Ethical Hacking and Network Defense Unit 2 Assignment

In: Computers and Technology

Submitted By Coolone3000
Words 1705
Pages 7
Ethical Hacking and Network Defense Unit 1 Assignment
Kaplan University

Table of Contents

Scope

Goals and Objectives

Tasks

Reporting

Schedule

Unanswered Questions

Authorization Letter

Scope

Production e-commerce Web application server and Cisco network described in Figure 1.1. Located on ASA_Instructor, the e-commerce Web application server is acting as an external point-of-entry into the network:

• Ubuntu Linux 10.04 LTS Server (TargetUbuntu01)

• Apache Web Server running the e-commerce Web application server

• Credit card transaction processing occurs

• The test will include penetrating past specific security checkpoints.

• The test can compromise with written client authorization only.

Goals and Objectives

John Smith, CEO of E-commerce Sales, has requested that we perform a penetration test on the company’s production e-commerce Web application server and its Cisco network. It is our intention to run various penetration tests at irregular times in order to accurately test security measures that have been put in place. E-commerce Sales will not be aware of any of the penetration measures nor will they be aware of the times that this will be done.

Information about the network will be gathered and analyzed for any open network interfaces. Success of the test is determined by determining any potential weaknesses in the network and being able to identify solutions to protect those weaknesses. Failure is determined by the inability to pinpoint any weaknesses in the system or to find weaknesses and not be able to suggest solutions.

Tasks

During the course of the penetration testing there are several different tasks that we will have to perform. These tasks are listed…...

Similar Documents

Network Security and Ethical Hacking

...Network Security & Ethical Hacking ------------------------------------------------- ------------------------------------------------- Neal Patrick and his friends did not realise they were doing anything unethical, in fact: when asked by Congress “At what point he questioned the ethics of his actions” – he answered “Once the FBI knocked upon my door.” “I have found that inadequate network security is usually caused by a failure to implement security policies and make use of the security tools that are readily available. It’s vital that companies complete professional risk assessments and develop comprehensive security plans and infrastructures that are publicly supported by upper management” Network security is not only about the WAN (Wide Area Network) but also the LAN (Local Area Network) as the two go hand in hand. It is possible to not only have an attack from the Internet but also internally. The moment any form of computer device becomes network capable or dependent of some form of network function, there is a given need for protection to safeguard the flow of information to and from the said device on a given network whether public or private and/or from a trusted to non-trusted source. The problem with locking down a network tightly is the administrative overhead it creates. The more secure the network becomes the greater the need is for someone or a team to administrate this. Eventually you would reach a point where it becomes impossible for the end-user...

Words: 5261 - Pages: 22

Ethical Hacking

...Ethical Hacking – Is There Such A Thing? Alexander Nevermind Nelson Stewart, PhD CIS 324 December 9, 2011 ABSTRACT ------------------------------------------------- When someone hears the word hacker, many things come to mind. Bad, thief, terrorist, crook and unethical are some words that may be used to describe a hacker. The reputation of a hacker is well deserved as many company networks have been compromised with viruses and spyware causing untold millions in damage, the theft of sensitive consumer information such as Social Security numbers and financial data and the unauthorized access of classified government information. To combat these issues, many companies employ individuals called ethical hackers who, by their direction and supervision look for vulnerabilities in network systems. There are naysayers who bristle at the term “ethical hacker” saying that a hacker is a hacker but those who hold such views could be missing the point. These subjects will be discussed in detail later in the text. ------------------------------------------------- Is there such a thing as “Ethical Hacking?” Define ethical hacking and support an argument in favor or against the concept. Consider who might believe/use ethical hacking and discuss if hacking, even for the purpose of protecting human rights, is ethical. You should extend the paper beyond the topics suggested in the questions within the paper description. Ethical hacking does exist, in fact, companies...

Words: 904 - Pages: 4

Ethical Hacking

... This page was intentionally left blank This page was intentionally left blank Hands-On Ethical Hacking and Network Defense Second Edition Michael T. Simpson, Kent Backman, and James E. Corley ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest. Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or......

Words: 185373 - Pages: 742

Unit 2 Assignment 2

...NT2580 Unit 2 Assignment 2 10/1/13 1. The five vulnerabilities that exist for this LAN based workgroup are 2755801, 2501696, 2588513 2639658, 2659883. 2. Yes, the vulnerability that involves privilege elevation is 2639658 (Vulnerability in TrueType Font Parsing), but it is not a high priority. 3. 2719662 Solution: Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Apply the Microsoft Fix it solution that blocks the attack vector for this vulnerability. Disable Sidebar in Group Policy. Disable the Sidebar in the system registry. 2737111 Solution: Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. Disable WebReady document view for Exchange. 2755801 Solution: Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update. Prevent Adobe Flash Player from running. Prevent Adobe Flash Player from running on Internet Explorer 10 through Group Policy on Windows 8 and Windows Server 2012. Prevent Adobe Flash Player from running in Office 2010 on Windows 8 and Windows Server 2012. Prevent ActiveX controls from running in Office 2007 and Office 2010. Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active......

Words: 257 - Pages: 2

Lab 3 for Ethical Hacking

...Kaplan University IT542 Ethical Hacking and Network Defense Unit 2 Assignment Assignment 2 Jamie Carter Professor North Assignment 2 1. Ping, DNS lookup, traceroute utilities, and, Internet Explorer, the web browser are primary tools that come equiped in Windows. The DOS or MSDOS allow use of ping and traceroute specifically, these utilities allow for network mapping and network address or IP address identification, as well as port information. 2. The differences in the organizations are coverage areas. IANA covers the resources delegated to the other organizations (IANA, N,d,). ARIN is delegated to cover the regions of United States, Canada, several parts of the Caribbean region, and Antarctica. RIPE covers northern parts of Asia, Northern Africa, Europe, and Middle Eastern countries. 3. Sam Spade includes tools that can run WhoIs, HTML source code retrieval, trace route, ping, finger, and nslookup. These functions allow retrieval of data from network traffic, electronic mail headers, and identify origins of addresses. 4 Trace route does exactly as the name states, it traces the route of packets back to the originator. This is useful in finding different jump points and pathways to the targeted website, It traces the routes packets take from the user to the target.   It shows a route by hops. They target the host address. 5. WhoIs provides general data such as address or domain owner, contact information for owner, and linked sites to a domain...

Words: 699 - Pages: 3

Ethical Hacking

... HACKING 1. Learn about hardware - basicly how your computer works. 2. Learn about different types of software. 3. Learn DOS.(learn everything possible) 4. Learn how to make a few batch files. 5. Port scanning. ( download blues port scanner if it's your first time) 6. Learn a few programming languages HTML,C++,Python,Perl.... (i'd recommend learning html as your first lang) 7. How to secure yourself (proxy,hiding ip etc) 8. FTP 9. TCP/Ip , UDP , DHCP , 10. Get your hands dirty with networking 11. Learn diassembler language (its the most basic language for understanding machine language and very useful to ubderstand when anything is disassembled and decoded) 12. Learn to use a Unix os. (a Unix system is generally loaded with networking tools as well as a few hacking tools) 13. Learn how to use Exploits and compile them. (Perl and c++ is must) ETHICAL HACKER Traditionally, a Hacker is someone who likes to play with Software or Electronic Systems. Hackers enjoy Exploring and Learning how Computer systems operate. They love discovering new ways to work electronically. Hacker is a word that has two meanings: 1-Recently, Hacker has taken on a new meaning someone who maliciously breaks into systems for personal gain. 2-Technically, these criminals are Crackers as Criminal Hackers. Crackers break into systems with malicious Intentions An ethical hacker is a computer and network expert who attacks a...

Words: 2587 - Pages: 11

Ethical Hacking

...What is Ethical Hacking Ethical hacking provides a way to determine the security of an information technology environment – at least from a technical point of view. As the name ethical hacking already tells, the idea has something to do with hacking. But what does “hacking” mean “The word hacking has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts(who refer to cyber-criminals as "crackers"), the second definition is much more commonly used.” – Definition by Internet Security Systems In the context of “ethical hacking”, hacking refers to the second definition –breaking into computer systems. It can be assumed that hacking is illegal, as breaking into a house would be. At this point, “ethical” comes into play. Ethical has a very positive touch and describes something noble which leads us to the following definition of ethical hacking: Ethical hacking describes the process of attacking and penetrating computer systems and networks to discover and point out potential security weaknesses for a client which is responsible for the attacked information technology environment. An ethical hacker is therefore a “good” hacker, somebody who uses the methods and tools of the blackhat4 community to test the security of networks and servers. The goal of an ethical hack is neither to do......

Words: 1321 - Pages: 6

Ethical Hacking

...Internet, different aspects of it are achieving the highest peak of growth. An example of it is e-commerce. More and more computers get connected to the Internet, wireless devices and networks are booming and sooner or later, nearly every electronic device may have its own IP address. The complexity of networks is increasing, the software on devices gets more sophisticated and user friendly – interacting with other devices and people are a main issues. At the same time, the complexity of the involved software grows, life cycles are getting shorter and maintaining high quality is difficult. Most users want (or need) to have access to information from all over the world around the clock. Highly interconnected devices which have access to the global network are the consequence. As a result, privacy and security concerns are getting more important. In a word, information is money. There is a serious need to limit access to personal or confidential information – access controls are needed. Unfortunately most software is not bug free due to their complexity or carelessness of their inventors. Some bugs may have a serious impact on the access controls in place or may even open up some unintended backdoors. Security therefore is a hot topic and quite some effort is spent in securing services, systems and networks. On the internet, there is a silent war going on between the good and the bad guys – between the ones who are trying hard to keep information secured and the ones who are......

Words: 8365 - Pages: 34

Ethical Hacking

...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are......

Words: 6103 - Pages: 25

Ethical Computer Hacking Course

...memorandum to: | ict director, alpine data insight company | from: | [Your Name] | subject: | PROposal for a research project on ethical computer hacking course | date: | November 9, 2014 | | | Proposal Synopsis Ethical computer hacking is one of the most essential penetration testing tools that has been used over time. Following the previous discussions, this proposal seeks to present the viability of a research project on the Ethical Computer Hacking course. Furthermore, apart from the benefits and associated shortcomings of a course on ethical hacking as a solution, this document presents the methodology for the execution of the research project and further illuminates the qualifications of the research personnel. Project Description Over time, more businesses are increasingly integrating information systems with their core business processes to increase efficiency and the overall output. Information systems have therefore become an integral part of business processes – IT is a key driver of business and governmental processes. In fact, studies assert that both government agencies and business have migrated their data and processing units to the ‘cloud (Vacca, 2012)’. In this sense, both the security threats and attacks on information systems have increased in the same magnitude over time. Corporate data centers have become the center of interest for most security attacks. Unfortunately, even though there have been several incidences of data theft and......

Words: 1135 - Pages: 5

Ethical Hacking Lab 2

...Lab #2 – Assessment Worksheet Applying Encryption and Hashing Algorithms for Secure Communications Ethical Hacking Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you applied common cryptographic techniques to ensure confidentiality, integrity, and authentication. You created an MD5sum and SHA1 hash on a simple text file on a Linux virtual machine and compared the hash values of the original files with those generated after the file had been modified. Next, you used GnuPG to generate an encryption key pair and encrypted a message. Finally, you used the key pairs to send secure messages between two user accounts on the virtual machine and verified the integrity of the received files. Lab Assessment Questions & Answers 1. Compare the hash values calculated for Example.txt that you documented during this lab. Explain in your own words why the hash values will change when the data is modified. The harsh value would change because of course there is a change in data of the file "Example.txt" so if the file should be transfer from the source to the destination with different hash string, for example the source hash string is 3ddhyhhhs47878, and when it reach the destination......

Words: 662 - Pages: 3

Ethical Hacking

...Ethical hacking by C. C. Palmer The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization’s secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients. T he term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as: HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically...

Words: 6482 - Pages: 26

Unit 2 Assignment 2

...Asimo Unit 2 assignment 2 | AbstractASIMO is a humanoid Robot that was built to genuinely help people. Linda Vaughn | Asimo Unit 2 assignment 2 | AbstractASIMO is a humanoid Robot that was built to genuinely help people. Linda Vaughn | Linda Vaughn GS1145T 10/3/2015 Why Create ASIMO? ASIMO is humanoid robot created to duplicate human motion and genuinely help people. ASIMO took more than two decades of persistent study, research, trial and error before achieving a humanoid robot. ASIMO's design, development and operation rely on many different disciplines including Mathematics, Physics, Anatomy, Engineering and Computer Science. In 1986 Honda engineer’s set out to create a walking humanoid robot early models (E1, E2, and E3) focused on developing legs that could simulate the walk of a human. Models (E4, E5, and E6) focused on developing walk stabilization and climbing stairs. Then the head, arms and body were added to improve balance. Hondas first robot P1 was rather rugged standing at 6’2 and weighing at 386lbs. P2 had a more friendly design. P3 model was more compact standing at 5’2 and weighing 287lbs. ASIMO can run, walk on uneven slopes and surfaces turn smoothly and reach and grab for objects. ASIMO can also comprehend and respond to simple voice commands. It can also recognize the face of a selective group of individuals using camera eyes. It can also map environment and register stationary objects and can avoid moving objects as it moves......

Words: 598 - Pages: 3

Unit 2 Assignment 2

...Unit 2 assignment 2 Legislation- Human rights act- an act of parliament of the UK- the royal assent for this act was received the 9th of November 1998 with a commencement in 2000. It is an act to give further effect to rights and freedoms guaranteed under the European convention on human rights. Rights: -Right to life -Freedom from torture and inhuman or degrading treatment -Right to liberty and security -Freedom from slavery and forced labour -Right to a fair trial -No punishment without law -Respect for your private and family life, home and correspondence -Freedom of thought, belief and religion -Freedom of expression -Freedom of assembly and association -Right to marry and start a family -Protection from discrimination in respect of these rights and freedoms -Right to peaceful enjoyment of your property -Right to education -Right to participate in free elections This act promotes anti discriminatory practice in a way that it gives everyone the rights they deserve which can’t be taken away from anyone, therefore everyone is equal in what they can do. Data protection act- The data protection act defines UK laws on processing data on identifiable living people. It covers any data which can identify a person such as address, name, Humber, email, information is to be used fairly and lawfully. It is only used for limited specific purposes and in a way that is relevant, adequate and excessive. This promotes anti discriminatory practice as it helps protect......

Words: 4206 - Pages: 17

Ethical Hacking

...Chapter 1 Ethical Hacking Overview    Describe the role of an ethical hacker Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker Hands-On Ethical Hacking and Network Defense 2  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings, does not solve problems  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network Hands-On Ethical Hacking and Network Defense 3  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission Hands-On Ethical Hacking and Network Defense 4  Script kiddies or packet monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Experienced penetration testers write programs or scripts using these languages  Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript, Visual Basic, SQL, and many others  Script  Set of instructions that runs in sequence Hands-On Ethical......

Words: 1129 - Pages: 5

مواضيع مثبتة | TV Movie | saison 8, épisode 11 - Pour quelques bretzels de plus