Nt2580 Lab 2

In: Computers and Technology

Submitted By nieruhawic
Words 405
Pages 2
NT 2580
Week 2
Lab 2

1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application.
It’s used for port scanning. It can be used to see what hosts are on the network and to see what services they are running.
2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure?
Threats and vulnerabilities lead risks, if you don’t have then then you don’t have any risk of anyone getting into your network
3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan?
That would be Nessus is the application used.
4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures?
You must get written permission
5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website?
A CVE (Common Vulnerabilities and Exposures) are known vulnerabilities and also show you how to patch them. They are from the Mitre Corporation but are under contract for Homeland Security and NCSD.
6. Can ZenMap GUI detect what operating systems are present on IP servers and workstations? What would that option look like in the command line if running a scan on 172.30.0.10?
Yes it can detect what OS are being used. The command would be –o.
7. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus vulnerability assessment scan?
You can tell the scan to only include windows vulnerabilities.
8. Once vulnerability is identified by Nessus, where can you check for more information regarding the identified vulnerability, exploits, and…...

Similar Documents

Nt2580 Lab 2

...1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. / Scanning all domains within the local domain. / If I was a financial accountant, I would use this to see what my employees are accessing and who is doing what on the company internet. I would like to find out who is compromising their privileges and accessing inappropriate sites. 2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? / They all affect security and integrity of a network domain local. 3. Which application is used in step #2 in the hacking process to perform a vulnerability assessment scan? / Nessus 4. Before you conduct an ethical hacking process or penetration test in a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? / Perform an IP host discovery and port intense scan 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? / A system that provides a record for publicly know ISS vulnerability / The public 6. Can ZenMap GUI detect what operating systems are present on IP servers and Workstations? What would that option look like in the command line if running a scan on 172.30.0.10? / Yes / It would be the green text in the command line 7. If you have scanned a live host and......

Words: 286 - Pages: 2

Nt2580 Lab 4

...1. Define why change control management is relevant to security operations in an organization. Change control is a systematic approach to managing all changes made to a product or system. The purpose is to ensure that no unnecessary changes are made, that all changes are documented, that services are not unnecessarily disrupted and that resources are used efficiently. 2. What type of access control system uses security labels? A LBAC Label-base access control 3. Describe two options you would enable in a Window’s Domain password policy. Uppercase letters along with lowercase and numbers 0-9 4. Where would patch management and software updates fall under in security operations and management? The SA or other authorized personnel are responsible for informing local administrators about patches that correspond to software packages included on the organizational software inventory. 5. Is there a setting in your GPO to specify how many login attempts will lockout an account? Name 2 parameters that you can set to enhance the access control to the system. Yes, you can augment the default access privileges for an access level. When you configure a user account, you can give the account one of three privilege levels: full access, port-configuration access, and read-only access. 6. What are some Password Policy parameter options you can define for GPOs that can enhance the C-I-A for system access? A good password policy should require passwords to be...

Words: 648 - Pages: 3

Nt2580 Lab 8

...1. To make sure no one can penetrate your web application before you put it in a live situation. 2. computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others 3. A reflective attack involves the web application dynamically generating a response using non-sanitized data from the client scripts 4. methods, including character scrambling and masking, numeric variance and nulling, rely on an array of built-in SQL Server system functions that are used for string manipulation. 5. to enter the database with administrator rights, best way to avoid this using Java on the website. 6. Well-coordinated and regularly audited security checks are the best way forward. 7. Large numbers of binary planting vulnerabilities known as “dll spoofing” or “dll preloading attacks” have been discovered in third party applications running on Microsoft windows platforms. 8. SQL Inject Me allows you to test for SQL injection vulnerabilities that hackers can use to hijack your data and modify the contents of a database. Some of these vulnerabilities will even allow an attacker to execute administrative operations on the database, which is disastrous. 9. The primary components that make up your network infrastructure are routers, firewalls, and switches. They act as the gatekeepers guarding your servers and applications from attacks and intrusions. 10. The C-I-A pf production web application and web servers......

Words: 252 - Pages: 2

Itt Nt2580 Lab #5

...Lab #5 1. What is the purpose of the address resolution protocol (ARP)? ARP is a protocol used for resolution of IP addresses into MAC addresses and vice versa. 2. What is the purpose of the dynamic host control protocol (DHCP)? DHCP is used on an IP network to assign IP addresses to computers on the network. This is done without any human intervention. The computer requesting a DHCP-assigned address is given one by the network’s DHCP server within a range of assigned IP addresses which are tracked by the DHCP server. A DHCP-assigned address is normally assigned to a computer for a set lease time and after that lease expires, the computer must renew the IP address or request a new one. 3. What was the DHCP allocated source IP host address for the Student VM and the Target VM? (retracted) 4. When you pinged the targeted IP host, what was the source IP address and destination IP address of the ICMP echo-request packet? Source: 10.134.112.42 (my external IP) Destination: 98.138.253.109 (www.yahoo.com) 5. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet? If yes, how many ICMP echo-reply packets were sent back to the IP source? Yes, the target did respond with ICMP echo reply packets. My computer sent four request packets and the destination server sent four reply packets back. 6. Find a TCP 3-way handshake for a TELNET, FTP, or SSH session. What is the significance of the TCP 3-way......

Words: 552 - Pages: 3

Nt2580 Lab 1

...Lab #1 – Assessment Worksheet Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Course Name & Number: Overview Hackers traditionally follow a 5-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying your target and learning as much as possible about the target. Hackers traditionally perform an initial reconnaissance & probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, students will plan an attack on 172.30.0.0/24 where the VM server farm resides. Using ZenMap GUI, students will then perform a “Ping Scan” or “Quick Scan” on the targeted IP subnetwork. Lab #1 Assessment Questions & Answers 1. Name at least five applications and tools pre-loaded on the Windows 2003 Server Target VM (VM Name: “WindowsTarget01”) and identify whether that application starts as a service on the system or must be run manually? Windows Applications Loaded Starts as Service Y/N 1. Splunk Y 2. Putty N 3. Nessus® Y 4. tftpd32 Y 5. Filezilla FTP Y 6. There are others… Y/N 2. What was the DHCP allocated source IP host address for the Student VM, DHCP Server, and IP default gateway router? At the DOS Command Prompt, type “ipconfig” to display the IP address of your Student VM workstation. After you “ping” other devices, you can display the ARP cache in your Student VM workstation by typing “arp –a” to obtain the answer to this......

Words: 825 - Pages: 4

Itt Lab 6 Nt2580

...Lab #6 – Business Recovery Strategy Assessment Spreadsheet e-Commerce/e-Business Organization List of Key Business Functions & Processes - E-commerce processes – primary revenue source for the organization -E-mail based communications – internal for business communications and external for customer service -Telephone call center and on-line customer services – enhanced e-customer service delivery with call center and self-service customer website -Manufacturing and production line – just in time inventory and distribution of products -Production processes – just in time manufacturing and integrated supply chain -Quality control mechanisms – maximize product quality -Maintenance and support services – keep production lines open -Sales and sales administration – inside sales, online sales, sales support, resellers and distributors, etc. -Finance and accounting – G/L, A/R, A/P, Payroll, Benefits -Research and development activities – product development -Human resources management – employee services -Information technology services & Internet connectivity – supports e-commerce and e-business infrastructure -Premises (Head Office and branches) – headquarters facility and administration office -Marketing and public relations – internet marketing and branding Lab #6 – Business Recovery Strategy Assessment Spreadsheet e-Commerce/e-Business Organization List of Impacted IT Systems, Applications, & Data Business......

Words: 938 - Pages: 4

Lab 2

...Lab #2 – Student Steps: Student steps needed to perform Lab #2 – Align Risk, Threats, & Vulnerabilities to the COBIT Risk Management Controls: 1. Connect your removable hard drive or USB hard drive to a classroom workstation. 2. Boot up your classroom workstation and DHCP for an IP host address. Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -11- Student Lab Manual 3. Login to your classroom workstation and enable Microsoft Word. 4. Conduct a high-level narrative discussion and review of the COBIT v4.1 Framework. 5. Review the COBIT P09 Control Objective definition, scope, and focus areas for assessing and managing IT risk. 6. Relate how the COBIT (P09) Control Objective definition relates to assessing and managing IT risk within each of the seven domains of a typical IT infrastructure: User, Workstation, LAN, LAN-to-WAN, WAN, Remote Access, Systems/Applications Domains 7. Explore the structure and format of how to align risks, threats, and vulnerabilities identified from your IT infrastructure to the COBIT P09 Control Objective definition, scope, and focus areas Information, Applications, Infrastructure, and People. 8. Explore the hierarchy for assessing and managing IT risks: • Step #1: Align the risk, threat or vulnerability assessment to C-I-A primary first and assess • Step #2: Align the risk, threat, or vulnerability remediation to Effectiveness,......

Words: 381 - Pages: 2

Nt2580 Lab 1

...Alison Young NT2580 Lab 1 – Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) 1. Name five applications and tools that launch on TargetWindows01. Windows Application Loaded | Starts as service Y/N | 1. FileZilla Server | Y | 2. Nessus Client | N | 3. Nessus Server Manager | N | 4. Wireshark | N | 5. Tftpd32_SE Admin | N | 2. What was the allocated source IP host address for TargetWindows01 server, TargetUbuntu01 server, and the IP default gateway router? IP for TargetWindows01 is 172.30.0.8, TargetUbuntu01 is _, and the 172.30.0.1 3. Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? Unable to as there isn’t a workstation VM that is required for this action. 4. If you ping the TargetWindows01 server and the UbuntuTarget01 server, which fields in the ICMP echo-request/echo-replies vary? Unable to as there isn’t a workstation VM that is required for this action. 5. What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet of 172.30.0.0/24? Nmap –T4 –A –v 172.30.0.0 6. Name at least five different scans that may be performed from the Zenmap GUI. Document under what circumstances you would choose to run those particular scans. Five other kinds of scans are: ping scan which performs pings on target, quick...

Words: 438 - Pages: 2

Nt2580 Labs

...Lab 3: Enabling Windows Active Directory and User Access Controls Introduction Computer security is accomplished using many different systems, but the fundamental concepts are all rooted in the security triad known as CIA (Confidentiality, Integrity and Availability). Confidentiality is preventing the disclosure of secure information to unauthorized individuals or systems. Integrity is maintaining and assuring the accuracy of data over its life-cycle. For information to be useful it must be available when needed: thus the need for Availability. This means the data may need to be in highly redundant, highly protected storage areas with adapted power and cooling. Microsoft has developed their Active Directory Domain structure so that a central authority, the Domain Controller, is the central repository for all domain security records. It has several layers of authentication and authorization, including standard user/password, and several forms of two factor authentication. Two-factor authentication combines something you know (such as a password) with something you are (for instance, a fingerprint or retina scan) or something you possess (such as a smart card or USB stick). It can also employ a certificate system: either a selfsigned or third-party certificate system that adds a distinct third layer to the authentication process. The domain can be a stand-alone entity, or can join with other domains in a forest with offices in several cities or countries.......

Words: 4785 - Pages: 20

Lab 3 Nt2580

...Lab Assessment Questions & Answers 1. What are the three fundamental elements of an effective security program for information systems? Identification, Authentication, and Authorization 2. Of these three fundamental controls, which two are used by the Domain User Admin to create users and assign rights to resources? Authentication and Access control 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? List Folder Contents – Security Policy based control. 4. What is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access? Group Policy Editor 5. What is two-factor authentication, and why is it an effective access control technique? Knowledge, Ownership and Characteristics 6. Relate how Windows Server 2012 Active Directory and the configuration of access controls achieve CIA for departmental LANs, departmental folders, and data. It creates security principals in the Active Directory domain partition 7. Is it a good practice to include the account or user name in the password? Why or why not? It is not a good idea since it would be too easy for people to attempt hacks or decode the password. 8. Can a user who is defined in Active Directory access a shared drive on a computer if the server with the shared drive is not part of the......

Words: 290 - Pages: 2

Nt2580 Lab 2 Assessment

...Lab #2 - Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. Typically used for initial IP host discovery It is the graphical interface Would be used for scanning and Vulnerability phase of ethical hacking process. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? Zenmap 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even......

Words: 373 - Pages: 2

Lab 2

...Lab #2 – Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. Zenmap is a graphical interface for Nmap, a port scanning tool that can quickly identify hosts and detect what operating system and services are running on them, and all without privileged access. Zenmap, and similar tools, are typically used during the scanning and vulnerability phase of the ethical hacking process. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical......

Words: 431 - Pages: 2

Nt2580 Unit 3 Assignment & Lab

...NT2580 Unit 3 Assignment & Lab Unit 3. Assignment 1 - Remote Access Control Policy Definition There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentication. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must......

Words: 477 - Pages: 2

Nt2580 Lab#1 Assesment

...NT2580 Lab#1 – Assessment Worksheet WITH PICTURES ADDED. 1. Name at least five applications and tools used in the lab. Introduction: Wireshark, NetWitness, OpenVAS, FileZilla, Tftpd64, PuTTY and Zenmap 2. What is promiscuous mode? Promiscuous mode allows applications to listen to all traffic on given subnets and VLAN. 3. How does Wireshark differ from NetWitness Investigator? Wireshark captures live traffic and displays results at packet level. NetWitness Investigator allows an overview of previously captured traffic which can be used to spot anomalies, compliance issues, and Denial of Service attacks. 4. Why is it important to select the student interface in the Wireshark? It is important to enable the student lab environment. Choosing the Public network will prevent Wireshark from seeing traffic that is related to the lab and cause a lot of clutter. 5. What is the command line syntax for running an Intense Scan with Zenmap on a target subnet of 172.30.0.0/24? nmap -T4 -A -v 172.30.0.0/24 6. Name at least five different scans that may be performed with Zenmap. Intense scan, Intense scan plus UDP, Intense scan all TCP ports, Intense scan no ping, Ping scan, Quick Scan, Quick Scan Plus, Quick Traceroute, Regular Scan, Slow comprehensive scan 7. How many different tests (i.e., scripts) did your Intense Scan perform? Ping (or Arp Ping), TCP Port Scan (SYN Stealth), Service Scan, Operating System Detection (OS detection), & Traceroute. 8. Based on your......

Words: 356 - Pages: 2

Nt2580 Lab 2.2

...Router#ping 192.168.1.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.4, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 0/6/24 ms Router#ping 192.168.1.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/2 ms PC>ping 192.168.1.5 Pinging 192.168.1.5 with 32 bytes of data: Reply from 192.168.1.5: bytes=32 time=1ms TTL=128 Reply from 192.168.1.5: bytes=32 time=0ms TTL=128 Reply from 192.168.1.5: bytes=32 time=0ms TTL=128 Reply from 192.168.1.5: bytes=32 time=0ms TTL=128 Ping statistics for 192.168.1.5: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms Packet Tracer PC Command Line 1.0 PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Reply from 192.168.1.4: bytes=32 time=1ms TTL=128 Reply from 192.168.1.4: bytes=32 time=0ms TTL=128 Reply from 192.168.1.4: bytes=32 time=0ms TTL=128 Reply from 192.168.1.4: bytes=32 time=0ms TTL=128 Ping statistics for 192.168.1.4: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms...

Words: 277 - Pages: 2