Add to collection(s) Add to saved
  1. No category
Uploaded by Mohammed Noori

anotheronetask1

advertisement 
lOMoARcPSD|34989993
WGU C844 Task 1 Emerging Technologies in Cyber Security
Emerging Technologies in Cyber Security (Western Governors University)
Studocu is not sponsored or endorsed by any college or university
Downloaded by Luqy (noorimohammed075@gmail.com)
lOMoARcPSD|34989993
A. Describe the network topology that you found when running Nmap.
6 hosts were found using nmap -sn 10.168.27.0/24. The hosts are in a STAR topology as shown in the
screenshot below. A star topology means that all hosts are connected to a central device, usually a
switch. This makes it easier to add and take away new hosts with no disruption to the network. The
switch also provides a central management point for all devices. The major drawback to a star topology
is the switch or central device everything connects to is a single point of failure for all devices connected
to it.
A larger screenshot of the above image.
Downloaded by Luqy (noorimohammed075@gmail.com)
lOMoARcPSD|34989993
B. Summarize the vulnerabilities on the network and their potential implications based on NMAP
results.
On 10.168.27.14, 10.168.27.20 and 10.168.27.132 I found that these devices are running on Linux kernel
2.6.32. This version has vulnerabilities such as CVE-2019-17351 which can be used to perform a denial
of service (DoS) attack. (Vulnerability Details: Cve-2019-17351)
On 10.168.27.15 I found that FileZilla FTP is running on port 21. FTP is an insecure protocol that sends
data in clear text across the network making it an easy target for gaining usernames and passwords.
Downloaded by Luqy (noorimohammed075@gmail.com)
lOMoARcPSD|34989993
10.168.27.15 is also running Microsoft Windows Server 2008R2 or a lower version as indicated in the OS
details. This is a concern as server 2008r2 is end of life and is no longer getting any updates from
Microsoft. Therefore, any vulnerabilities that were present when this OS went end of life will still be
present. A few specific vulnerabilities include CVE-2015-6125 A use-after-free vulnerability in the DNS
server could allow remote attackers to execute arbitrary code via crafted requests. A use-after-free error
occurs when a software application continues to use a pointer after it has been freed. CVE-2015-0014
The Telnet service in Windows Server 2008 is vulnerable to buffer overflows attacks, which could allow
remote attackers to execute arbitrary code specially via crafted packets. (Top 20 Critical Windows Server
2008 Vulnerabilities And Remediation Tips)
C. Describe the anomalies you found when running Wireshark. I used the file Pcap1.pcapng
The first anomaly I found when running Wireshark was a high volume of TCP traffic sent from
10.16.80.243 to the 10.168.27.0/24 network. The attacker was scanning through all ports on the source
devices presumably to map out the network.
Downloaded by Luqy (noorimohammed075@gmail.com)
lOMoARcPSD|34989993
The second anomaly I found was when I filtered for FTP traffic, I found that 10.168.27.10 was using
FileZilla FTP which is an insecure protocol that sends data unencrypted in clear text. I was able to see
the username and password used for this connection.
D. Summarize the potential implications of not addressing each of the anomalies found.
In the first Wireshark anomaly the attacker was scanning the network to map the network. By mapping
out the network the attacker would then be able to create a more focused attack based on the
information that was gathered from the port scans. Using a tool such as Nmap the attacker could figure
out which ports are open, what operating system versions are being used and what the easiest attack
surface would be.
FTP being used in the second anomaly found by Wireshark is of concern because FTP allows anonymous
login and also allows for traffic to be sent in clear text. This makes it especially easy for an attacker to
find credentials that they can try against other systems.
E. Recommend solutions
The biggest issue found when running Nmap was the use of outdated operating systems and software.
The hosts running Server 2008 or older need to be either updated to a current operating system that can
receive security and software patches or they need to be decommissioned and removed from the
network to remove the vulnerabilities associated with unsupported software. Microsoft announced that
Server 2008 will be end of life and extended support will end in 2020. Their recommendation for
Downloaded by Luqy (noorimohammed075@gmail.com)
lOMoARcPSD|34989993
environments other than Azure are to update to the latest version of the operating system before the
deadline. (End of support for Windows Server 2008 and Windows Server 2008 R2)
The devices that are running on Linux Kernel 2.6.32 need to be updated to the latest kernel version or be
removed from the network to remove the vulnerabilities associated with outdated software. Julien Grall
discovered that the Xen balloon memory driver in the Linux kernel did not properly restrict the amount
of memory set aside for page mappings in some situations. An attacker could use this to cause a denial
of service (kernel memory exhaustion). This issue was resolved in versions 5.2.3 and higher. (CVE-201917351)
To address the issue of the network being scanned and mapped the network administrator or security
team should be doing their own scans to pick up on this type of traffic and be aware of what is
happening on their network. Another thing that should be done is ports that do not need to be open
should not be open. This shrinks the attack surface available. The issue with open ports is that attackers
can easily exploit weaknesses in the applications listening on a port. Hackers can take advantage of
security vulnerabilities in older, unpatched software, weak credentials, and misconfigured services to
compromise a network. (Open Ports: What They Are and Why You Need to Secure Them)
To address the FTP issue the network team or security team should not allow FTP traffic on the network
and not allow any FTP software to be installed. A secure method for file transfer should be utilized such
as SFTP. FTP is not secure, is missing basic features, is not recommended for new tech and can be time
consuming. (Replace Your FTP Scripts to Increase Security)
F. Sources
Vulnerability Details: Cve2019-17351. CVE. (n.d.).
Retrieved September 17,
2021, from
https://www.cvedetails.co
m/cve/CVE-2019-17351/?
q=CVE-2019-17351.
Downloaded by Luqy (noorimohammed075@gmail.com)
lOMoARcPSD|34989993
Vulnerability Details: Cve2019-17351. CVE. (n.d.).
Retrieved September 17,
2021, from
https://www.cvedetails.co
m/cve/CVE-2019-17351/?
q=CVE-2019-17351.
1. Vulnerability Details: Cve-2019-17351. https://www.cvedetails.com/cve/CVE-2019-17351/?
q=CVE-2019-17351
2. Top 20 Critical Windows Server 2008 Vulnerabilities and Remediation Tips
https://www.upguard.com/blog/top-20-critical-windows-server-2008-vulnerabilities-andremediation-tips
3. End of support for Windows Server 2008 and Windows Server 2008 R2
https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-server-eos-faq/endof-support-windows-server-2008-2008r2
4. CVE-2019-17351 https://ubuntu.com/security/CVE-2019-17351 http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2019-17351
5. Open Ports: What They Are and Why You Need to Secure Them
https://www.itsasap.com/blog/why-secure-open-ports
6. Replace Your FTP Scripts to Increase Security https://www.goanywhere.com/blog/replace-yourftp-scripts-to-increase-security
Downloaded by Luqy (noorimohammed075@gmail.com)
Related documents
heart rate in daphina lab report
heart rate in daphina lab report
ftp setup
ftp setup
Req doc
Req doc
The benefits of exercise and The dangers of lack of exercise
The benefits of exercise and The dangers of lack of exercise
605 tree obstacle course
605 tree obstacle course
Activity 2
Activity 2
JISG0320-2004Standardtestmethodsforheatanalysisofsteelproducts
JISG0320-2004Standardtestmethodsforheatanalysisofsteelproducts
Chapter 7. TCP/IP Project 7A: The TCP/IP Suite of Protocols
Chapter 7. TCP/IP Project 7A: The TCP/IP Suite of Protocols
This worksheet
This worksheet
Download
advertisement