• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.701 ■ Spring 2021 ■ Jose Gomez
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit 01 – Threat Environment
      • Unit 02 – System Security Plan
      • Unit 03 – Planning and Policy
      • Unit 04 – Cryptography
      • Unit 05 – Secure Networks
      • Unit 06 – Firewalls
      • Unit 07 – Mid-Term Exam
    • Second Half of the Semester
      • Unit 08 – Access Control
      • Unit 9 Host Hardening
      • Unit 10 Application Security
      • Unit 11 Data Protection
      • Unit 12 – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Cyberattack: The Maersk Global Supply-Chain Meltdown
    • Participation
    • Team Project
  • Harvard Coursepack
  • Gradebook

My question to discuss with my classmates

February 10, 2021 by Jose Gomez 45 Comments

Filed Under: 05 - Secure Networks Tagged With:

Reader Interactions

Comments

  1. Mei X Wang says

    February 11, 2021 at 4:18 pm

    Have you ever encountered a DDoS attack in your personal life or work? How was it mitigated?

    Log in to Reply
    • Zibai Yang says

      February 15, 2021 at 1:17 am

      1) Install a professional anti-DDOS firewall
      The safest and most worry-free way is to use a third-party professional anti-CC attack firewall to prevent. Take the extreme anti-DDoS and anti-CC firewalls as examples. You only need to log in to the intense DDoS high-defense background and configure the forwarding rules to turn on the protection.

      2) Adequate network bandwidth guarantee
      The network bandwidth directly determines the ability to resist attacks. If there is only 10M bandwidth, no matter what measures are taken, it is difficult to resist the current SYNFlood attack. At present, at least 100M shared bandwidth should be selected, and the best is, of course, to hang at 1000M. The trunk is up. But it should be noted that if the host’s network card is 1000M, it does not mean that its network bandwidth is gigabit. If it is connected to a 100M switch, its actual bandwidth will not exceed 100M, and then it is related to 100M. The bandwidth does not mean a 100M bandwidth because the network service provider is likely to limit the actual bandwidth to 10M on the switch. This must be clear.

      Log in to Reply
    • Krish Damany says

      February 15, 2021 at 11:24 am

      In 2011, Sony’s servers were DDoS’d, which affected various Sony services, including the Playstation Network. The outage lasted 23 days, and 77 million accounts had PII breached. Once it was ready, Sony issued a patch to update user’s consoles, as well as force a change of password.

      Log in to Reply
    • Anthony Messina says

      February 16, 2021 at 6:07 am

      That is a funny question because I have encountered a Dos attack before. I work as an overnight SOC analyst, and we received an alert of a high amount of traffic hitting a customers server. I did not have access to the firewall, I was only alerted to it by a member of our support team. Needless to say, I bugged out because it was 3 in the morning and I never had to deal with a Dos attack before. So what did I do???? I woke up our security engineer at 4am Sunday morning bugging out. He actually reached out to one of the NetOps guys and black holed (null routed) the traffic away from the server. So, I did nothing really, HA!

      Log in to Reply
      • Anthony Messina says

        February 16, 2021 at 6:25 am

        This response was in reference to Mei Wang’s question about “Have you ever encountered a DDoS attack?”

        Log in to Reply
    • Anthony Wong says

      February 16, 2021 at 6:26 pm

      I have not encountered a DDoS attack, however, I am currently in the process of implementing a tool to mitigate the risks of these attacks. In short terms, it goes through a content delivery network (CDN) and they monitor the network traffic. After a couple days of monitoring, a baseline is established for what is considered “normal” traffic. Then this baseline is compared against in the future. If abnormal traffic is trying to connect to the system then the packets will be blocked.

      Log in to Reply
  2. Zibai Yang says

    February 11, 2021 at 7:40 pm

    What is the best way to prevent the DDoS attack?

    Log in to Reply
    • Haozhe Lin says

      February 14, 2021 at 4:22 am

      1. Regularly check the server for vulnerabilities
      A regular check of server software security vulnerabilities is the most basic measure to ensure the security of the server. Whether it is the operating system (Windows or Linux), or the common application software (MySQL, Apache, Nginx, FTP, etc.), the server operation and maintenance personnel should pay special attention to the latest vulnerability dynamics of this software, and timely patch the high-risk vulnerabilities.

      2. Hide the real IP address of the server
      Through the CDN node transit acceleration service, the real IP address of the website server can be effectively hidden. CDN services are selected according to the specific situation of the website. For ordinary small and medium-sized enterprise sites or personal sites, you can first use free CDN services, such as Baidu cloud acceleration, qiniu CDN, etc. when the website traffic increases and the demand is high, you can consider paid CDN services.
      Secondly, to prevent the server from leaking the IP address when transmitting information to the outside world, the most common situation is that the server should not use the function of sending an e-mail, because the e-mail header will leak the IP address of the server. If you have to send mail, you can send it through a third-party agent (such as SoundCloud), so that the IP displayed to the outside is the IP address of the agent.

      3. Shut down unnecessary services or ports
      This is also the most common practice of server operation and maintenance personnel. In the server firewall, only the used ports are opened, such as port 80 of Website Web service, port 3306 of the database, port 22 of SSH service, etc. Shut down unnecessary services or ports and filter fake IP on the router.

      Log in to Reply
    • Kyuande Johnson says

      February 14, 2021 at 5:53 pm

      Know your traffic:
      Use network and application monitoring tools to identify traffic trends and tendencies.

      Have a restrictive Plan B defensive posture ready to go. Be in a position to rapidly restore core geographies and business-critical services in the face of a DDoS attack.

      Test, re-test, document, and measure. Incorporate DDoS attacks into penetration testing to simulate complex attacks, identify vulnerabilities, and shore up defenses.

      Log in to Reply
  3. Humbert Amiani says

    February 11, 2021 at 10:02 pm

    To what level is network segmentation effective and is it practical to use different technology in each segment?

    Log in to Reply
  4. Xinyi Zheng says

    February 12, 2021 at 11:30 am

    Which elements should organization consider when they select the cloud services type?

    Log in to Reply
    • Mei X Wang says

      February 15, 2021 at 9:58 pm

      The selection should be focused on the company’s business need. How much computing power they need, the storage, and even how much customization is needed from the ISP. I think by assessing the business needs of your organizations we can identify which elements to focus on when selecting a provider.

      Log in to Reply
  5. Wenyao Ma says

    February 12, 2021 at 9:45 pm

    What are the advantages and disadvantages of migrating core business functions to the cloud?

    Log in to Reply
    • Zibai Yang says

      February 15, 2021 at 1:30 am

      In the era of mobile Internet, office work is gradually shifting to a mobile office model. Easy access anytime, anywhere, and on any device has become a rigid demand of users. The cloud information system is available anytime and anywhere to make the mobile office easier to accomplish. Therefore, the cloud has become the most suitable platform for running various business information systems.

      The security of the cloud platform itself can be guaranteed, and there is no doubt about this. But this only refers to its own security. As for the user’s business security, it is relatively not easy to guarantee. It is common for cloud users to be attacked by DDOS, WEB, and certain viruses.

      Log in to Reply
  6. Anthony Wong says

    February 13, 2021 at 9:06 am

    What cloud service model allows an organization more control over the infrastructure and why?

    Log in to Reply
    • Priyanka Ranu says

      February 13, 2021 at 8:58 pm

      I think Infrastructure-as-a-Service (IaaS) service model allows an organization more control over the infrastructure as it allows businesses to purchase resources on-demand and as needed. IaaS delivers cloud computing infrastructure, including servers, network, operating systems, and storage, through virtualization technology. These cloud servers are typically provided to the organization through a dashboard or an API, giving IaaS clients complete control over the entire infrastructure. IaaS provides the same technologies and capabilities as a traditional data center without having to physically maintain or manage all of it and without investing in expensive on-site resources. One of the advantages of IaaS solutions is flexibility and scalability.

      Log in to Reply
    • Kyuande Johnson says

      February 14, 2021 at 5:56 pm

      Infrastructure As A Service (IaaS) is a cloud computing service where enterprises rent or lease servers for computation and storage in the cloud. Users can run any operating system or applications on the rented servers without the maintenance and operating costs of those servers. Examples are: DigitalOcean, Linode, Rackspace, Amazon Web Services (AWS), Cisco Metapod, Microsoft Azure, Google Compute Engine (GCE).

      Log in to Reply
  7. Priyanka Ranu says

    February 13, 2021 at 7:26 pm

    What are the different types of DDoS attacks and how long do DDoS attacks last?

    Log in to Reply
    • Kyuande Johnson says

      February 14, 2021 at 5:50 pm

      The most common DDos Attack is Ping of Death, SYN Flood and UDP Flood. The Ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. This causes the system to become overwhelmed and crash. SYN Flood aims to make a server unavailable to legitimate traffic by consuming all available server resources. By repeatedly sending initial connection request (SYN) packets. UDP Flood is an attack in which a large number of User Datagram Protocol (UDP) packets are sent to a targeted server with the aim of overwhelming that device’s ability to process and respond.

      Log in to Reply
    • Anthony Messina says

      February 16, 2021 at 6:17 am

      There are numerous methods of DDoS attacks. A few would be a botnet DDos attack. This involves numerous compromised machines that have zombies or bots installed on them. These bots are then controlled by an attacker at another machine often referred to as a command and control server. The attacker issues commands to the bots and they perform the attack from the victims compromised machines. Another method is a SYN flood. The attacking machines initiate the 3-way-handshake with the server by sending a SYN packet. The server responds with a SYN-ACK packet but the attacking machine never replies. The server allocates memory awaiting the ACK packet. The ACK packet never returns and eventually the servers resources get used up.

      As far as how long they last, I think it is relative. I did a little searching and found that they can last up to 24-48 hours. But it appears that the average for an attack is 20 minutes.

      Log in to Reply
  8. Cami Chen says

    February 13, 2021 at 8:12 pm

    How do we prevent one of the Dos attacks, degradation-of-service attacks?

    Log in to Reply
    • Junhan Hao says

      February 16, 2021 at 3:18 am

      Hi Cami,
      I think one method is to configure firewall on important nodes. The firewall itself can resist DDoS attacks and other attacks. When an attack is discovered, the attack can be directed to some sacrificial hosts, which can protect the real host from being attacked. Of course, these sacrificial hosts that are oriented can choose unimportant ones, or systems with fewer vulnerabilities and natural defense against attacks such as Linux and Unix.

      Log in to Reply
  9. Haozhe Lin says

    February 14, 2021 at 4:20 am

    Shopify store has thousands of servers, does it possible to perform a DDoS attack on Shopify?

    Log in to Reply
    • Anthony Messina says

      February 16, 2021 at 6:22 am

      I think with enough bots it possible to launch a successful attack against Shopify. In 2018 GitHub which is used by millions of developers for successfully DDos. At the time it was the largest ever as it was flooded with 1.3 terrabits per second. If an attacker/botmaster can pull off that kind of attack on Github, I’m sure it would be enough to overwhelm Shopify’s load-balancers and web servers.

      Log in to Reply
  10. Jonathan Castelli says

    February 14, 2021 at 10:12 am

    How many people feel access controls sometimes create road blocks to the information they need? I often hear cybersecurity, or any security, could impose more trouble for end users and force them to be creative when trying to gain access to certain systems. This causes people to stop following policies and do things they shouldn’t. I think cybersecurity, when done right, can be a great thing. But if done wrong, it’s very annoying.

    Log in to Reply
    • Austin Mecca says

      February 16, 2021 at 6:36 pm

      While I think this is correct and agree that when it isn’t done correctly can be frustrating, I also think that if people are not following policies and guidelines it could be an indicator that there is a lack of security training/understanding of how to work with the security in place. The book mentioned this in a previous chapter that if there is a negative connotation to the security or there are a lot of people frustrated over security measures, that it may be in fact lackluster training rather than a difficult system.

      Log in to Reply
  11. Kyuande Johnson says

    February 14, 2021 at 10:19 am

    Are are the some types of DDos Attacks and how to mitigate them?

    Log in to Reply
    • Vanessa Marin says

      February 16, 2021 at 9:12 pm

      This white paper highlights the top 9 DDoS attack in the current environment.
      https://dsimg.ubm-us.net/envelope/414933/633973/Top_9_DDoS_Attacks_to_Prep_For_FIN_2020.pdf

      They also reference a botnet killer platform caller Radware DefensePro which provides behavioral based algorithms, real time signature creation

      Log in to Reply
  12. Austin Mecca says

    February 14, 2021 at 4:40 pm

    What would be the best cloud model to be implemented by a small company that may be tight on a budget? Why?

    Log in to Reply
    • Cami Chen says

      February 16, 2021 at 11:29 am

      Hi, Austin. I think that Google Drive could be the best cloud model to be implemented by a small company. It is dependent on what functions will the company use the most. For example, some small financial service companies usually use spreadsheets and store the files in their daily works. Google provides some free applications, including Docs, Sheets, and Slides, and it has lower prices for storage plans from $19.99 per year to $99.99 per year, which it is very dependent on the company usages.

      Log in to Reply
    • Anthony Wong says

      February 16, 2021 at 6:34 pm

      I think Software as a Service (SaaS) would be the best for a small business because it comes ready out of the box. There definitely could be customization for software to meet the business’s needs, but not if they are on a tight budget. Additionally with SaaS, there is not much (if any) maintenance need by the business. The software provider will take care of server maintenance and software updates. I think a good example of this is small businesses using ADP for their payroll.

      Log in to Reply
  13. Krish Damany says

    February 14, 2021 at 6:54 pm

    What are some infamous examples of DDoS attacks in recent times?

    Log in to Reply
    • Zibai Yang says

      February 15, 2021 at 1:41 am

      CapitalOne leaked: CapitalOne is a US financial holding company and one of the US banking giants specializing in financial products such as credit cards and auto loans. The company’s leak was disclosed in July 2019, affecting more than 100 million Americans and 6 million Canadians. Allegedly, the suspect is a former Amazon Web Services employee accused of illegally accessing CapitalOne’s AWS server to retrieve data from more than 30 companies.

      Log in to Reply
  14. Vanessa Marin says

    February 14, 2021 at 9:04 pm

    I LOVE the concept of honeypots! What kind of honeypot would you implement if you were tasked with this?

    Log in to Reply
  15. Zhen Li says

    February 14, 2021 at 9:15 pm

    Does the cloud computing have the data leakage concern? How to mitigate the data leakage problem in such a public platform?

    Log in to Reply
    • Xinyi Zheng says

      February 15, 2021 at 8:22 am

      Many companies using the cloud to store their sensitive or essential data, and most users don’t have physical access. But cloud still have the data leakage concern, including account or service hijacking, denial of service, data loss, data breaches, and many others. Based on that, I think the organization should follow the cloud-security standard, selected a safety cloud environment, and ensure that the entire system remains compliant with the applicable government regulations.

      Log in to Reply
    • Junhan Hao says

      February 16, 2021 at 3:10 am

      Hi Zhen,
      I think cloud computing does have data leakage concern. Misconfigurations are still common and expose a lot of sensitive data. If relatively simple encryption algorithms are used for the data, the data may be leaked during storage or processing on the cloud platform.

      Log in to Reply
  16. Anthony Messina says

    February 14, 2021 at 9:42 pm

    What is ARP spoofing?

    Log in to Reply
    • Anthony Wong says

      February 16, 2021 at 6:44 pm

      ARP spoofing is a type of malicious attack where the hacker impersonates a MAC address on a LAN. This can be performed to intercept, modify or stop in-transit network traffic between two parties trying to communicate. It is also a type of a man-in-the-middle attack.

      Log in to Reply
  17. Junhan Hao says

    February 14, 2021 at 10:54 pm

    What is the difference between a direct and indirect DoS attack?

    Log in to Reply
    • Xinyi Zheng says

      February 15, 2021 at 8:08 am

      The main difference is that direct DoS is flood the victim directly from attacker’s computer, and the indirect DoS is spoof the source address and then flood the victim.

      Log in to Reply
  18. Heather Ergler says

    February 14, 2021 at 11:13 pm

    Why are x.509 Certificates standardized?

    Log in to Reply
  19. Prince Patel says

    February 14, 2021 at 11:49 pm

    What is wireless intrusion detection system? How is it valuable?

    Log in to Reply
  20. Ting-Yen Huang says

    February 15, 2021 at 9:59 pm

    Is there other way to secure message instead of using pair key method?

    Log in to Reply
    • Vanessa Marin says

      February 16, 2021 at 8:59 pm

      So from the front end (and this is new to me) is an application called SCRYPTmail where a decoy email address is provided. I find that an inventive way of protecting yourself from unwanted emails or spam.

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (2)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (7)
  • 04 – Cryptography (6)
  • 05 – Secure Networks (7)
  • 06 – Firewalls (5)
  • 08 – Access Control (7)
  • 09 – Host Hardening (5)
  • 10 – Application Security (6)
  • 11 – Data Protection (4)
  • 12 – Incident and Disaster Response (5)
  • 13 – Review (1)
  • 13 – Team Project Presentations and Review for Final (1)
Fox School of Business

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in