SlideShare a Scribd company logo

For your final step, you will synthesize the previous steps and la

Download as DOCX, PDF
S
ShainaBoling829

For your final step, you will synthesize the previous steps and labs to summarize the major findings from this project. Specifically, you will prepare a technical report that summarizes your findings including: 1. Provide a table of common ports for protocols we studied. Discuss how security devices can be used to within a larger network to control subnets and devices within those subnets. 2.  Discuss network diagnostic tools you used in this lab. Summarize their functionality and describe specifically how you used each tool. Discuss the results you used to assist in both the discovery phase and protocol analysis of the sites you analyzed. What tools impressed you the most and would be most useful for an analyst to employ in the daily activities? What other functionality do you think would be useful to cyber operations analysts? 3. Research and discuss the ethical use of these tools. For example, if you discover a serious vulnerability, what you should you do? What communications should you have with site owners prior to conducting vulnerability scans? The report should include a title page, table of contents, list of tables and figures (as applicable), content organized into sections. Be sure to properly cite your sources throughout, and include a list of references, formatted in accordance with APA style. Final Technical Report 31 January 2022 Llyjerylmye Amos COP 620 Project 1 Final Technical Report Well-known ports range from 0 to 1023, and are assigned by Internet Assigned Numbers Authority (IANA) base on the default services that are associated with the assigned ports. Administrators may obfuscate services that are running on well-known ports by configuring services to be utilized on unused ephemeral ports. However, the default configuration of well-known ports allow tech savvy personnel and software vendors to speak a common language when configuring networking devices, information systems (IS)s and or software applications. Within this lesson, 22-SSH, 23- Telnet, 25-SMTP, 53-DNS, 80- HTTP, 110-POP3 and 443-HTTPS were the common ports and protocols that were reviewed, table 1. Port Protocol 22 SSH 23 Telnet 25 SMTP 53 DNS 80 HTTP 110 POP3 443 HTTPS Table 1. Common ports studies. Firewalls are the most common network security devices installed on information systems (IS). According to Cisco (n.d.), “a firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules”. Security rules may be applied to specific ISs, host-based firewalls, or to the entire network, network-based firewalls to scan emails, hard drives for malware or to allow traffic on certain sections of the subnet. Firewalls are also categorized into specific type such as, proxy firewalls, stateful inspection firewalls, unified threat management firewalls, next-generation firewalls (NGFW), ...

Education
1 of 10
For your final step, you will synthesize the previous steps and labs to summarize the major findings from this project. Specifically, you will prepare a technical report that summarizes your findings including: 1. Provide a table of common ports for protocols we studied. Discuss how security devices can be used to within a larger network to control subnets and devices within those subnets. 2. Discuss network diagnostic tools you used in this lab. Summarize their functionality and describe specificall y how you used each tool. Discuss the results you used to assist in both the discovery phase and protocol analysis of the sites you analyzed. What tools impressed you the most and would be most useful for an analyst to employ in the daily activities? What other functionality do you think would be useful to cyber operations analysts? 3. Research and discuss the ethical use of these tools. For example, if you discover a serious vulnerability, what you should you do? What communications should you have with site owners prior to conducting vulnerability scans? The report should include a title page, table of contents, list of tables and figures (as applicable), content organized into sections. Be sure to properly cite your sources throughout, and include a list of references, formatted in accordance with APA style.
Final Technical Report 31 January 2022 Llyjerylmye Amos COP 620 Project 1 Final Technical Report Well-known ports range from 0 to 1023, and are assigned by Internet Assigned Numbers Authority (IANA) base on the default services that are associated with the assigned ports. Administrators may obfuscate services that are running on well-known ports by
configuring services to be utilized on unused ephemeral ports. However, the default configuration of well- known ports allow tech savvy personnel and software vendors to speak a common language when configuring networking devices, information systems (IS)s and or software applications. Within this lesson, 22-SSH, 23- Telnet, 25-SMTP, 53-DNS, 80- HTTP, 110-POP3 and 443-HTTPS were the common ports and protocols that were reviewed, table 1. Port Protocol 22 SSH 23 Telnet 25 SMTP 53 DNS 80 HTTP 110 POP3 443 HTTPS Table 1. Common ports studies. Firewalls are the most common network security devices installed on information systems (IS). According to Cisco (n.d.), “a firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules”. Security rules may be applied to specific ISs, host-based firewalls, or to the entire network, network-based firewalls to scan emails, hard drives for malware or to allow traffic on certain sections of the subnet. Firewalls are also categorized into specific type such as, proxy firewalls, stateful inspection firewalls, unified threat management firewalls, next-generation firewalls (NGFW), threat-focused
NGFWs and virtual firewalls to increase granularity on modern threats. Network diagnostic tools “allows users to monitor network traffic for various [Network Interface Card] NICs” (Microsoft, n.d.). Administrators can check IS status, services running, port connectivity and troubleshoot networking issues. Threat actors can use these devices as well to compromise systems for malicious intent. Within this lab, a few common network diagnostic tools used were Ping, Nslookup/Dig, Ipconfig/Ifconfig, Traceroute, Nmap, Wireshark and Legion. Knowing how to use network diagnostic tool and being aware of what is going on within an IS may increase security awareness and prevent system compromise. Ping may be one of the most widely used network diagnostic tools. It is an active network discovery protocol that send ICMP packets to host (s) on a network and waits for a response to determine if host (s) are available. It also measures the latency by timing the round trip time to see if data is transmitted in a timely manner. During the process, it performs domain name translation by converting domain names into IPs, and or IPs into domain names. It is integrated into most active network discovery tools, and can be simply used in a command line interface (CLI) by using the command “ping x.x.x.x” (x which stand for host IP address). In the Wireshark lab, “ping -c 4 3.91.242.220” was used against UMGC-COP- 620-Target to discover that it was an active host. Nslookup and Dig are network diagnostic tools that query domain name systems (DNS) and translate IP addresses into domain names, and vice versa. Nslookup is
supported on Window’s systems while Dig is typically on Linux systems. Dig also have the functionality to query for DNS record types such as A, AAAA and MX. In this lab, Dig was use to locate the A record for Walmart.com, which revealed an IP address of 161.170.232.170. Ipconfig/ifconfig are network diagnostic commands that allow users to view information about network interfaces and to configure them. Information such as IPv4/IPv6 address, default gateway, MAC address, subnet, DNS, DHCP, etc., can be viewed to assist with network diagnostics. Most popular operating systems (OS) offer this functionality, however the commands may differ between systems. Windows is most notably known for using ipconfig, while Linux OS operates on ifconfig in the CLI. Traceroute/tracert benefit administrators by providing feedback on network connectivity. It follows the path data is sent to its destination by sending ICMP packets, which are timed and incremented as data is traversed across each router, and calculates the returned echo to determine the network status of the device along the way. If the ICMP packet does not reach its destination, it usually indicates a network issue between the path after the last identified known good router and the next hop. It should be noted that not all incomplete traces constitutes a network issue, as administrators may configure devices to not respond to ICMP packets for security reasons. Traceroute was ran from UMGC-COP-620- Workstation to the umgc.edu web server. Traceroute indicated
that 15 routers were traversed to successfully reach umgc.edu-13.32.201.27. Nmap or Zenmap, is a scanning device use to perform inventory and or reconnaissance on devices located on a network. It identifies IP addresses, port status, services in use, along with built- in/customizable scripts to automate functionality. It is an active network diagnostic tool that capitalizes off of using ICMP packets and by manipulating TCP flags when attempting a handshake with another device. The software can be executed specifically from the CLI using Nmap or, if preferred, from the graphical user interface (GUI) by using Zenmap. Nmap -p- 3.91.242.220 was used to perform a scan on all open ports on UMGC-COP-620-Target. It indicated that 8 ports were open and that 1 was filtered, as shown in table 2. Port State Service 21 Open FTP 22 Open SSH 23 Open Telnet 25 Filter SMTP 53 Open DNS 80 Open HTTP 443 Open HTTPS 3128 Open Squid HTTP 8080 Open HTTP Proxy Table 2. Port scan on 3.91.242.220 Wireshark is a packet analyzing utility that differs from the other network diagnostic tools mentioned previously, mainly because it is a passive scanning tool. ICMP
packets are not used, instead the NIC is configured to allow data to be captured from a specify device or on an entire network when tapped into a switch. Wireshark is capable of capturing password exchanges during a three-way handshake when secure encryption protocols are not in use. Other network data can be viewed also by administrators to study the traffic on the network and to analyze the data that is passed within it. While reviewing a PCAP, with the FTP filter applied, Wireshark captured the username, anonymous, and password, anonymous from a three-way handshake between 192.168.202.128 and 192.168.202.131. Legion is a “semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems” (Ranjith, 2019). It is an all in one tool that integrates the functionality of Nmap, password crackers and vulnerability scanners. It also displays Common Vulnerabilities and Exposures (CVE)s and Common Platform Enumeration (CPE)s, which aids with associating captured vulnerabilities to the National Vulnerability Database (NVD) managed by National Institute of Standards and Technology (NIST). In the Wireshark lab, Legion revealed several open ports, their services, cracked a SSH password and displayed the CVEs associated with the vulnerability. Wireshark was an invaluable tool that captured behind the scene data that was transferred between the host and client of two sites. Unfortunately it was not able to
display the plane text data from http://stealmylogin.com nor https://umgc.edu because Transport Layer Security (TLS) was being used. However, it was able to capture the sequence number from the three way handshake, source/destination IP, source/destination port and other helpful data from the packet capture. Within this lab, Legion impressed me the most because of its easy to use, network diagnostics and inclusive penetration testing capabilities. It reduces burdens and time that would be used to switch between multiple scanning tools to diagnose network issues. It also take it a step further by incorporating password cracking and vulnerabilities assessment utilities. If the active approach was too noisy or bandwidth intense, and a stealthier method was needed, Wireshark would be a great network administration tool to monitor data flowing across the network. It is passive by nature, allow administrators to see detailed packet information, and can be ran with minimum interference on network traffic. Both tools could be used daily by administrators to increase the network’s security posture, however Legion may be required to run during hours of less network traffic. Cyber operation analyst are at the forefront of protecting the nation’s critical infrastructures and data systems from cyber-attacks, however they require accurate information about the threat and diverse functionality in network diagnostic tools. In addition to the tools used in the lab, a cyber operation analyst would benefit greatly from using a network intrusion device. An intrusion detection system (IDS) monitors the network for unusual or anomalous activity and
notifies the system administrator if erratic or suspicious behavior is taking place. Intrusion prevention systems (IPS)s are capable of completing the same tasks but may be configured to respond to the threat. Network diagnostic tools can identify a wealth of information within a network but may cause some adverse effects within it as well. Network bandwidth may be degraded, causing high priority data to be delayed or even corrupted during the process. Prior to conducting a vulnerability scan, administrators should project the schedule timelines and identify the network to scan for leadership’s approval. This will keep everyone informed of the process and deconflict with network traffic consumption during high bandwidth usage hours. References Cisco. (n.d.). What Is a Firewall? Cisco. https://www.cisco.com/c/en/us/products/security/firewalls/what- is-a-firewall.html Microsoft. (n.d.) Network Diagnostic Tool. Microsoft. https://www.microsoft.com/en-us/p/network- diagnostic-tool/9mwptk5qhvxm#activetab=pivot:overviewtab Ranjith. (2019, March 10). Legion: An Open Source, Easy-To- Use, Super-extensible & Semi-Automated Network Penetration Testing Tool. Kalitutorials. https://kalilinuxtutorials.com/legion-penetration-
testing/

Recommended

Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffingMukul Sahu
 
ANALYZING NETWORK PERFORMANCE PARAMETERS USING WIRESHARK
ANALYZING NETWORK PERFORMANCE PARAMETERS USING WIRESHARKANALYZING NETWORK PERFORMANCE PARAMETERS USING WIRESHARK
ANALYZING NETWORK PERFORMANCE PARAMETERS USING WIRESHARKIJNSA Journal
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Experiment 7 traffic analysis
Experiment 7 traffic analysisExperiment 7 traffic analysis
Experiment 7 traffic analysisnikitaa25
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with WiresharkSiddharth Coontoor
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Noorbehbahani data preprocessing for anomaly based network intrusion
Noorbehbahani data preprocessing for anomaly based network intrusionNoorbehbahani data preprocessing for anomaly based network intrusion
Noorbehbahani data preprocessing for anomaly based network intrusionnoorbehbahani
 

Recommended

Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffingMukul Sahu
 
ANALYZING NETWORK PERFORMANCE PARAMETERS USING WIRESHARK
ANALYZING NETWORK PERFORMANCE PARAMETERS USING WIRESHARKANALYZING NETWORK PERFORMANCE PARAMETERS USING WIRESHARK
ANALYZING NETWORK PERFORMANCE PARAMETERS USING WIRESHARKIJNSA Journal
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Experiment 7 traffic analysis
Experiment 7 traffic analysisExperiment 7 traffic analysis
Experiment 7 traffic analysisnikitaa25
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with WiresharkSiddharth Coontoor
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Noorbehbahani data preprocessing for anomaly based network intrusion
Noorbehbahani data preprocessing for anomaly based network intrusionNoorbehbahani data preprocessing for anomaly based network intrusion
Noorbehbahani data preprocessing for anomaly based network intrusionnoorbehbahani
 
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
Sectools
SectoolsSectools
Sectoolssecuredome
 
aaa
aaaaaa
aaahungnhatban
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 
Contents namp
Contents nampContents namp
Contents nampshwetha mk
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol AnalyzerSourav Roy
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Security tools
Security toolsSecurity tools
Security toolsSwapnil Srivastav PMP®
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpOlli-Pekka Niemi
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoringProgrammer
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection finalAkshay Bansal
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
Zmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applicationsZmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applicationslosalamos
 
Computer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XIIComputer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XIIDeepak Singh
 
Attachment 11 use of common analyzing and positioning tools
Attachment 11 use of common analyzing and positioning toolsAttachment 11 use of common analyzing and positioning tools
Attachment 11 use of common analyzing and positioning toolsChristian Silva Espinoza
 
You are assisting Dr. Jones with a procedure that has been classifie.docx
You are assisting Dr. Jones with a procedure that has been classifie.docxYou are assisting Dr. Jones with a procedure that has been classifie.docx
You are assisting Dr. Jones with a procedure that has been classifie.docxShainaBoling829
 
You are an intelligence analyst for the Federal Bureau of Investigat.docx
You are an intelligence analyst for the Federal Bureau of Investigat.docxYou are an intelligence analyst for the Federal Bureau of Investigat.docx
You are an intelligence analyst for the Federal Bureau of Investigat.docxShainaBoling829
 

More Related Content

Similar to For your final step, you will synthesize the previous steps and la

A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersJoshua Gorinson
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESIRJET Journal
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol AnalyzerSourav Roy
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpOlli-Pekka Niemi
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoringProgrammer
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection finalAkshay Bansal
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far AlleneMcclendon878
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
Zmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applicationsZmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applicationslosalamos
 
Computer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XIIComputer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XIIDeepak Singh
 
Attachment 11 use of common analyzing and positioning tools
Attachment 11 use of common analyzing and positioning toolsAttachment 11 use of common analyzing and positioning tools
Attachment 11 use of common analyzing and positioning toolsChristian Silva Espinoza
 

Similar to For your final step, you will synthesize the previous steps and la (20)

A Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User ComputersA Study Of Open Ports As Security Vulnerabilities In Common User Computers
A Study Of Open Ports As Security Vulnerabilities In Common User Computers
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
Contents namp
Contents nampContents namp
Contents namp
 
Contents namp
Contents nampContents namp
Contents namp
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURES
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol Analyzer
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensics
 
Security tools
Security toolsSecurity tools
Security tools
 
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoring
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
 
Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far Virtual Labs SniffingConsider what you have learned so far
Virtual Labs SniffingConsider what you have learned so far
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
 
Zmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applicationsZmap fast internet wide scanning and its security applications
Zmap fast internet wide scanning and its security applications
 
Computer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XIIComputer networks - CBSE New Syllabus (083) Class - XII
Computer networks - CBSE New Syllabus (083) Class - XII
 
Attachment 11 use of common analyzing and positioning tools
Attachment 11 use of common analyzing and positioning toolsAttachment 11 use of common analyzing and positioning tools
Attachment 11 use of common analyzing and positioning tools
 

More from ShainaBoling829

You are assisting Dr. Jones with a procedure that has been classifie.docx
You are assisting Dr. Jones with a procedure that has been classifie.docxYou are assisting Dr. Jones with a procedure that has been classifie.docx
You are assisting Dr. Jones with a procedure that has been classifie.docxShainaBoling829
 
You are an intelligence analyst for the Federal Bureau of Investigat.docx
You are an intelligence analyst for the Federal Bureau of Investigat.docxYou are an intelligence analyst for the Federal Bureau of Investigat.docx
You are an intelligence analyst for the Federal Bureau of Investigat.docxShainaBoling829
 
You are a Wichita Police Department detective working in the major c.docx
You are a Wichita Police Department detective working in the major c.docxYou are a Wichita Police Department detective working in the major c.docx
You are a Wichita Police Department detective working in the major c.docxShainaBoling829
 
You are a primary care physician in a large group practice that uses.docx
You are a primary care physician in a large group practice that uses.docxYou are a primary care physician in a large group practice that uses.docx
You are a primary care physician in a large group practice that uses.docxShainaBoling829
 
You are a police officer assigned to a task force that is investigat.docx
You are a police officer assigned to a task force that is investigat.docxYou are a police officer assigned to a task force that is investigat.docx
You are a police officer assigned to a task force that is investigat.docxShainaBoling829
 
You are a patient at seeing a Plastic Surgeon for a consultation. Du.docx
You are a patient at seeing a Plastic Surgeon for a consultation. Du.docxYou are a patient at seeing a Plastic Surgeon for a consultation. Du.docx
You are a patient at seeing a Plastic Surgeon for a consultation. Du.docxShainaBoling829
 
You are a new PR intern at Apple. Apple is donating 200 iPads to a l.docx
You are a new PR intern at Apple. Apple is donating 200 iPads to a l.docxYou are a new PR intern at Apple. Apple is donating 200 iPads to a l.docx
You are a new PR intern at Apple. Apple is donating 200 iPads to a l.docxShainaBoling829
 
You are a leader of a European country. You want your country to get.docx
You are a leader of a European country. You want your country to get.docxYou are a leader of a European country. You want your country to get.docx
You are a leader of a European country. You want your country to get.docxShainaBoling829
 
You are a community health educator and you have been tasked with de.docx
You are a community health educator and you have been tasked with de.docxYou are a community health educator and you have been tasked with de.docx
You are a community health educator and you have been tasked with de.docxShainaBoling829
 
You and your team have completed your fieldwork and have a handful o.docx
You and your team have completed your fieldwork and have a handful o.docxYou and your team have completed your fieldwork and have a handful o.docx
You and your team have completed your fieldwork and have a handful o.docxShainaBoling829
 
xxxx, great post. I agree that as technology has grown so has the .docx
xxxx, great post. I agree that as technology has grown so has the .docxxxxx, great post. I agree that as technology has grown so has the .docx
xxxx, great post. I agree that as technology has grown so has the .docxShainaBoling829
 
Yes Richard I agree with you. The American Red Cross has been workin.docx
Yes Richard I agree with you. The American Red Cross has been workin.docxYes Richard I agree with you. The American Red Cross has been workin.docx
Yes Richard I agree with you. The American Red Cross has been workin.docxShainaBoling829
 
Yet society has in every possible way created the impression that on.docx
Yet society has in every possible way created the impression that on.docxYet society has in every possible way created the impression that on.docx
Yet society has in every possible way created the impression that on.docxShainaBoling829
 
xxxxx comment 1xxxxx, I believe America only sees leftright, li.docx
xxxxx comment 1xxxxx, I believe America only sees leftright, li.docxxxxxx comment 1xxxxx, I believe America only sees leftright, li.docx
xxxxx comment 1xxxxx, I believe America only sees leftright, li.docxShainaBoling829
 
WWTC Active Directory DesignWWTC office at New York is largely a.docx
WWTC Active Directory DesignWWTC office at New York is largely a.docxWWTC Active Directory DesignWWTC office at New York is largely a.docx
WWTC Active Directory DesignWWTC office at New York is largely a.docxShainaBoling829
 
Wrongful Convictions and the Utilization of Eyewitness Accounts Wr.docx
Wrongful Convictions and the Utilization of Eyewitness Accounts Wr.docxWrongful Convictions and the Utilization of Eyewitness Accounts Wr.docx
Wrongful Convictions and the Utilization of Eyewitness Accounts Wr.docxShainaBoling829
 
Written Report on Documentary Enron The Smartest Guys in the Roo.docx
Written Report on Documentary Enron The Smartest Guys in the Roo.docxWritten Report on Documentary Enron The Smartest Guys in the Roo.docx
Written Report on Documentary Enron The Smartest Guys in the Roo.docxShainaBoling829
 
Written assignment,. please follow instruction..Legislative Prof.docx
Written assignment,. please follow instruction..Legislative Prof.docxWritten assignment,. please follow instruction..Legislative Prof.docx
Written assignment,. please follow instruction..Legislative Prof.docxShainaBoling829
 
Written Assignment Choose a Part 121 air carrier(such as Am.docx
Written Assignment Choose a Part 121 air carrier(such as Am.docxWritten Assignment Choose a Part 121 air carrier(such as Am.docx
Written Assignment Choose a Part 121 air carrier(such as Am.docxShainaBoling829
 
WRITTEN ASSIGNMENT for Unit 11 is to write a eulogy, no longer than .docx
WRITTEN ASSIGNMENT for Unit 11 is to write a eulogy, no longer than .docxWRITTEN ASSIGNMENT for Unit 11 is to write a eulogy, no longer than .docx
WRITTEN ASSIGNMENT for Unit 11 is to write a eulogy, no longer than .docxShainaBoling829
 

More from ShainaBoling829 (20)

You are assisting Dr. Jones with a procedure that has been classifie.docx
You are assisting Dr. Jones with a procedure that has been classifie.docxYou are assisting Dr. Jones with a procedure that has been classifie.docx
You are assisting Dr. Jones with a procedure that has been classifie.docx
 
You are an intelligence analyst for the Federal Bureau of Investigat.docx
You are an intelligence analyst for the Federal Bureau of Investigat.docxYou are an intelligence analyst for the Federal Bureau of Investigat.docx
You are an intelligence analyst for the Federal Bureau of Investigat.docx
 
You are a Wichita Police Department detective working in the major c.docx
You are a Wichita Police Department detective working in the major c.docxYou are a Wichita Police Department detective working in the major c.docx
You are a Wichita Police Department detective working in the major c.docx
 
You are a primary care physician in a large group practice that uses.docx
You are a primary care physician in a large group practice that uses.docxYou are a primary care physician in a large group practice that uses.docx
You are a primary care physician in a large group practice that uses.docx
 
You are a police officer assigned to a task force that is investigat.docx
You are a police officer assigned to a task force that is investigat.docxYou are a police officer assigned to a task force that is investigat.docx
You are a police officer assigned to a task force that is investigat.docx
 
You are a patient at seeing a Plastic Surgeon for a consultation. Du.docx
You are a patient at seeing a Plastic Surgeon for a consultation. Du.docxYou are a patient at seeing a Plastic Surgeon for a consultation. Du.docx
You are a patient at seeing a Plastic Surgeon for a consultation. Du.docx
 
You are a new PR intern at Apple. Apple is donating 200 iPads to a l.docx
You are a new PR intern at Apple. Apple is donating 200 iPads to a l.docxYou are a new PR intern at Apple. Apple is donating 200 iPads to a l.docx
You are a new PR intern at Apple. Apple is donating 200 iPads to a l.docx
 
You are a leader of a European country. You want your country to get.docx
You are a leader of a European country. You want your country to get.docxYou are a leader of a European country. You want your country to get.docx
You are a leader of a European country. You want your country to get.docx
 
You are a community health educator and you have been tasked with de.docx
You are a community health educator and you have been tasked with de.docxYou are a community health educator and you have been tasked with de.docx
You are a community health educator and you have been tasked with de.docx
 
You and your team have completed your fieldwork and have a handful o.docx
You and your team have completed your fieldwork and have a handful o.docxYou and your team have completed your fieldwork and have a handful o.docx
You and your team have completed your fieldwork and have a handful o.docx
 
xxxx, great post. I agree that as technology has grown so has the .docx
xxxx, great post. I agree that as technology has grown so has the .docxxxxx, great post. I agree that as technology has grown so has the .docx
xxxx, great post. I agree that as technology has grown so has the .docx
 
Yes Richard I agree with you. The American Red Cross has been workin.docx
Yes Richard I agree with you. The American Red Cross has been workin.docxYes Richard I agree with you. The American Red Cross has been workin.docx
Yes Richard I agree with you. The American Red Cross has been workin.docx
 
Yet society has in every possible way created the impression that on.docx
Yet society has in every possible way created the impression that on.docxYet society has in every possible way created the impression that on.docx
Yet society has in every possible way created the impression that on.docx
 
xxxxx comment 1xxxxx, I believe America only sees leftright, li.docx
xxxxx comment 1xxxxx, I believe America only sees leftright, li.docxxxxxx comment 1xxxxx, I believe America only sees leftright, li.docx
xxxxx comment 1xxxxx, I believe America only sees leftright, li.docx
 
WWTC Active Directory DesignWWTC office at New York is largely a.docx
WWTC Active Directory DesignWWTC office at New York is largely a.docxWWTC Active Directory DesignWWTC office at New York is largely a.docx
WWTC Active Directory DesignWWTC office at New York is largely a.docx
 
Wrongful Convictions and the Utilization of Eyewitness Accounts Wr.docx
Wrongful Convictions and the Utilization of Eyewitness Accounts Wr.docxWrongful Convictions and the Utilization of Eyewitness Accounts Wr.docx
Wrongful Convictions and the Utilization of Eyewitness Accounts Wr.docx
 
Written Report on Documentary Enron The Smartest Guys in the Roo.docx
Written Report on Documentary Enron The Smartest Guys in the Roo.docxWritten Report on Documentary Enron The Smartest Guys in the Roo.docx
Written Report on Documentary Enron The Smartest Guys in the Roo.docx
 
Written assignment,. please follow instruction..Legislative Prof.docx
Written assignment,. please follow instruction..Legislative Prof.docxWritten assignment,. please follow instruction..Legislative Prof.docx
Written assignment,. please follow instruction..Legislative Prof.docx
 
Written Assignment Choose a Part 121 air carrier(such as Am.docx
Written Assignment Choose a Part 121 air carrier(such as Am.docxWritten Assignment Choose a Part 121 air carrier(such as Am.docx
Written Assignment Choose a Part 121 air carrier(such as Am.docx
 
WRITTEN ASSIGNMENT for Unit 11 is to write a eulogy, no longer than .docx
WRITTEN ASSIGNMENT for Unit 11 is to write a eulogy, no longer than .docxWRITTEN ASSIGNMENT for Unit 11 is to write a eulogy, no longer than .docx
WRITTEN ASSIGNMENT for Unit 11 is to write a eulogy, no longer than .docx
 

Recently uploaded

Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 

Recently uploaded (20)

Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 

For your final step, you will synthesize the previous steps and la

  • 1. For your final step, you will synthesize the previous steps and labs to summarize the major findings from this project. Specifically, you will prepare a technical report that summarizes your findings including: 1. Provide a table of common ports for protocols we studied. Discuss how security devices can be used to within a larger network to control subnets and devices within those subnets. 2. Discuss network diagnostic tools you used in this lab. Summarize their functionality and describe specificall y how you used each tool. Discuss the results you used to assist in both the discovery phase and protocol analysis of the sites you analyzed. What tools impressed you the most and would be most useful for an analyst to employ in the daily activities? What other functionality do you think would be useful to cyber operations analysts? 3. Research and discuss the ethical use of these tools. For example, if you discover a serious vulnerability, what you should you do? What communications should you have with site owners prior to conducting vulnerability scans? The report should include a title page, table of contents, list of tables and figures (as applicable), content organized into sections. Be sure to properly cite your sources throughout, and include a list of references, formatted in accordance with APA style.
  • 2. Final Technical Report 31 January 2022 Llyjerylmye Amos COP 620 Project 1 Final Technical Report Well-known ports range from 0 to 1023, and are assigned by Internet Assigned Numbers Authority (IANA) base on the default services that are associated with the assigned ports. Administrators may obfuscate services that are running on well-known ports by
  • 3. configuring services to be utilized on unused ephemeral ports. However, the default configuration of well- known ports allow tech savvy personnel and software vendors to speak a common language when configuring networking devices, information systems (IS)s and or software applications. Within this lesson, 22-SSH, 23- Telnet, 25-SMTP, 53-DNS, 80- HTTP, 110-POP3 and 443-HTTPS were the common ports and protocols that were reviewed, table 1. Port Protocol 22 SSH 23 Telnet 25 SMTP 53 DNS 80 HTTP 110 POP3 443 HTTPS Table 1. Common ports studies. Firewalls are the most common network security devices installed on information systems (IS). According to Cisco (n.d.), “a firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules”. Security rules may be applied to specific ISs, host-based firewalls, or to the entire network, network-based firewalls to scan emails, hard drives for malware or to allow traffic on certain sections of the subnet. Firewalls are also categorized into specific type such as, proxy firewalls, stateful inspection firewalls, unified threat management firewalls, next-generation firewalls (NGFW), threat-focused
  • 4. NGFWs and virtual firewalls to increase granularity on modern threats. Network diagnostic tools “allows users to monitor network traffic for various [Network Interface Card] NICs” (Microsoft, n.d.). Administrators can check IS status, services running, port connectivity and troubleshoot networking issues. Threat actors can use these devices as well to compromise systems for malicious intent. Within this lab, a few common network diagnostic tools used were Ping, Nslookup/Dig, Ipconfig/Ifconfig, Traceroute, Nmap, Wireshark and Legion. Knowing how to use network diagnostic tool and being aware of what is going on within an IS may increase security awareness and prevent system compromise. Ping may be one of the most widely used network diagnostic tools. It is an active network discovery protocol that send ICMP packets to host (s) on a network and waits for a response to determine if host (s) are available. It also measures the latency by timing the round trip time to see if data is transmitted in a timely manner. During the process, it performs domain name translation by converting domain names into IPs, and or IPs into domain names. It is integrated into most active network discovery tools, and can be simply used in a command line interface (CLI) by using the command “ping x.x.x.x” (x which stand for host IP address). In the Wireshark lab, “ping -c 4 3.91.242.220” was used against UMGC-COP- 620-Target to discover that it was an active host. Nslookup and Dig are network diagnostic tools that query domain name systems (DNS) and translate IP addresses into domain names, and vice versa. Nslookup is
  • 5. supported on Window’s systems while Dig is typically on Linux systems. Dig also have the functionality to query for DNS record types such as A, AAAA and MX. In this lab, Dig was use to locate the A record for Walmart.com, which revealed an IP address of 161.170.232.170. Ipconfig/ifconfig are network diagnostic commands that allow users to view information about network interfaces and to configure them. Information such as IPv4/IPv6 address, default gateway, MAC address, subnet, DNS, DHCP, etc., can be viewed to assist with network diagnostics. Most popular operating systems (OS) offer this functionality, however the commands may differ between systems. Windows is most notably known for using ipconfig, while Linux OS operates on ifconfig in the CLI. Traceroute/tracert benefit administrators by providing feedback on network connectivity. It follows the path data is sent to its destination by sending ICMP packets, which are timed and incremented as data is traversed across each router, and calculates the returned echo to determine the network status of the device along the way. If the ICMP packet does not reach its destination, it usually indicates a network issue between the path after the last identified known good router and the next hop. It should be noted that not all incomplete traces constitutes a network issue, as administrators may configure devices to not respond to ICMP packets for security reasons. Traceroute was ran from UMGC-COP-620- Workstation to the umgc.edu web server. Traceroute indicated
  • 6. that 15 routers were traversed to successfully reach umgc.edu-13.32.201.27. Nmap or Zenmap, is a scanning device use to perform inventory and or reconnaissance on devices located on a network. It identifies IP addresses, port status, services in use, along with built- in/customizable scripts to automate functionality. It is an active network diagnostic tool that capitalizes off of using ICMP packets and by manipulating TCP flags when attempting a handshake with another device. The software can be executed specifically from the CLI using Nmap or, if preferred, from the graphical user interface (GUI) by using Zenmap. Nmap -p- 3.91.242.220 was used to perform a scan on all open ports on UMGC-COP-620-Target. It indicated that 8 ports were open and that 1 was filtered, as shown in table 2. Port State Service 21 Open FTP 22 Open SSH 23 Open Telnet 25 Filter SMTP 53 Open DNS 80 Open HTTP 443 Open HTTPS 3128 Open Squid HTTP 8080 Open HTTP Proxy Table 2. Port scan on 3.91.242.220 Wireshark is a packet analyzing utility that differs from the other network diagnostic tools mentioned previously, mainly because it is a passive scanning tool. ICMP
  • 7. packets are not used, instead the NIC is configured to allow data to be captured from a specify device or on an entire network when tapped into a switch. Wireshark is capable of capturing password exchanges during a three-way handshake when secure encryption protocols are not in use. Other network data can be viewed also by administrators to study the traffic on the network and to analyze the data that is passed within it. While reviewing a PCAP, with the FTP filter applied, Wireshark captured the username, anonymous, and password, anonymous from a three-way handshake between 192.168.202.128 and 192.168.202.131. Legion is a “semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems” (Ranjith, 2019). It is an all in one tool that integrates the functionality of Nmap, password crackers and vulnerability scanners. It also displays Common Vulnerabilities and Exposures (CVE)s and Common Platform Enumeration (CPE)s, which aids with associating captured vulnerabilities to the National Vulnerability Database (NVD) managed by National Institute of Standards and Technology (NIST). In the Wireshark lab, Legion revealed several open ports, their services, cracked a SSH password and displayed the CVEs associated with the vulnerability. Wireshark was an invaluable tool that captured behind the scene data that was transferred between the host and client of two sites. Unfortunately it was not able to
  • 8. display the plane text data from http://stealmylogin.com nor https://umgc.edu because Transport Layer Security (TLS) was being used. However, it was able to capture the sequence number from the three way handshake, source/destination IP, source/destination port and other helpful data from the packet capture. Within this lab, Legion impressed me the most because of its easy to use, network diagnostics and inclusive penetration testing capabilities. It reduces burdens and time that would be used to switch between multiple scanning tools to diagnose network issues. It also take it a step further by incorporating password cracking and vulnerabilities assessment utilities. If the active approach was too noisy or bandwidth intense, and a stealthier method was needed, Wireshark would be a great network administration tool to monitor data flowing across the network. It is passive by nature, allow administrators to see detailed packet information, and can be ran with minimum interference on network traffic. Both tools could be used daily by administrators to increase the network’s security posture, however Legion may be required to run during hours of less network traffic. Cyber operation analyst are at the forefront of protecting the nation’s critical infrastructures and data systems from cyber-attacks, however they require accurate information about the threat and diverse functionality in network diagnostic tools. In addition to the tools used in the lab, a cyber operation analyst would benefit greatly from using a network intrusion device. An intrusion detection system (IDS) monitors the network for unusual or anomalous activity and
  • 9. notifies the system administrator if erratic or suspicious behavior is taking place. Intrusion prevention systems (IPS)s are capable of completing the same tasks but may be configured to respond to the threat. Network diagnostic tools can identify a wealth of information within a network but may cause some adverse effects within it as well. Network bandwidth may be degraded, causing high priority data to be delayed or even corrupted during the process. Prior to conducting a vulnerability scan, administrators should project the schedule timelines and identify the network to scan for leadership’s approval. This will keep everyone informed of the process and deconflict with network traffic consumption during high bandwidth usage hours. References Cisco. (n.d.). What Is a Firewall? Cisco. https://www.cisco.com/c/en/us/products/security/firewalls/what- is-a-firewall.html Microsoft. (n.d.) Network Diagnostic Tool. Microsoft. https://www.microsoft.com/en-us/p/network- diagnostic-tool/9mwptk5qhvxm#activetab=pivot:overviewtab Ranjith. (2019, March 10). Legion: An Open Source, Easy-To- Use, Super-extensible & Semi-Automated Network Penetration Testing Tool. Kalitutorials. https://kalilinuxtutorials.com/legion-penetration-