Al-Dubaisi.Yaser.Test2Part1

advertisement
NAME : Yaser Al-dbuaisi
IST 462
Test 2, Part 1
After answering the following questions, name your file:
LastName.FirstName.Test2Part1
and save your file in the correct folder on Blackhawk.
1.
Define the term back door and explain how one is created.
back door is an account that is secretly set up without the administrator’s knowledge or permission, that
cannot be easily detected, and that allows for remote access to the device.
It can be created by a virus or worm.
2.
Explain the concept of DNS poisoning. What kind of addresses are used?
DNS poisoning is substituting a fraudulent IP address to target a fraudulent computer or attacker Pc.
On other words, changing the IP address for a domain so that it the domain redirects you to
fraudulent computer or domain.
Domain Name Addresses are used in DNS poisoning.
3.
DNS spoofing is a specific form of DNS poisoning. Explain how DNS spoofing works.
DNS spoofing is substituting a fraudulent IP address for a domain in an external DNS server.
An attacker can redirect all those who visit paypal.com website to his/her website by changing the
DNS IP address in (Zone Transfer).
4.
Define ARP poisoning and explain how this can take place. What kind of addresses are
involved in this type of attack?
Changing the MAC address in the ARP cache so that the corresponding IP address would point to a
different computer
MAC address are used.
5.
What is war driving? Is it illegal?
War driving is mapping wireless network by driving or walking through different areas.
Yes it illegal unless it is used to gain access for these wireless networks.
6.
Suppose a company owns an IP address of 198.60.18.0/24. Through subnetting they want
to create four equal-size subnets.
A.
How many bits will this subnetting require?
24bits
B.
Where are these bits located?
198.60.18. X -- X=bits that are used in subentting
C.
Give two ways this can improve network security.
1- Using NAT to reduce the number of the IPs that are used
2- Using NAC to block any computer which has a virus or update issues from connecting to
the network.
7.
Describe the concept of a VLAN. How does this improve network security?
VLAN uses the idea of separating workgroups in the network using switches from the core
switch. This will reduce the traffic and load in the network since each workgroup
communications go through a limited number of switches.
8.
Describe how NAT works. What kind of addresses are involved? Explain how it works.
NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address.
IP addresses are involved.
Example:
User
Server
IP : 192.168.0.2
IP:1.0.0.1
Send req to 192.168.0.2
9.

External Server
IP:162.128.0.3
Send request to 1.0.0.1
Explain the concept of a honey pot. How does this improve network security?
Honeypot is a computer that is used in network as trap for attackers to get some information
about the techniques that are used in the attack. It will improve network admin knowledge about
these techniques.
10.
Explain what a DMZ is and describe how it enhances network security.
DMZ is like separating into two zone one is private and the other is public. This can reduce the
number of attacks that are done in private network since outsider cannot access the private
network when DMZ is used.
11.
Explain how a NAC works. How does it enhance network security?
NAC is like setting rules and requirements in the networks so that no one can access the network
without having these requirements. So, Admin can make sure that those who do not have an
Anti-virus cannot access the network and this can prevent the network form malware.
12.
In the Windows NAC system, what happens if a client is not approved for connection to
the network?
The client is being redirected into a zone so that the client can see what is exactly that s/he has
to do to connect the network.
13.
In Lab 4.2 we monitored FTP data using what program?
Using Wireshark
14.
Does FTP encrypt data in transit? Explain.
No.
15.
Explain the following Snort rule:
Log icmp any any -> 192.168.21.0/24 111
Put in the log file the information about all who use icmp protocol, has an IP in range
192.21.21.0/24 and use 111 port.
16.
What type of network attack is shown in the following figure?
DNS poisoning