What is Footprinting in Network Security?

1.Footprinting refers to a process of assembling information concerning a given network set up, normally with the intention of looking for techniques to get into the environment. Footprinting can depict the system accountability as well as advancing the ease with which they can be utilized. Footprinting is the technique by which intruders aim at an organization and deploy remote access procedure to accumulate proprietary data significant to the firm’s Internet as well as network processors (Moustafa and Slay, 2016). They also reach the firm’s profiles with the aim of mapping out the focused firm’s security stance. Footprinting utilizes queries such as “who is” method that generates the employee phone number, names as well as other data upon request from the attacker. The areas intended by the hackers in a network includes Domain Name Systems (DNS) as well as Internet Protocol (IP) so as to get the addresses, Firewall meant to secure the system from outside intrusion and quick steps generally linked with corporate acquisitions as well as successful broadcasting of this attained data on the Internet, mass media as well as Intranets. When firms gain other companies, various information is produced that become public data which are of focus to the attackers. In addition, footprinting is relevant to systematically and structurally guarantee that all pieces of data are established and it must be carried out appropriately and in a monitored fashion.

2.Wayback machine – this one of the tools that are utilized to gather information on a past version of the website. A web program produced by the archive of the internet that is capable of taking snapshots of a website at a uniform interval and makes them present to anyone who is in pursuit. By the use of Wayback, machine one can recover data that was posted to a website earlier. When a website URL is an input into the Wayback Machine, the website will return a various date showing when a site was archived with an asterisk close to every date on which a modification was done (Xue, Huang, and Zhang, 2016). However, the internet archive does not preserve exhaustive outcome on each website, the site does archive can cover all the way to as early as 1996.

Whois Footprinting – it refers to the name of the protocol which is utilized to examine the servers managed by Regional Internet Registries, that hold data about each resource, that is, Internet Protocol address or Name of the Domain registered on the Internet. The data that can be captured about a resource are like name of the owner of the company, address of the owner of the company, phone number, Internet Protocol address range that a given Ip belongs to, contact email, name servers as well as the name of the administrator (Han and Kim, 2015). The tool obtains the correct internet registrars so as to find data on the owners of the aimed Internet Protocol address as well as domain.

Tools Used for Footprinting with Examples

Email Footprinting – is deployed to control the delivery of the emails to the targeted recipient, intruders track emails to collect information about an intended recipient so as to carry out a social engineering as well as other attacks (Alipour, Al-Nashif, Satam, and Hariri, 2015). It aids in getting the details of the recipients such as the Internet Protocol address of the recipient, recipients’ geolocation, the email was delivered and viewed, checks whether or not the client visited every link delivered to them, gains the browser and working framework details of the recipients as well as the time consumed on viewing the emails.

3.Firewall is an essential component of the network of a firm and acts a significant part in protecting and securing it while network security it is the technique of handling external as well as internal attacks to the network system of the company. The firewall, in general, possesses two network interfaces which include one to secure the external part of the network and the other for internal side (Han, Gopalakrishnan and Lee, 2015). Its main aim is to manage what traffic is permitted to transmit from one side to another. At most fundamental level, firewalls can lock traffic aimed at specific Internet Protocol addresses and ports of the server. Basically, firms set up their firewall to permit incoming flow to port 80, that is accepted port for utilization by web administrators. This permits visitors to gain corporate website, for instance, but untrusted jam spared for other port the access would not be granted. A firm employee who has correct credentials like a username, as well as a password, would be permitted to access through a protected connection, generally a virtual private connection. The firewall blocks malicious softwares meaning it has the capacity to lock potential viruses, Trojan horses as well as malware from attacking the system of the network. In particular, Trojan horses are the deadlier because they link themselves to documents and when these files are transferred they cause damage to computer systems and reveal the private information to web administrators being hosted by attackers. Firewall offer protection against harms incorporating denial of service (DOS) threats. The DOS threats take place when an attacker attempts to barrage a corporate website with a pool of traffic, which brings the web administrator down and permits the attacker to gain access and then the attacker might be able to reach other resources of the network.

The Main Function of Firewall in Network Security

There different kinds of firewall which include the following:

1. Packet-Filtering Firewalls – it essentially forms a checkpoint at a traffic switch as well as the router. It carries a simple check of information packets getting via the router examining the information like the source and destination of Internet Protocol, number of the port as well as the type of the packet.
2. Circuit-Level Gateways – it is meant to confirm or prohibit traffic without utilizing important computing resources, the circuit-level gateway operates by approving the transfer control protocol handshake.
3. Stateful Inspection Firewalls – these firewalls link both TCP handshake as well as packet examination technology approval to form a level of security.
4. Proxy Firewalls – they function at the application layer to verify incoming jam between your connection and traffic origin. It also performs broad-layer packet examinations, verifying the real contents of data packet to proof that it comprises no malware.
5. Next generation Firewalls – this contains properties such as broad-packet examination, surface-level packet assessment as well as TCP handshake tests. It can also incorporate innovations like intrusion prevention frameworks function automatically to curb threats against network.

4.The following are the features to be considered in the Next-Generation Firewall:

1. Zone-based policy control – with the zone-based protection, the admin can link similar interfaces and deploy the same rules to them, instead of writing the similar rule in every interface.
2. Default deny rules – the solution should not permit access from LAN to the connection, and block access from the WAN.
3. Bandwidth management – bandwidth management abilities should permit controllers to assign sure and minimum bandwidth to operations, and prioritize traffic across interfaces of all firewalls.
4. Connection Limiting – this provides an additional layer to attack connections via the firewall through Access Control Police. This property can be utilized to check Denial-of-Service (DOS) terms or the transfer to particular kinds of malware that spread by starting connections to non-constant addresses at a basically high rate.
5. SSL control -the firewall should possess the capacity to offer visibility into handshake of SSL intervals and a technique by forming rules to control the identification of the SSL connections.

5.External and Internal threats – attacks from any machine network comes from external as well as internal entities. The external attacks incorporate the unauthorized access by intruders like virus attack, hackers among others. Internal attacks include exploitation of the network connection by its clients aware or unaware. Internal attacks come in because of malicious activities and ignorance of the clients of the device network (Pathan, 2016). For instance, an individual can leave the device unattended showing it to others who have no authority to access the details. Again, internal attacks can be an individual streaming and fetching files from the internet that leads in a malware attack. The above problem can be solved by observing the following in a network system:

The server is the primary point of information getting in and leaving the network, it should be kept up to date and always patched and also utilize reputed firewalls that maintain invaders away from the network. Deploy a software that generates the log of entire operations on the network, the firewall offers a list of softwares trying to reach the external entities through the server. You need to review these logs timely to analyze if any software has abnormal behavior, thereby examining if the computer or server in the network is under attack for these logs aid in identifying the weird client activity. The server requires a strong anti-malware which can be gotten from the internet for free or you purchase for a suite that consists of anti-malware as well as a firewall.

Deploy the encryption software to minimize the theft of data, for instance, SecureZip is software that permits you to encrypt as well as compressing the outgoing packets of data. Ensure that all the operating systems being used in every device are updated to minimize the vulnerabilities as the working framework engineers establish and patch each weakness in the operating system. Recheck the peripheral on your device such as scanners, printers as well as photocopiers on the network by ensuring they are not reachable from the internet and this is obtained by positioning them behind a firewall.

Security Breaches – this takes place when the network is accessed by individuals with no authority and steal information, install viruses, compromise programs, stealing of hardware and password leakage or hacking. This can be resolved by guaranteeing the hardware is protected every time and utilization of secure, encrypted passwords and ensure passwords are different at various levels of privacy.

Different Kinds of Firewall Briefly Analyzed

6.To secure the assets of the company – an organization by facing the network security problems identifies the need for protecting computers as well as computer networks. The assets here refer to data that is kept in the device network, that is crucial and of high value as the visible assets of the firm. The device and network security is involved with protection, integrity as well as safe access to private details and also entails the accessibility of data in a meaningful way.

To adhere to Regulatory needs and Ethical Responsibilities – it is a role of any company to create procedures and rules handling the security needs of each organization. These regulations act for the safety and protection of every firm and are compulsory for any firm operating on computers.

 For competitive benefit – creating an effective framework for networks will give the company a competitive edge. In the scene of Internet e-commerce, financial services, as well as network security, assumes crucial significance. If the network is protected the clients would avail the operations of banking over the internet.

7.Network policies govern how connection should be established and set to streamline operations of the users in normal conditions and directs how to respond during the instance of intrusion. The following highlights the imposition of rules measures of every term of network security to safeguard information as well as systems:

The network administrator login key should be modified to a highly complicated password and kept in a cabinet with limited access.

Only the certified staffs have the authority to access as well as maintaining applications, architectures, network elements, working frameworks among others.

The authorized users should inform the network administrator before creating general accounts as well as privileged accounts like system admin.

Privileged accounts are subjected to frequent review to ensure they are genuine and should be disabled in case of prolonged inactivity.

The users should not utilize the computerized technology to carry out unacceptable operations such as intentional copyright duplication, program license duplication, plagiarism, fraud, forgery as well as impersonation.

The users should be allowed to access internet with intention of visiting prohibited sites that contains the unlawful materials such as pornographic or harmful information.

The user should not to gain access of the computer resources with no authority from the organization.

Users in an organization should not be allowed come in with their external drives that can infect the computers of the firm with viruses among dangerous components.

The staff or users of the network should not use the electronic mail of the organization in publishing or posting their items.

The users should not dispose the crucial information of the organization to the public like financial statement for security purposes.

When an administrator of the system leaves the company, entire passwords which the admin had access to must be modified immediately.

The firm is entitled to sign DNA to every worker about exposing the information of the deployed computers in the perimeter.

The organization must regularly apply patches as well as protection updates as produced by developers.

Internet access rules incorporate automatically locking entire websites established as incorrect for the firm user.

In the situation of dedicated administrator access, a program firewall should be positioned between the user who is a remote and committed server to conceal the identity of the administrator.

References

Moustafa, N., & Slay, J. (2016). The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 dataset. Information Security Journal: A Global Perspective, 25(1-3), 18-31.

Alipour, H., Al-Nashif, Y. B., Satam, P., & Hariri, S. (2015). Wireless anomaly detection based on IEEE 802.11 behavior analysis. IEEE transactions on information forensics and security, 10(10), 2158-2170.

Han, B., Gopalakrishnan, V., Ji, L., & Lee, S. (2015). Network function virtualization: Challenges and opportunities for innovations. IEEE Communications Magazine, 53(2), 90-97.

Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.

Han, J., Ha, M., & Kim, D. (2015, October). Practical security analysis for the constrained node networks: Focusing on the DTLS protocol. In the Internet of Things (IoT), 2015 5th International Conference on the (pp. 22-29). IEEE.

Xue, N., Huang, X., & Zhang, J. (2016, August). S2Net: a security framework for software-defined intelligent building networks. In Trustcom/BigDataSE/I? SPA, 2016 IEEE (pp. 654-661). IEEE.