Free Essay

Lab #10 Securing the Network with an Intrusion Detection System (Ids)

In: Computers and Technology

Submitted By iseeucme
Words 3209
Pages 13
Lab #10 Securing the Network with an Intrusion Detection System (IDS)
Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection.
Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage.
A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides the ability to monitor a network, host or application, and report back when suspicious activity is detected, but it does not block the activity.
In this lab, you will configure Snort, an open source intrusion prevention and detection system, on the TargetSnort virtual machine and the Web-based IDS monitoring tool called Snorby. You also will use the OpenVAS scanning tool to scan the TargetSnort virtual machine to test the Snort configuration and see exactly what circumstances trigger an IDS alert.
This lab has three parts, which should be completed in the order specified. There is no challenge question for this lab. 1. In the first part of the lab, you will configure an IDS for capturing network traffic on the TargetSnort virtual machine. 2. In the second part of the lab, you will conduct a vulnerability scan using OpenVAS. 3. In the third part of the lab, you will review the Snorby monitoring results.

Learning Objectives
Upon completing this lab, you will be able to: * Configure an open source intrusion prevention and detection systems (IPS/IDS), Snort, on the TargetSnort virtual machine to detect a network-based attack * Configure an IDS monitoring tool, Snorby, to view alerting events on a running IDS system * Recognize IDS signatures and understand how scans appear as events in the IDS * Use scanning tools to attack the IDS virtual machine to trigger an alert * Document and describe the attacks detected and be able to identify false positives or remediation actions
Tools and Software
The following software and/or utilities are required to complete this lab. Students are encouraged to explore the Internet to learn more about the products and tools used in this lab. * OpenVAS * Snorby * Snort

Upon completion of this lab, you are required to provide the following deliverables to your instructor:

1. Lab Report file including screen captures of the following step(s): Part 2, Step 19; Part 3, Steps 3, 5, and 7 ; 2. Lab Assessments file.

Hands-On Steps Note:This lab contains detailed lab procedures, which you should follow as written. Frequently performed tasks are explained in the Common Lab Tasks document on the vWorkstation desktop. You should review these tasks before starting the lab. |

1. From the vWorkstation desktop, open the Common Lab Tasks file.
If you desire, use the File Transfer button to transfer the file to your local computer and print a copy for your reference. Figure 1 “Student Landing” workstation 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps.
Part 1: Configure an Intrusion Detection System (IDS) Note:The essence of intrusion detection is the process of detecting potential misuse or attacks and the ability to respond on the basis of the alert provided. Best practice in a network environment is to have host-based intrusion detection systems enabled on critical servers and workstations to provide your network and security organization with real-time alerts and alarms for potential system compromise and/or unauthorized access. In the next steps, you will configure Snort on the TargetSnort virtual machine to detect vulnerability scans. Snort is an open source network intrusion prevention and detection system (IPS/IDS), capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. |

1. Double-click the putty.exe icon on the vWorkstation desktop to open the application. 2. Type as the IP address of the TargetSnort server and click the Open button to open an SSH connection to the TargetSnort server. 3. Click Yes on the PuTTY Security Alert. 4. Log in to the TargetSnort using the following security credentials: * Login: root and press Enter * Password: toor and press Enter

Figure 2 TargetSnort PuTTY session 5. Type service snort status and press Enter to confirm the Snort service is running.
A response of OK indicates that Snort is now running and is configured with the default alerts and rules (signatures). While not common, it is possible to receive a fail status with this command—that’s why you check the status. If you receive a fail status, you will need to restart the Snort service. At the prompt, type service snort restart and press Enter to restart the service, and then repeat step 5 until you receive an OK status.

Figure 3 Snort status response Note:In the next steps, you will use the Snorby tool to review traffic statistics on the TargetSnort virtual machine. Snorby is a Web-based tool that analyzes intrusions detected by Snort. |

6. Type cd /var/www/snorby and press Enter to change directories. 7. Type bundle exec rake snorby:setup and press Enter to refresh the database connections and start the population of data.
Ignore any errors; these are normal on a refresh.

Figure 4 Snorby database connections refresh 8. When the command prompt returns, type bundle exec rails server -e production -b -d and press Enter to start the Snort Web interface Snorby and run it in the background. 9. Type exit and press Enter to close the PuTTY session. 10. Double-click the Firefox Web browser icon on the vWorkstation desktop to open the browser. 11. In the browser’s address bar, type and press Enter to open the Snorby Dashboard and maximize the browser window, if necessary. 12. Type the following credentials and click Welcome, Sign In to log in: * E-mail: * Password: snorby
Explore the tabs and links on this page to familiarize with the features of Snorby.

Figure 5 Snorby Dashboard Note:Your organization’s security policies should define what are acceptable and unacceptable protocols, applications, and services running on your network. Performing a network traffic baseline definition analysis will provide you with information about what protocols and traffic behavior patterns are normal. Using this as a baseline, the IDS can be configured to recognize abnormal digital signatures or IP traffic patterns which helps harden the LAN-to-WAN domain at the Internet ingress/egress point. |

13. Minimize the Snorby window to return to the vWorkstation desktop.

Part 2: Conduct a Vulnerability Scan Note:In the next steps, you will use OpenVAS to conduct a vulnerability scan on the TargetSnort virtual machine. First, you will create a new user account with administrative privileges. Then you will create a new task definition, and finally you will execute the scan. OpenVAS is a framework of several services and tools offering vulnerability scanning and management solutions. It is used to run tests against client computers using a database of known exploits and weaknesses. |

1. Double-click the OpenVAS icon to launch the application.
The Greenbone Security Assistant will open in a new Internet Explorer tab. The server will need approximately five minutes to initialize. 2. At Certificate Error warning, click Continue to this website (not recommended) to continue. 3. When prompted, type the following credentials and click Login to open the application. * Username: openvasadmin * Password: pass 4. If prompted to save your password, click Not for this site to continue.

Figure 6 Connect to OpenVAS 5. In the OpenVAS toolbar, click the Administration button to add a new user account. 6. In the New User section, type the following logon information and click the Create User button to finish creating the new user account. * User name: student * Password: password * Role: Admin
If prompted to save your password, click Not for this site to continue.

Figure 7 Add a new user in OpenVAS Note: OpenVAS recognizes three distinct roles: * User: Only enough privileges for everyday use. * Administrator: Includes extra administration privileges, like the ability to add users or synchronize the feed. * Observer: Only enough privileges to view resources. That is, an observer is forbidden from creating, removing, modifying, or using any tasks, targets, or configurations. Furthermore, an observer may view these resources only when the owner of the task adds the observer to the task's observer list. | 7. Click the Logout link at the top right of the OpenVAS Server Manager window to log out. 8. Log back in using the new administrator account you created and click Login: * User name: student * Password: password

Figure 8 OpenVAS home page 9. Click the Configuration tab and then click the star icon to create a New Target host to scan.

Figure 9 Create New Target Host in OpenVAS 10. In the New Target section, type the following, or select from the drop-down list: * Name: TargetSnort * Hosts (Manual): * Port List: OpenVAS Default

Figure 10 Entering information for a New Target in OpenVAS 11. Click the Create Target button. 12. From the OpenVAS toolbar, select Scan Management > New Task to add a new task.

Figure 11 Create a new task in OpenVAS 13. In the New Task section, type the following information: * Name: Snort Task * Scan Config: Full and very deep ultimate * Scan Targets: TargetSnort * Maximum concurrently executed NVTs per host: 15

Figure 12 Create a new Snort Task 14. Click the Create Task button to open the Scan Management home page.
Note how Snort Task is now listed as a task on the OpenVAS home page. 15. Click the Green arrow in the Actions column to start the Snort Task scan.
When the scan is completed, you will see a blue Done button in the Status column of the table. The scan can take several minutes to complete. You can use the control buttons to the right in the Actions section to Pause, Resume, or Stop the scan. Use the Task Details button (magnifying glass icon) to see more details about the progress of the scan for each target being scanned. You can manually refresh the page during this time to check the status of the scan, or set the page to automatically refresh. 16. In the Tasks header, select Refresh every 10 Sec from the first drop-down menu and click the Set Button (green refresh arrows button) to its right.

Figure 13 Refresh the screen 17. When the scan completes, click the date associated with the Snort Task to open the report for that scan.
The top of the screen provides a summary of the types vulnerabilities discovered. Vulnerabilities are categorized according to severity: High, Medium, and Low. You can also scroll down to see a detailed report of Security Issues reported. Note:In addition to the onscreen version, reports can be downloaded to your local computer in a variety of formats by selecting the download format (HTML, PDF, TXT and more) from the drop-down list and then clicking the green down arrow in the Download column. Figure 14 OpenVAS report summary |

18. Use the scrollbar to locate the Filtered Results section of the report.
In this case, OpenVAS identified a single security issue of medium risk level. 19. Make a screen capture showing the Filtered Results and paste it into your Lab Report file. 20. Close the browser window to exit from the OpenVAS Client.
Part 3: View the Scan Results in Snorby Note:In the next steps, you will review the Snort alerts captured in Snorby. Snorby is a Web-based front-end to other applications, such as Snort. When Snort captures and examines IP packets, it does not save every IP packet. Rather, it is looking for specific IP packet traffic patterns and abnormal traffic attempting to enter a network. The IDS maintains logs and alerts and alarms when certain IP packet traffic patterns are identified inbound to the organization’s network. Alerts or alarms can be automated to send information to a network or security operations help desk. Should you receive an IDS alert about a port scan detected from the same IP on a subnet, it is one of the first signs of a possibly compromised machine. An attacker may have remote access to a workstation and has enabled a vulnerability assessment scan from within your organization. The results of this scan will be sent back to the attacker unnoticed to your organization. |

1. Maximize the Snorby browser window. 2. Select Dashboard from the Snorby toolbar to refresh the Snorby alert screen.
In this case, Snorby identified 8 high severity issues and 400 issues of medium severity.

Figure 15 Snorby Dashboard 3. Make a screen capture showing the alerts identified by Snort and the date the report was run and paste it into your Lab Report file. 4. Click Events from the Snorby toolbar to open a list of the events classified by Snorby as unusual. 5. Make a screen capture showing the abnormal sessions identified by Snort and paste it into your Lab Report file. You may have to take multiple screen captures to display the entire output. 6. Locate a TFTP GET passwd error in the Event Signatures column and then click anywhere in the corresponding row to expand the detail information.

Figure 16 TFTP GET passwd errors 7. Make a screen capture showing the TFTP GET passwd details and paste it into your Lab Report file. Note:It is possible to identify the digital signatures of common reconnaissance and probing scans, such as Ping, Nmap, and OpenVAS. Program your IDS and IPS devices to specifically alert and block reconnaissance and probing IP packets that are commonly used by these attack tools. All of the normal hacking applications and tools that generate ICMP, IP, UDP, and TCP should also be identified and blocked on your external IDS/IPS device, including denial of service (DoS) and distributed denial of services (DDoS) digital signatures. |

8. Close the Snorby window. Note:This completes the lab. Close the virtual lab, if you have not already done so. |

Assignment Grading Rubric
Course: IT540 Unit: 3 Points: 116
Unit 3 Assignment
Outcomes addressed in this activity:
Unit Outcomes: * Define the term computer forensics. * Conduct a basic forensics exercise using Snort. * Illustrate the importance of audit logs to forensics investigations. * Examine how various forensics tools are used. * Examine the phases of a forensics investigation. * Illustrate basic encryption techniques.
Course Outcome:
IT540-2: Secure computer network data.
Write your report in the standard APA style. Your output should be at least four double spaced pages, exclusive of the title page, abstract, table of contents, and references section.
Part 1:
Complete Jones & Bartlett Lab 10: Securing the Network with an Intrusion Detection System (IDS).
Part 2:
Consider the following five questions and write an essay response to each one.
How do you go about finding information when you have been told that there has been a break-in? * What servers were compromised? * Was network equipment comprised? * What user accounts were employed to do gain access? * What vulnerabilities were exploited? * What can be done to prevent a recurrence?
Assignment Requirements: * Answers contain sufficient information to adequately answer the questions * No spelling errors * No grammar errors
*Two points will be deducted from grade for each occurrence of not meeting these requirements.
For more information and example of APA formatting, see the resources in Doc sharing or visit the KU Writing Center from the KU Homepage.
Also review the KU Policy on Plagiarism. This policy will be strictly enforced on all applicable assignments and discussion posts. If you have any questions, please contact your professor.
Review the grading rubric below before beginning this activity.
Assignment grading rubric = 116 points Assignment Requirements | Points Possible | Points Earned | Part 1: Jones & Bartlett Lab 10: Securing the Network with an Intrusion Detection System (IDS). | | | Documented lab | 0–30 | | Part 2: Hypothetical Break-In | | | Q1: Listed steps that would be taken and utilities that would be used to determine what servers were compromised. | 0–17 | | Q2: Properly lists files that would be checked, and utilities that would be utilized for the determination. | 0–17 | | Q3. List included where to check for network account activity. You should also list what the indicators are for attempted network access. | 0–17 | | Q4. Indicated how to check for possible vulnerabilities that could be exploited. | 0–17 | | Q5. Included details how to protect network resources from unauthorized access and other potential security breaches. | 0–18 | | Column Total | 0-116 | | Less deduction taken for spelling, grammar and APA errors. Plagiarism is totally unacceptable | | New total after deductions | |

Lab #10 – Assessment Worksheet
Securing the Network with an Intrusion Detection System (IDS)
Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________

Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________
In this lab, you configured Snort, an open source intrusion prevention and detection system, on the TargetSnort virtual machine, and the Web-based IDS monitoring tool called Snorby. You also used the OpenVAS scanning tool to scan the TargetSnort virtual machine to test the Snort configuration and see exactly what circumstances trigger an IDS alert.
Lab Assessment Questions & Answers 1. What is the difference between an IDS and an IPS? | 2. Why is it important to perform a network traffic baseline definition analysis? | 3. Why is a port scan detected from the same IP on a subnet an alarming alert to receive from your IDS? | 4. If the Snort IDS captures the IP packets off the LAN segment for examination, is this an example of promiscuous mode operation? Are these packets saved or logged? | 5. What is the difference between a host-based IDS and a network-based IDS? | 6. How can you block attackers, who are performing reconnaissance and probing, with Nmap and OpenVAS port scanning and vulnerability assessment scanning tools? | 7. Why is it a good idea to have host-based intrusion detection systems enabled on critical servers and workstations? | 8. Where should you implement intrusion prevention systems in your IT infrastructure? |

Similar Documents

Free Essay

Certified Ethical Hacking

...Lab #9 - Assessment Worksheet Investigating and Responding to Security Incidents Course Name and Number: CSS280-1501A-01 Ethical Hacking Student Name: ***** ****** Instructor Name: ***** ****** Lab Due Date: 2/9/2015 Overview In this lab, you acted as a member of the incident response team who had been assigned an incident response in the form of a help desk trouble ticket. You followed the phases of a security incident response to investigate the event, contain the malware, eradicate the suspicious files, re-test the system in readiness for returning it to service, and complete a detailed security incident response report in the provided template. You used AVG Anti-Virus Business Edition to scan the infected workstation and documented your findings as you proceeded. Lab Assessment Questions & Answers 1. When you are notified that a user's workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why? Have the user of the machine cease all activity and contain the infected machine by disconnecting from the network (unplug Ethernet cable or disable wireless), leaving it isolated but not powered off. It should be left in its steady state. This isolates the contaminated workstation from the organization’s network and Internet, as well as preventing the contamination from spreading. Logs, memory......

Words: 1206 - Pages: 5

Premium Essay

Lot Task2

...practices for the detection and prevention of denial of service attacks, such as the event that recently occurred at the university. It was determined that based on current security guidelines and current controls in place, the university was still severely vulnerable from an internal aspect and all identified gaps need to be addressed and resolved. Each control described below will provide a more in depth look at the overall strategy of how a network should be protected but still allow for the functionality that is required to maintain normal operations. Know the Signs of an Attack An essential part of network security is knowing what the characteristics of an attack are, so they can be countered or prevented. When the university suffered an overwhelming internal DDoS attack, it required administrators to reevaluate its security guidelines based on what was known about the attack. As seen at the time of attack, certain characteristics were: Network performance unusually slow Website was unavailable for at least 24 hours Thousands of bogus HTTP packets sent to internal web server Taking these factors into account, it can be safe to say it was an actual attack rather than just legitimate network usage. Now that it is known what such an event would look like, identifying similar attacks in the future will be much easier and may allow for limited down time. Deployment of an Intrusion Detection or Prevention System Implementing the installation of an IDS or......

Words: 1264 - Pages: 6

Premium Essay


...SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING Securing Wi-Fi Rogue Access within an Enterprise Setting Daniel Joel Clark A Capstone Presented to the Information Technology College Faculty of Western Governors University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Security Assurance January 9, 2014 1 SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING 2 A1 - Abstract Since 1999 wireless devices have become a necessity in enterprises. While increasing convenience, connectivity, and productivity, they also pose an unprecedented threat to network security guarding, which has literally taken to the airwaves. This paper will deal with vulnerabilities and risks regarding access points (APs) in a wireless network (WLAN) connecting to a wired local area network (LAN) in enterprises. Data for this paper will come from published academic papers, industry publications including white papers and surveys, and industry specialists. It will also include definitions of terms, policy and procedures that affect access points, and current practices regarding rogue APs. A case study will be presented for a fictional enterprise with multiple locations that has standard procedures, policies, and protocols in place, but recent events have questioned their ability to control access points with the discovery of rogue devices hidden in several office locations. Industry warnings about access points span the...

Words: 18577 - Pages: 75

Premium Essay

Information Security Technologies

...Technologies by Benjamin Tomhave November 10, 2004 Prepared for: Professor Dave Carothers EMSE 218 The George Washington University This paper or presentation is my own work. Any assistance I received in its preparation is acknowledged within the paper or presentation, in accordance with academic practice. If I used data, ideas, words, diagrams, pictures, or other information from any source, I have cited the sources fully and completely in footnotes and bibliography entries. This includes sources which I have quoted or paraphrased. Furthermore, I certify that this paper or presentation was prepared by me specifically for this class and has not been submitted, in whole or in part, to any other class in this University or elsewhere, or used for any purpose other than satisfying the requirements of this class, except that I am allowed to submit the paper or presentation to a professional publication, peer reviewed journal, or professional conference. In adding my name following the word 'Signature', I intend that this certification will have the same authority and authenticity as a document executed with my hand-written signature. Signature _____Benjamin L. Tomhave________________________ Benjamin L. Tomhave 12/7/2004 1 Research Paper: Information Security Technologies by Benjamin L. Tomhave Abstract The following research paper provides analysis of thirteen (13) information security technology topics, arranged in ten (10) groups, that are either commonly......

Words: 12903 - Pages: 52

Premium Essay

Ethical Hacking

...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are......

Words: 6103 - Pages: 25

Premium Essay

Project Manager

...policies and BYOD policies—and that means security gaps big enough to drive a semi through. Most, mobile devices that access enterprise data/networks, yet just 14% require hardware encryption, no exceptions. Let’s be clear: Mobile security is data security, and we must do better. By Michael Finneran Report ID: R4720512 Previous Next reports 2012 State of Mobile Security CONTENTS 3 4 5 6 7 9 11 11 15 20 25 26 27 27 30 32 45 Author’s Bio Executive Summary Research Synopsis Lessons Unlearned Mobile Device Policies: BYOD in Full Swing What, Me Worry? Breaking It Down Wi-Fi Policy Guidance Tablet/Smartphone Policy So What Are You Doing About It? Applications and Malware Laptops and Ultrabooks Security-Awareness Training Get Going on a Secure Mobility Initiative Don’t Sit Still Appendix Related Reports 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 TABLE OF Figures 6 Figure 1: Policy on Personal Mobile Device Use? 7 Figure 2: Personal Mobile Device Policy 8 Figure 3: Percentage of Employees Using Mobile Devices 9 Figure 4: Top Mobile Security Concerns 10 Figure 5: Importance of Mobile Security Initiatives 11 Figure 6: Percentage of Mobile Devices Experiencing Security Incidents Figure 7: Securing Wireless LANs Figure 8: Securing Data in Transit Figure 9: Mobile Device Authentication Mechanisms Figure 10: Mobile Device Data Encryption Figure 11: Primary Reason for Not Requiring Data Encryption Figure 12: Regulatory Compliance Figure......

Words: 10170 - Pages: 41

Free Essay

Is4550 Unit 3 Assignment 1

...The  Critical  Security  Controls   for   Effective  Cyber  Defense   Version  5.0                     1       Introduction   .....................................................................................................................................................................  3   CSC  1:    Inventory  of  Authorized  and  Unauthorized  Devices  ............................................................................  8   CSC  2:    Inventory  of  Authorized  and  Unauthorized  Software  .......................................................................  14   CSC  3:    Secure  Configurations  for  Hardware  and  Software  on  Mobile  Devices,  Laptops,   Workstations,  and  Servers  .......................................................................................................................................  19   CSC  4:    Continuous  Vulnerability  Assessment  and  Remediation  .................................................................  27   CSC  5:    Malware  Defenses  ..........................................................................................................................................  33   CSC  6:    Application ......

Words: 31673 - Pages: 127

Free Essay

Cyber Attacks

...Cyber Attacks on the Government’s Transportation Grid Breaches and Security Implications by Penetration of the Western Interconnection’s  Traffic Control System and its Effects on Modern Day Life  Year after year, a number of films are released involving computer hacking of some sort along with cyber-villainy. As entertaining as they are, the validity of these possibilities is not explored. Many of these films center revolve around a chaotic vehicle-related scene where a form of the government’s transportation grid is compromised. The breach typically involves traffic control. As the stoplights and streetlights are in a state known as gridlock, external hackers usually make the situation as unruly as humanely plausible. However, the very nature of this unfortunate scenario can only be determined once the backgrounds of the systems that control it are thoroughly studied.  The contiguous United States is divided into three main alternating current power grids.  The Western Interconnected System, or Western Interconnection, is the one applicable to those  of us living in California. The electric utilities functioning in this region are tied together,  operating at 60Hz. While the grid is currently electrically powered, research by the National  Renewable Energy Laboratory (NREL) in Colorado indicates the Western Interconnection can  handle higher levels of renewable energy, in a quest to implement alternative energy sources. If  integrated correctly, the NREL......

Words: 3038 - Pages: 13

Premium Essay

Paper Number: 312-49 v8 Passing Score: 700 Time Limit: 240 min File Version: 16.5 Exam Code: 312-49 Exam Name: Computer Hacking Forensic Investigator Practice Testw CHFI-1-105 QUESTION 1 When a file or folder Is deleted, the complete path, including the original file name, Is stored In a special hidden file called "INF02" In the Recycled folder. If the INF02flle Is deleted, It Is re-created when you _______ A. B. C. D. Restarting Windows Kill the running processes In Windows task manager Run the antivirus tool on the system Run the anti-spy ware tool on the system Correct Answer: A Section: (none) Explanation Explanation/Reference: A QUESTION 2 Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for Images with up to 256 distinct colors per frame. A. B. C. D. 8-bit 16-bit 24-bit 32-bit Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 3 The IIS log file format is a fixed (cannot be customized) ASCII text-based format. The IIS format includes basic items, such as client IP address, user name, date and time,service and instance, server name and IP address, request type, target of operation, etc. Identify theservice status code from the following IIS log., -, 03/6/11, 8:45:30, W3SVC2,SERVER,, 4210, 125, 3524, 100, 0, GET, / dollerlogo.gif, A. B. C. D. W3SVC2 4210 3524 100 Correct Answer: D Section:......

Words: 11383 - Pages: 46

Premium Essay

Mobile Application Security

...SECURING A MOBILE WORLD Introduction Today’s smartphones and tablets are more than communication devices. They are hip-mounted personal computers, with more memory and processing power than your laptop of just a few years ago. They are an integrated part of our lives… personal and professional. The information they provide is so vital that the Army is piloting their use as standard field issue to every soldier, complete with combat-focused applications [1]. However, smartphones and tablets raise new security issues. They are more likely to be lost or stolen, exposing sensitive data. Malware risks are increased because they connect to the Internet directly rather than from behind corporate firewalls and intrusion-protection systems. Security of mobile devices focuses on controlling access through the use of device locks and hardware data encryption. While this may be sufficient for individual users, it is insufficient for defense needs. Many documented examples exist of hacking of the device lock, as well as defeats of the hardware-level encryption. Once the device is unlocked, there is generally unfettered access to all apps and their associated data. Military applications require additional application-level access controls to provide data security. Unfortunately, there are gaps in the application-level security model of the two predominant mobile operating systems: iOS from Apple and Google Android. Our ongoing research1 looks to address these gaps by developing......

Words: 4009 - Pages: 17

Premium Essay

Jacket-X Paper

...stating financial issues with last year’s payrolls. There are also concerns with external network vulnerabilities that possibly can give hackers unauthorized access to company data and information. The CIO has internal IT security concerns due to a recent incident with an executive employee infecting the company’s network with malicious software from a company issued laptop. To help stay current with technology and compliant with federal laws Jacket-X decided to install a new Identity Management (IdM) system with Single Sign On (SSO) features. Several employees and customers do not like the new IdM system due to having privacy and data access concerns. This paper will analyze and discuss potential threats and vulnerabilities within the Jacket-X Corporation enterprise network. The paper will identify various IT security measures that will address the known threats and vulnerabilities. There will be discussions and recommendations made for choosing the best IdM system for Jacket-X. These discussions will also consist of the company addressing SSO privacy concerns, SOX compliance, inadequacies of current company IT security, and possible implementation issues with the new IdM system. Vulnerability Assessment for Jacket-X Corporation Computer technology in today’s society is continuing to grow at a rapid pace throughout the world. Systems are being designed in order to share the same networks and time-sharing processes....

Words: 6831 - Pages: 28

Premium Essay

Ethical Hacking

...computers get connected to the Internet, wireless devices and networks are booming and sooner or later, nearly every electronic device may have its own IP address. The complexity of networks is increasing, the software on devices gets more sophisticated and user friendly – interacting with other devices and people are a main issues. At the same time, the complexity of the involved software grows, life cycles are getting shorter and maintaining high quality is difficult. Most users want (or need) to have access to information from all over the world around the clock. Highly interconnected devices which have access to the global network are the consequence. As a result, privacy and security concerns are getting more important. In a word, information is money. There is a serious need to limit access to personal or confidential information – access controls are needed. Unfortunately most software is not bug free due to their complexity or carelessness of their inventors. Some bugs may have a serious impact on the access controls in place or may even open up some unintended backdoors. Security therefore is a hot topic and quite some effort is spent in securing services, systems and networks. On the internet, there is a silent war going on between the good and the bad guys – between the ones who are trying hard to keep information secured and the ones who are trying to get prohibited access to these information. Securing an information technology environment does not just consist......

Words: 8365 - Pages: 34

Premium Essay

Computer Security

...CHAPTER 3 CO M P U TE R A N D I NT E R N E T C R IME QUOTE In view of all the deadly computer viruses that have been spreading lately, Weekend Update would like to remind you: when you link up to another computer, you’re linking up to every computer that that computer has ever linked up to. —Dennis Miller, Saturday Night Live, U.S. television show VIGNETTE Treatment of Sasser Worm Author Sends Wrong Message Unleashed in April 2004, the Sasser worm hit IT systems around the world hard and fast. Unlike most computer viruses before it, the Sasser worm didn’t spread through e-mail, but moved undetected across the Internet from computer to computer. It exploited a weakness in Microsoft Windows XP and Windows 2000 operating systems. By the first weekend in May, American Express, the Associated Press, the British Coast Guard, universities, and hospitals reported that the Sasser worm had swamped their systems. Computer troubles led Delta Airlines to cancel 40 flights and delay many others. Microsoft quickly posted a $250,000 reward, and by mid-May, authorities apprehended Sven Jaschen, a German teenager. Jaschen confessed and was convicted after a three-day trial. Jaschen could have received up to five years in prison, but because he was tried as a minor, the court suspended his 21-month sentence, leaving him with only 30 hours of community service. Copyright © 2007 by Thomson Course Technology. All rights reserved. This publication is protected by federal......

Words: 18526 - Pages: 75

Premium Essay

Company Security Policy

...1 Rhombus, Inc. 14 1.1 About This Document 14 1.2 Company History 14 1.3 Company Structure and IT Assets 14 1.4 Industry Standards 15 1.5 Common Industry Threats 15 1.6 Policy Enforcement 16 2 Credit Card Security Policy 17 2.1 Introduction 17 2.2 Scope of Compliance 17 2.3 Requirement 1: Build and Maintain a Secure Network 17 2.4 Requirement 2: Do not use Vendor-Supplied Defaults for System Passwords and Other Security Parameters 18 2.5 Requirement 3: Protect Stored Cardholder Data 19 2.6 Requirement 4: Encrypt Transmission of Cardholder Data across Open and/or Public Networks 20 2.7 Requirement 5: use and Regularly Update Anti-Virus Software or Programs 20 2.8 Requirement 6: Develop and Maintain Secure Systems and Applications 21 2.9 Requirement 7: Restrict Access to Cardholder Data by Business Need to Know 21 2.10 Requirement 8: Assign a Unique ID to Each Person with Computer Access 22 2.11 Requirement 9: Restrict Physical Access to Cardholder Data 22 2.12 Requirement 10: Regularly Monitor and Test Networks 23 2.13 Requirement 11: Regularly Test Security Systems and Processes 25 2.14 Requirement 12: Maintain a Policy that Addresses Information Security for Employees and Contractors 26 2.15 Revision History 29 3 Acceptable Use Policy 30 3.1 Overview 30 3.2 Purpose 30 3.3 Scope 30 3.4 Policy 31 3.5 Policy Compliance 35 3.6 Related Standards, Policies and......

Words: 26545 - Pages: 107

Premium Essay

Vulnerability in Information

...answer the following questions: ■ ■ What are the basics concepts of network security? What are some common network security vulnerabilities and threats? ■ ■ What are security attacks? What is the process of vulnerability analysis? Key Terms This chapter uses the following key terms. You can find the definitions in the glossary at the end of the book. Unstructured threats Structured threats External threats Internal threats Hacker Cracker Phreaker Spammer Phisher page 21 page 21 page 21 page 21 page 21 page 20 page 20 page 20 page 21 White hat Black hat page 21 page 21 page 28 page 28 Dictionary cracking Brute-force computation Trust exploitation Port redirection page 28 page 29 page 30 Man-in-the-middle attack Social engineering Phishing page 30 page 30 2 Network Security 1 and 2 Companion Guide The Internet continues to grow exponentially. Personal, government, and business applications continue to multiply on the Internet, with immediate benefits to end users. However, these network-based applications and services can pose security risks to individuals and to the information resources of companies and governments. Information is an asset that must be protected. Without adequate network security, many individuals, businesses, and governments risk losing that asset. Network security is the process by which digital information assets are protected. The goals of network security are as follows: ■ ■ ■ Protect confidentiality Maintain......

Words: 13317 - Pages: 54