Premium Essay

Lab 1 Securing Systems

In: Computers and Technology

Submitted By cocokes
Words 291
Pages 2
Lab #1 – Assessment Worksheet Assessing and Securing Systems on a Wide Area Network (WAN)

1. What is the first Nmap command you ran in this lab? Explain the switches used.
The first nmap command used was nmap -O -v 10.20.100.50. -O was to detect the operating system of the 10.20.100.50 machine, while -v showed much detail.

2. What are the open ports when scanning 192.168.3.25 and their service names?
There are twelve open ports. 80 is HTTP services, 135 is the Microsoft EPMAP aka DCE/RPC locator service, 139 is the NetBios session service, 445 is the Microsoft-DS, SMB file sharing, and the common internet file sharing, 3389 is the RDP, 5357 is the web services for devices, and 49152 to 49157 is the DCOM or ephemeral ports.

3. What is the command line syntax for running an SMB vulnerability scan with Nmap against 10.20.100.50? nmap --script=smb-check-vulns -p445 10.20.100.50

4. Explain why SMBv2 DoS (CVE-2009-3103) is bad.
It allows a denial of service attack with the blue screen of death. It makes the system a high risk system.

5. What is the operating system of IP address 192.168.40.238?
The operating system is FreeBSD 7.X|8.X|9.X|10.X The only open port is port 22 which indicates it is the SSH.

6. What are the reverse IP addresses for the three remote computers scanned in this lab?
10.20.100.50 is 50.100.20.10-apples.colo9.sg.com. 192.168.3.25 is 25.3.168.192-WASHDC103.mainstreet.coresite.com. 192.168.40.238 is…...

Similar Documents

Free Essay

Lab 1: Microscopy and the Metric System

...Lab 1: Microscopy and the Metric System Purpose The purpose of this lab is to become familiar with the lighted microscope, how to prepare a wet mount, and understand taking measurements in the metric system and its conversions.  Materials & Methods Materials: Part A: * Computer for videos Part B: * Tape measure with centimeters * Scale that measures grams * Thermometer that shows Celsius * Campbell Biology Book * 1 piece Orange Starburst Methods: Part A: Combined Lighted Microscope 1. Watch video on microscope 2. Answer the provided questions on the microscope Wet Mount: 1. Watch video on wet mount 2. Explain the process of creating a wet mount Part B: Width of Book: 1. Lay book flat 2. Take the measuring tape and measure the width of the book in centimeters Mass of Orange Starburst: 1. Place the scale on flat surface 2. Zero the scale and set the display to grams 3. Place the orange starburst and write down the mass in grams Meniscus: 1. Answer the provided question on Meniscus in a graduated cyclinder Temperature: 1. Set thermometer to display temperature in Celsius 2. Take room temperature by turning on the thermometer and noting temperature 3. Take body temperature by placing the thermometer on the back of your hand Results Part A: Microscopy 1) Parts of a compound microscope and their functions. a) Focal Adjustment- helps adjusts the slide into focus b) Eyepiece- the......

Words: 856 - Pages: 4

Premium Essay

Lab 1

...Assessment Worksheet 111 LAB #7 – ASSESSMENT WORKSHEET Relate Windows Encryption and Hashing to Confidentiality and Integrity Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview This lab demonstrated how hashing tools can be used to ensure message and file transfer integrity and how encryption can be used to maximize confidentiality. Common hashing and encryption tools, including MD5, SHA1, and GnuPG, were used. You used GnuPG to generate both a public and private key and a secret key for encryption only. Lab Assessment Questions & Answers 1. If you and another person want to encrypt messages, should you provide that person with your public 7 Relate Windows Encryption and Hashing to Confidentiality and Integrity key, private key, or both? You should both provide each other with your public keys. 2. What does GPG allow you to do once it is installed? GPG allows you to encrypt and decrypt data and generate public and private keys. 3. Name two different types of encryption supported by GPG for your key. GPG supports symmetric ciphers DES and Blowfish as well as asymmetric ciphers ELGamal and RSA. 112 LAB #7 | Relate Windows Encryption and Hashing to Confidentiality and Integrity 4. What happens when you sign and trust a new key to your keychain? A new private and public key is created with a fingerprint for non repudiation. 5. If a user sends you his/her public key, will he/she be able to decrypt your......

Words: 472 - Pages: 2

Premium Essay

Lab 1 Questions for Fundamentals of Information Systems Security

...Lab 1 Assessment Questions 1. Name at least five applications and tools pre-loaded on the Windows 2003 Server Target VM and identify whether that application starts as a service on the system or must be run manually? Windows Applications Loaded | Starts as Service Y/N | FileZila Server | Y | Nmap | N | WireShark | N | WinPcap | N | Tenable Network Security | N | Tftpd32-SE | N | 2. What was the DHCP allocated source IP host address for the Student VM, DHCP Server, and IP default gateway router? a. Student – 10.96.108.20 b. TargetWindows01 – 10.96.109.30 c. TargetUbunto01 – 10.96.109.36 d. TargetUbuntu02 – 10.96.109.40 3. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? e. Yes. f. 4 4. If you ping the “WindowsTarget01” VM server and the “UbuntuTarget01” VM server, which fields in the ICMP echo-request / echo-plies vary? g. The TTL on Windows was 128 while on Ubuntu the TTL was 64. 5. What is the command line syntax for running an “Intense Scan” with ZenMap on a target subnet of 172.30.0.0/24? h. Nmap –T4 –A –V –PE –PS22, 25, 80 –PA21, 23, 80, 3389 10.96.109.30 6. Name at least 5 different scans that may be performed from the ZenMap GUI and document under what circumstances you would choose to run those......

Words: 415 - Pages: 2

Free Essay

Lab 6 Securing a Server

...|ITCS202 Week 6 Lab Worksheet | Student Name: John Smith General Instructions: This worksheet will assist you in completing your Labs for this week and is the MS Word document referred to in the lab instructions. After you complete this worksheet, please save it as lastname_lab6.doc and submit. You are required to complete all sections indicated by red brackets. You will replace the red brackets and text with the indicated material. For example, for the “Student Name” section above, a completed response would look like this: Student Name: John Smith When responding with text, please leave the text red so that your instructor will be able to find your responses easily. When pasting an image, please replace the red text with the image. Guidelines for the Week 6 Lab Securing a Server and Securing Infrastructure Services Total Points: 35 • Students will be using a login to the Microsoft virtual labs. Assignments (Using Labs 8 and 9 of the Microsoft virtual labs): 1. Perform Lab 8 Exercise 1 (3 points). [pic] [pic] 2. Perform Lab 8 Exercise 2 (3 points). >[pic] [pic] 3. Perform Lab 8 Exercise 3 (3 points). [pic] [pic] 4. Perform Lab 8 Exercise 4 (3 points). [pic] [pic] 5. Perform Lab 9 Exercise 1 (3 point). [pic] [pic] 6. Perform Lab 9 Exercise 2 (4 point). [pic] [pic] 7. ......

Words: 343 - Pages: 2

Premium Essay

Lab 1

...lExercise 10: Acid-Base Balance: Activity 2: Rebreathing Lab Report Pre-lab Quiz Results You scored 100% by answering 4 out of 4 questions correctly. 1. In cases of acidosis, the pH of the blood is You correctly answered: c. less than 7.35. 2. Carbon dioxide and water form You correctly answered: a. carbonic acid (a weak acid). 3. Which of the following is true of respiratory acidosis? You correctly answered: c. The amount of carbon dioxide in the blood is greater than normal. 4. Rebreathing You correctly answered: b. is exemplified by breathing into a paper bag. 01/09/14 page 1 Experiment Results Predict Question: Predict Question: What do you think will happen to the pH and PCO2 levels during rebreathing? Your answer : b. pH will decrease and PCO2 will increase. Stop & Think Questions: Which of the following can cause respiratory acidosis? You correctly answered: c. airway obstruction Experiment Data: Condition Normal Rebreathing Min PCO2 40 40 Max PCO2 40 53.02 Min pH 7.40 7.24 Max pH 7.40 7.42 01/09/14 page 2 Post-lab Quiz Results You scored 100% by answering 4 out of 4 questions correctly. 1. Rebreathing simulates You correctly answered: a. hypoventilation and respiratory acidosis. 2. Hypoventilation results in You correctly answered: c. an accumulation of carbon dioxide in the blood. 3. The renal system can compensate for respiratory acidosis by You correctly answered: b. excreting H+ and retaining bicarbonate ion. 4. Respiratory acidosis can be......

Words: 381 - Pages: 2

Premium Essay

Securing a Linux System

...Unit 1 Discussion 1: Securing a Linux System Learning Objectives and Outcomes * You will present different views on security related to a Linux system. * You will be able to identify risks related to the implementation of a Web application in a Linux environment. Assignment Requirements A small community bank is studying the prospect of maintaining its own in-house Linux Web server for a Web application. The Web application will allow the bank’s customers to login, view their loan details, and check and save account balances. The company sends you a request for your services as a Linux and open source consultant. You grab the opportunity because you are dissatisfied with your current job. It is your first day in the community bank, and you are told that your role as a consultant will be to analyze all probable risks related to the prospective Web application. Your manager introduces you to the other employees, including Bob, who is an intern working on the development of the Web application. Bob is also the system administrator as he currently supports the local area network (LAN) environment. You discuss the Web application and its functioning in detail with Bob. Bob tells you that the server will be hosted at the bank’s location since the other servers are presently supporting their Microsoft Windows-based LAN. The Web application will run on any of the popular open source servers. Knowing your background, Bob is very excited to learn Linux and use this......

Words: 967 - Pages: 4

Premium Essay

Lab 1 Week1

...1. What is Computer Forensics? System forensics is the process of systematically examining computer media as well as network components, software, and memory for evidence. System forensics involves collecting, preserving, analyzing, and documenting evidence to reconstruct user activities. Appropriately collected evidence is often presented in court to solve criminal cases and prosecute criminals. 2. How has technology improved the way criminal investigators perform their job? Technology improved the way criminal investigators perform their jobs by making it easier to track things, there is different types of software out there today to help them with these issues, and make the jobs easier, when you have different technology to help. 3. Why would a company report or not report a compromise case? The reason a company may or may not report a compromise because if it’s not in their favor and they may report it if it’s in their favor and vice versa. They wouldn’t want to look incompetent. 4. Who is in charge of labeling and securing sensitive information? The one in charge of labeling and securing sensitive information is the forensic specialist. 5. What is the Daubert standard? The Daubert Standard provides a rule of evidence regarding the admissibility of expert witnesses' testimony during United States federal legal proceedings. 6. Why would someone use a hex editor in a forensic investigation? The reason someone would use a hex editor in a forensic......

Words: 898 - Pages: 4

Free Essay

Lab#1

...IS 3220July 7, 2014 Lab #1 Analyze Essential TCP/IP Networking Protocols 1. What is the purpose of the address resolution protocol (ARP)? ARP is used to mediate between Ethernet (and other broadcast link-level protocols) and the network layer, or IP protocols. Put more simply, ARP converts IP addresses to Ethernet addresses. 2. What is the purpose of the dynamic host control protocol (DHCP)? DHCP (Dynamic Host Configuration Protocol) is a communications protocol that lets network administrators centrally manage and automate the assignment of Internet Protocol (IP) addresses in an organization's network. http://searchunifiedcommunications.techtarget.com/definition/DHCP/ARP. Lab #2 Network Documentation 1. When you TELNET to LAN Switch 1 and LAN Switch 2, why is it a good idea to first PING an IP interface or port’s IP address? The ping verifies connectivity by sending ICMP echo packets to a host and listening for an echo reply. This will detect if there are any name resolution issues. 2. Why is using Telnet a security risk for an IP network infrastructure? Telnet sessions are in clear text and programs such as packet sniff can capture passwords and then use them to log into those sessions. 3. How can you mitigate the security risk caused by Telnet? Intrusion detection is a packet inspection tool that monitors, intercepts and responds to abuse in real time. ICMP inspection permits responses to ICMP packets like ping and traceroute that come......

Words: 427 - Pages: 2

Free Essay

Securing Linux Lab Assignment

...Week 3 Lab This lab consists of two parts. Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 5 and Unit 6 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part #1 Apply Hardened Security for Linux Services & Applications Learning Objectives and Outcomes Upon completing this lab, students will learn about the following tasks: * Harden Linux server services when enabling and installing them, and keep a security perspective during configuration * Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened before hosting a web site * Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance * Install, setup and perform basic security configuration for Sendmail to be able to leverage the built-in messaging capabilities of the Linux System * Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system Overview This lab is an extension of the previous hands-on labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. This demonstration will configure security and hardened......

Words: 2020 - Pages: 9

Premium Essay

Lab 1

...Laboratory #1 Lab #1: Evaluate Business World Transformation – Impact of the Internet and WWW Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify the security challenges on the web as they relate to various business models and the impact that is made in e-Commerce and Internet-based deployments * Extract various businesses’ personal identifiable information (PII) that is collected and stored from Internet users by a business in a web application * Distinguish among the different reasons for the attacks on web sites and determine exactly what the attackers are after when they target your WWW presence * Evaluate the current state of security on a LAMP server using Telnet, Skipfish and TCPdump to identify whether the proper tools are installed for a security evaluation of the server * Install and use Firefox Web Browser with the Live HTTP Headers plug-in Lab #1 – Compromised Business Application Impact Analysis Course Name & Number: ______________________________________________________________ Student Name: _______________________________________________________________________ Instructor Name: _____________________________________________________________________ Lab Due Date: _______________________________________________________________________ Overview The threats of the Internet go way beyond an attacker defacing your website. An attack can include......

Words: 849 - Pages: 4

Premium Essay

Ethical Hacking Lab 1

...Lab #1 – Assessment Worksheet Assessing and Securing Systems on a Wide Area Network (WAN) IT-387 Ethical Hacking Course Name and Number: _____________________________________________________ Emmanuel Garcia Student Name: ________________________________________________________________ Jacob Boaheng Instructor Name: ______________________________________________________________ 09/29/2014 Lab Due Date: ________________________________________________________________ Overview In this lab, a systems administrator for the securelabsondemand.com network has reported odd behavior on two servers that support legacy applications you first conducted internal penetration tests (also called a vulnerability scan) on each system and then helped secure those systems by configuring firewalls and removing vulnerable open ports. Lab Assessment Questions & Answers 1. What is the first Nmap command you ran in this lab? Explain the switches used. The first Nmap command I ran on the the lab was nmap -O -v 10.20.100.50. To explain the switches used winch are re presented with (-O) and (-v). (-O) means detect the operating system of the 10.20.100.50 machine and view or show the detail of the open ports. 2. What are the open ports when scanning 192.168.3.25 and their service names? After I have run the Nmap command for the 192.168.3.25 It show the port the were open such as port 80 HTTP hypertext transfer protocol, port 135 MSRPC Micro Soft Remote procedure Call, port 139 NetBios-ssn......

Words: 373 - Pages: 2

Free Essay

Securing Information Systems

...Securing information systems Kirill Borovskoy Date: Tuesday 18. November Homework 2 • Explain why information systems are vulnerable to destruction, error, and abuse. Main reason why the information systems are so vulnerable is because they are designed to be easily accessible and they do not exist in physical form per se. Digital date is stored on servers, and if anything was to happen to so called storage, the whole system goes bust. And last but not least: any system can be a subject to a hacker attack. • Describe the business value of security and control When you lose data – you lose money, simple as that. Any information you have is relevant to your business, and when this information gets into wrong hands, the same hands will be chopping pieces of your profit in no time. • Describe the components of an organizational framework for security and control First step in developing security system would be that of assessing the risk. Establishing weak points and determining the strengths of the system is of an utmost importance. Second – a security policy needs to be developed. And finally, there always has to be a contingency plan, involving all the levels of informational infrastructure. • Describe the tools and technologies used for safeguarding information resources. Firewalls and Antiviruses prevent unauthorized access to private network from happening. The very basic tool of defending the......

Words: 717 - Pages: 3

Premium Essay

Lab 1

...Unit 1 Labs Lab 1.1 Step 13 Lab 1.2 Define Major Topics for a Database NOUNS | MAJOR TOPIC | Doctors | Patients | Drugs | Side Effects | Researchers | Patient Information | Westlake Research Hospital | Conducting test of new Depression Drugs | Lab 1.3 Create a Statement of Work Scope The Software-Tracking database will be used to help manage the school’s software licensing. The software will be monitored for lifecycle and version corrections as well as keeping track of the number of users accessing the software under the constraints of the license agreement. The faculty and staff computers will be tracked for which version and licensed copy of software is currently running on each system. Constraints The database can be used for accessing the faculty and staff’s logon to the school employee website for the purpose of inputting and updating hours worked. Faculty and staff members can conduct business related work, such as adjusting work schedules, and student’s grades in the system but are not able to view student’s personal files in the registrars system. Objectives * Make for a more efficient system by allowing employees to have control of shared calendars and student’s grades. * Improve the tracking of Software Licensing and the Lifecycle of programs. Tasks and Timeline 1. Gathering Data: Meet with School Board and those involved to discuss the needs and wants for a database. Time Allotted: 3 weeks. Deliverables: A list of......

Words: 365 - Pages: 2

Free Essay

Lab #10 Securing the Network with an Intrusion Detection System (Ids)

...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS......

Words: 3209 - Pages: 13

Free Essay

Securing Internet Client and Server Applications on Windows Systems

...Securing Internet Client and Server Applications on Windows Systems Assessment Worksheet Note: This tab is for reference only. Please see your instructor to determine the assessment they wish you to use. Overview Both IIS and Internet Explorer can be hardened to improve confidentiality, integrity, and availability (CIA). In this lab, you identified security hardening opportunities for the IIS application, then made those changes on a Windows Server 2012 machine. Next, you will identified and modified the Internet Options for the Internet Explorer browser. Finally, you documented the changes you made and provided an explanation for how each change helps achieve CIA. Lab Assessment Questions & Answers 1. What are the steps you took to harden IIS? Disabled services not used by functional roles and blocked ports that were not in use. These steps are necessary because servers proved one or more specific services on the network. 2. What are the steps you took to harden the Internet Explorer browser? Opened only minimum required ports at the firewall; use encrypted connections for all communications; disabled any unneeded server features on the Web server. These are important because they heighten security. 3. As a result of this lab, which changes will you implement on your own Internet browser? Why? Disable any features that are not being used. Also turn on pop-up blocker. 4. Why should you change the directory where the log is stored? You should......

Words: 398 - Pages: 2