3 is under-development and it will be available once the NIST hash function competition has selected the winning function this year (SHA-1, 2012). There is an urgent need to implement SHA-3 because there are flaw in SHA-1. This will also affect SHA-2 because both uses similar algorithm (SHA-1, 2012).

In DH, it refers to a method to exchange key is a method of exchanging cryptographic keys. Under DH, it allows two parties to know their secret key over an insecure network through the use of symmetric key cipher (Diffie–Hellman key exchange, 2012)(“Diffie-Hellman,” n.d.).

The following video will be explaining how DH works in greater details:

References

Data Encryption Standard. (2012, May 2). Retrieved May 24, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Data_Encryption_Standard

Diffie–Hellman key exchange. (2012, May 24). Retrieved May 25, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

IPsec. (2012, May 7). Retrieved May 24, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Encapsulating_Security_Payload

MD5. (2012, May 23). Retrieved May 25, 2012, from Wikipedia: http://en.wikipedia.org/wiki/MD5

SHA-1. (2012, May 24). Retrieved May 24, 2012, from Wikipedia: http://en.wikipedia.org/wiki/SHA-1

Deutsch, W. (n.d.). A Short History of AES Encryption. Retrieved May 24, 2012, from About.com: http://bizsecurity.about.com/od/informationsecurity/a/aes_history.htm

System Administration Guide: IP Services. (n.d.). Retrieved May 24, 2012, from Oracle: http://docs.oracle.com/cd/E19082-01/819-3000/ipsec-ov-8/index.html

---

¹Cut-and-paste attack refers to attack where hacker replaces part of the ciphertext to different ciphertext. This altered ciphertext will result in modifying valid information.

Authentication, Authorization and Accounting

Authentication, Authorization and Accounting (AAA) is refers to the security architecture that is used for Cisco router and other networking devices (“CCNA 640-553,” n.d.). There are several protocols that abide to AAA architecture this includes RADIUS and TACACS+.

In Authentication, it refers to verifying of the user identity. For instance, under AAA architecture, user is required to provide username and password when the user accesses the router via telnet. However, authentication is unable to take place when user only enter password when he/she access the router via telnet. It is because the network administrator is unable to identify who is accessing the router (“CCNA 640-553,” n.d.).

In Authorization, it will be referring to granting of rights to user or groups who are able to access to the particular system. One of the examples of performing authorization will be granting user rights based on Cisco IOS access level. In Cisco router, user with higher privilege level will be granted more rights compared to the user with lower privilege level(“CCNA 640-553,” n.d.). In privilege level 15, it is also known as the super user level.

In Accounting, it refers to task that is used to track user actions as well as provide logging of the system in order to maintain personal accountability. Accounting will only takes place when authentication and authorization has completed. One of the ways of accounting will be through logging. In logging, network administrator will be able to know which user has logged into the system, number of bytes transferred in the session (“CCNA 640-553,” n.d.).

In the industry, there are protocols such as TACACS+ and RADIUS. In TACACS+, it provides better security (the entire packet is encrypted) but lesser accounting. However, RADIUS will help to provide better accounting but poor security (only password is encrypted).

Figure 1 will be showing a list of differences between TACACS+ and RADIUS

Figure 1 (Comparison between TACACS+ and RADIUS) (Temasek Polytechic, n.d.)

References

CCNA 640-553 exam: explain the function and importance of AAA. (n.d.). Retrieved May 18, 2012, from Ciscokits: http://www.certificationkits.com/ccna-security-aaa/

Temasek Polytechic. (n.d.). TACACS+/RADIUS Comparison. Singapore, Singapore, Singapore.

Access Control List

In networking security, access list is normally used to classify packets, whether to deny the packets or to permit the packets. One of the examples would be using access control list in Network Address Translation (NAT) as well as Port Address Translation (PAT) in order to bind public pool of address with the private address (Saunders, n.d.).

Access control list is can also be used in both Cisco IOS Routers and Switches. It can specify specific ports and to set inbound and outbound rule.

Access control list can be categorized in standard Access Control List (ACLs) and extended ACL. We could actually identify which type of ACL by ID number. Table 1 will be showing the range of each ACL category.

1-99 or 1300-1999	Standard ACL
100-199 or 2000-2699	Extended ACL

Table 1 (ID range of each ACL category (Saunders, n.d.))

Besides ID ACL, there is also Named ACL. By having Named ACL, it enables network engineers to better identify each uses of each ACL. In addition, Named ACL will also enable them to remove any specific line in the ACL. Such function will also enable network engineer to remove any specific lines in the ACLs (Saunders, n.d.).

There also implicit rules to in ACL. One of the rules will be deny any traffic in at the end of the rules. The reason of placing such rule in at the end of ACL is because ACL will be processing each condition from the top till the bottom of ACL. The router and switch will discontinue such checking when there is a match in the condition (“Access Control,” n.d.).

In conclusion, the ACL will be help to protect the network by removing any unwanted traffic in order to prevent any attack in the network.

References

Access Control Lists(ACLs) Basics. (n.d.). Retrieved May 11, 2012, from Aspell: http://www.aspell.org/CCNA/CCNA-Cisco-Access-Control-List-ACL.php

Saunders, J. (n.d.). Access control lists (ACL). Retrieved May 11, 2012, from www.jlsnet.co.uk: http://www.jlsnet.co.uk/index.php?page=ccna_4a_acls

Secure Perimeter Routers & Disable Services & Logging

There are several ways to secure perimeter routers. This includes ingress and egress filtering. In ingress filtering, it refers to a techniques used to verify the identity of the incoming packet (Ingress filtering, 2012).

In this filtering technique, the packet that fails to get through the filtering process will be ignored by the router or resend the packet back to the sender to indicate the failure of sending such packet (Ingress filtering, 2012). One of the recommended policies for ingress rule is to drop this packet when the source IP address belongs to the internal network address (Cox, 2007).

As for egress filtering, it refers to filtering of outbound information from one network to another. By doing so, it will helps to prevent any unauthorized traffic from leaving the internal network (Egress filtering, 2012). One of the recommended policies for egress rule will be looking at the source IP address. If the source IP address is not private address, the perimeter router should drop the packet (Cox, 2007).

To prevent any attack in the network, such as port redirection, the network administrator is recommended to disable unwanted ports and services.

To ensure that accountability is uphold, logging of activities is crucial. Therefore there is a need to implement SYSLOG for logging purpose.

Figure 1 (Viewing of SYSLOG)

However Syslog must be well-protected. It is because in the last phase of attack, it will be covering of track (Graves, 2010). In this phase, the hacker might delete SYSLOG to prevent being discovered. To protect SYSLOG, the network administrator could encrypt the SYSLOG traffic within IPSec tunnel (Temasek Polytechnic, n.d.). Besides that, network administrator is encouraged to have more than one SYSLOG server to serve as backup when the default SYSLOG server’s log is lost.

References

[Use of Kiwi for SYSLOG]. Retrieved May 5, 2012, from: http://www.softmaximum.com/free/review/kiwi-syslog-daemon/5437/

Cox, C. (2007, January). Establish ingress and egress address filtering policies. Retrieved May 3, 2012, from SearchNetworkingChannel: http://searchnetworkingchannel.techtarget.com/tutorial/Establish-Ingress-and-Egress-address-filtering-policies

Egress filtering. (2012, March 18). Retrieved May 3, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Egress_filtering

Graves, K. (2010, April 26). Certified ethical hacker. Sybex.

Ingress filtering. (2012, April 11). Retrieved May 2012, 3, from Wikipedia: http://en.wikipedia.org/wiki/Ingress_filtering

Temasek Polytechnic. (n.d.). Basic router and switch security. Singapore, Singapore, Singapore.

Common Threats to Router and Switch Physical & Mitigation

There are several physical threats in both router and switch when it comes to implementation of that device. It can be categorized as four categories. This includes hardware threats, environmental threats, electrical threats and maintenance threats.

In hardware threat, the hardware can be damaged due to act of mischief or deliberate act. To mitigate this threat, the organization shall think of ways to minimize any damage. The organization can consider limiting the number of point of entry to the server room to minimize any damage done. This includes allowing only authorized users to gain entry to the server room. Besides that, logging of every entry is also important to personal accountability. Security camera is also important because it serve as deterrent purpose (Temasek Polytechnic, n.d.).

In environmental threat, overheated router and switch will damage the equipment. Hence there is a need to “control” these environmental factors. These include air-conditioning, humidity control and environmental alarm system as well as recording to inform the helpdesk when the server has a high temperature (Temasek Polytechnic, n.d.).

In electrical threat, abrupt power outage might crash the router and switch. Therefore, by installing Uninterruptible Power Supply (UPS) will help to provide electrical supply ranging from 5 to 15 minutes (“Uninterruptible power,” 2012). In this short period of time, the technician will be able to shut down the server in a rightful manner (Temasek Polytechnic, n.d.).

In maintenance-related threat, we can limit any damage done due to maintenance-related work such as poor cabling (Sud & Edelman, 2003).  As a result, there is a need to provide label for important cables. Besides that, providing additional cables for every router and switch will helps to ensure high availability of the network.

Figure 1 (Cables in the server room (Temasek Polytechnic, n.d.))

Reference

Sud, R., & Edelman, K. (2003, December). Securing Cisco routers. Retrieved May 3, 2012, from SearchSecurity: http://searchsecurity.techtarget.com/feature/Securing-Cisco-routers

Temasek Polytechnic. (n.d.). Basic router and switch security. Singapore, Singapore, Singapore.

Uninterruptible power supply. (2012, April 19). Retrieved May 3, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Uninterruptible_power_supply#Ferro-resonant

Network / Port Address Translation

In the case of Singapore, the number of internet user has raised from 1.2 million users in 2000 to 3.7 million users in 2010 (“Singapore internet,” 2010). This shows that the number internet users have risen significantly.

Hence to slow down IPv4 depletion, Network Address Translation (NAT) and Port Address Translation (PAT) come into play. In NAT (dynamic), a group of private addresses can be mapped to a set of public addresses. Normally, that set of private addresses is more than that set of public addresses. While PAT will be referring to mapping of a set of private addresses to one public address. As a result, it helps to slows down the depletion IP address (Tyson, n.d.).

Figure 1 (Using NAT (Dynamic) (Tyson, n.d.))

Figure 2 (Using PAT (Tyson, n.d.))

There are several benefits of using NAT/PAT. This includes conservation of IP address. Secondly, NAT/PAT will allow greater scalability since adding a new host will not affect the addressing a scheme of the public address. Lastly, NAT/PAT provides an additional layer of security since query can only be initiated by the internal host. Therefore it makes it difficult for people with malicious motive to enter the network (Kozierok, 2005).

However NAT/PAT also has disadvantage, this includes performance issue. It is because when address translation takes place, there is a need to recalculate the header checksum. As a result some time is lost to perform this task (Kozierok, 2005). Secondly, there is also problem in security protocol. For instance, IPSec might flag address translation process as datagram “hacking” since it has the capability of detecting header modification (Kozierok, 2005).

In conclusion, although NAT/PAT might have its disadvantage, it also brought many advantage such as scalability in private network. As a result, many organizations decide to use NAT/PAT because they feel that the advantages have outweighed the disadvantages.

Reference

Kozierok, C. M. (2005, September 20). IP NAT overview, motivation, advantages and disadvantages. Retrieved May 2, 2012, from The TCP/IP Guide: http://www.tcpipguide.com/free/t_IPNATOverviewMotivationAdvantagesandDisadvantages.htm

Singapore internet statistic and telecommunications. (2010, June 24). Retrieved May 2, 2012, from Internet World Stats: http://www.internetworldstats.com/asia/sg.htm

Tyson, J. (n.d.). How Network Address Translation Works. Retrieved May 2, 2012, from howstuffworks: http://computer.howstuffworks.com/nat1.htm

Perimeter Router, Internal Router and Firewall

Perimeter Router is also known as the border router. It is being used to connect between trusted and untrusted network. However if the perimeter router is not properly configured, it will adversely compromise the operations of the trusted network (Dunning, 2011).

For instance, a poorly secured perimeter router will result in denial of service (DoS), which will compromise the availability of the network (Dunning, 2011). It will happen when the router is ineffective in filtering redundant network traffic (Dunning, 2011). On the other hand, a well-secured perimeter router will be able to prevent any reconnaissance from taking place, hence reducing the risk of being attacked (Dunning, 2011).

Figure 1 (Network Diagram)

To prevent any attack from taking place, the perimeter router must filter all the incoming packets. One of way will be ensuring that the source IP address must not contain the IP address of the local network. This is one of the sign of IP spoofing (Dunning, 2011).

Internal router will be referring to router that is not between the trusted and untrusted network. It will help to divide the local area network of into smaller network. In this way it will help to speed up the speed of transfer since it will have smaller routing table than before (Cooney, n.d.).

A firewall is referring to filtering of unwanted packets in order to protect the host from any attack (Tyson, n.d.).

The following video will be explaining the uses of firewall:

Source: http://www.youtube.com/embed/VvZlnkPvTO8?fs=1

There are several methods to control traffic in firewall. These include packet filtering and stateful inspection. In packet filtering, the packets must go through a set of filtering. Only those packets managed to make it will be sent to the system (Tyson, n.d.).

In stateful inspection, only key parts of the packets will be checked against the database. The characteristic of the outbound information will be checked against the inbound information. If it matches reasonably, the packet will be allowed (Tyson, n.d.).

Reference

 [Network diagram]. Retrieved May 1, 2012, from: http://www.aniltj.com/blog/2007/03/23/DesignPatternsAndSOARuntimeInfrastructure.aspx

Cooney, R. (n.d.). Subnet Addressing. Retrieved May 1, 2012, from NetworkComputing: http://www.networkcomputing.com/unixworld/tutorial/001.html

Dunning, D. (2011, November 13). What Is a Perimeter Router? Retrieved May 1, 2012, from eHow: http://www.ehow.com/info_12198351_perimeter-router.html

Tyson, J. (n.d.). How Firewalls Work. Retrieved May 1, 2012, from howstuffworks: http://computer.howstuffworks.com/firewall1.htm

Security Policy

In this network security policy, it is defined as a formal statement of rules for people who are granted access to the organization resources to abide (Temasek Polytechinc, n.d.). Since threats are ever-growing and ever-changing, hence network security policy is a continuous cycle. In this cycle, it is divided into 4 phase, namely secure, monitor, test and improve.

In secure stage, it will begin to implement things to prevent any possible loss of information (Temasek Polytechinc, n.d.). This includes requiring constant change of password and implementing firewall in the network.

In monitoring stage, it will be detecting any violation to the policy (Temasek Polytechinc, n.d.). It normally involves the use of the Intrusion Detection System (IDS) to flag any violations to network adminstrator.

In test stage, the organization will be performing penetration testing or auditing the network system (Temasek Polytechinc, n.d.).

After gathering information from both monitoring and test stage, the organization will be improving or create a new security policies based on any vulnerability that is being surfaced in the organization (Temasek Polytechinc, n.d.). This stage is also known as the improve stage.

Figure 1 (Security policy life cycle)

When developing security policy, the organization can decide in three ways according to RFC 2196. Firstly, "Services offered versus security provided." In this concept, the network administrator can decide whether to provide the service (carries more security risks) or not to provide the service (least benefits) (Tittel, 2003).

Secondly, "Ease of use versus security." Network administrator can also decide between the ease of use (less secure) or “user-unfriendly” interface (most secure). Hence, depending on the situation, the network administrator will be deciding between these two extremities (Tittel, 2003).

Lastly, "Cost of security versus risk of loss." Network administrator can decide between the costs of security (in terms of performance, ease of use and cost) and loss when they didn’t implement. These include the loss of information, privacy and service (Tittel, 2003).

References:

[Information security policy]. Retrieved April 27, 2012, from: http://trustedtoolkit.blogspot.com/2007/07/information-security-policy-101_03.html

Temasek Polytechinc. (n.d.). L02 - Laws and ethics. Singapore, Singapore, Singapore. Retrieved from SearchSecurity.

Temasek Polytechinc. (n.d.). Overview of internetworking security. Singapore, Singapore, Singapore.

Tittel, E. (2003, August). The security policy document library: site security handbook. Retrieved April 27, 2012, from SearchSecurity: http://searchsecurity.techtarget.com/tip/The-security-policy-document-library-Site-Security-Handbook

Common Networking Attacks Threats and Solution

In this highly globalized world, both threats in defense technologies are improving in a rapid pace. This led to a lot of disastrous problem such as unauthorized disclosure of information, including states secret.

One of the problems of network will be Ping of Death attack. In this attack, one of the hosts will be sending defected packet unintentionally or intentionally. As a result, instead of sending 32 bytes of data, the host will be sending 65,525 bytes of ping packet. This will result in buffer overflow, crashing the computer (“Ping of”, 2012). Ping of Death is also one of the methods for denial of service.

To solve the problem of denial of service, network administrator can implement Intrusion Prevention System (IPS). IPS will be able to detect any anomaly activities through signature, or “experience” of that normal network conditions (“Intrusion prevention,” 2012). Another method will be traffic rate limiting. In this method, they will be implementing a quota for the traffic allowed for the network (Temasek Polytechinc, n.d.).

Here is the video explaining the differences between IPS and Intrusion Prevention System (IDS):

Another common networking threat will be scanning phase of the attack. In that phase, the hacker will try to map the network of the victim’s system (“Types of,” 2011). One of the ways will be performing banner grabbing using Netcat to determine the victim’s Operating System (OS). By doing so, the hacker will be able to retrieve information about OS versions and begin to exploit the known vulnerability of that OS (Banner grabbing, 2012). After scanning is completed, it will normally mean that the hacker will be preparing for phase 3, which is gaining access to the network.

Figure 1 (Steps of hacking (Graves, 2010, p. 8))

Figure 2 (Phase of scanning (Graves, 2010, p. 67))

There are several ways to prevent any scanning from taking place. One of the ways will be disabling unused services on the network host (Banner grabbing, 2012). Another way will be using Intrusion Detection System (IDS) to notify the network administrator when reconnaissance is taking place (Temasek Polytechinc, n.d.).

In conclusion, these networking threats cannot be thoroughly eliminated since ‘older’ threats are ever-changing and ‘new’ threats are emerging. Therefore being a network administrator, it is important for them to keep themselves updated through visiting the advisories that is made by the manufacturer and update the latest security patches from the manufacturer.

References:

Types of network attacks: four primary classes. (2011, July 17). Retrieved April 27, 2012, from CCNAanswers-khim: http://ccnaanswers-khim.blogspot.com/2011/07/types-of-network-attacks-four-primary.html

Banner grabbing. (2012, February 22). Retrieved April 27, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Banner_grabbing

Intrusion prevention system. (2012, March 25). Retrieved April 26, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Intrusion-prevention_system

Ping of death. (2012, March 16). Retrieved April 2012, 2012, from Wikipedia: http://en.wikipedia.org/wiki/Ping_of_death`

Graves, K. (2010, April 26). Certified ethical hacker. Sybex.

Temasek Polytechinc. (n.d.). Overview of internetworking security. Singapore, Singapore, Singapore.