Premium Essay

Assessing and Securing Systems on a Wan and Applying Encryption and Hashing Algorithms for Secure Communications

In:

Submitted By daniellehunker
Words 832
Pages 4
Unit 1 Individual Project
Danielle Hunker
Ethical Hacking
Colorado Technical University Online
CSS280
February 22, 2016

Assessment Worksheet
Assessing and Securing Systems on a Wide Area Network (WAN)
Course Name and Number: Ethical Hacking CSS280
Student Name: Danielle Hunker
Instructor Name: Jimmy Irwin
Lab Due Date: February 22, 2016
Overview
In this lab, a systems administrator for the securelabsondemand.com network has reported odd behavior on two servers that support legacy applications you first conducted internal penetration tests (also called a vulnerability scan) on each system and then helped secure those systems by configuring firewalls and removing vulnerable open ports.
Lab Assessment Questions & Answers 1. What is the first Nmap command you ran in this lab? Explain the switches used.
Nmap command: nmap –O –v 10.20.100.50
-O was the switch used to detect the operating system 10.20.100.50
-v was the switch used to show the detail of 10.20.100.50 2. What are the open ports when scanning 192.168.3.25 and their service names? * 80 HTTP services * 135 Microsoft EPMAP (End Point Mapper) * 139 NetBios session service * 445 Microsoft DS, SMB file sharing and CIFS (common internet file sharing) * 3389 RDP (Remote Desktop Protocol) * 5357 WSDAPI web services for devices * 49152 uo to 49157 DCOM or ephemeral ports 3. What is the command line syntax for running an SMB vulnerability scan with Nmap against 10.20.100.50?
Nmap –script=smb-check-vulns –p445 10.20.100.50 4. Explain why SMBv2 DoS (CVE-2009-3103) is bad.
SMBv2DoS is bad because this kind of vulnerability allows for a denial of service attack with the Blue Screen of Death or BSOD. 5. What is the operating system of IP address 192.168.40.238?
FreeBSD 7.x|8.x|9.x|10.x 6. What are the reverse IP

Similar Documents

Premium Essay

Sscp Study Notes

...SSCP Study Notes 1. Access Controls 2. Administration 3. Audit and Monitoring 4. Risk, Response, and Recovery 5. Cryptography 6. Data Communications 7. Malicious Code Modified version of original study guide by Vijayanand Banahatti (SSCP) Table of Content 1.0 ACCESS CONTROLS…………………………………………………………...... 03 2.0 ADMINISTRATION ……………………………………………………………... 07 3.0 AUDIT AND MONITORING…………………………………………………...... 13 4.0 RISK, RESPONSE, AND RECOVERY………………………………………....... 18 5.0 CRYPTOGRAPHY……………………………………………………………....... 21 6.0 DATA COMMUNICATIONS…………………………………………………...... 25 7.0 MALICIOUS CODE……………………………………………………………..... 31 REFERENCES………………………………………………………………………........ 33 1.0 ACCESS CONTROLS Access control objects: Any objects that need controlled access can be considered an access control object. Access control subjects: Any users, programs, and processes that request permission to objects are access control subjects. It is these access control subjects that must be identified, authenticated and authorized. Access control systems: Interface between access control objects and access control subjects. 1.1 Identification, Authentication, Authorization, Accounting 1.1.1 Identification and Authentication Techniques Identification works with authentication, and is defined as a process through which the identity of an object is ascertained. Identification takes place by using some form of authentication. Authentication Types Example Something you know...

Words: 17808 - Pages: 72

Premium Essay

Information and Survey Analysis

...1. An IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of: A. variable sampling. B. substantive testing. C. compliance testing. D. stop-or-go sampling. The correct answer is: C. compliance testing. Explanation: Compliance testing determines whether controls are being applied in compliance with policy. This includes tests to determine whether new accounts were appropriately authorized. Variable sampling is used to estimate numerical values, such as dollar values. Substantive testing substantiates the integrity of actual processing, such as balances on financial statements. The development of substantive tests is often dependent on the outcome of compliance tests. If compliance tests indicate that there are adequate internal controls, then substantive tests can be minimized. Stop-or-go sampling allows a test to be stopped as early as possible and is not appropriate for checking whether procedures have been followed. 2. The decisions and actions of an IS auditor are MOST likely to affect which of the following risks? A. Inherent B. Detection C. Control D. Business The correct answer is: B. Detection Explanation: Detection risks are directly affected by the auditor's selection of audit procedures and techniques. Inherent risks usually are not affected by the IS auditor. Control risks are controlled by the actions of the company's management. Business...

Words: 97238 - Pages: 389

Premium Essay

Impotent Music

...INFORMATION RESOURCE GUIDE Computer, Internet and Network Systems Security An Introduction to Security i Security Manual Compiled By: S.K.PARMAR, Cst N.Cowichan Duncan RCMP Det 6060 Canada Ave., Duncan, BC 250-748-5522 sunny@seaside.net This publication is for informational purposes only. In no way should this publication by interpreted as offering legal or accounting advice. If legal or other professional advice is needed it is encouraged that you seek it from the appropriate source. All product & company names mentioned in this manual are the [registered] trademarks of their respective owners. The mention of a product or company does not in itself constitute an endorsement. The articles, documents, publications, presentations, and white papers referenced and used to compile this manual are copyright protected by the original authors. Please give credit where it is due and obtain permission to use these. All material contained has been used with permission from the original author(s) or representing agent/organization. ii T eofContent abl 1.0 INTRODUCTION........................................................................................................................................................... 2 1.1 BASIC INTERNET TECHNICAL DETAILS ........................................................................................................................ 2 1.1.1 TCP/IP : Transmission Control Protocol/Internet Protocol .........................................

Words: 134858 - Pages: 540

Free Essay

Ethical Hacking

...This page was intentionally left blank This page was intentionally left blank Hands-On Ethical Hacking and Network Defense Second Edition Michael T. Simpson, Kent Backman, and James E. Corley ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest. Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated...

Words: 185373 - Pages: 742

Premium Essay

Paper

...Yarnell Senior Marketing Manager: Erin Coffin Marketing Coordinator: Shanna Gibbs Production Director: Carolyn Miller Production Manager: Andrew Crouth Senior Content Project Manager: Andrea Majot Senior Art Director: Jack Pendleton Cover illustration: Image copyright 2009. Used under license from Shutterstock.com Production Technology Analyst: Tom Stover © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the publisher. For product information and technology assistance, contact us at Professional Group Cengage Learning Customer & Sales Support, 1-800-354-9706 For permission to use material from this text or...

Words: 229697 - Pages: 919

Premium Essay

Internet

...The Future of the Internet A Compendium of European Projects on ICT Research Supported by the EU 7th Framework Programme for RTD European Commission I nform ati on S oc i et y and M ed ia Europe Direct is a service to help you find answers to your questions about the European Union New freephone number * 00 800 6 7 8 9 10 11 Certain mobile telephone operators do not allow access to 00800 numbers or these calls may be billed. In certain cases, these calls may be chargeable from telephone boxes or hotels. «The views expressed are those of the authors and not necessarily those of the European Commission or any of its officials» A great deal of additional information on the European Union is available on the Internet. It can be accessed through the Europa server (http://www.europa.eu). Cataloguing data can be found at the end of this publication. ISBN 978-92-79-08008-1 © European Communities, 2008 Reproduction is authorised provided the source is acknowledged. Printed in Belgium PRINTED ON CHLORE FREE PAPER The Future of the Internet A Compendium of European Projects on ICT Research Supported by the EU 7th Framework Programme for RTD European Commission I nform ati on S oc i et y and M ed ia ••• 2 Preface 5 priorities identified by the Internet Governance Forum: openness, security, access, diversity and critical Internet resources. The use of the Internet in public policies will considerably grow in areas such as education, culture, health and e-government...

Words: 66329 - Pages: 266

Premium Essay

Ggao-09-232g

...United States Government Accountability Office GAO February 2009 GAO-09-232G FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL (FISCAM) This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office Washington, DC 20548 February 2009 TO AUDIT OFFICIALS, CIOS, AND OTHERS INTERESTED IN FEDERAL AND OTHER GOVERNMENTAL INFORMATION SYSTEM CONTROLS AUDITING AND REPORTING This letter transmits the revised Government Accountability Office (GAO) Federal Information System Controls Audit Manual (FISCAM). The FISCAM presents a methodology for performing information system (IS) control 1 audits of federal and other governmental entities in accordance with professional standards, and was originally issued in January 1999. We have updated the FISCAM for significant changes affecting IS audits. This revised FISCAM reflects consideration of public comments received from professional accounting and auditing organizations, independent public accounting firms, state and local audit organizations, and interested individuals on the FISCAM Exposure Draft issued on July 31, 2008 (GAO-08-1029G)...

Words: 174530 - Pages: 699

Free Essay

Nit-Silchar B.Tech Syllabus

...NATIONAL INSTITUTE OF TECHNOLOGY SILCHAR Bachelor of Technology Programmes amï´>r¶ JH$s g§ñWmZ, m¡Úmo{ à VO o pñ Vw dZ m dY r V ‘ ñ Syllabi and Regulations for Undergraduate PROGRAMME OF STUDY (wef 2012 entry batch) Ma {gb Course Structure for B.Tech (4years, 8 Semester Course) Civil Engineering ( to be applicable from 2012 entry batch onwards) Course No CH-1101 /PH-1101 EE-1101 MA-1101 CE-1101 HS-1101 CH-1111 /PH-1111 ME-1111 Course Name Semester-1 Chemistry/Physics Basic Electrical Engineering Mathematics-I Engineering Graphics Communication Skills Chemistry/Physics Laboratory Workshop Physical Training-I NCC/NSO/NSS L 3 3 3 1 3 0 0 0 0 13 T 1 0 1 0 0 0 0 0 0 2 1 1 1 1 0 0 0 0 4 1 1 0 0 0 0 0 0 2 0 0 0 0 P 0 0 0 3 0 2 3 2 2 8 0 0 0 0 0 2 2 2 2 0 0 0 0 0 2 2 2 6 0 0 8 2 C 8 6 8 5 6 2 3 0 0 38 8 8 8 8 6 2 0 0 40 8 8 6 6 6 2 2 2 40 6 6 8 2 Course No EC-1101 CS-1101 MA-1102 ME-1101 PH-1101/ CH-1101 CS-1111 EE-1111 PH-1111/ CH-1111 Course Name Semester-2 Basic Electronics Introduction to Computing Mathematics-II Engineering Mechanics Physics/Chemistry Computing Laboratory Electrical Science Laboratory Physics/Chemistry Laboratory Physical Training –II NCC/NSO/NSS Semester-4 Structural Analysis-I Hydraulics Environmental Engg-I Structural Design-I Managerial Economics Engg. Geology Laboratory Hydraulics Laboratory Physical Training-IV NCC/NSO/NSS Semester-6 Structural Design-II Structural Analysis-III Foundation Engineering Transportation Engineering-II Hydrology &Flood...

Words: 126345 - Pages: 506

Premium Essay

Damsel

...2014-2015 Undergraduate Academic Calendar and Course Catalogue Published June 2014 The information contained within this document was accurate at the time of publication indicated above and is subject to change. Please consult your faculty or the Registrar’s office if you require clarification regarding the contents of this document. Note: Program map information located in the faculty sections of this document are relevant to students beginning their studies in 2014-2015, students commencing their UOIT studies during a different academic year should consult their faculty to ensure they are following the correct program map. i Message from President Tim McTiernan I am delighted to welcome you to the University of Ontario Institute of Technology (UOIT), one of Canada’s most modern and dynamic university communities. We are a university that lives by three words: challenge, innovate and connect. You have chosen a university known for how it helps students meet the challenges of the future. We have created a leading-edge, technology-enriched learning environment. We have invested in state-of-the-art research and teaching facilities. We have developed industry-ready programs that align with the university’s visionary research portfolio. UOIT is known for its innovative approaches to learning. In many cases, our undergraduate and graduate students are working alongside their professors on research projects and gaining valuable hands-on learning, which we believe is integral...

Words: 195394 - Pages: 782

Premium Essay

Cataolog

...ork2012 - 2013 Catalog A Message from the President “Sullivan University is truly a unique and student success focused institution.” I have shared that statement with numerous groups and it simply summarizes my basic philosophy of what Sullivan is all about. When I say that Sullivan is “student success focused,” I feel as President that I owe a definition of this statement to all who are considering Sullivan University. First, Sullivan is unique among institutions of higher education with its innovative, career-first curriculum. You can earn a career diploma or certificate in a year or less and then accept employment while still being able to complete your associate, bachelor’s, master’s or doctoral degree by attending during the day, evenings, weekends, or online. Business and industry do not expand or hire new employees only in May or June each year. Yet most institutions of higher education operate on a nine-month school year with almost everyone graduating in May. We remained focused on your success and education, and continue to offer our students the opportunity to begin classes or to graduate four times a year with our flexible, year-round full-time schedule of classes. If you really want to attend a school where your needs (your real needs) come first, consider Sullivan University. I believe we can help you exceed your expectations. Since words cannot fully describe the atmosphere at Sullivan University, please accept my personal invitation to visit and experience...

Words: 103133 - Pages: 413

Premium Essay

Accounting Dictionary

...importance to the technical accuracy of the manuscript. Gerald J. Barry suggested many meaningful insertions and deletions that greatly enhanced the authors' prose. Thanks also go to Roberta Siegel and Cher Ragge for their assistance with the computer terms, graphics, and word processing. Anna Damaskos, Don Reis, Sally Strauss, and Eileen Prigge of Barron's have been invaluable during the many stages of editing the manuscript into its bound book form. © Copyright 2000 by Barron's Educational Series, Inc. Prior editions © 1995, 1987 by Barron's Educational Series, Inc. All rights reserved. No part of this book may be reproduced in any form, by photostat, microfilm, xerography, or any other means, or incorporated into any information retrieval system, electronic or mechanical, without the written permission of the copyright owner. All inquiries should be addressed to: Barron's Educational Series, Inc. 250 Wireless Boulevard Hauppauge, NY 11788 http://www.barronseduc.com Library of Congress...

Words: 195124 - Pages: 781