Network Security and Ethical Considerations: Configuring Firewalls and Email Filtering Tools :
Assignment 03
Network Security and Ethical Considerations: Configuring Firewalls and Email Filtering Tools Introduction
- (a) Spam Assassin
Spam Assassin is an open-source email filtering tool designed to detect and block spam emails. This tool uses various methods and techniques such as content analysis, rule-based scoring, and Bayesian filtering to determine whether incoming emails are spam or not.
Content analysis is a process to examine the various aspects of the emails such as the content subject, the body of the email, and the metadata to identify the common pattern of the spam emails. In addition, the tools look for the use of capital letters, potentially misleading subject content, and dubious HTML tags.
Rule-based scoring assigns points to various components of the emails according to predefined rules. The rules may include specific keywords, URL patterns, or spam signatures. Then, the score is taken as a reference to analyze whether the email is spam or not.
Bayesian filtering is a statistical approach that compares the nature of an incoming email against the database of known spam and non-spam emails. The similarities and dissimilarities of the emails are detected by the system, and the system calculates the probability of the emails being spam based on the static patterns of the emails.
With the implementation of the above techniques along with the flexibility option. Spam Assassin is one of the most reliable and widely used spam email filtering tools by helping users keep mailboxes clean and free of clutter.
- Installing and configuring Spam Assassin
As we know that SpamAssassin is an open-source software that is free to use. So, we can download the software through its official website i.e., https://spamassassin.apache.org. For the installation of the SpamAssassin first of all we have to set up our virtual machine so that we can start the connectivity
of SHH and server. The apt commands and the installation process are described below:
Step 1: First, the system is updated. The terminal on Ubuntu is opened and the following command is executed on the system.
- sudo apt update && sudo apt upgrade
Step 2: To install SpamAssassin, the following command is run in the terminal:
- sudo apt install SpamAssassin
Step 3: When the installation process is completed. Then, we have to open a configuration file through a text editor so that we have access to the setting and we can configure the file as of requirement.
- sudo nano/etc/spamassassin/local.cf
Step 4: Enable SpamAssassin to start automatically at the system startup
- sudo systemctl enable spamassassin
Step 5: Start SpamAssassin (we can start SpamAssassin with the following commands)
- sudo systemctl start spamassassin
Step 6: Installation check (to verify that SpamAssassin is installed and configured correctly)
- sudo systemctl status spamassassin
After that, we can check the system if it working properly. If the system is working without any error, then we will see the message on the display that “SpamAssassin is active and running”.
1.3 (b)
If we have to add the email to our system’s blacklist and whitelist. We need to follow some steps that are mentioned below. We have given an email [email protected] to add to on blacklist and [email protected] to add to on whitelist so that we can block the spam emails that are incoming from the [email protected] and allows the emails from [email protected].
Step 1: In Ubuntu, we need to open the configuration setting of SpamAssassin through a terminal and run the following command.
- sudo nano/etc/spamassassin/local.cf
Step 2: Now locate the blacklist configuration section. To do this, find the section of the configuration that contains a blacklist setting. Mostly it is named “balcklsit_from” from blacklist_form_rcvd”
Step 3: Here we can add any email address so that we can block the incoming mail from them but in our case, we have to add the [email protected]. For that, we will employ the following command.
- blacklist_from [email protected]
Step 4: Now we need to save the changes made and restart the computer.
- sudo systemctl restart Spamassassin
With this, we have successfully added [email protected] to the backlist. Now we will not receive any more spam emails from [email protected].
Now, to whitelist the [email protected] email, we need to perform the following steps:
Step 1: Again we have to open the configuration file of the SpamAssassin on the text editor file.
sudo nano/etc/spamassassin/local.cf
Step 2: Now, we have to access the whitelist config setting file. The names of the files most of the time start with “whitelist_form” or “whitelist_from_rcvd”
Step 3: In order to add the email on the whitelist we will run the following command:
- whitelist_from [email protected]
Step 4: Now, we have to save the changes that we have made in the file. Then restart SpamAssassin. To restart SpamAssassin, we need to use the following command:
- sudo systemctl restart SpamAssassin
So we can allow emails to come from the whitelist. But it may be that the emails contain malicious or unwanted mail.
1.3 (c)
To carry out the test we have to prepare some of the test emails first. Step 1: Test emails
- Create an email with content with the senders as [email protected] and save the file as hacker-email.eml
- Create another email message with the sender set as [email protected] and save it as a victim-email.eml.
Step 2: Run the Spam Assassin test:
- Go to the terminal on the Ubuntu machine.
- Run the following command to test that identifies the email [email protected] as spam.
spamassassin -t < hacker_email.eml
This command processes the email message with the SpamAssassin and shows the spam analysis.
- Likewise, to test if the SpamAssassin identifies the email from [email protected] as a normal email. Then, run the following command.
spamassassin -t < victim_email.eml
- This command processes the email messages and displays the spam analysis report.
So, from the above result of the analysis report, we can determine how SpamAssassin classifies the emails. If the email from the [email protected] has a higher score that indicates the email is spam. The mail from [email protected] must have a lower score so it may be classified as non-spam mail.
To check the email from Figure 1 by using SpamAssassin. At first, the email message is saved as a test-email.eml. Then, the following command is employed.
- spamassassin -t < test_email.eml
This command processes and evaluates the message through the SpamAssassin and displayed the result. When the output is analyzed. It is found that the email is not spam email because it has a very low score.
Here, the spamassassin command will give the information regarding the spam analysis including spam score, and detects the spam indicators.
2.1(a) To enable nodes A and H for communication with the port 80n on node y with a firewall. We need to configure the firewall rules accordingly. Mostly used firewall tools in Linux-based systems has iptables and ufw.
- Identify the IP addresses of node H, Y, and A which is used to create firewalls.
- Open the needed ports on the firewall to allow incoming traffic to port 80 on the Y node and employ the fallowing command.
: sudo iptables -AINPUT -p tcp –dport 80-j ACCEPT
NOTE: This command allows incoming TCP traffic on port 80
- To establish the connectivity between A and H through port 80 of node
Y. We have to determine the IP address source and destination IP address on node Y.
: sudo iptables -AINPUT -p tcp -s <10.0.8.1> –dport 80 -d <IP_Y> -j ACCEPT
: sudo iptables -AINPUT -p tcp -s <10.0..2.0> –dport 80 -d <IP_Y> -j ACCEPT
- Now save the firewall rules to persist through reboots and now we can test the connectivity between node A and H to port 80 of node Y to ensure the firewall rules are working properly.
2.2(b) To establish the communication between nodes A and H with Z with port 443 through the firewall. We must have to set up firewall rules as required. The process is similar to before. So first of all we have to determine the firewall software and configuration tool. Here, we have selected the iptables and ufw as software and tool. Now, we can know the IP addresses of all the nodes to create the firewall rules.
- At first, we have to determine the firewall software and configuration tool. Here we are using the iptables and ufw. Now, we have the IP addresses of all three nodes so that we can have a new rule.
- So, we have to run the following command on the terminal.
: sudo iptables -A INPUT -p tcp –dport 433 -j ACCEPT
- Now we have to set up the rules for the communication between A and H to Z through port 443. For that, we have to specify the IP addresses of nodes A, and H and the destination IP addresses of Z by deploying the following command.
: sufo iptables -A INPUT -p tcp -s<10.0.1.0> –dport443 -d <IP_Z> -j ACCEPT
: sudo iptables -A INPUT -p tcp -s<10.0.2.0> –dpoert 443 -d <IP_Z> -j ACCEPT
- Now we have to save the changes we have made and conduct the testing between node A and H to port 443 on node Z to verify the firewall rules are functioning properly.
2.3 (c)
To add the new stream to block traffic between the does in the intranet and the internet. We follow falling rules:
- We have to decide on the firewall software and configuration tool. In this condition, we are employing the iptables and uft.
- Secondly, we have to point out the IP address range.
- Now, we have to introduce the new rules to block the outgoing from he intranet to the internet for that we have to implement the fallowing commands.
Hence, we are working with iptables so we have to run the following command
- :sudo iptables -A OUTPUT -s <10.0.2.0 > -d 0.0.0.0/0 -j DROP
- We have to create a new rule again for blocking the incoming traffic from the internet to the intranet.
- :sudo iptables -A INPUT -s 0.0.0.0/0 -d <10.0.1.0 > -j DROP
So, we can save the new changes. The connectivity is tested to ensure the expected connectivity between the intranet and the internet. So, we can try accessing the websites in the intranet and verify that access is denied.
2.4(d)
For the new steam and to check the traffic within the internet we may follow the following steps:
Step 1: Like before we have to determine the firewall software and config tool as we are using the iptables and ufw.
Step 2: Now again we have to determine the IP addresses range or subnet of the intranet which is used to create the new rules.
Step 3: To add a new rule that allows the incoming traffic within the intranet: the fallowing command is used:
- : sudo iptables -A INPUT -s <10.0.1.0> -d <10.0.11.0> -j ACCEPT Step 4: Again add a new rule that allows outgoing traffic within the intranet:
- : sudo iptables -A OUTPUT -s <10.0.1.0 > -d <10.0.11.0 > -j ACCEPT
Step 5: Adding a rule to block all the traffics from the internet:
- : sudo iptables -A INPUT -s 0.0.0.0/0 -j DROP
- : sudo iptables -A OUTPUT -d 0.0.0.0/0 -j DROP
Step 6: Now, at last, we have to save the firewall rules to persist across the reboots and test the connectivity to make sure of its proper function.
2.5 (e)
To block traffic, from any port than other than 80 or 433 from node web we have to follow these steps:
Step 1: We are using the iptables and ufw as firewall software and config too. Then, we have to open a terminal.
Step 2: we have to identify the IP addresses of the web nodes.
Step 3: We have to add the new rule to block the outgoing traffic from the node Web to ports other than 80 of 433:
- : sudo iptables -AOUTPUT -s <10.0.0.0> -p tcp –dport ! 80 -j DROP
- : sudo iptables -AOUTPUT -s <10.0.0.0 > -p tcp –dport ! 443 -j DROP
Step 4: Again, we have to add another rule to block the incoming traffic to the node web from ports other than 80 or 433:
- : sudo iptables -AINPUT -d <10.0.0.0> -p tcp –dport ! 80 -j DROP x
- : sudo iptables -AINPUT -d <10.0.0.0 > -p tcp –dport ! 443 -j DROP
Step 5: Now, we have to test the continuity of the connectivity of the system so that all the traffic is blocked except port 80 or 433.
3.1(a) When I will get such an offer, it is important to consider my ethical values and potential conflicts of interest. As an employee, accepting a personal gift or such offer in exchange for a large purchase made on behalf of the company raises concerns about favoritism, potential bias, and compromising professional judgment which is unethical.
It is very important to maintain transparency, fairness, and integrity in business dealings for the reputation and benefit of the company. Accepting personal benefits from a supplier may undermine such principles which is unacceptable for everyone.
I will reject the personal gift and communicate to the representative that the company’s purchasing DECISIONS are based purely on the merits of the product, quality, and the capacity of the suppliers to meet the company’s requirements. So that I can remain ethical and loyal to the company.
3.2(b)
I believe in professionalism and I have a strong work ethic. If I got into such a situation of having a cousin as a candidate on an interview panel. At first, I disclose my relations with him/her to ensure the trenchancy with the
interviewer panel. I will treat my cousin as a general candidate by evaluating him/her strictly based on his/her experience, qualification, and capability. I will treat him/her with specialty and avoid favoritism. I will maintain integrity and make decisions solely based on the skill, experience, and qualifications of the candidate. Also, I will make sure that the candidate will not get any benefit because of me.
3.3(c)
When I faced such a situation, where I made a mistake in a router configuration which caused the 12 hours outage for the engineering section’s server. At first, I will accept the mistake that I have made an error in configuration and I will start to resolve the problem. Then, I will start to analyze the error along with the team members. I will also notify the engineering section about the whole situation by explaining the root cause of the problem. I will put the issue first of all and I will also take help from the IT teams. I will continuously keep updated with the engineering department. Once the issue is resolved. I will conduct the review section on the same topic. After that, I will frequently follow up with the engineering section to ensure the server is functioning properly.
Network Security and Ethical Considerations: Configuring Firewalls and Email Filtering Tools
Visit:https://aussienment.com/
Also visit:https://www.notesnepal.com/archives/767
YOUR COMMENT