CTI2318-2102-Lab3-Jenifer Rodriguez

pdf

School

Full Sail University *

*We aren’t endorsed by this school

Course

CTI2318

Subject

Information Systems

Date

Feb 20, 2024

Type

pdf

Pages

5

Uploaded by ProfessorSeal7008

Report
Lab Assignment 3 – Vulnerabilities and Malware When managing systems, you will need to understand how to address vulnerabilities and malware. In a previous lab we discussed patching and hardening systems. In this lab you will learn how to discover open ports and vulnerabilities in the same way an attacker would. You will also be introduced to endpoint protection and how it works to defend against malware and other attacks on the endpoint. Objective: The student will be introduced to port scanning, vulnerability scanning, and endpoint protection. By the end of this lab, the student should have a rudimentary understanding of how these technologies work and are deployed in enterprise. Task 1: Introduction to port scanning Port scanning is a popular method used by attackers to determine what ports, also known as services, are running on an operating system. This information is often used as part of a reconnaissance effort that helps attackers determine the best way to compromise a system. This task will introduce you to port scanning, and how it works. Read this article - https://www.howtogeek.com/369506/htg-explains-what-is-port-scanning/ Review this list of common ports - https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers Download the Nmap Output examples from FSO for Windows and Linux 1. What is a port scan? Port scanning is used by hackers to discover open ports on a computer or network, allowing them to identify potential vulnerabilities for unauthorized access. Port scanning techniques include TCP, UDP, and ICMP scans, with tools like Nmap being commonly used by both security and malicious actors. By systematically probing a range of ports, attackers can gather information on potential entry points for cyber-attacks. Ports are communication endpoints that allow different applications to transmit data over a network. 2. What is the difference between a TCP full connection port scan and TCP half-open scan? A TCP full open scan begins with establishing a three-way handshake before conducting any port scans on the target system. This type of scan enables rapid identification of whether a port is open or closed since the three-way handshake has already been performed with the target. If the port is open, the target sends an ACK packet in response. If the port is closed and a RST packet is sent, the TCP half-open scan occurs when the scanner sends a SYN and waits for a SYN-ACK or RST response. The scanner then sends a final ACK message, but does not wait for a SYN- ACK, as the RST or lack of response indicates that the connection cannot be completed. A half-open scan requires less time, as fewer packets must be transmitted.
3. Using the common ports list from Wikipedia for reference, name three ports, that if found open, could be useful to an attacker to gain access to the system? Why? If a hacker were to gain access to these ports, they would have the ability to access the system's files through the File Transfer Protocol (FTP) ports 20 and 21.2 SSH port 22 It is a secure login, file transfer and port forwarding port. If an attacker finds it open, they can bypass security restrictions and gain access.3 Encyclopedia page 42. A hacker could exploit this weakness by launching a DDOS attack which could potentially make the server shut down. 4. What is nmap? Nmap is a free, open-source network discovery and security auditing tool. It uses raw IP packets to identify available hosts, services, operating systems, firewall types, and other characteristics. Nmap was designed for scanning large networks but is also effective for single host auditing. 5. Using the Nmap Outputs provided in FSO, list the ports found open for the Windows and Linux operating systems that were scanned with Nmap. The ports found open on the Windows operating system were port 139, port 135, port 445, port 49669, port49667, port 7680, port 49664, port 49719, port 49666, port 49668, port 49665, and port 5040 and the port found open on the Linux operating system was port 22. Deliverable: Submit your answers to the above questions as part of your lab write-up. Task 2: Introduction to vulnerability scanning The ability for an enterprise to be able to detect and mitigate vulnerabilities in its environment is foundational to any information security program. This task will introduce you to vulnerability scanning, and how it works. Read this article - https://www.anetworks.com/what-is-vulnerability-scanning-and-how-does-it- work/ Download the Nessus vulnerability scan report from FSO. 1. What is a vulnerability scan? A vulnerability scan is a vital security measure for discovering weaknesses in systems or networks, enabling organizations to address potential points of exploitation before attackers can use them for malicious purposes. These scans are automated processes that assist organizations in staying ahead of potential security breaches and cyber threats. This vulnerability scan identifies weaknesses such as outdated software, configurations or passwords and enables companies to enhance their security.
Moreover, it is instrumental in meeting the compliance demands of industries, such as finance, healthcare, and government, which prioritize data security. 2. What is the difference between an authenticated and unauthenticated scan? Authenticated scan provides direct access to network-based assets and the complete inventory of an organization's systems by using remote administrative protocols like secure shell and remote desktop protocol with administrative credentials. This type of scan is performed externally without physical access to the network. The AI can only view publicly visible information and cannot provide details about the operating system and installed software. 3. What are the three steps of the vulnerability scanning process as referenced in the article? 1. Identify vulnerabilities- the scan compiles an overview of a company’s risk based on the inspection of digital assets. 2. Evaluate and prioritize vulnerabilities- the evaluation stage is a critical part of vulnerability management. After the scan produces, the often, very long and overwhelming, list of vulnerabilities are put into categories ranging from critical down to low risk, this helps an organization decide which vulnerabilities pose the biggest risk to the organization if exploited, which one’s hackers could realistically take advantage of, and are there existing security measures in place that reduce the risk of critical vulnerabilities. 3. Resolve Vulnerabilities. After determining the most critical risks, new security controls should be created for each vulnerability, and if certain ones cannot be patched or resolved, then they should be recorded, and an incident response plan should be developed that way the organization would know how to mitigate the damage if its exploited. 4. Nessus, an enterprise vulnerability scanning product, enables enterprises to scan a variety of systems for vulnerabilities. Using the Nessus vulnerability scanning report from FSO, what is the IP address that has the most vulnerabilities? There are the most vulnerabilities on IP Address 192.168.158.131 with a Vulnerability count of 8 - Critical Risk, 4 - High risk. Crystal Thibodeaux28 Lab 318 - Medium, 778 - others needing review. 5. Based on the vulnerabilities listed for the IP address from question #4, what operating system do you think was being scanned? it is crucial to analyze the characteristics and weaknesses to determine the operating system that was targeted during the scanning process. Analyzing the vulnerabilities can offer insights into the targeted operating system. example, if there are specific exploits with Windows systems, it is that a Windows OS was the focus of the scan. Similarly, vulnerabilities known to affect Linux distributions would suggest that a Linux-based operating system was the intended target. By cross-referencing the vulnerabilities with the common weaknesses of different operating systems, one can make an educated guess regarding the system under investigation. Additionally, identifying the methods used in the scanning process can provide further clues. For instance, certain tools and techniques are more commonly utilized for operating systems, aiding in narrowing down the possibilities. Through a systematic approach of matching vulnerabilities and scanning methods, one can deduce with reasonable certainty the operating system that was being
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
scanned. Understanding the vulnerabilities associated with an IP address can provide valuable insights the targeted operating system during a scanning process. By carefully these weaknesses and considering common exploit methods, one can make informed assumptions about the identified system. Deliverable: Submit your answers to the above questions as part of your lab write-up. Task 3: Introduction to endpoint protection (classically known as Anti-Virus) Over the last decade, there has been a drastic amount of change to how we defend endpoints from malware. In pursuit of this endpoint protection technologies have evolved in a variety of areas. In this task, you will read an article defining the characteristics of legacy anti-virus software, and modern “Next-Generation” endpoint protection and answer a few questions. Read this article - https://www.crowdstrike.com/cybersecurity-101/endpoint- security/next-generation-antivirus-ngav/ 6. What are the fundamental differences between legacy anti-virus software and modern “next generation” endpoint protection? Next generation endpoint protection can identify modern threats such as ransomware and fileless attacks, which legacy antivirus often misses due to being signature-based or not designed to identify file-less attacks. 7. Do you believe that modern endpoint protection would be more effective against today’s threats? Why or why not? A conventional antivirus solution can only identify known malware. It will not be able to protect against unknown threats or attacks that do not use malware, making it less effective in today's threat landscape. Modern end point protection appears to be more effective. 8. Do some research and list a few “next generation” endpoint protection vendors that are in the market today? -Microsoft Defender for Endpoint. -Threat Down -FortiClient. -Sophos Intercept X: Next-Gen Endpoint. -Webroot. -CrowdStrike Falcon Endpoint Protection Platform. -Threat Locker. -Kaspersky Endpoint Security for Business. Deliverable: Submit your answers to the above questions as part of your lab write-up. Deliverable:
1. Gather the deliverables listed for each task in Word and save them as a docx. 2. Name the docx CTI2318-2102-Lab3-Firstname-lastname.docx where first name is your first name and last name is your last name Grading Rubric: ü Task 1 – 40 points o Answered all the questions correctly. ü Task 2 – 40 points o Answered all the questions correctly. ü Task 3 – 20 points o Answered all the questions correctly.

Related Documents

ExploratoryTestingPracticeQuizVersion2.pdf
FuzzTestingPracticeQuiz.pdf
Implementing BYOD Security in a Healthcare Enterprise Network.docx
RBrown_Module 03 Assignment - Security Threats and Countermeasures_021824.pdf
1.4 Capstone Case Project- Getting Started.docx
ProjectReportWordDoc-2.docx
CTI2318-2022-Lab1-Jenifer-Rodriguez.docx
DAT 260 Project .docx
Charlette_Tallant_Unit_2_Case Study 1 .docx
Case Study 1 Facebook Building Efficient.docx
Charlette_Tallant_Unit5_Module_6_Business-Driven_Decision-Making_Exercises.docx
2.3Learning Platform _ CompTIA.pdf