Hands-On Cybersecurity Skills: Cyber Range Lab Report

IST 894 Capstone Experience Cyber Range Lab Assignment Report 10 Page 1 of 12

Table of Contents 1.0 Introduction ........................................................................................................................................ 3 2.0 General Context .................................................................................................................................. 3 3.0 Technical Context ............................................................................................................................... 4 4.0 Solution .............................................................................................................................................. 5 5.0 Activity Log ....................................................................................................................................... 12 6.0 References ........................................................................................................................................ 12 Page 2 of 12

1.0 Introduction In this lab, we will utilize the “Cyber Basics (2020.12)” environment within the U.S. Cyber Range. This lab exercise will provide hands on experience with reconnaissance, network scanning, and service enumeration. 2.0 General Context In this lab exercise, I utilized the U.S. Cyber Range, which provides an environment for educators, industry, and others to allow for hands-on cybersecurity training and education to increase the number of skilled cybersecurity experts across all sectors ( U.S. Cyber Range , 2020). Inside the lab environment, I used a VM running Kali Linux and was first tasked to perform a WHOIS lookup. WHOIS is not an acronym, even though it may appear as one. It simply means WHO IS responsible for a domain name or IP address ( ICANN , 2020). WHOIS is a series of independent entities known as registrars or registries. For a domain or IP addresses to become a registry or registrar, you must first earn ICANN accreditation. Each domain name that is registered must contain a name, address, email, phone number, and administrative and technical contacts. That information is often referred to as WHOIS data, so when you perform a WHOIS lookup on a domain or IP address, you will obtain that information. Essentially in the lab, we simply performed a few WHOIS lookups on the domain zero.com and made note of information such as registration names, addresses, email, etc. You can also perform a reverse WHOIS lookup where you search the database by a registrant’s name or email, which would allow you to view all the domains and IP addresses associated with that individual. The next portion of the lab has us perform a nslookup and dig. Nslookup, which stands for name server look up is used to find the IP address that corresponds to a host, or domain name ( IONOS , 2019). Nslookup can be used on Linux and Windows-based operating systems. In the lab, I performed an nslookup on psu.edu, which in turn displays the public IP addresses that are associated with the domain psu.edu. Dig is a Linux and Unix tool for DNS database queries that is more powerful than nslookup. Functionality-wise, they are similar, however, dig provides additional information that is not found in Page 3 of 12

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

nslookup. Lastly, we used a tool called Nmap to perform a host discovery on various other IP addresses on our network. Nmap is a tool used for network exploration and port scanning. Nmap is mostly used to determine what ports are open for a given host. 3.0 Technical Context For this lab, I utilized the U.S. Cyber Range to get hands-on training, which provides an environment for educators, industry, and others to allow for hands-on cybersecurity training and education to increase the number of skilled cybersecurity experts across all sectors ( U.S. Cyber Range , 2020). Inside the lab environment, I used a virtual machine running Kali Linux and was first tasked with performing a WHOIS lookup. Many people assume WHOIS is an acronym based on the sheer number of acronyms associated with the IT field. WHOIS means WHO IS the ultimate responsible party for a domain name or IP address. Before your domain or IP will appear in WHOIS, the responsible party must first register with ICANN and earn their accreditation. WHOIS utilizes a public database (well, series of databases) that houses all of the information that is used when registering a domain name. For the lab, I performed a WHOIS lookup on the domain zero.com, which provided who the domain was registered to. Next, I did a reverse WHOIS lookup, which uses an individual’s name, in this lab I used Kevin O’Leary to search for all of the domains registered to him. I performed this search on http://viewdns.info , which provides a nice GUI outside of the traditional CLI. Next, the lab had me perform a nslookup, which translates host names to IP addresses (think DNS). Using CLI, I did a nslookup on psu.edu, which provides all the public IP addresses that are associated with Penn State. Following the nslookup, I used dig, which is like nslookup but more extensive, providing additional information that nslookup does not provide. Dig is only available on Linux and Unix systems. Dig also allows you to perform reverse lookups amongst many other options, which is what makes it more extensive than nslookup. By running man nslookup , it will provide all of the available options associated with dig. Lastly in the lab, we performed network scanning using Nmap. Before using Nmap, I had to run ifconfig to get my IP address, which allowed me to run Nmap Page 4 of 12

<IP address>. Nmap is a useful tool because it shows whether the host is up or down and all of the associated ports on the host. This can be especially helpful from a security perspective that if you have an Exchange server, you may only require port SMTP (port 25) to be open but notice many other ports that are open. This presents a security vulnerability and is recommended to go back and disable services and close ports that are not needed. Nmap allows you to scan an individual host or you can run Nmap - sn, <x.x.x.x>-<x.x.x.x> which will scan an entire range or can run Nmap <x.x.x.x>/subnet, if you wanted to scan an entire subnet. This is a good tool to keep in use during audits to make sure you are only running the services that are needed for business operations. 4.0 Solution Task 1: WHOIS lookups In this portion of the lab, I used the native web browser inside the VM and navigated to https://whois.icann.org/ . ICANN registration data gives you the ability to look up the current registration data for domain names and internet number resources. The tool uses Registration Data Access Protocol (RDAP), which is a replacement of the WHOIS protocol ( ICANN , 2020). Zero.com is registered to Google LLC as noted in the ‘Registrant:’ field. Page 5 of 12

In the next section, I wanted to determine if there were any domains that were registered to Kevin O’Leary. To do this, I navigated to http://viewdns.info and performed a registrant search on Kevin O’Leary, which returned the following info. Some domains offer domain privacy, which is a service that keeps your contact information anonymous by replacing real contact information with that of the privacy service and randomly generated email addresses. Anyone who owns a website, whether its personal or professional is required by ICANN to provide full, accurate contact information for their domain. By default, this information is required to be made public. Therefore, anyone who uses a tool such as WHOIS can retrieve that personal information. Domain privacy prevents unsolicited marketing and sales contacts, spam and helps prevent your domain from getting hijacked ( namecheap , 2019). Task 2: NSLOOKUP and DIG The first portion of this task was to open a Terminal window and run the command man nslookup , which provides additional information about nslookup. Page 6 of 12

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

The default ‘type=’ option in nslookup is A and then AAAA; or abbreviated as q, ty. In the next step, I performed a nslookup on Penn State. The command I used for this was nslookup psu.edu There were three IP addresses listed, which were 128.118.142.105, 128.118.142.114, and 146.186.16.57. There were more than 1 address listed because the PSU likely uses clustered servers and DNS load balancing to direct requests to the clustered server with the least load. Page 7 of 12

Next, I used Terminal to examine the dig command, which is a DNS lookup utility. First, I used the command man dig to learn more about dig. There are lots of options within dig. When I type in the command dig -h , which provides additional information about the command and how it can be ran, I get the following output. Page 8 of 12

By typing the command dig psu.edu , I get the following output. This command provides similar information as nslookup, however dig provides a much more in-depth analysis, see below. Page 9 of 12

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

I ran the command dig 8.8.8.8 which performs a reverse lookup of the IP address. 8.8.8.8 is the DNS address for Google. Task 3: Network scanning using NMAP In the first portion of task 3, I opened a new Terminal window and ran the command ifconfig , which provides IP configuration information of the virtual workstation. The IP address of my virtual machine is 10.1.89.119. My subnet mask is 255.255.240.0. The subnet 255.255.240.0 can also be expressed as a /20, which indicates that I have 4,096 available addresses. Once I have my IP address, I can perform an NMAP scan on my workstation. This is a tool that is used for network exploration and port scanning. By running the command Nmap 10.1.89.119 , I can determine which ports are open on my workstation, which is port 22 and port 3389. Port 22 is used for SSH and port 3389 is used for Remote Desktop. Page 10 of 12

I ran a full Nmap scan off the entire subnet using the command Nmap -sn 10.1.89.0/20 which returned the following. This indicates there are 4 available hosts. The IP addresses that were discovered are 10.1.80.230, 10.1.81.185, 10.1.89.119, and 10.1.94.76. I then took it a step further and performed individual Nmap scans on each host. This will provide the open ports for the individual host. First, I performed a scan on 10.1.80.230. This host had port 21 open for FTP and is likely used for transferring files between different computers via Internet connection. Then, I scanned 10.1.81.185, which had port 22, 80, 139, and 445 open. Port 22 is used for SSH, port 80 is used for HTTP, port 139 is used for NetBIOS sessions, and 445 which is used for direct TCP/IP MS Networking access. I searched 10.1.89.119 next. This host was running port 22 (SSH) and 3389 (RDP). Page 11 of 12

And last, I searched 10.1.94.76. This host was running port 80, which is used for HTTP. A couple of these hosts could be used for running web server software. Traditionally, web servers are running on port 80 (HTTP) or 443 (HTTPS). 10.1.81.185 was running port 80, as was 10.1.94.76. 5.0 Activity Log 5.1 - Member Log Member Name Task Date Task Details Eric Braxton 11/9/2021 Completed all lab steps and lab report. 6.0 References https://lookup.icann.org/ https://www.namecheap.com/security/what-is-domain-privacy-definition/ https://www.ionos.com/digitalguide/server/tools/nslookup/ U.S. Cyber Range (2020). About the U.S. Cyber Range. Retrieved on 14 October 2021 from https://www.uscyberrange.org/about Page 12 of 12

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Cyber Range Lab Assignment Report 10

Related Documents