Network Scanning - Class Exercise

docx

School

Seneca College *

*We aren’t endorsed by this school

Course

220

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

8

Uploaded by MinisterAlpacaMaster987

Report
SEC220 Week 6 – Tuesday, October 10, 2023 Network Scanning - Class Exercise Each group should answer the question(s) assigned to the group below – the question number is the same as the group number. Your answers should be in your own words and not just copy/paste from the slides Please be prepared to share your answers with the class
Group 1 1. What is scanning? 2. Distinguish between network/host scanning and port scanning a.In your response, you should indicate when you would do each, and why Scanning refers to the process of examining or surveying an area, object or system to gather information or identify specific elements of interest. Scanning often involves probing a network, system or document to collect data. Hackers however scan in order to find loop holes or vulnerabilities in system. Network Scans: A network scan is the most basic scan in its aims. Essentially a network scan is used to determine where live systems are on the network and how many of them there is. Network scanning provides a basic logical layout of a network, so a hacker has a basic roadmap of their target. When to Use: This is typically performed during the initial phase of security assessment or network mapping. It helps you understand the structure of the network and identify all devices connected to it. Why: To understand the topology of your network,ensuring that all authorized devices are accounted for within the network. Port Scans : Port scans go a bit deeper than network scans, and provide not only a map of the target but also a list of open ports and services running on a host.
When to Use: It is performed to identify which services are running on a host and to check for any unauthorized or unexpected services. Why: Is crucial for security assessments. By identifying open ports, administrators can assess whether these services are necessary and secure or if they pose potential security risks. 1. Group 2
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Group 2 1. What do you understand the Reconnaissance phase in hacking to mean? a. Distinguish between passive reconnaissance and active reconnaissance. Give examples of when you would use each and why 2. Briefly explain the following phases in hacking: a. Gaining Access b. Maintaining Access Clearing Tracks Reconnaissance Phase: This is like gathering information before planning a trip. Hackers learn about their target (like a website) to find weaknesses. Planning is particularly important to perform any attack otherwise hackers will be in a great problem. There are two types: Passive Reconnaissance: It refers to gathering info without directly interacting, like searching online. I would use this for hacking someone’s social media account or for getting personal details using social engineering as a part of a big attack, like hacking someone’s bank account, and for that finding personal information of the bank account holder, including full name, location. Active Reconnaissance: It refers to interacting with the target, like scanning a website to find vulnerabilities. I would use this for hacking a large website like amazon or Ebay for doing carding.
Gaining Access: Hackers use the information gathered during reconnaissance to attempt to break into the target, much like trying to unlock a closed door. Maintaining Access: Once inside, they want to stay without getting caught. They create hidden ways to keep control. Clearing Tracks: When done or if they fear getting caught, they erase evidence of their presence, like cleaning up after a party.
Group 3 1. If you were a network administrator, how can you legitimately use network and port scanning to the organization’s advantage? 2. How can network and port scanning be beneficial to a cyber-criminal? 3. Explain the various countermeasures that can be used to mitigate against port scanning Answers 1. Network administrators can legitimately use network scanning to find and fix vulnerabilities found on their networks. Network scanning involves identifying a list of active hosts and resolving these hosts to IP addresses. The network administrators can use port scanning to protect their system and spot the weaknesses that hackers would find 2. When a cybercriminal uses network and port scanning, they illegitimately use it to exploit the vulnerabilities in the network which they would later exploit. When hackers send a message to a port, the response they receive determines whether the port is being used and if there are any potential weaknesses that could be exploited. 3. Proper design & firewall setting: plan security measures such as IDSs and firewalls. A firewall can prevent unauthorized access to a business’s private network. It controls ports and their visibility, as well as detecting when a port scan is in progress before shutting it down.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Deny all: check the traffic to all ports and block them otherwise necessary Port scanning: network admin performing a scan, utilizing the same tools before the attackers do Take security awareness training: as the name suggests, this involves getting trained on security protocols and being aware of the different ways in which a security breach could occur on the system and on the network `
Group 4 1. Use diagrams to establish the difference between a TCP connect scan and a half-open (TCP SYN) scan. In your response, it should be clear what each type of scan is how they are different 2. Explain what happen in the following types of port scans: a. TCP Null b. TCP Fin c. Xmas Tree Answers: 1. In a typical TCP setup, communication starts once a virtual connection has been made between them. client and server. In order to establish a connection, the client sends the server SYN requests, and the server answers by sending SYN/ACK. TCP scans establish the full connection to destination while the TCP SYN do only the half connection to see which port is open. If the response is syn/ack means the port is open, if the response is RST/ACK the port is closed. 1 tree Xmas tree scan is a set of flags that are turned on within a packet. Which can be used to manipulate the PSH, URG and FIN flags of the TCp header. Whereby identifying listening ports, also determine if ports are closed on the target machine.

Related Documents

Power BI Project.docx
EBP .pdf
W2- Counterterrorism Discussion.docx
Week 7 Critical Thinking Case Project Yvonne Burton.docx
Week 4 Critical Thinking Case Project Yvonne Burton.docx
SITHCCC026_6328.docx
F23SEC220L0-VirtualMachineSetupInstructions_233.docx
F23SEC220L4-PhishingInstructions_233.docx
F23SEC220L2-Part1SymmetricEncryptionInstructions_233.docx
GA.docx
BSBSUS401 assessment 1.pdf
Lab 02 - Determining Network Cabling Requirements .rtf