Premium Essay

Lab 3 Assessment

In:

Submitted By davidv
Words 473
Pages 2
Lab 3 Assessment Worksheet
Data Gathering and Foot-printing a Target Website

1. Which reconnaissance tool comes with Microsoft Windows that can provide and can be initiated from the DOS command prompt? What useful information does this query provide?
Sam Spade, Whois, ping, IP block whois, nslookup, dig, DNS zone transfer, traceroute, finger, SMTP, VRFY, and Web browser. It provides which ports are open, a list of ip addresses or name resolutions.

2. What is the difference between ARIN, RIPE, IANA? What regions of the world do these domain name registry organizations cover?
The location or region of the world it is located in. ARIN covers North America, Africa South of the equator and portions of the Caribbean. APNIC covers Asia and Pacific Region, LACNIC covers Latin America and portions of the Caribbean, and RIPE covers Europe, parts of Asia, Africa north of the equator, and the Middle East.

3. What other functions can be completed using the Sam Spade Utility?
Command-line tools to include whois, traceroute, finiger, ping, and nslookup.

4. What is the purpose of the traceroute command? What useful information does traceroute provide? How can this information be used to attack the targeted website?
It traces the routes packets take from the user to the target. It shows a route by hops. They target the host address.

5. What important information can be gleaned from a whois record for a website?
Whois provides ownership and contact information for the specified host's domain. This tool is increasingly convenient as the number of domain name registrars grows

6. How many different WhoIs profiles are pre-loaded in the Sam Spade Utility?
100

7. Is Sam Spade an intrusive tool? What is your perspective on the use of a freeware utility such as Sam Spade?
No it is not it is a security tool.

8. What do you think companies and organizations

Similar Documents

Premium Essay

Lab 3 Assessment Questions Is3350

...1. Did CardSystems Solutions break any federal or state laws? • Federal Trade Commission presented a decision order on CardSystems Solutions and its predecessors as a result of negligence and violation of FTC Act 15, U.S.C. 41-58. 2. CardSystems Solutions claim to have a hired an auditor to assess compliance with PCI DSS and other best practices for ensuring the C-I-A of privacy data for credit card transaction processing. Assuming the auditor did indeed perform a PCI DSS security compliance assessment, what is your assessment of the auditor’s findings? • If compliant they would have implemented proper IP s firewalls or maintained their anti-virus program definitions. Also they were required to encrypt all stored sensitive privacy data for research. 3. Can CardSystems sue the auditor for not performing his or her tasks and deliverables with accuracy? Do you recommend that CardSystems Solutions pursue this avenue? • No because they were PCI DSS compliant in 2004 but was not certifiably compliant at the time of attack in June of 2005. 4. Who do you think is negligent in this case study and why? • CardSystems. Given their high profile, they were expected to be in compliance for properly storing and protecting all privacy data including gathered transactions and credit card information of their cliental in an encrypted manner. 5. Do the actions of the CardSystems warrant an “unfair trade practice” designation as stated by the Federal Trade Commission (FTC)? • Yes,...

Words: 649 - Pages: 3

Premium Essay

Module 3 Essay

...Contact/Instructional hours: 56 (34 Theory, 22 Lab) Prerequisite: NT1110 Computer Structure and Logic or equivalent © ITT Educational Services, Inc. All Rights Reserved. -1- 05/08/2013 Introduction to Networking SYLLABUS COURSE SUMMARY COURSE DESCRIPTION This course serves as a foundation for the study of computer networking technologies. Concepts in data communications, such as signaling, coding and decoding, multiplexing, circuit switching and packet switching, OSI and TCP/IP models, LAN/WAN protocols, network devices and their functions, topologies and capabilities are discussed. Industry standards and the development of networking technologies are surveyed in conjunction with a basic awareness of software and hardware components used in typical networking and internetworking environments. MAJOR INSTRUCTIONAL AREAS 1. Networking fundamentals 2. The OSI model and its use in networking 3. LANs, WANs, MANs and their implementation 4. Physical layer fundamentals 5. Basics of the data link layer 6. The functions of TCP/IP 7. IP addressing, subnetting, and supernetting 8. Diagramming the physical components that comprise a network 9. Logic created by the interconnectivity of network components 10. Applying network security 11. Future developments in networking COURSE OBJECTIVES 1. Explain key networking concepts and terminology. 2. Identify the advances in computer networking from an historical perspective. 3. Describe the OSI and TCP/IP...

Words: 4795 - Pages: 20

Premium Essay

Btech Lab System: The Identification Of Threat

...Assessment Phase1: The System Description In this step we will be looking at the whole Btech Lab system as described above analysing the current boundaries of the system, and also looking at the elements that define the system along with the resources that are in the Btech lab. Phase 2: The Identification of Threat This step looks at the current threats that are a risk to the security of the Btech Lab and ways to limit the risk of occurrence. One threat that is identified is the unauthorized users that utilize the Lab, the current security access used is a finger print system (Biometrics system) but students bring their friend and open for them which the increases the risk of theft and damage of equipment. Phase 3: The Vulnerability...

Words: 937 - Pages: 4

Free Essay

Is4670 Week 3 Lab

...Week 3 Laboratory Week 3 Lab Part 1: Automate Digital Evidence Discovery Using Paraben’s P2 Commander Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Open an existing case file using P2 Commander * Analyze the data in the image and the files saved in the case * Sort and identify evidence file types in a case using Paraben's P2 Commander forensic tool * Use P2 Commander to identify information for potential evidence contained in chat logs such as Skype chat * Analyze the contents of user profiles and data using the P2 Commander browser Week 3 Lab Part 1 - Assessment Worksheet Overview View the Demo Lab available in the Practice section of Learning Space Unit 5 and then answer the questions below. The video will demonstrate the use of Paraben's P2 Commander and outline the different forensics capabilities of the tool. Lab Assessment Questions & Answers 1. When talking about Information Security, what does the 'CIA' stands for? CIA in information security stands for confidentiality, integrity and availability. 2. When would it be a good practice to classify data? It would be a good practice to classify data when you need to extract files from a hard drive or system for investigating in order to accurately organize the findings. 3. What is Security classification? Security classification is the security level assigned to a government document, file...

Words: 635 - Pages: 3

Premium Essay

Health Assessment Family

...COLLABORATIVE BACHELOR OF SCIENCE IN NURSING PROGRAM (University of Windsor, Lambton College, St. Clair College – Windsor & Thames) Health Assessment NRS 63-166 Fall 2011 Site: St Clair College, Thames Campus Teaching Faculty Linda O’Halloran Phone: 519-354-9714 Ext. 3233 E-mail: lohalloran@stclaircollege.ca Office Hours: Monday’s 1100 – 1200, Tuesday’s 1000 - 1600 or by appointment Course Location Room 118 Course Times: Monday’s 1200 – 1400 – lecture Labs: weekly- either Monday or Tuesday as per your schedule Lab Teaching Instructor Maureen Eyres Andrea Reddam Vanessa Schinkel ©Collaborative BScN Program 2010 ALL RIGHTS RESERVED INTRODUCTION TO COLLABORATIVE BScN PROGRAM Mission Statement As partners, the Faculty of Nursing at the University of Windsor with St. Clair College (Windsor and Thames Campuses) and Lambton College (Sarnia) undertake the shared commitment to excellence in the preparation of Bachelor of Science in Nursing (BScN) candidates who embody our core values and the best elements of the art and science of nursing, education, leadership, research, and practice in their professional journeys. Vision EXCELLENCE in nursing education, practice, and research. Core Values ...

Words: 4870 - Pages: 20

Premium Essay

Accounting

...------------------------------------------------- Graded Assignment Requirements Assignment Requirements documents provided below must be printed and distributed to students as the guidance for completing the assignments and submitting them for grading. Instructors must remind students to retain all handouts and assignment documents issued in every unit, as well as student-prepared documentation and graded deliverables. Some or all these documents will be used repeatedly across different units. Unit 1. Lab 1. Preparing a Virtual Workstation Image Windows 7 Virtual Machine “Keyless” Installation and Re-arm Process Purpose: This section describes the reason for and the procedure to use the “keyless” installation for Windows 7 Professional applicable to our lab environment for IT109/NT1230, and to use the “Re-arm” procedure to extend the trial period to meet our curriculum needs. Background: In installing Windows 7 Professional into a virtual machine in the VMware Player for the labs in our lab environment, if the Product Key for Windows 7 Professional is applied and activated during or at the end of the installation, the installed virtual machine will be authorized to launch only from the physical computer from which it was installed, as Microsoft registers the product key to associate with the hardware identity of the physical computer in their antipiracy database during the activation process. Subsequently, if the virtual machine is launched from a different computer, Microsoft...

Words: 5558 - Pages: 23

Premium Essay

Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes

...Week 1 Lab Part 1: Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: 1. Configure user accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what...

Words: 1428 - Pages: 6

Free Essay

Vulnerability Assessment Scan

...------------------------------------------------- Lab Assignment for Chapter 3 Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to 
perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings of the vulnerability assessment scan and...

Words: 559 - Pages: 3

Premium Essay

Applying Owasp to a Web Security Assessment

...Assessment Worksheet Applying OWASP to a Web Security Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you explored the Open Web Application Security Project (OWASP) Web site and reviewed its Web application test methodology. You studied the standards and guides published by this project and summarized your findings. Finally, you drafted a Web Application Test Plan based on the information you gained in your OWASP research. Lab Assessment Questions & Answers 1. Identify the four recognized business functions and each security practice of OpenSAMM. 1) Governance 2) Construction 3) Verification 4) Deployment 2. Identify and describe the four maturity levels for security practices in SAMM. 1) Implicit starting point representing the activities in the Practice being unfulfilled 2) Initial understanding and ad hoc provision of Security Practice 3) Increase efficiency and/or effectiveness of the Security Practice 4) Comprehensive mastery of the Security Practice at scale 3. What are some activities an organization could perform for the security practice of Threat Assessment? Threat Assessment involves accurately identifying and characterizing potential attacks...

Words: 574 - Pages: 3

Free Essay

114 Outline

...Information Systems and Technology Faculty of Engineering & Information Sciences Head of School Associate Professor Rajeev Sharma, Student Resource Centre, Tel: (02) 4221 3491 ISIT114 Object Oriented Programming Subject Outline Spring Session 2014 Consultation Times: Subject Coordinator Telephone Number: Email: Location: Dr. Sifer's consultation times during session: Day Monday Wednesday Subject Organisation: Session: Credit Points Contact hours per week: Lecture Times & Location: Tutorial Day, Time and Location can be found at: Spring Session, Wollongong Campus 6 credit points 2 Hours Lec, 2 Hours Lab Wed 10:30-12:30 67-104 http://www.uow.edu.au/student/timetables/index.html Time 9:00 - 11:00am 1:30 - 3:30pm Dr Mark Sifer 4221 4919 msifer @uow.edu.au 39.219 Students should check the subject's web site regularly as important information, including details of unavoidable changes in assessment requirements will be posted from time to time via MOODLE http://www.uow.edu.au/student/ . Any information posted to the web site is deemed to have been notified to all students. Subject Description: The aims of this subject are to consolidate and extend student's knowledge and skills in structured programming and to introduce them to the concepts and practice of object oriented programming. To achieve this aim the subject will provide students with an opportunity to develop further programming skills and good coding style; develop skills in using the object-oriented concepts of inheritance, encapsulation...

Words: 2995 - Pages: 12

Premium Essay

Information Security

...JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY Security Strategies in Windows Platforms and Applications 1E REVISED 38542_FMxx.indd i 9/5/12 10:48 AM World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The Laboratory Manual to accompany Security Strategies in Windowa Platforms and Applications is an independent publication and has not been authorized, sponsored, or otherwise...

Words: 25969 - Pages: 104

Premium Essay

Lab 24 Science

...# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing Packet Capture and Traffic Analysis 6 Implementing a Business Continuity Plan 7 Using Encryption to Enhance Confidentiality and Integrity 8 Performing a Web Site and Database Attack by Exploiting Identified Vulnerabilities 9 Eliminating Threats with a Layered Security Approach 10 Impementing an Information Systems Security Policy# Lab Title 1 Performing Reconnaissance and Probing using Common Tools 2 Performing a Vulnerability Assessment 3 Enabling Windows Active Directory and User Access Controls 4 Using Group Policy Objects and Microsoft Baseline Security Analyzer for Change Control 5 Performing...

Words: 426 - Pages: 2

Premium Essay

Diploma

...Contact : 5 Hours (3 Hours Lecture + 2 Hour Tutorial/Practical) Independent Self-Learning : 160 Hours Prerequisite : Not Available Consultation Hours : Every Wednesday (02:00pm-5:00pm) (Subject to pre-arrangement only) COURSE OBJECTIVE This course is a comprehensive introduction to the realm of Principles of Information Technology. This is an introductory module to the current and evolving technologies in today’s computer systems. It introduces information technology concepts and principles. This module explains major components of information systems and demonstrates applications of information systems in business. Students are provided with sophisticated knowledge and necessary skills of information technology. Principles of Information Technology is a course that will provide students with computer skills necessary to be successful in “real world” personal and business situations. Students will use Microsoft Office to learn word processing, desktop publishing, presentation software, spreadsheets, and databases. COURSE OUTCOMES On completion of the course, students will be able to: 1. Demonstrate an understanding of basic information technology concepts and principles 2. Describe major components of information systems 3. Discuss business applications of information systems 4. Use Office application software and apply the computer skills effectively METHODS OF TEACHING Lectures and tutorials/lab practices INSTRUCTIONAL...

Words: 1347 - Pages: 6

Premium Essay

Lab 2

...IS3110 Lab #2: Assessment Worksheet Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls Student Name: _____________________________________________________________ 1. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), High/Medium/Low Nessus Risk Factor Definitions for Vulnerabilities) a. b. c. d. e. 2. For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk Management control objectives are affected? • PO9.1 IT Risk Management Framework • PO9.2 Establishment of Risk Context • PO9.3 Event Identification • PO9.4 Risk Assessment • PO9.5 Risk Response • PO9.6 Maintenance and Monitoring of a Risk Action Plan 3. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), specify whether the threat or vulnerability impacts confidentiality – integrity – availability: Confidentiality Integrity Availability a. b. c. d. e. 4. For each of the threats and vulnerabilities from Lab #1 (List at Least 3 and No More than 5) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure? 5. For each of the threats and vulnerabilities from Lab #1 – (List at Least 3 – No More than 5), assess the risk impact or risk factor that it has on your organization in the following areas: a. Threat or Vulnerability #1: o Information...

Words: 469 - Pages: 2

Premium Essay

Chapter 5 Assessment

...Lab #4 - Assessment Worksheet Performing a Qualitative Risk Assessment for an IT Infrastructure Course Name and Number: CYBS 221 1001 Student Name: Kendall Watson Instructor Name: Dave Anderson Lab Due Date: September 20, 2015 at 11:59pm Overview In this lab, you defined the purpose of an IT risk assessment, you aligned identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you classified the risks, threats, and vulnerabilities, and you prioritized them. Finally, you wrote an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance. Lab Assessment Questions & Answers 1. What is an IT risk assessment's goal or objective? Click here to enter text. The goal is to define how the risk to the system will be managed, controlled, and monitored. 2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure? A qualitative assessment is based on opinion than actual fact, and IT risk assessments need to be based on a quantitative analysis. 3. What was your rationale in assigning a "1" risk impact/risk factor value of "Critical" to an identified risk, threat, or vulnerability? The critical needs to be mitigated immediately. 4. After you had assigned the "1," "2," and "3" risk impact/risk factor values to the identified risks, threats, and vulnerabilities...

Words: 428 - Pages: 2