...Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Course Name and Number: IA5010 13020 Found of Information Assurance Student Name: Zhen Sun Instructor Name: Professor Themis Papageorge Lab Due Date: 09/19/13 Lab Assessment Questions & Answers Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. Note: These forms have been formatted to allow you to complete the form online and save it using Adobe Reader. You may experience problems with either or both of these actions if you are using any other software program. indows Application Loaded Starts as Service Y/N 1.WireShark NO 2.Nessus Client NO 3.Tftpd32 YES 4.Mozilla Firefox NO 5.Nmap-Zenmap GUI NO What was the allocated source IP host address for the TargetWindows01 server, LAN Switch 1,LAN Switch 2, and the IP default gateway router? TargetWindows01 server: 172.30.0.8 LAN Switch 1: 172.16.8.5 LAN Switch 2: 172.16.20.5 Default gateway router: 172.30.0.1 Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? YES. 4 packets were sent back to the IP source. 4.What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet...
Words: 523 - Pages: 3
...Mertsaloff/Shutterstock Interior Design: Octopod Studios Developmental Editor: William Pollock Technical Reviewer: Jason Oliver Copyeditor: Pamela Hunt Compositor: Susan Glinert Stevens Proofreader: James Fraleigh Indexer: Nancy Guenther For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data Weidman, Georgia. Penetration testing : a hands-on introduction to hacking / Georgia Weidman. pages cm Includes index. ISBN 978-1-59327-564-8 (paperback) -- ISBN 1-59327-564-1 (paperback) 1. Penetration testing (Computer security) 2. Kali Linux. 3. Computer hackers. QA76.9.A25W4258 2014 005.8'092--dc23 2014001066 I. Title. No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no...
Words: 117203 - Pages: 469
...page 21 page 21 page 21 page 21 page 21 page 20 page 20 page 20 page 21 White hat Black hat page 21 page 21 page 28 page 28 Dictionary cracking Brute-force computation Trust exploitation Port redirection page 28 page 29 page 30 Man-in-the-middle attack Social engineering Phishing page 30 page 30 2 Network Security 1 and 2 Companion Guide The Internet continues to grow exponentially. Personal, government, and business applications continue to multiply on the Internet, with immediate benefits to end users. However, these network-based applications and services can pose security risks to individuals and to the information resources of companies and governments. Information is an asset that must be protected. Without adequate network security, many individuals, businesses, and governments risk losing that asset. Network security is the process by which digital information assets are protected. The goals of network security are as follows: ■ ■ ■ Protect confidentiality Maintain integrity Ensure availability With this in mind, it is imperative that all networks be protected from threats and vulnerabilities for a business to achieve its fullest potential. Typically, these threats are persistent because of vulnerabilities, which can arise from the following: Note...
Words: 13317 - Pages: 54
...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...
Words: 6103 - Pages: 25
...This page was intentionally left blank This page was intentionally left blank Hands-On Ethical Hacking and Network Defense Second Edition Michael T. Simpson, Kent Backman, and James E. Corley ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest. Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated...
Words: 185373 - Pages: 742
...Information Systems SecurityNOTManualSALE OR DISTRIBUTION Lab FOR v2.0 NOT FOR SALE OR DISTRIBUTION Placeholder for inside cover and copyright page © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC Copyright © 2014 by Jones & Bartlett Learning, NOT FOR SALE OR DISTRIBUTION LLC, an Ascend Learning Company. All rights reserved. OR DISTRIBUTION NOT FOR SALE Instructor Lab Manual www.jblearning.com © Jones & Bartlett Learning...
Words: 95466 - Pages: 382
...Research Paper: Information Security Technologies by Benjamin Tomhave November 10, 2004 Prepared for: Professor Dave Carothers EMSE 218 The George Washington University This paper or presentation is my own work. Any assistance I received in its preparation is acknowledged within the paper or presentation, in accordance with academic practice. If I used data, ideas, words, diagrams, pictures, or other information from any source, I have cited the sources fully and completely in footnotes and bibliography entries. This includes sources which I have quoted or paraphrased. Furthermore, I certify that this paper or presentation was prepared by me specifically for this class and has not been submitted, in whole or in part, to any other class in this University or elsewhere, or used for any purpose other than satisfying the requirements of this class, except that I am allowed to submit the paper or presentation to a professional publication, peer reviewed journal, or professional conference. In adding my name following the word 'Signature', I intend that this certification will have the same authority and authenticity as a document executed with my hand-written signature. Signature _____Benjamin L. Tomhave________________________ Benjamin L. Tomhave 12/7/2004 1 Research Paper: Information Security Technologies by Benjamin L. Tomhave Abstract The following research paper provides analysis of thirteen (13) information security technology topics, arranged in ten (10)...
Words: 12903 - Pages: 52
...Loaded 36 scripts for scanning. Initiating ARP Ping Scan at 15:13 Scanning 2 hosts [1 port/host] Completed ARP Ping Scan at 15:13, 0.38s elapsed (2 total hosts) Nmap scan report for 172.30.0.0 [host down] mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers Initiating SYN Stealth Scan at 15:13 Scanning 172.30.0.1 [1000 ports] Discovered open port 22/tcp on 172.30.0.1 Discovered open port 23/tcp on 172.30.0.1 Discovered open port 111/tcp on 172.30.0.1 Completed SYN Stealth Scan at 15:13, 0.36s elapsed (1000 total ports) Initiating Service scan at 15:13 Scanning 3 services on 172.30.0.1 Completed Service scan at 15:13, 6.00s elapsed (3 services on 1 host) Initiating RPCGrind Scan against 172.30.0.1 at 15:13 Completed RPCGrind Scan against 172.30.0.1 at 15:13, 0.00s elapsed (1 port) Initiating OS detection (try #1) against 172.30.0.1 Retrying OS detection (try #2) against 172.30.0.1 Retrying OS detection (try #3) against 172.30.0.1 Retrying OS detection (try #4) against 172.30.0.1 Retrying OS detection (try #5) against 172.30.0.1 NSE: Script scanning 172.30.0.1. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 15:13 Completed NSE at 15:13, 0.09s elapsed NSE: Script Scanning completed. Nmap scan report for 172.30.0.1 Host is up (0.00s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.5p1 Debian 6 (protocol...
Words: 8899 - Pages: 36
...JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY Security Strategies in Windows Platforms and Applications 1E REVISED 38542_FMxx.indd i 9/5/12 10:48 AM World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The Laboratory Manual to accompany Security Strategies in Windowa Platforms and Applications is an independent publication and has not been authorized, sponsored, or otherwise...
Words: 25969 - Pages: 104
...Phones 13 Work stations and laptops 13 Serves 13 Routers and Switches 13 Software 14 Card Access System 14 Governance and Management/Security Approach 14 Customer/Business Owner Management and security 14 Standard Operations and Business Practices 14 Security 14 Data Sharing 15 Data Storage 16 Tools used for change control management 16 Problem reporting 16 Risk identification 16 Disaster Recovery 16 Documentation Strategies 16 Training 16 Security 17 Roles and Responsibilities 17 Network 19 Acceptance 20 Training Plan 20 Introduction 20 Scope 20 Training Approach 21 Curriculum 22 Evaluation 23 Testing Document 24 Test Set 1: Fault Tolerance 24 Test 1: Basic Failover 24 Test Set 2: Recovery 25 Test 2.1: Manual Recovery to a Second Machine 25 Test Set 3: Exception Handling 26 Test 3.1 Out-of-Order Startup Sequence 26 Test 3.2 Test Death of Naming...
Words: 11047 - Pages: 45
...EC-Council Press | The Experts: EC-Council EC-Council’s mission is to address the need for well educated and certified information security and e-business practitioners. EC-Council is a global, member based organization comprised of hundreds of industry and subject matter experts all working together to set the standards and raise the bar in Information Security certification and education. EC-Council certifications are viewed as the essential certifications needed where standard configuration and security policy courses fall short. Providing a true, hands-on, tactical approach to security, individuals armed with the knowledge disseminated by EC-Council programs are securing networks around the world and beating the hackers at their own game. The Solution: EC-Council Press The EC-Council | Press marks an innovation in academic text books and courses of study in information security, computer forensics, disaster recovery, and end-user security. By repurposing the essential content of EC-Council’s world class professional certification programs to fit academic programs, the EC-Council | Press was formed. With 8 Full Series, comprised of 27 different books, the EC-Council | Press is set to revolutionize global information security programs and ultimately create a new breed of practitioners capable of combating this growing epidemic of cybercrime and the rising threat of cyber war. This Certification: C|EH – Certified Ethical Hacker Certified Ethical Hacker is a certification...
Words: 61838 - Pages: 248
...Vulnerability Assessment for Jacket-X Corporation University of Maryland University College Abstract The Jacket-X Corporation is a manufacturer of industrial-grade gloves, jackets, and other safety-related clothing applications. The Chief Information Officer (CIO) at Jacket-X is concerned with the current Information Technology (IT) security implementations and procedures. He has valid concerns due to reports from Human Resources (HR) stating financial issues with last year’s payrolls. There are also concerns with external network vulnerabilities that possibly can give hackers unauthorized access to company data and information. The CIO has internal IT security concerns due to a recent incident with an executive employee infecting the company’s network with malicious software from a company issued laptop. To help stay current with technology and compliant with federal laws Jacket-X decided to install a new Identity Management (IdM) system with Single Sign On (SSO) features. Several employees and customers do not like the new IdM system due to having privacy and data access concerns. This paper will analyze and discuss potential threats and vulnerabilities within the Jacket-X Corporation enterprise network. The paper will identify various IT security measures that will address the known threats and vulnerabilities. There will be discussions and recommendations made for choosing the best IdM system for Jacket-X. These discussions will also consist of the company addressing...
Words: 6831 - Pages: 28
...1: What is the essential difference between an 'Ethical Hacker' and a 'Cracker'? A. The ethical hacker does not use the same techniques or skills as a cracker. B. The ethical hacker does it strictly for financial motives unlike a cracker. C. The ethical hacker has authorization from the owner of the target. D. The ethical hacker is just a cracker who is getting paid. Answer: C Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. QUESTION 2: What does the term "Ethical Hacking" mean? A. Someone who is hacking for ethical reasons. B. Someone who is using his/her skills for ethical reasons. C. Someone who is using his/her skills for defensive purposes. D. Someone who is using his/her skills for offensive purposes. Answer: C Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills. QUESTION 3: Who is an Ethical Hacker? A. A person whohacksfor ethical reasons B. A person whohacksfor an ethical cause C. A person whohacksfor defensive purposes D. A person whohacksfor offensive purposes Answer: C Explanation: The Ethical hacker is a security professional who applies his hacking skills...
Words: 34575 - Pages: 139
...Contents 1. Introduction 2. Assessment Test 3. Chapter 1: Getting Started with Ethical Hacking 1. Hacking: A Short History 2. What Is an Ethical Hacker? 3. Summary 4. Exam Essentials 5. Review Questions 4. Chapter 2: System Fundamentals 1. Exploring Network Topologies 2. Working with the Open Systems Interconnection Model 3. Dissecting the TCP/IP Suite 4. IP Subnetting 5. Hexadecimal vs. Binary 6. Exploring TCP/IP Ports 7. Understanding Network Devices 8. Working with MAC Addresses 9. Intrusion Prevention and Intrusion Detection Systems 10. Network Security 11. Knowing Operating Systems 12. Backups and Archiving 13. Summary 14. Exam Essentials 15. Review Questions 5. Chapter 3: Cryptography 2 1. Cryptography: Early Applications and Examples 2. Cryptography in Action 3. Understanding Hashing 4. Issues with Cryptography 5. Applications of Cryptography 6. Summary 7. Exam Essentials 8. Review Questions 6. Chapter 4: Footprinting and Reconnaissance 1. Understanding the Steps of Ethical Hacking 2. What Is Footprinting? 3. Terminology in Footprinting 4. Threats Introduced by Footprinting 5. The Footprinting Process 6. Summary 7. Exam Essentials 8. Review Questions 7. Chapter 5: Scanning Networks 1. What Is Network Scanning? 2. Checking for Live Systems 3. Checking for Open Ports 4. Types of Scans 5. OS Fingerprinting 6. Banner Grabbing 7. Countermeasures 8. Vulnerability Scanning 9. Drawing Network Diagrams 10. Using Proxies 11. Summary 12. Exam Essentials 13. Review Questions...
Words: 71242 - Pages: 285
...and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications, including CompTIA A+, Network+, Security+, and CASP; (ISC)2 SSCP and CISSP; Microsoft MCSE and MCITP, and ITIL Foundations. In response to repeated requests, Darril created the http://gcgapremium.com/ site where he provides study materials for several certification exams, including the Security+ exam. Darril regularly posts blog...
Words: 125224 - Pages: 501
