Friday, December 25, 2009
question 2 contd..
Posted by Roshan at 4:07 AM 0 comments Thursday, December 24, 2009
Question 3
Question 3
Computer viruses:
Computer viruses are the malicious code that are inserted into our computer unknowingly and plays with our system. these viruses are not created automatically, people create themselves and makes the copy and distribute themselves breaking the security system.
How viruses are spread in the computer network?
1. sharing the flpooy disks, USB, CD/DVD
2. downloading the spam files
3. email attachement
4. computer hacker spread viruses in network
What damages can do they in computer network?
1. destroy the important files and data in computer
2. destroy the security breaches
3. destroy the chips in motherboard and corrupt it.
What are the vulneralibities that are likely to be happen?
Microsoft windows are the vulnerabilities that are likely to be hhappen.
Protection from computer viruses:
1. check the security updates
2. giving adequate training to the staffs
3. up date anti-viruses software in every pcs
4. do not use the corrupted and pirated software only use licensed software
5. update security policy and frequent meeting with staff
References:
damage do computer viruses do (n.d.) retrived on 25/12/09: retrived from
www.faqs.org/qa/qa-20163.html
sometimes copy the important information
Posted by Roshan at 9:58 PM 0 comments Question 4
open your security setting and activate all the security setting.
go to site www.eicar.org/anti_virus_test_file.htm
download the eicar_com.zip file.
save it in your desktop.
Thursday, August 5, 2010
Tuesday, February 9, 2010
Question 2 contd...
Complete Case 11.1
The latest Blackberry mobile phone that includes hash features and functions enables or supports the secure hashing algorithm using the MD5 hash acceleration. It has the function that hashes message authentication code for providing more data security and integrity with FIPS 198 compliance.
The another example is spreading of the mail attachement viruses such as "I LOVE YOU" that comes in .VBS script files so how we can change the script in the way we execute. So by obtaining the certificate having private key and by deleting the signature from script we need to hash the script. Then after encrypt the hash with private key and sign it and later convert it into the script. If we need it to verify then extract all the hash from script and sign the certificate by the trusted root. Then after decrypt hash with public key and compare it with the received hash script.
References:
Windows Script Host: New Code-Signing Features Protect Against Malicious Scripts (n.d.) retrieved on 10/02/2010; retrieved from http://msdn.microsoft.com/en-us/magazine/cc302149.aspx
Certicom (n.d.). Certicom Suite B Hashing IP Hardware Core Features retrieved on 10/02/2010; retrieved from http://www.certicom.com/index.php/certicom-suite-b-hash-ip-core
C.Mark(2009)Uses for Hashes; retrieved on 10/02/2010; retrieved from Network Security Fundamentals
Thursday, January 28, 2010
Question 4
Procedure for using the NESSUS VULNERABILITY SCANNER
STEP 1
The URL http://nessus.org/download/ was opened and the latest version of nessus was downloaded. (Textbook, Network Security, pg.328)
STEP 3
STEP 1
The URL http://nessus.org/download/ was opened and the latest version of nessus was downloaded. (Textbook, Network Security, pg.328)STEP 3
The required fields were filled in order to get the activation code for home use. Then the software was installed on the PC using the default settings. (Textbook, Network Security, pg.328)
Once the installation was completed, nessus server manager was launched and the default settings were configured and save and the program was terminated. (Textbook, Network Security, pg.328)
STEP 6
Then nessus client was launched.
On the main window, the connect button at the bottom of the window was clicked and local host was selected from the list of available nessus servers. Since this was the first time connection, a confirmation dialog appeared, Yes button was clicked to accept the certificate and proceed with login process. (Textbook, Network Security, pg.328)
After successful login to the localhost, the IP range to be scanned was entered by clicking on the plus(+) sign at the left bottom part of the window and save button was clicked. Then the default policy was selected for the scan and the changes were saved. Finally the scan button at the right bottom side of the window. (Textbook, Network Security, pg.328)
The scan process begins.
STEP 17
Since the scan was performed on a stand alone PC, the report is blank. Had it been connected to a network, the report would have shown the reports with desktop audits, servers and database with FDCC, PCI, CIS and other services.
References:
Tenable Network Security (n.d.). Download Nessus 4.2.0; retrieved on 10/02/2010; retrieved from http://www.nessus.org/download/
C.Mark(2009)Using the Nessus Vulnerability Scanner; retrieved on 10/02/2010; retrieved from Network Security Fundamentals
Question 3
Procedures for Spoof a MAC Address using SMAC
Snapshot (STEP 1)
After opening the URL www.klcconsulting.net/smac we got the home page of SMAC.
Snapshot (STEP 7)
After launched the SMAC we got the following dialog box of SMAC.
Fig: SMAC dialog box after launching the SMAC
This dialog box shows the network interface card adapters that has been seen. For changing the MAC address we had to choose network adapter and we need to give MAC address in New Spoofed MAC address. (Textbook, Network Security, pg.222)
Snapshot (STEP 9)
After giving the new MAC address we need to record this MAC address under Active MAC option.
Fig: dialog box showing recording the MAC address under Active MAC
If we need to build a new MAC address, we had to click on Random button and then after give the new MAC address and the Update MAC button will be activated which allows us to add the newly created MAC address. (Textbook, Network Security, pg.223)
Snapshot (STEP 11)
After updating the newly created MAC address click OK to complete Adapter Restart.
Fig: Snapshot showing Updating new MAC address.
After updating the new MAC address, we had to restart the computer.
Snapshot (STEP 13)
After we restart the computer we need to check whether the MAC adress has been changed or not. So for that we need to open the command prompt.
Fig: Snapshot showing opening the command prompt.
To check the MAC address we need to type ipconfig/showall.
Snapshot (STEP 14)
After typing ipconfig/showall, it shows IP address, MAC address , and many
The MAC address it shows is the current newly added MAC address which can be seen in the snapshot. (Textbook, Network Security, pg.223)
Fig: Snapshot showing the newly added MAC address.
This MAC address showing in the command prompt is not the original MAC address and if we need to view the roiginal MAc address, we need to go back and launch the SMAC again and select the Remove MAC option. After that we need to restart the computer again and open the command prompt and type the ipconfig/showall.
It will show the original MAC address of the computer.
So this project shows that we can change the MAC address i.e. we can configure the fake or proxy MAC address.
References:
KLC consulting, Inc. Information Security(n.d.) SMAC 2.0 MAC address changer; retrieved on 10/02/2010; retrieved from http://www.klcconsulting.net/smac/
C.Mark(2009)Spoof a MAC address using SMAC; retrieved on 10/02/2010; retrieved from Network Security Fundamentals
Snapshot (STEP 1)
After opening the URL www.klcconsulting.net/smac we got the home page of SMAC.
Fig: home page of www.klcconsulting.net/smac
After getting the home page of www.klcconsulting.net/smac, we had downloaded the SMAC 2.0 using the default installation process by agreeging the licence agreement. Then after we had launched the SMAC that appears in menu bar and selected the proceed option. (Textbook, Network Security, pg.222)
Snapshot (STEP 7)
After launched the SMAC we got the following dialog box of SMAC.
Fig: SMAC dialog box after launching the SMAC
This dialog box shows the network interface card adapters that has been seen. For changing the MAC address we had to choose network adapter and we need to give MAC address in New Spoofed MAC address. (Textbook, Network Security, pg.222)
Snapshot (STEP 9)
After giving the new MAC address we need to record this MAC address under Active MAC option.
Fig: dialog box showing recording the MAC address under Active MAC
If we need to build a new MAC address, we had to click on Random button and then after give the new MAC address and the Update MAC button will be activated which allows us to add the newly created MAC address. (Textbook, Network Security, pg.223)
Snapshot (STEP 11)
After updating the newly created MAC address click OK to complete Adapter Restart.
Fig: Snapshot showing Updating new MAC address.
After updating the new MAC address, we had to restart the computer.
Snapshot (STEP 13)
After we restart the computer we need to check whether the MAC adress has been changed or not. So for that we need to open the command prompt.
Fig: Snapshot showing opening the command prompt.
To check the MAC address we need to type ipconfig/showall.
Snapshot (STEP 14)
After typing ipconfig/showall, it shows IP address, MAC address , and many
The MAC address it shows is the current newly added MAC address which can be seen in the snapshot. (Textbook, Network Security, pg.223)
Fig: Snapshot showing the newly added MAC address.
This MAC address showing in the command prompt is not the original MAC address and if we need to view the roiginal MAc address, we need to go back and launch the SMAC again and select the Remove MAC option. After that we need to restart the computer again and open the command prompt and type the ipconfig/showall.
It will show the original MAC address of the computer.
So this project shows that we can change the MAC address i.e. we can configure the fake or proxy MAC address.
References:
KLC consulting, Inc. Information Security(n.d.) SMAC 2.0 MAC address changer; retrieved on 10/02/2010; retrieved from http://www.klcconsulting.net/smac/
C.Mark(2009)Spoof a MAC address using SMAC; retrieved on 10/02/2010; retrieved from Network Security Fundamentals
Question 2
Procedure for installing HASH GENERATOR and comparing HASHES
STEP 1
STEP 5
A new word file was created and a line, Now it's time for all good men tom come to aid of their country" was entered. (Textbook, Network Security, pg 394)
STEP 6
STEP 9
.JPG)
STEP 10
STEP 11
STEP 12
The document was then saved as Country2.docx in the same folder. (Textbook, Network Security, pg 395)
STEP 13
Kornblum. J , md5deep and hashdeep (Updated 2010). download md5deep and hashdeep; retrieved on 10/02/2010; retrieved from http://md5deep.sourceforge.net/
MD5(wikipedia), (2010)retrieved on 10/02/2010; retrieved from http://en.wikipedia.org/wiki/MD5
C.Mark(2009)Installing Hash Generators and Comparing Hashes; retrieved on 10/02/2010; retrieved from Network Security Fundamentals
STEP 1
First of all http://md5deep.sourceforge.net/ was opened and the latest version of md5deep was downloaded, which was a zipped folder. The zip folder was extracted on the H:\. (Textbook, Network Security, pg 394)
STEP 5
A new word file was created and a line, Now it's time for all good men tom come to aid of their country" was entered. (Textbook, Network Security, pg 394)
STEP 6
The word document was saved in the same folder where md5deep.exe file was located with the filename Country.docx (Textbook, Network Security, pg. 394)
STEP 9
.JPG)
The hash length of the file Country1.docx was calculated using md5deep from cmd. The hash length appeared to be 32 digit hexadecimal number. (Textbook, Network Security, pg. 394)
STEP 10
Again from cmd, the md5deep was used to generate the hash of the file md5deep.txt. The hash was completely different from the one generated for Country1.docx but of same length. (Textbook, Network Security, pg. 394)
STEP 11
The word document Country1.docx was re-opened and the period (.) at the end of the sentence was removed so that the sentence would say "Now it's time for all good men to come to aid of their country". (Textbook, Network Security, pg. 394)
STEP 12
The document was then saved as Country2.docx in the same folder. (Textbook, Network Security, pg 395)
STEP 13
Again md5deep was used to generate the hash of the Country2.docx. Although the two documents differ from each other by just a period (.), the hash generated were completely different although the length is same.
STEP 14
Observing the hashes created by the various hash generators, we can say:
STEP 14
Observing the hashes created by the various hash generators, we can say:
- The hash length generated by same hash generator is same.
- The one generated by different generators varies.
- The hash length generated by md5deep is shortest of all three hashes while the one created by whirlpooldeep is the longest of all.
- The hash length created by sha1deep is bit longer than that created by md5deep but shorter than the one created by sha256deep.
- Even a slight change in the message results in a completely different hash which is the result of avalanche effect*
Kornblum. J , md5deep and hashdeep (Updated 2010). download md5deep and hashdeep; retrieved on 10/02/2010; retrieved from http://md5deep.sourceforge.net/
MD5(wikipedia), (2010)retrieved on 10/02/2010; retrieved from http://en.wikipedia.org/wiki/MD5
C.Mark(2009)Installing Hash Generators and Comparing Hashes; retrieved on 10/02/2010; retrieved from Network Security Fundamentals
Question 1
Using the WIRESHARK PROTOCOL ANALYSER
Snapshot 1 (Step 1)
Fig: Snapshot showing the homepage of the web site www.wireshark.org.
Snapshot 2 (Step 6)
Fig: The main window of wireshark after launching the program.
Snapshot 3 (STEP 7)
Fig: wireshark capturing the packets( background), cmd window (foreground)
Snapshot 4 (STEP 8)
Fig: Snapshot showing the page https://www.bluehost.com/cgi-bin/uftp
The page https://www.bluehost.com/cgi-bin/uftp was opened
Snapshot 5 (STEP 9)
Fig:Snapshot of the page https://www.bluehost.com/cgi-bin/uftp
Snapshot (STEP 14)
Fig: Snapshot showing the error message in wireshark.
References:
Wireshark developer and User Conference (June 14-17 2010). Download Wireshark; retrieved on 10/02/10; retrieved from http://www.wireshark.org/
Bluehost (n.d.). Unlimited FTP account login; retrieved on 10/02/2010; retrieved from https://www.bluehost.com/cgi-bin/uftp
C.Mark(2009)Using the wiresharkProtocol Analyzer; retrieved on 10/02/2010; retrieved from Network Security Fundamentals
Snapshot 1 (Step 1)
Fig: Snapshot showing the homepage of the web site www.wireshark.org.The home page of wireshark, www.wireshark.org, was opened using google chrome browser. Once the page was loaded, wireshark 1.2.6 (windows installer 32 bit) was downloaded. On the completion of the download, the software was installed in the PC using the default settings. After the completion of the installation, the program was launched. (Textbook, Network Security, pg. 148)
Snapshot 2 (Step 6)
Fig: The main window of wireshark after launching the program.
After the program was launched, from the main menu, capture was clicked and interfaces was selected from the drop down menu. Since the computer was connected to the network using the wireless connection, the start button next to wireless interface, in the pop up window. As soon as the start button was clicked, wireshark started to capture the packets. (Textbook, Network Security, pg.149)
Snapshot 3 (STEP 7)
Fig: wireshark capturing the packets( background), cmd window (foreground)
After wireshark started to capture the packets, cmd was launched and ftp server1 was typed. After few seconds, cmd displayed a message "Unknown server host". This process was also captured by wireshark. (Textbook, Network Security, pg.149)
Snapshot 4 (STEP 8)
Fig: Snapshot showing the page https://www.bluehost.com/cgi-bin/uftp
The page https://www.bluehost.com/cgi-bin/uftp was opened
Snapshot 5 (STEP 9)
Fig:Snapshot of the page https://www.bluehost.com/cgi-bin/uftp
After the page was loaded, Domain name: Gerald and Password: happy was entered. Since the credential provided was not correct, the login process was failed. All these events should be captured by wireshark including the username and password. (Textbook, Network Security, pg.149)
Snapshot (STEP 14)
Fig: Snapshot showing the error message in wireshark.
After returning back to wire shark, find tool was used to find the word gerald as string value. But a error message appeared saying "no packet contained that string in the data". When the page https://www.bluehost.com/cgi-bin/uftp was examined, it was seen that the webpage was a secure page, which encrypts the credentials, thus preventing them from being captured by wireshark. It shows that the encryption is useful method to prevent the users data from being accessed by the attackers.
References:
Wireshark developer and User Conference (June 14-17 2010). Download Wireshark; retrieved on 10/02/10; retrieved from http://www.wireshark.org/
Bluehost (n.d.). Unlimited FTP account login; retrieved on 10/02/2010; retrieved from https://www.bluehost.com/cgi-bin/uftp
C.Mark(2009)Using the wiresharkProtocol Analyzer; retrieved on 10/02/2010; retrieved from Network Security Fundamentals
Subscribe to:
Comments (Atom)