IST 462
Test 2, Part 1
NAME: Omar A Liendo
After answering the following questions, name your file:
LastName.FirstName.Test2Part1
and save your file in the correct folder on Blackhawk.
1.
Define the term back door and explain how one is created.
Back door is when an attacker creates an account on a host computer without the user’s
permission or knowledge. This back door can later be used to access the computer remotely
without any trace.
2.
Explain the concept of DNS poisoning. What kinds of addresses are used?
DNS Poisoning is an attack that substitutes a fraudulent address in a Domain Name System
server. In the Host Table name system so the attacker can create new entries to redirect users
to fraudulent sites. DNS poisoning can also be achieved by using a fraudulent DNS server
considering that DNS servers exchange information among themselves (zone transfers)
3.
DNS spoofing is a specific form of DNS poisoning. Explain how DNS spoofing works.
We can spoof our address in order to conduct malicious activities that then would be attributed to
valid users.
You can spoof your address so that malicious activities would be attributed to a valid user
- Spoof our network address with an address of a known and trusted host in order that the
target computer would accept the packet.
- Create a fictitious screen asking for the user’s username and password is displayed,
allowing the attacker to capture this private information.
- Wireless devices mostly communicate with a common AP. An attacker can set up his AP
device and have all wireless devices to communicate with his malicious device instead of
the legitimate Access Point.
4.
Define ARP poisoning and explain how this can take place. What kinds of addresses are
involved in this type of attack?
In ARP poisoning is an attack in where the media access control address in the ARP cache is
changed or corrupted so that the corresponding Internet Protocol address points to a different
device (malicious)
5.
What is war driving? Is it illegal?
War driving is the action of driving or walking around an area trying to pickup wireless
connections that are available in the area. There is no specific law against war driving; however,
some states prohibit the unauthorized access to networks. As of today nobody has been legally
convicted for war driving.
6.
Suppose a company owns an IP address of 198.60.18.0/24. Through subnetting they want
to create four equal-size subnets.
A.
How many bits will this sub-netting require?
32
B.
Where are these bits located?
C.
Give two ways this can improve network security.
-
7.
Create several subnets
Sub-netting
Describe the concept of a VLAN. How does this improve network security?
A virtual network allows users that are scattered around on different areas such as
campuses, or floors in a building to connect with each other under the same network. A virtual
network improves increase security as it keep is away from the internet making it harder for
attackers to penetrate it.
8.
Describe how NAT works. What kinds of addresses are involved? Explain how it works.
Network Address Translation hides network IP addresses of the network devices from
attackers. Here, computers use a special type of addresses called Private address. These
private addresses work the same way as a regular IP address as long as they are used inside
the private network.
In networks using NAT, an IP address is not really assigned to a specific device like regular
addresses; instead, these addresses can be used by anyone in the private network. When a
packet leaves the private network, NAT replaces the private IP address and replaces it with
an alias IP address. Similarly, when the packet returns to the NAT network, the process is
reversed.
All of these variables make it really hard for attackers to determine the actually IP address of
the sender.
9.
Explain the concept of a honey pot. How does this improve network security?
A honey-pot is a server that is used to trap attackers. The primary purposes of honey-pots
include the following:
-
10.
Deflect attention – It can distract attackers by directing their attention away from
legitimate servers.
Early warnings of new attacks – It reveals new attacks that are being performed just so
administrators can increase security.
Examine attacker techniques – It keeps a log that allows network administrators to take a
look at how attackers are trying to break into the network devices.
Explain what a DMZ is and describe how it enhances network security.
DMZ stands for Demilitarized Zone and it is a network that sits outside a private network
and its used to provide outside services such as email and … DMZ’s enhance network security as
the attackers would get stuck on the DMZ and would not be able to access the private network
behind it.
11.
Explain how a NAC works. How does it enhance network security?
NAC is a technology that examines the current state of a system and corrects any deficiencies
before it allows us to connect to the network. Its goal is to prevent computers with suboptimal security from potentially infecting other computers throughout the network.
12.
In the Windows NAC system, what happens if a client is not approved for connection to
the network?
It gets locked out and denies access to that client.
13.
In Lab 4.2 we monitored FTP data using what program?
14.
Does FTP encrypt data in transit? Explain.
15.
Explain the following Snort rule:
Log icmp any any -> 192.168.21.0/24 111
Log ICMP protocol of any IP address and any port. The arrow differentiates between the
source and the destination so the destination is 192.168.21.0 in CIDR notation and the
destination port follows (111) so the rules instructs Snort to ignore any packets that are not
being sent to port 111
16. What type of network attack is shown in the following figure? DNS POISONING