IT395_ERIC_CLARKSON_UNIT_5_ASSIGNMENT
docx
keyboard_arrow_up
School
Purdue Global University *
*We aren’t endorsed by this school
Course
395
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
10
Uploaded by BarristerRiverRook47
1
Unit 5 Assignment
IT395 Certified Ethical Hacking II
Eric Clarkson
Purdue Global University
Professor Donald McCracken
September 26, 2023
2
Instructions
Part 1: Firewall Rules and Advanced Persistent Threats
From your desktop, open the firewall settings. You can search “firewall” from the search dialog box.
Select “Advanced Settings” from the bottom of the left side of the window.
Select “Inbound Rules,” then “New Rule” at the top of the right column.
Select “Custom” at the bottom and select “Next.”
Leave the radio button on “All Programs” and select “Next.”
From the “Protocol type” select ICMPv4. At the bottom select “Customize.”
Select “Specific ICMP types” and “Echo Request.”
Select “OK.” Select “Next.”
Leave the radio buttons on “Any IP address” for local and remote and select “Next.”
Select “Allow the Connection” and select “Next.” Leave “Domain,” “Private,” and “Public” checked.
Select “Next.”
Title this rule “Allow Ping” and select Finish.
Locate the rule you just made and take a screen shot and post it in your assignment document.
You should be able to right click it and enable it and allow pings and block pings.
3
Take a screenshot of ping being allowed and ping being blocked. The screenshots can be viewed below.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
Explain how black hat hackers can make money by deploying malware and controlling botnets. In addition to the book, use appropriate Internet resources. 200 words minimum.
Black hat hackers have been known to generate revenue in a variety of ways by deploying malware and controlling botnets. The employment of ransomware assaults is one of the most popular ways. The hacker infects a victim's computer with malware that encrypts their files and then demands a ransom payment in exchange for the decryption key. The hacker might then collect the ransom and return the files to the victim.
Another tactic used by black hat hackers is to perform Distributed Denial of Service (DDoS) attacks against websites or networks using botnets. These attacks are designed to cause havoc and devastation (Singh, 2023). DDoS assaults entail flooding the target with a massive volume of traffic, causing the target's servers to go offline. In such cases, the hacker may demand
a ransom payment from the target in exchange for the attack being stopped and service restored.
In addition to these approaches, black hat hackers can generate revenue through click fraud by using botnets. This entails infecting a large number of computers with malware and remotely commanding them to click on web advertisements without the user's knowledge. Botnets have been around for over a decade and have evolved into one of the most common
5
methods for attackers to hijack devices and generate quick money. The security industry believes
that botnets have cost victims more than $110 billion in losses over time (Zetter, 2015).
Individuals and organizations must make proactive efforts to protect themselves from these types of attacks and report any suspicious activity to authorities. Failure to do so could result in substantial financial losses or other negative consequences for the victim. As a result, being aware and taking proper action when necessary, can help prevent and mitigate these types of assaults.
How do security controls like Microsoft’s firewall assist in controlling the spread of malware? What are some additional features of Internet Connection Firewall that can be used in an organization with Active Directory? 200 words minimum.
Implementing security measures, such as Microsoft's firewall, is critical in regulating malware spread and protecting an organization's network. A firewall protects users by monitoring and filtering incoming and outgoing traffic according to predefined rules. It can determine source and destination addresses by inspecting network packets, allowing it to block or allow traffic accordingly.
6
The Internet Connection Firewall (ICF) is a feature of Microsoft's firewall that is especially useful in an Active Directory context. Administrators can set up ICF rules to restrict unauthorized access and filter traffic based on protocols, port numbers, and IP addresses. Furthermore, ICF enables for the creation of exceptions for specific programs or services that must communicate via the firewall.
In an Active Directory environment, ICF can be configured to allow only traffic from trustworthy sources by implementing rules that allow communication only from specific IP addresses or subnets. It can also be configured to restrict users from changing firewall settings, ensuring the network's security.
One of the major benefits of implementing Microsoft's firewall is the ability to administer
it via Group Policy, which is built into Windows. This feature makes it easier to deploy and manage the firewall across the enterprise. Furthermore, it enables the enforcement of standard security regulations, ensuring that all network devices are protected.
In conclusion, the use of security measures, such as Microsoft's firewall, is critical in regulating malware spread and protecting an organization's network. Administrators can use features like ICF to create rules that restrict unauthorized access and filter traffic based on certain
criteria. Organizations can ensure that their network is secure and protected from external threats
by implementing Microsoft's firewall.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
Explain how you would determine if your computer was the victim of an advanced persistent threat. Be sure to explain any command line switches or tools that you would use. 300 words minimum.
Advanced Persistent Threats (APTs) have taken on a life of their own these days. The phrase APT, which refers to recurrent and unauthorized access to business networks, has dominated headlines and kept many security operators awake at night.
Today's definition of APT is frequently incorrect, frequently referring to commonly available malware such as worms or Trojans that exhibit sophisticated techniques or advanced programmatic capabilities that allow an attacker to bypass antivirus or other security programs and remain persistent over time. An APT is just another term for a hacker who uses advanced tools to breach a system but with one added feature: a higher aim (McClure et al., 2012).
These attacks are distinguished by a sustained and targeted effort to enter a system or network to elude detection and be persistent over an extended period, typically with the intent of stealing sensitive data.
The first step in determining whether your computer has been infiltrated by an APT is to run a comprehensive system scan with a reliable anti-virus tool. This will help detect harmful
8
files or actions on your machine. It is crucial to remember, however, that traditional anti-virus software may be incapable of detecting all sorts of APTs, as they are particularly designed to avoid detection.
A network traffic analysis tool, such as Wireshark, is another useful tool for detecting APTs. You can use this software to capture and analyze network traffic, which can help you discover any unusual activities. Examine the traffic for strange patterns, such as significant volumes of data being transmitted to an unfamiliar or questionable IP address.
You can also use command line tools to look for signs of APT activity. For example, the "netstat" command can be used to search your system for open ports, which can signal that your computer has been compromised. You may also use the "tasklist" command to search your system for any suspicious processes.
To summarize, detecting an APT can be a complex and difficult task, but by combining anti-virus software, network traffic analysis, and command-line tools, you can boost your chances of detecting any unusual behavior on your machine. It is critical to remain watchful and alert to any strange behavior on your system, such as pop-up messages or alerts from unexpected
sources, and to be wary of emails or links from unknown sources.
9
References
Allen, R. (2022, September 7).
11 Windows firewall best practices
. Active Directory Pro.
https://activedirectorypro.com/windows-firewall-best-practices/
Christensson, P. (n.d.).
Icf
. TechTerms.com - The Computer Dictionary.
https://techterms.com/definition/icf
Grimes, R. (2019, February 7).
5 signs you’ve been hit with an APT
. CSO Online.
https://www.csoonline.com/article/548564/5-signs-youve-been-hit-with-an-
apt.html
Ltd., S. (2023, February 10).
Active directory server
. Sophos.
https://doc.sophos.com/nsg/sophos-firewall/18.5/help/en-us/webhelp/
onlinehelp/AdministratorHelp/Authentication/Servers/AD/index.html
McClure, S., Scambray, J., & Kurtz, G. (2012).
Hacking Exposed 7 Network Security Secrets & Solutions
. https://purdueuniversityglobal.vitalsource.com/books/1260012182.
Singh, A. (2023, July 20).
Cybercrime Exposed: Uncovering the Tactics of Black Hat Hackers
. Shiksha.
https://www.shiksha.com/online-courses/articles/black-hat-hacker-and-what-
can-he-do/
Stevanovic, I. (2023, May 6).
What is Windows firewall and how do you turn it off?
DataProt | Cybersecurity Product Reviews, Tips & Latest News.
https://dataprot.net/articles/windows-firewall/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10
What is a Black-hat hacker?
(2022, February 9). www.kaspersky.com.
https://www.kaspersky.com/resource-center/threats/black-hat-
hacker
Zetter, K. (2015, December 15).
Hacker lexicon: Botnets, the zombie computer armies that earn hackers millions
. WIRED.
https://www.wired.com/2015/12/hacker-lexicon-botnets-the-
zombie-computer-armies-that-earn-hackers-millions/