Cyber Security Question

Plast edited by 1 week, 6 days ago

CET4862
Network Forensics and Incident Response
Assignment 2 – Network Intrusion

Goal:
Thegoal of this assignment is to allow you to practice network forensicson a packet capture. This packet capture is not as straightforward asthat used in the CET4663/CIS4360 course; this is a bit more realistic,although truncated packet capture with a fair amount of traffic. Thereare some fun(ny) things going on with the network as evidenced in thepacket capture. You will use Wireshark to analyze the packet capture.Hint: The use of filters in Wireshark will make your job easier.

Ifyou’ve taken CIS4360 prior to this, and you should have, then you haveseen some of these videos. If you feel you have a good grasp of TCP/IP,signature analysis, and using Wireshark, you could skip the videos;however, a refresher is always good to have.

An ‘attacker’ will typically perform several steps prior to conducting an attack, called the ‘reconnaissance’ phase:

1. Enumeration: What computers are up and running?
2. Footprinting:What services are provided by the computers that are up and running?
3. Fingerprinting: What operating systems are the computers running?

The ‘attack’ phase* can occur in many forms:
1) Unauthorized access (logging into a computer without authorization)
2) Downloading information (unauthorized access to information)
3) Uploading information or files (root kits, logic or time bombs, worms, viruses, etc.)
3) Denial of service attacks
4) etc.

*Not all of the attacks are represented in the packet capture.

Scenario:
Ms.Wilde, pleased with your performance on the malware case, has decidedto give you another incident. The overworked, underpaid, andunderstaffed IT administrator of a small business has contactedPalindrome to analyze some network traffic around the time of anabnormal spike in traffic. Your mission, should you choose to accept it -and Ms. Wilde has decided that you do – is to analyze the providedpacket capture and report on the activity found therein which may.

Toaid in your goals, the administrator has provided a few details aboutthe network from which the capture originated. There are four computerson the network. The IT administrator admin box is an Ubuntu server.There are also DHCP and web servers and the Admin is the only individualwithin the company with authorization for access to those servers.There are two other employees, Bob Smith, a new hire and recent collegegraduate, who uses a workstation with network access running Windows XP,and Sarah, a developer who uses a workstation with a standardinstallation of Ubuntu also with network access. Both Bob and Sarah areauthorized to have access to their own workstation and no others.

Deliverables:

A professional-quality report in two sections.

First,a management summary, written with no technical language, whichprovides a summary of what was found. The summary should be roughly aparagraph in length. This will require some thinking on your part todigest all that you’ve seen and turn that into something a manager canread quickly, but also come away with, and comprehend, the relevantinformation you gathered.

The second part will be the technicalsection where you will answer the following questions. Include thequestion and the answer.

1. What is the network address and subnet mask?

2. For each computer:
a. What is the IP of the computer?
b. What OS is it running?
c. What is the MAC address?

3.What computer (refer by OS name and last octet of the IP address, e.g.,Win7.128) is serving as a DHCP server? How do you know?
a. What other services is the DHCP server running? How do you know?

4. What computer (refer by OS name and last octet of the IP address) is running a web server?
a. Which computer(s) accessed this web server?
b. How do you know a web page was accessed? What was the file name of the web page accessed?
c. What web browser was the user running?
d. At what time did the access occur?
e. What web server application was running? (include version number)

5. What computer (refer by OS name and last octet of the IP address) is running the telnet service?
a. Which computer(s) accessed the telnet server?
b. At what time(s)/date did this access occur?

6. What usernames/passwords were used to access the telnet server?
a. What did the attacker do, if anything, from the telnet server? Explain why the attacker might have done this.

7.What is a buffer overflow? What is an SQL Injection? Identify thepacket series that contains what appears to be a buffer overflowfollowed by an SQL Injection. Describe how the attacker attempts toeffect the buffer overflow. You may need additional material from theWeb. Use your own words; do not copy and paste an answer.

8. What is a port scan?
a. How many port scans were run?
b. What computer initiated the port scan(s)? What were the target computers?
c. What type of port scan(s) did the attacker use (refer to the man page for nmap)?

9. What did the ‘attacker’ do once on the FTP server?

a. How many commands were run on the ftp server?
b. What username/password was used to access the FTP server?

c. From what computer was the FTP server accessed?
d. Date and time?
e. What file was downloaded from the ftp server?
f. To which computer was this file downloaded?

10.What is the IP address of the attacker? In your opinion, howtechnically sophisticated is the attacker? Provide evidence to supportyour claims.

Writing a non technical summary

Your nontechnical summary should use NO technical terms. Is this difficult whendescribing a technical event? YES! That doesn’t mean it can’t be done.Here is an excerpt from the about the Heartbleed SSL issue. Note that they do a terrific job of explaining the technical issue with NO technical terms!

Q: What is SSL?.

A:It stands for Secure Socket Layer. It is the technology forestablishing an encrypted link between a Web server and a browser. Thislink ensures that all data passed between the Web server and browsersremain private. Open SSL simply means that the code is freelyavailable.

Its the s in https that is supposed to stand forsecure. Unlike Web sites that begin with http, https sites have alock in browser address bars.

That lock is supposed to signalthat third parties wont be able to read any information you send orreceive. Under the hood, SSL accomplishes that by transforming your datainto a coded message that only the recipient knows how to decipher, Voxs Timothy Lee. If a malicious party is listening to theconversation, it will only see a seemingly random string of characters,not the contents of your emails, Facebook posts, credit card numbers, orother private information.

Have fun!

In this link, you can access the required documents

QUALITY: 100% ORIGINAL PAPER NO ChatGPT.NO PLAGIARISMCUSTOM PAPER

Best Custom Essay Writing Services

Looking for unparalleled custom paper writing services? Our team of experienced professionals at AcademicWritersBay.com is here to provide you with top-notch assistance that caters to your unique needs.

We understand the importance of producing original, high-quality papers that reflect your personal voice and meet the rigorous standards of academia. That’s why we assure you that our work is completely plagiarism-free—we craft bespoke solutions tailored exclusively for you.

Why Choose AcademicWritersBay.com?

  • Our papers are 100% original, custom-written from scratch.
  • We’re here to support you around the clock, any day of the year.
  • You’ll find our prices competitive and reasonable.
  • We handle papers across all subjects, regardless of urgency or difficulty.
  • Need a paper urgently? We can deliver within 6 hours!
  • Relax with our on-time delivery commitment.
  • We offer money-back and privacy guarantees to ensure your satisfaction and confidentiality.
  • Benefit from unlimited amendments upon request to get the paper you envisioned.
  • We pledge our dedication to meeting your expectations and achieving the grade you deserve.

Our Process: Getting started with us is as simple as can be. Here’s how to do it:

  • Click on the “Place Your Order” tab at the top or the “Order Now” button at the bottom. You’ll be directed to our order form.
  • Provide the specifics of your paper in the “PAPER DETAILS” section.
  • Select your academic level, the deadline, and the required number of pages.
  • Click on “CREATE ACCOUNT & SIGN IN” to provide your registration details, then “PROCEED TO CHECKOUT.”
  • Follow the simple payment instructions and soon, our writers will be hard at work on your paper.

AcademicWritersBay.com is dedicated to expediting the writing process without compromising on quality. Our roster of writers boasts individuals with advanced degrees—Masters and PhDs—in a myriad of disciplines, ensuring that no matter the complexity or field of your assignment, we have the expertise to tackle it with finesse. Our quick turnover doesn’t mean rushed work; it means efficiency and priority handling, ensuring your deadlines are met with the excellence your academics demand.

ORDER NOW and experience the difference with AcademicWritersBay.com, where excellence meets timely delivery.

NO PLAGIARISM
error: Content is protected !!