...Lab #4 – Assessment Worksheet Using Ethical Hacking Techniques to Exploit a Vulnerable Workstation IS4650 Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you performed all five phases of ethical hacking: reconnaissance (using Zenmap GUI for Nmap), scanning (using OpenVAS), enumeration (exploring the vulnerabilities identified by OpenVAS), compromise (attack and exploit the known vulnerabilities) using the Metasploit Framework application), and conducted post-attack activities by recommending specific countermeasures for remediating the vulnerabilities and eliminating the possible exploits. Lab Assessment Questions & Answers 1. What are the five steps of ethical hacking? reconnaissance, scanning,enumeration, compromise, post-attack activities: recommended countermeasures for remediation. 2. During the reconnaissance step of the attack, what open ports were discovered by Zenmap? What services were running on those ports? There were several Ports, I will list onl a few POrts, 21,3306,22,53,445,111,25, all running TCP: the services running were Linux telneted, smtp Postfix, Apache Tomcat/Coyote JSP 3. What step in the hacking attack process uses Zenmap? Reconnaissance ...
Words: 285 - Pages: 2
...Unit 1 Individual Project Danielle Hunker Ethical Hacking Colorado Technical University Online CSS280 February 22, 2016 Assessment Worksheet Assessing and Securing Systems on a Wide Area Network (WAN) Course Name and Number: Ethical Hacking CSS280 Student Name: Danielle Hunker Instructor Name: Jimmy Irwin Lab Due Date: February 22, 2016 Overview In this lab, a systems administrator for the securelabsondemand.com network has reported odd behavior on two servers that support legacy applications you first conducted internal penetration tests (also called a vulnerability scan) on each system and then helped secure those systems by configuring firewalls and removing vulnerable open ports. Lab Assessment Questions & Answers 1. What is the first Nmap command you ran in this lab? Explain the switches used. Nmap command: nmap –O –v 10.20.100.50 -O was the switch used to detect the operating system 10.20.100.50 -v was the switch used to show the detail of 10.20.100.50 2. What are the open ports when scanning 192.168.3.25 and their service names? * 80 HTTP services * 135 Microsoft EPMAP (End Point Mapper) * 139 NetBios session service * 445 Microsoft DS, SMB file sharing and CIFS (common internet file sharing) * 3389 RDP (Remote Desktop Protocol) * 5357 WSDAPI web services for devices * 49152 uo to 49157 DCOM or ephemeral ports 3. What is the command line syntax for running an SMB vulnerability scan...
Words: 832 - Pages: 4
...Ethical Hacking and Network Defense Unit 1 Assignment Kaplan University Table of Contents Scope Goals and Objectives Tasks Reporting Schedule Unanswered Questions Authorization Letter Scope Production e-commerce Web application server and Cisco network described in Figure 1.1. Located on ASA_Instructor, the e-commerce Web application server is acting as an external point-of-entry into the network: • Ubuntu Linux 10.04 LTS Server (TargetUbuntu01) • Apache Web Server running the e-commerce Web application server • Credit card transaction processing occurs • The test will include penetrating past specific security checkpoints. • The test can compromise with written client authorization only. Goals and Objectives John Smith, CEO of E-commerce Sales, has requested that we perform a penetration test on the company’s production e-commerce Web application server and its Cisco network. It is our intention to run various penetration tests at irregular times in order to accurately test security measures that have been put in place. E-commerce Sales will not be aware of any of the penetration measures nor will they be aware of the times that this will be done. Information about the network will be gathered and analyzed for any open network interfaces. Success of the test is determined by determining any...
Words: 1705 - Pages: 7
...environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50 Who Should Attend This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Duration 5 days (9:00 – 5:00) Certification The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification. Page 2 EC-Council Legal Agreement Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be ...
Words: 458 - Pages: 2
...HACKING Introduction • Hacking is unauthorized use of computer and network resources. • According to Computer Crime Research Center: “It is act of gaining access without legal authorization to computer or computer network.” • Traditionally hacking refers to the hobby/profession of working with computers. • But now a days it refers to breaking into computer systems. History • 1960s – MIT AI Lab – Ken Thompson invented UNIX – Positive Meaning • 1980s – Cyberspace coined – 414s arrested – Two hacker groups formed – 2600 published • 2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. • 2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. Types of hackers Knowledge based: • Coders • Admins • Script kiddies Legality based: • Black hat hacker • White hat hacker • Grey hat hacker Script Kiddies: – who use scripts or programs developed by others to attack computer systems and networks and deface websites.[ Phreak – Person who breaks into telecommunications systems to [commit] theft Cyber Punk – Recent mutation of … the hacker, cracker, and phreak White hat hacker who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. Black hat hacker A black hat is the villain or bad guy, especially in a western...
Words: 383 - Pages: 2
...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...
Words: 6103 - Pages: 25
...Hands-On Ethical Hacking and Network Defense Second Edition Chapter 3 Network and Computer Attacks Objectives • After this lecture and completing the exercises, you will be able to : – Describe the different types of malicious software and what damage they can do – Describe methods of protecting against malware attacks – Describe the types of network attacks – Identify physical security attacks and vulnerabilities Hands-On Ethical Hacking and Network Defense, Second Edition 2 Malicious Software (Malware) • Network attacks prevent a business from operating – Malicious software (malware) • Virus • Worm • Trojan program – Goals • • • • Destroy data Corrupt data Shutdown a network or system Make money 3 Hands-On Ethical Hacking and Network Defense, Second Edition Viruses • Virus attaches itself to a file or program – Needs host to replicate – Does not stand on its own – No foolproof prevention method • Antivirus programs – Detection based on virus signatures • Signatures are kept in virus signature file • Must update periodically • Some offer automatic update feature Hands-On Ethical Hacking and Network Defense, Second Edition 4 Table 3-1 Common computer viruses Hands-On Ethical Hacking and Network Defense, Second Edition 5 Viruses (cont’d.) • Encoding using base 64 – – – – – – – – Typically used to reduce size of e-mail attachments Also, used to encrypt (hide) suspicious code. Represents zero to 63 using six bits A is 000000… Z is 011001 Create groups of four characters...
Words: 1394 - Pages: 6
...Ethical hacking by C. C. Palmer The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization’s secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients. T he term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as: HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically...
Words: 6482 - Pages: 26
...Ethical hacking by C. C. Palmer The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization’s secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients. scribe the rapid crafting of a new program or the making of changes to existing, usually complicated software. As computers became increasingly available at universities, user communities began to extend beyond researchers in engineering or computer science to other individuals who viewed the computer as a curiously flexible tool. Whether they programmed...
Words: 6481 - Pages: 26
...2011 Ethical Hacking & Penetration Testing ACC 626: IT Research Paper Emily Chow 20241123 July 1, 2011 I. Introduction Due to the increasing vulnerability to hacking in today’s changing security environment, the protection of an organization’s information security system has become a business imperative . With the access to the Internet by anyone, anywhere and anytime, the Internet’s “ubiquitous presence and global accessibility” can become an organization’s weakness because its security controls can become more easily compromised by internal and external threats. Hence, the purpose of the research paper is to strengthen the awareness of ethical hacking in the Chartered Accountants (CA) profession, also known as penetration testing, by evaluating the effectiveness and efficiency of the information security system. 2 1 II. What is Ethical Hacking/Penetration Testing? Ethical hacking and penetration testing is a preventative measure which consists of a chain of legitimate tools that identify and exploit a company’s security weaknesses . It uses the same or similar techniques of malicious hackers to attack key vulnerabilities in the company’s security system, which then can be mitigated and closed. In other words, penetration testing can be described as not “tapping the door” , but “breaking through the door” . These tests reveal how easy an organization’s security controls can be penetrated, and to obtain access to its confidential and sensitive information asset by hackers...
Words: 11999 - Pages: 48
...Lab #9 - Assessment Worksheet Investigating and Responding to Security Incidents Course Name and Number: CSS280-1501A-01 Ethical Hacking Student Name: ***** ****** Instructor Name: ***** ****** Lab Due Date: 2/9/2015 Overview In this lab, you acted as a member of the incident response team who had been assigned an incident response in the form of a help desk trouble ticket. You followed the phases of a security incident response to investigate the event, contain the malware, eradicate the suspicious files, re-test the system in readiness for returning it to service, and complete a detailed security incident response report in the provided template. You used AVG Anti-Virus Business Edition to scan the infected workstation and documented your findings as you proceeded. Lab Assessment Questions & Answers 1. When you are notified that a user's workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why? Have the user of the machine cease all activity and contain the infected machine by disconnecting from the network (unplug Ethernet cable or disable wireless), leaving it isolated but not powered off. It should be left in its steady state. This isolates the contaminated workstation from the organization’s network and Internet, as well as preventing the contamination from spreading. Logs, memory forensics...
Words: 1206 - Pages: 5
...Chapter-1 1.0 Introduction With the tremendous advancement of Internet, different aspects of it are achieving the highest peak of growth. An example of it is e-commerce. More and more computers get connected to the Internet, wireless devices and networks are booming and sooner or later, nearly every electronic device may have its own IP address. The complexity of networks is increasing, the software on devices gets more sophisticated and user friendly – interacting with other devices and people are a main issues. At the same time, the complexity of the involved software grows, life cycles are getting shorter and maintaining high quality is difficult. Most users want (or need) to have access to information from all over the world around the clock. Highly interconnected devices which have access to the global network are the consequence. As a result, privacy and security concerns are getting more important. In a word, information is money. There is a serious need to limit access to personal or confidential information – access controls are needed. Unfortunately most software is not bug free due to their complexity or carelessness of their inventors. Some bugs may have a serious impact on the access controls in place or may even open up some unintended backdoors. Security therefore is a hot topic and quite some effort is spent in securing services, systems and networks. On the internet, there is a silent war going on between the good and the bad guys – between the ones...
Words: 8365 - Pages: 34
...PROFESSIONAL ISSUES IN INFORMATION TECHNOLOGY EDUCATION BACKGROUND SWINBURNE UNIVERSITY OF TECHNOLOGY SARAWAK CAMPUS 4235614 Fanny Angga Kartikasari 4216989 Abdul Afiz Nuhu 4204069 Abdulahi Baba Ari 4230590 Indeewari Kumarage 4213475 Norazreen Bt Mohd Rafi 4194071 Nur Azura Mohammad PIIT Project – University Information System Table of Contents Abstract ...................................................................................................................................................... 3 1. 2. 3. 4. 5. 6. Introduction ........................................................................................................................................ 4 TOE Framework ................................................................................................................................. 6 Methodology....................................................................................................................................... 7 ITIL Framework ................................................................................................................................. 7 Hypotheses.......................................................................................................................................... 8 Data Analysis .................................................................................................................................... 14 6.1 Policy Statement ................................................
Words: 11457 - Pages: 46
...Assignment Professor DePriest September 2, 2014 Unit 4 Assignment Essay Questions Scenario 1: You are working as a designer for a university that offers a program in Computer Science. One of the tracts is computer security. One of your colleagues has recommended adding a course addressing network security. In this course, students learn about the history of networks and study network attacks that have caused significant damage to the network that was the subject of the attack. During the second term of this two semester course, the students are taught how to hack into a system, how to create malware (including Trojan horses, viruses, and worms), and how to perpetrate a DOS attack. Choose one or more of the ethical theories discussed in Chapter 2 and combine that with research to determine whether this course should be taught. Be sure to discuss both sides of the issue before taking a specific side. Would it make a difference if this were a graduate or PhD level course instead of an undergraduate level course? Explain. Disadvantages According to research, there are many concerns for offering hands-on training to students in a computer network class. According to Trabelsi & Ibrahim (2013), UAE conducted a survey of the students who used the skills learned in the hands-on DOS attack class. Eighty five percent of students used the skills learned outside the isolated network university lab. These concerns would be the following: that the skills learned in class could be used inappropriately...
Words: 1270 - Pages: 6
...Assessment Worksheet Applying OWASP to a Web Security Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you explored the Open Web Application Security Project (OWASP) Web site and reviewed its Web application test methodology. You studied the standards and guides published by this project and summarized your findings. Finally, you drafted a Web Application Test Plan based on the information you gained in your OWASP research. Lab Assessment Questions & Answers 1. Identify the four recognized business functions and each security practice of OpenSAMM. 1) Governance 2) Construction 3) Verification 4) Deployment 2. Identify and describe the four maturity levels for security practices in SAMM. 1) Implicit starting point representing the activities in the Practice being unfulfilled 2) Initial understanding and ad hoc provision of Security Practice 3) Increase efficiency and/or effectiveness of the Security Practice 4) Comprehensive mastery of the Security Practice at scale 3. What are some activities an organization could perform for the security practice of Threat Assessment? Threat Assessment involves accurately identifying and characterizing potential attacks...
Words: 574 - Pages: 3