TermPaperWarehouse.com - Free Term Papers, Essays and Research Documents

The Research Paper Factory

Free Essay

Lab 3 for Ethical Hacking

In:

Submitted By carterjamie82
Words 699
Pages 3
Kaplan University
IT542
Ethical Hacking and Network Defense
Unit 2 Assignment
Assignment 2
Jamie Carter
Professor North

Assignment 2
1.
Ping, DNS lookup, traceroute utilities, and, Internet Explorer, the web browser are primary tools that come equiped in Windows. The DOS or MSDOS allow use of ping and traceroute specifically, these utilities allow for network mapping and network address or IP address identification, as well as port information.
2.
The differences in the organizations are coverage areas. IANA covers the resources delegated to the other organizations (IANA, N,d,). ARIN is delegated to cover the regions of United States, Canada, several parts of the Caribbean region, and Antarctica. RIPE covers northern parts of Asia, Northern Africa, Europe, and Middle Eastern countries.
3.
Sam Spade includes tools that can run WhoIs, HTML source code retrieval, trace route, ping, finger, and nslookup. These functions allow retrieval of data from network traffic, electronic mail headers, and identify origins of addresses.
4
Trace route does exactly as the name states, it traces the route of packets back to the originator. This is useful in finding different jump points and pathways to the targeted website,
It traces the routes packets take from the user to the target. It shows a route by hops. They target the host address.
5.
WhoIs provides general data such as address or domain owner, contact information for owner, and linked sites to a domain. This information can be used in further data gathering processes.
6.
Sam Spade comes equiped with 100 pre-loaded "WhoIs" profiles. Updates may allow for more profiles to be downloaded or updated.
7
Sam Spade is a conglomerate of multiple scanning and data gathering tools that are not intrusive. These tools are for passive scanning of data across networks including electronic mail headers (SANs, 2003).
8.
Personally, companies and organizations should petition, or otherwise have the WhoIs site limit information provided to the general public. Requiring user agreements and usage policies may help with malicious use of the information. This could be one of many steps that would help protect organizations from random people obtaining the information.
9.
The "Web Icon" returns HTML source code (Vitale, 2011). The source code provided helps to see the way the site was designed and where there may be weaknesses.

10. According to personal experience, not every machine connects to a server at the same time. Therefore, a proxy would help to gather data on these other connections as it would gather the data of server connections.

11. Finding accurate information on an individual's criminal history is very important. There is prior knowledge required before performing the Google searches. The first thing is to know previous addresses and approximate age, with this information the municipal and common pleas courts in the areas of residences can be goolged.
12.
Based on company basic information on total number of employees and number of branch offices and estimate can be made on approximately how many people work at branch locations. Most branch locations of medium to smaller organizations are roughly half of the size as the main office and this can help with determining how many floors and departments each branch may hold. For example, A bank may have 5 branches and the main may have two floors. This means the other 4 branches would be single floor. If the total employee base is 75 then it is safe to estimate 12 per location with 27 at the main branch. This estimate is based on personal knowledge of a local bank.
13.
The goal in using search engines to gather data is to perform intrusive methods or undetected ways of gathering data. This method allows for data to be gathered without the target realizing they are the target.
14.
Google hacking locates security vulnerabilities through the use of search engines. These searches reveal two main types of vulnerabilities, "software vulnerabilities and misconfigurations" (TechTarget, 2013).

15. "The Google Hacking Database (GHDB) is a database of queries that identify sensitive data" (Acunetix, 2013). This database often blocks many of the commonly used queries, but this will not stop hackers from deploying these attacks on any content that may have been uncovered or "crawled".

Similar Documents

Premium Essay

Lab #4 – Assessment Worksheet

...Lab #4 – Assessment Worksheet Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation IS4650 Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you performed all five phases of ethical hacking: reconnaissance (using Zenmap GUI for Nmap), scanning (using OpenVAS), enumeration (exploring the vulnerabilities identified by OpenVAS), compromise (attack and exploit the known vulnerabilities) using the Metasploit Framework application), and conducted post-attack activities by recommending specific countermeasures for remediating the vulnerabilities and eliminating the possible exploits. Lab Assessment Questions & Answers 1. What are the five steps of ethical hacking? reconnaissance, scanning,enumeration, compromise, post-attack activities: recommended countermeasures for remediation. 2. During the reconnaissance step of the attack, what open ports were discovered by Zenmap? What services were running on those ports? There were several Ports, I will list onl a few POrts, 21,3306,22,53,445,111,25, all running TCP: the services running were Linux telneted, smtp Postfix, Apache Tomcat/Coyote JSP 3. What step in the hacking attack process uses Zenmap? Reconnaissance ...

Words: 285 - Pages: 2

Free Essay

Vulnerability Assessment Scan

...------------------------------------------------- Lab Assignment for Chapter 3 Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to 
perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings...

Words: 559 - Pages: 3

Premium Essay

Assessing and Securing Systems on a Wan and Applying Encryption and Hashing Algorithms for Secure Communications

...Unit 1 Individual Project Danielle Hunker Ethical Hacking Colorado Technical University Online CSS280 February 22, 2016 Assessment Worksheet Assessing and Securing Systems on a Wide Area Network (WAN) Course Name and Number: Ethical Hacking CSS280 Student Name: Danielle Hunker Instructor Name: Jimmy Irwin Lab Due Date: February 22, 2016 Overview In this lab, a systems administrator for the securelabsondemand.com network has reported odd behavior on two servers that support legacy applications you first conducted internal penetration tests (also called a vulnerability scan) on each system and then helped secure those systems by configuring firewalls and removing vulnerable open ports. Lab Assessment Questions & Answers 1. What is the first Nmap command you ran in this lab? Explain the switches used. Nmap command: nmap –O –v 10.20.100.50 -O was the switch used to detect the operating system 10.20.100.50 -v was the switch used to show the detail of 10.20.100.50 2. What are the open ports when scanning 192.168.3.25 and their service names? * 80 HTTP services * 135 Microsoft EPMAP (End Point Mapper) * 139 NetBios session service * 445 Microsoft DS, SMB file sharing and CIFS (common internet file sharing) * 3389 RDP (Remote Desktop Protocol) * 5357 WSDAPI web services for devices * 49152 uo to 49157 DCOM or ephemeral ports 3. What is the command line syntax for running an SMB vulnerability scan...

Words: 832 - Pages: 4

Free Essay

Ceh Course

...environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50 Who Should Attend This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Duration 5 days (9:00 – 5:00) Certification The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification. Page 2 EC-Council Legal Agreement Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be ...

Words: 458 - Pages: 2

Premium Essay

Fdess

...Hands-On Ethical Hacking and Network Defense Second Edition Chapter 3 Network and Computer Attacks Objectives • After this lecture and completing the exercises, you will be able to : – Describe the different types of malicious software and what damage they can do – Describe methods of protecting against malware attacks – Describe the types of network attacks – Identify physical security attacks and vulnerabilities Hands-On Ethical Hacking and Network Defense, Second Edition 2 Malicious Software (Malware) • Network attacks prevent a business from operating – Malicious software (malware) • Virus • Worm • Trojan program – Goals • • • • Destroy data Corrupt data Shutdown a network or system Make money 3 Hands-On Ethical Hacking and Network Defense, Second Edition Viruses • Virus attaches itself to a file or program – Needs host to replicate – Does not stand on its own – No foolproof prevention method • Antivirus programs – Detection based on virus signatures • Signatures are kept in virus signature file • Must update periodically • Some offer automatic update feature Hands-On Ethical Hacking and Network Defense, Second Edition 4 Table 3-1 Common computer viruses Hands-On Ethical Hacking and Network Defense, Second Edition 5 Viruses (cont’d.) • Encoding using base 64 – – – – – – – – Typically used to reduce size of e-mail attachments Also, used to encrypt (hide) suspicious code. Represents zero to 63 using six bits A is 000000… Z is 011001 Create groups of four characters...

Words: 1394 - Pages: 6

Premium Essay

Ethical Hacking

...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...

Words: 6103 - Pages: 25

Premium Essay

Ethical Hacking and Network Defense Unit 2 Assignment

...Ethical Hacking and Network Defense Unit 1 Assignment Kaplan University Table of Contents Scope Goals and Objectives Tasks Reporting Schedule Unanswered Questions Authorization Letter Scope Production e-commerce Web application server and Cisco network described in Figure 1.1. Located on ASA_Instructor, the e-commerce Web application server is acting as an external point-of-entry into the network: • Ubuntu Linux 10.04 LTS Server (TargetUbuntu01) • Apache Web Server running the e-commerce Web application server • Credit card transaction processing occurs • The test will include penetrating past specific security checkpoints. • The test can compromise with written client authorization only. Goals and Objectives John Smith, CEO of E-commerce Sales, has requested that we perform a penetration test on the company’s production e-commerce Web application server and its Cisco network. It is our intention to run various penetration tests at irregular times in order to accurately test security measures that have been put in place. E-commerce Sales will not be aware of any of the penetration measures nor will they be aware of the times that this will be done. Information about the network will be gathered and analyzed for any open network interfaces. Success of the test is determined by determining any...

Words: 1705 - Pages: 7

Premium Essay

Ethical Hacking

...Ethical hacking by C. C. Palmer The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization’s secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients. T he term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as: HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically...

Words: 6482 - Pages: 26

Premium Essay

Ethical Hacking - C.C. Palmer

...Ethical hacking by C. C. Palmer The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization’s secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients. scribe the rapid crafting of a new program or the making of changes to existing, usually complicated software. As computers became increasingly available at universities, user communities began to extend beyond researchers in engineering or computer science to other individuals who viewed the computer as a curiously flexible tool. Whether they programmed...

Words: 6481 - Pages: 26

Premium Essay

Cyber Security

...2011 Ethical Hacking & Penetration Testing ACC 626: IT Research Paper Emily Chow 20241123 July 1, 2011 I. Introduction Due to the increasing vulnerability to hacking in today’s changing security environment, the protection of an organization’s information security system has become a business imperative . With the access to the Internet by anyone, anywhere and anytime, the Internet’s “ubiquitous presence and global accessibility” can become an organization’s weakness because its security controls can become more easily compromised by internal and external threats. Hence, the purpose of the research paper is to strengthen the awareness of ethical hacking in the Chartered Accountants (CA) profession, also known as penetration testing, by evaluating the effectiveness and efficiency of the information security system. 2 1 II. What is Ethical Hacking/Penetration Testing? Ethical hacking and penetration testing is a preventative measure which consists of a chain of legitimate tools that identify and exploit a company’s security weaknesses . It uses the same or similar techniques of malicious hackers to attack key vulnerabilities in the company’s security system, which then can be mitigated and closed. In other words, penetration testing can be described as not “tapping the door” , but “breaking through the door” . These tests reveal how easy an organization’s security controls can be penetrated, and to obtain access to its confidential and sensitive information asset by hackers...

Words: 11999 - Pages: 48

Free Essay

Certified Ethical Hacking

...Lab #9 - Assessment Worksheet Investigating and Responding to Security Incidents Course Name and Number: CSS280-1501A-01 Ethical Hacking Student Name: ***** ****** Instructor Name: ***** ****** Lab Due Date: 2/9/2015 Overview In this lab, you acted as a member of the incident response team who had been assigned an incident response in the form of a help desk trouble ticket. You followed the phases of a security incident response to investigate the event, contain the malware, eradicate the suspicious files, re-test the system in readiness for returning it to service, and complete a detailed security incident response report in the provided template. You used AVG Anti-Virus Business Edition to scan the infected workstation and documented your findings as you proceeded. Lab Assessment Questions & Answers 1. When you are notified that a user's workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why? Have the user of the machine cease all activity and contain the infected machine by disconnecting from the network (unplug Ethernet cable or disable wireless), leaving it isolated but not powered off. It should be left in its steady state. This isolates the contaminated workstation from the organization’s network and Internet, as well as preventing the contamination from spreading. Logs, memory forensics...

Words: 1206 - Pages: 5

Premium Essay

Ethical Hacking Lab 1

...Lab #1 – Assessment Worksheet Assessing and Securing Systems on a Wide Area Network (WAN) IT-387 Ethical Hacking Course Name and Number: _____________________________________________________ Emmanuel Garcia Student Name: ________________________________________________________________ Jacob Boaheng Instructor Name: ______________________________________________________________ 09/29/2014 Lab Due Date: ________________________________________________________________ Overview In this lab, a systems administrator for the securelabsondemand.com network has reported odd behavior on two servers that support legacy applications you first conducted internal penetration tests (also called a vulnerability scan) on each system and then helped secure those systems by configuring firewalls and removing vulnerable open ports. Lab Assessment Questions & Answers 1. What is the first Nmap command you ran in this lab? Explain the switches used. The first Nmap command I ran on the the lab was nmap -O -v 10.20.100.50. To explain the switches used winch are re presented with (-O) and (-v). (-O) means detect the operating system of the 10.20.100.50 machine and view or show the detail of the open ports. 2. What are the open ports when scanning 192.168.3.25 and their service names? After I have run the Nmap command for the 192.168.3.25 It show the port the were open such as port 80 HTTP hypertext transfer protocol, port 135 MSRPC Micro Soft Remote procedure Call, port 139 NetBios-ssn is...

Words: 373 - Pages: 2

Premium Essay

Ethical Hacking

...Chapter-1 1.0 Introduction With the tremendous advancement of Internet, different aspects of it are achieving the highest peak of growth. An example of it is e-commerce. More and more computers get connected to the Internet, wireless devices and networks are booming and sooner or later, nearly every electronic device may have its own IP address. The complexity of networks is increasing, the software on devices gets more sophisticated and user friendly – interacting with other devices and people are a main issues. At the same time, the complexity of the involved software grows, life cycles are getting shorter and maintaining high quality is difficult. Most users want (or need) to have access to information from all over the world around the clock. Highly interconnected devices which have access to the global network are the consequence. As a result, privacy and security concerns are getting more important. In a word, information is money. There is a serious need to limit access to personal or confidential information – access controls are needed. Unfortunately most software is not bug free due to their complexity or carelessness of their inventors. Some bugs may have a serious impact on the access controls in place or may even open up some unintended backdoors. Security therefore is a hot topic and quite some effort is spent in securing services, systems and networks. On the internet, there is a silent war going on between the good and the bad guys – between the ones...

Words: 8365 - Pages: 34

Premium Essay

Professional Issues in Information Technology Education Background

...PROFESSIONAL ISSUES IN INFORMATION TECHNOLOGY EDUCATION BACKGROUND SWINBURNE UNIVERSITY OF TECHNOLOGY SARAWAK CAMPUS 4235614 Fanny Angga Kartikasari 4216989 Abdul Afiz Nuhu 4204069 Abdulahi Baba Ari 4230590 Indeewari Kumarage 4213475 Norazreen Bt Mohd Rafi 4194071 Nur Azura Mohammad PIIT Project – University Information System Table of Contents Abstract ...................................................................................................................................................... 3 1. 2. 3. 4. 5. 6. Introduction ........................................................................................................................................ 4 TOE Framework ................................................................................................................................. 6 Methodology....................................................................................................................................... 7 ITIL Framework ................................................................................................................................. 7 Hypotheses.......................................................................................................................................... 8 Data Analysis .................................................................................................................................... 14 6.1 Policy Statement ................................................

Words: 11457 - Pages: 46

Premium Essay

Applying Owasp to a Web Security Assessment

...Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you explored the Open Web Application Security Project (OWASP) Web site and reviewed its Web application test methodology. You studied the standards and guides published by this project and summarized your findings. Finally, you drafted a Web Application Test Plan based on the information you gained in your OWASP research. Lab Assessment Questions & Answers 1. Identify the four recognized business functions and each security practice of OpenSAMM. 1) Governance 2) Construction 3) Verification 4) Deployment 2. Identify and describe the four maturity levels for security practices in SAMM. 1) Implicit starting point representing the activities in the Practice being unfulfilled 2) Initial understanding and ad hoc provision of Security Practice 3) Increase efficiency and/or effectiveness of the Security Practice 4) Comprehensive mastery of the Security Practice at scale 3. What are some activities an organization could perform for the security practice of Threat Assessment? Threat Assessment involves accurately identifying and characterizing potential attacks upon an organization’s software in order to better understand...

Words: 574 - Pages: 3

Popular Essays

Utilitarianism Essay
My Lifeplan Essay
Proportional Electoral Systems Cause as... Essay
We Were Soldiers Essay
Information Essay
How May Conflict Resolution and Conflict... Essay