Mang-May-Tinh-Nang-Cao - cn2 - Lab3 - (Cuuduongthancong - Com)

Lab 3:
Network Security Threats
Student Name: Hoàng Nguyễn Anh Quốc

Student No: 51002641
I. Objectives
Get to know some common network security threats
Using Nmap to analyze vulnerabilities of a specific host
II. Preparation
Download and install nmap from http://nmap.org/, select the version that is appropriate to
your operating system version.
III. Some common network security threats
a. Viruses and worms
A Virus is a “program or piece of code that is loaded onto your computer without
your knowledge and runs against your wishes, Viruses can cause a huge amount of
damage to computers.
In relation to a network, if a virus is downloaded then all the computers in the
network would be affected because the virus would make copies of itself and spread
itself across networks
A worm is similar to a virus but a worm can run itself whereas a virus needs a host
program to run.
Virus: W32.UsbFakeDrive - Khi mở USB bị nhiễm virus, người sử dụng sẽ thấy
một ổ đĩa nữa trong USB đó và phải mở tiếp ổ đĩa thứ hai này mới thấy được dữ
liệu. Thực chất, ổ đĩa thứ hai chính là một shortcut chứa file virus. Khi người
dùng mở dữ liệu cũng là lúc máy tính bị nhiễm mã độc từ USB.
Worm -
nhiên
-
:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n "windows auto update" = msblast.exe
Triệu chứ
, v.v…)
b. Trojan Horses
CuuDuongThanCong.com https://fb.com/tailieudientucntt
A Trojan Horse is “a program in which malicious or harmful code is contained inside
apparently harmless programming or data in such a way that it can get control and do
its chosen form of damage, such as ruining the file allocation table on your hard disk.
In a network if a Trojan Horse is installed on a computer and tampers with the file
allocation table it could cause a massive amount of damage to all computers of that
network.
Một thí dụ mẫu về Trojan horse có ở www.freewebs.com/em_ce_do/doctor.exe. Chương
trình này sẽ tự động tắt máy khi chạy và sẽ tự chép phiên bản vào thư mục "StartUp" và
như vậy máy sẽ tự động tắt ngay lập tức mỗi lần máy được khởi động. Con Trojan horse
này sẽ tự hủy sau một giờ hoạt động hay có thể được xóa bỏ bằng cách khởi động vào chế
độ chờ lệnh (command prompt) và từ đó xóa tệp này bằng lệnh xóa. Chương trình này chỉ
chạy được trên Windows XP.
c. SPAM
SPAM is “flooding the Internet with many copies of the same message, in an attempt
to force the message on people who would not otherwise choose to receive it.
Spam mail, spam chat…
d. Phishing
Phishing is “an e-mail fraud method in which the perpetrator sends out legitimate-
looking emails in an attempt to gather personal and financial information from
recipients.
e. Packet Sniffers
A packet sniffer is a device or program that allows eavesdropping on traffic travelling
between networked computers. The packet sniffer will capture data that is addressed
to other machines, saving it for later analysis.
In a network a packet sniffer can filter out personal information and this can lead to
areas such as identity theft so this is a major security threat to a network.
 Giải pháp: mã hóa dữ liệu được gửi đi để tránh sniff các thông tin quan trọng.
f. Maliciously Coded Websites
Some websites across the net contain code that is malicious. Malicious code is
“Programming code that is capable of causing harm to availability, integrity of code
or data, or confidentiality in a computer system.
The source code of this page contains various “.js” files. The “search.js” file is infected
with malicious JavaScript code. Here is the source code of that file:
The malicious JavaScript code is inserted at the bottom of this “.js” file. Here is the
malicious content:
g. Password Attacks
Password attacks are attacks by hackers that are able to determine passwords or find
passwords to different protected electronic areas.
Many systems on a network are password protected and hence there are more chances
for a hacker to hack into the systems and steal data.
Dùng keylogger, sniff hoặc phishing… để lấy password.
h. Hardware Loss and Residual Data Fragments
Hardware loss and residual data fragments are a growing worry for companies,
governments etc.
i. Shared Computers
Shared computers are always a threat.
Shared computers involve sharing a computer with one or more people.
1 máy tính mang virus kết nối vào mạng LAN và máy này cho phép các máy khác truy cập
vào. Hậu quả có thể là toàn bộ máy trong mạng LAN bị nhiễm virus.
j. Zombie Computers and Botnets
“A zombie computer, or “drone” is a computer that has been secretly compromised
by hacking tools which allow a third party to control the computer and its resources
remotely.
A hacker could hack into a computer and control the computer and obtain data.
A botnet “is a number of Internet computers that, although their owners are unaware
of it, have been set up to forward transmissions (including spam or viruses) to other
computers on the internet.
This is a major security threat on a network because the network, unknown to
anyone, could be acting as a hub that forwards malicious files etc to other computers.
Hacker dùng kiểu tấn công DdoS và click fraud để hướng nạn nhân click vào các trang
web, quảng cáo của họ.
Exercise:
1. Give example and solution for each threat
IV. NMap
Nmap, short for Network Mapper, is a very versatile security tool that should be included
in every professional’s toolkit. Nmap is an open source utility for network exploration,
security scanning and auditing. It comes with a very wide range of options that can make
the utility more robust and can add or change features to your specifications.
Nmap was created by Gordon Lyon, a.k.a. Fyodor Vaskovich, and first published in
1997. Since the source code has been available the software has been expanded greatly.
In addition to improvements in the functionality of the program, graphical user interfaces
and support for numerous operating systems have been developed. Currently Nmap can
run on Linux, Windows, OS X, FreeBSD, Solaris, Amiga, HP-UX, and others. GUI
versions are also available on most of these systems along with the command line
versions. There are also implementations that can take advantage of web browsing to
allow for access to Nmap via a web browser.
Nmap is very popular among security professionals as well as black hat hackers because
of its numerous uses. The most recent version of the program can be used to check for
network host discovery, port scanning, version and OS detection, network inventory, ping
sweeps, and detailing logging mechanisms. These various uses are all important, but what
the most basic sections of the program deal with are host discovery and port scanning.
Nmap can be used to check to see what other devices and machines are connected to the
network. It can also be used to check which ports on these devices are open and closed.
The results of these type scans can be saved to a log file which can be analyzed at a later
time or saved for future comparison.
Complete documentation and download information can be found at http://nmap.org/ as
well as much more information pertaining to the use of the product.
Nmap is often used in combination with other open source security tools such as Snort,
Nessus, and Wireshark to help secure networks from attacks. In combination with these
other tools a powerful security suite can be established that can help to ensure protection
of networks. Other important techniques to follow include frequently patching all
systems, routine security audits, and enforcement of security policies.
a. Host Discovery Using NMAP
At the command line, type “nmap” and press Enter to see available nmap scan types and
options.
2. Which is the option to determine whether a host is online or not?
At the command line, type “nmap –sP [Network Address].*”and press Enter. The * at
the end of the network address means to scan every possible IP address on that network.
The –sP option tells Nmap to only perform a ping scan (host discovery), then print out
the available hosts that responded to the scan. This will take some time, please be patient.
You can press Enter to check the progress of the scan.
3. How many hosts did you discover? 57
4. How many IP addresses were scanned? 256
5. What are the IP addresses of the hosts? (List 5 IP addresses)
Host is up (0.066s latency).
MAC Address: 00:0E:84:54:E2:FF (Cisco Systems)
Nmap scan report for 172.28.13.2
MAC Address: EC:30:91:EC:C0:41 (Cisco Systems)
MAC Address: 00:25:45:22:92:76 (Cisco Systems)
MAC Address: 00:17:E0:15:22:80 (Cisco Systems)
MAC Address: 00:17:E0:15:17:C0 (Cisco Systems)
Minh họa cho câu 3,4,5:
Starting Nmap 6.40 ( http://nmap.org ) at 2013-09-18 Nmap scan report for 172.28.13.56 MAC Address: 70:F1:A1:35:FF:E8 (Liteon
13:42 SE Asia Standard Time Host is up (0.0010s latency). Technology)
Nmap scan report for 172.28.13.1 MAC Address: 00:24:E8:2D:29:3A (Dell) Nmap scan report for 172.28.13.134
Host is up (0.066s latency). Nmap scan report for 172.28.13.57 Host is up (0.00s latency).
MAC Address: 00:0E:84:54:E2:FF (Cisco Systems) Host is up (0.0010s latency). MAC Address: 00:25:64:CC:91:E4 (Dell)
Nmap scan report for 172.28.13.2 MAC Address: 08:00:27:C8:60:54 (Cadmus Computer Nmap scan report for 172.28.13.135
Host is up (0.0020s latency). Systems) Host is up (0.00s latency).
MAC Address: EC:30:91:EC:C0:41 (Cisco Systems) Nmap scan report for 172.28.13.58 MAC Address: 00:24:E8:2D:18:AC (Dell)
Nmap scan report for 172.28.13.5 Host is up (0.0010s latency). Nmap scan report for 172.28.13.137
Host is up (0.0020s latency). MAC Address: 08:00:27:FF:D0:B2 (Cadmus Computer Host is up (0.00s latency).
MAC Address: 00:25:45:22:92:76 (Cisco Systems) Systems) MAC Address: 00:24:E8:2D:26:AE (Dell)
Nmap scan report for 172.28.13.6 Nmap scan report for 172.28.13.62 Nmap scan report for 172.28.13.145
Host is up (0.0030s latency). Host is up (0.00s latency). Host is up (0.00s latency).
MAC Address: 00:17:E0:15:22:80 (Cisco Systems) MAC Address: 00:50:56:2D:6C:B7 (VMware) MAC Address: 00:24:E8:2D:29:35 (Dell)
MAC Address: 00:17:E0:15:17:C0 (Cisco Systems) MAC Address: 00:50:56:37:1B:B2 (VMware) MAC Address: 00:24:E8:2D:2B:E0 (Dell)
MAC Address: 00:21:5E:57:18:6E (IBM) MAC Address: 70:F1:A1:35:FF:E8 (Liteon MAC Address: 00:21:5E:29:67:D7 (IBM)
Nmap scan report for 172.28.13.15 Technology) Nmap scan report for 172.28.13.157
Host is up (0.00s latency). Nmap scan report for 172.28.13.77 Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:17:63 (Dell) Host is up (0.013s latency). MAC Address: 00:24:E8:2D:26:4B (Dell)
Nmap scan report for 172.28.13.27 MAC Address: 1C:65:9D:2C:B4:A1 (Liteon Nmap scan report for 172.28.13.160
Host is up (0.00s latency). Technology) Host is up (0.0010s latency).
MAC Address: 00:25:90:0F:15:AC (Super Micro Nmap scan report for 172.28.13.79 MAC Address: 00:24:E8:2D:24:AB (Dell)
Computer) Host is up (0.013s latency). Nmap scan report for 172.28.13.166
Nmap scan report for 172.28.13.28 MAC Address: 00:22:FB:5C:CF:A6 (Intel Corporate) Host is up (0.020s latency).
Host is up (0.00s latency). Nmap scan report for 172.28.13.81 MAC Address: 00:26:C7:DB:71:72 (Intel Corporate)
MAC Address: 00:25:90:30:EA:DC (Super Micro Host is up (0.013s latency). Nmap scan report for 172.28.13.167
Computer) MAC Address: 1C:65:9D:2C:B4:A1 (Liteon Host is up (0.00s latency).
Nmap scan report for 172.28.13.29 Technology) MAC Address: 20:CF:30:4B:E8:CB (Asustek
Host is up (0.0010s latency). Nmap scan report for 172.28.13.91 Computer)
MAC Address: 00:25:90:30:EA:80 (Super Micro Host is up (0.010s latency). Nmap scan report for 172.28.13.168
Computer) MAC Address: AC:81:12:00:DA:3D (Gemtek Host is up (0.00s latency).
Nmap scan report for 172.28.13.41 Technology Co.) MAC Address: 48:5B:39:66:D2:87 (Asustek Computer)
Host is up (0.0010s latency). Nmap scan report for 172.28.13.92 Nmap scan report for 172.28.13.171
MAC Address: 00:22:19:AC:65:16 (Dell) Host is up (0.00s latency). Host is up (0.0010s latency).
Nmap scan report for 172.28.13.42 MAC Address: 00:24:E8:2D:29:26 (Dell) MAC Address: 14:FE:B5:B4:5F:B5 (Dell)
MAC Address: 00:0C:29:7A:23:58 (VMware) Host is up (0.0010s latency). Host is up (0.0010s latency).
Nmap scan report for 172.28.13.43 MAC Address: 00:24:E8:2D:2A:D5 (Dell) MAC Address: 00:24:BE:46:49:E5 (Sony)
MAC Address: 00:0C:29:00:DD:40 (VMware) Host is up (0.0010s latency). Host is up (0.0020s latency).
Nmap scan report for 172.28.13.44 MAC Address: 00:24:E8:2D:18:8F (Dell) MAC Address: 00:24:E8:2D:2B:C7 (Dell)
MAC Address: 00:0C:29:65:A3:B9 (VMware) Host is up (0.0010s latency). Host is up (0.0020s latency).
Nmap scan report for 172.28.13.45 MAC Address: 00:24:E8:2D:29:D0 (Dell) MAC Address: F0:4D:A2:BF:3B:5F (Dell)
MAC Address: 00:0C:29:B1:AF:D5 (VMware) Host is up (0.00s latency). Host is up (0.00s latency).
Nmap scan report for 172.28.13.46 MAC Address: 00:24:E8:2D:2A:84 (Dell) MAC Address: 00:21:5E:29:68:8C (IBM)
MAC Address: 00:0C:29:29:ED:60 (VMware) Host is up (0.00s latency). Host is up (0.0020s latency).
Nmap scan report for 172.28.13.47 MAC Address: 00:24:E8:2D:16:F1 (Dell) MAC Address: 00:24:E8:2D:16:CB (Dell)
MAC Address: 00:0C:29:7A:3A:AC (VMware) Host is up (0.00s latency). Host is up (0.0010s latency).
Nmap scan report for 172.28.13.49 MAC Address: 00:24:E8:2D:25:E5 (Dell) MAC Address: 00:21:5E:28:BF:58 (IBM)
MAC Address: 00:0C:29:6C:BC:7D (VMware) Host is up (0.00s latency). Host is up.
Nmap scan report for 172.28.13.55 MAC Address: 00:24:E8:2D:2A:71 (Dell) Nmap done: 256 IP addresses (57 hosts
Host is up (0.0010s latency). Nmap scan report for 172.28.13.132
MAC Address: 00:21:5E:28:BE:FC (IBM) Host is up (0.018s latency). up) scanned in 12.63 seconds
You can also use Nmap to scan other networks (use –n option to save time). For example,
if the available networks are 192.168.101.*, 192.168.102.*, 192.168.103.*, and
192.168.104.*, you can type “nmap –sP 192.168.101‐104.* ‐n” to scan all networks in
one command. “101‐104” means the range of the networks 101, 102, 103, and 104.
b. Port Scan
Nmap is an efficient port scanner. Port scanning is to detect any valunabilitis on a
network or host computer. Network administrator can use Nmap to detect undesired
services running on a network. The simple command nmap target scans more than 1660
TCP ports on the host target and indentify open ports. In the following exercise, you will
use nmap to scan port on a host.
Identify the IP address of your network’s default gateway. At the command line, type
“nmap [Default Gateway IP Address]” and press Enter. This may take several
seconds.
6. How many ports are open? 1 (1309/tcp)

7. Does the target host the web, ftp, and telnet services? jtag-server
(Yêu cầu đưa hình ảnh minh họa được đưa ra sau buổi học lab nên mục này chưa có hình.)
Identify another target on your local area network. You can use a target host that you
have discovered in the earlier exercise. At the command line, type “nmap –sT [target]”
and press Enter. This may take several seconds. The –sT option is to perform a TCP port
scan.
Use –O option to discover the operating system of your target. At the command line, type
“nmap –O [target]”.
8. Identify which ports are open on a specific machine, corresponding services and their
versions. How can an attacker exploit these information?
Starting Nmap 6.40 ( http://nmap.org ) at 2013-09-18 14:10 SE Asia Standard Time

Not shown: 984 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
554/tcp open rtsp
2869/tcp open icslap
3389/tcp open ms-wbt-server
5357/tcp open wsdapi
5800/tcp open vnc-http
5900/tcp open vnc
10243/tcp open unknown
MAC Address: 00:24:E8:2D:18:AC (Dell)
Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds
V. References
http://www.itsecurity.com/
http://nmap.org/

Mang-May-Tinh-Nang-Cao - cn2 - Lab3 - (Cuuduongthancong - Com)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mang-May-Tinh-Nang-Cao - cn2 - Lab3 - (Cuuduongthancong - Com)

Uploaded by

Copyright:

Available Formats

Lab 3:

Network Security Threats

Student Name: Hoàng Nguyễn Anh Quốc

1. Give example and solution for each threat

a. Host Discovery Using NMAP

6. How many ports are open? 1 (1309/tcp)

Starting Nmap 6.40 ( http://nmap.org ) at 2013-09-18 14:10 SE Asia Standard Time

Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds

You might also like