Itt Nt2580 Lab #5

In: Computers and Technology

Submitted By digimaus
Words 552
Pages 3
Lab #5

1. What is the purpose of the address resolution protocol (ARP)?
ARP is a protocol used for resolution of IP addresses into MAC addresses and vice versa.

2. What is the purpose of the dynamic host control protocol (DHCP)?
DHCP is used on an IP network to assign IP addresses to computers on the network. This is done without any human intervention. The computer requesting a DHCP-assigned address is given one by the network’s DHCP server within a range of assigned IP addresses which are tracked by the DHCP server. A DHCP-assigned address is normally assigned to a computer for a set lease time and after that lease expires, the computer must renew the IP address or request a new one.

3. What was the DHCP allocated source IP host address for the Student VM and the Target VM?

4. When you pinged the targeted IP host, what was the source IP address and destination IP address of the ICMP echo-request packet?
Source: (my external IP)
Destination: (

5. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet? If yes, how many ICMP echo-reply packets were sent back to the IP source?
Yes, the target did respond with ICMP echo reply packets. My computer sent four request packets and the destination server sent four reply packets back.

6. Find a TCP 3-way handshake for a TELNET, FTP, or SSH session. What is the significance of the TCP 3-way handshake?
The TCP 3-way handshake is needed to establish a reliable connection as opposed to an unreliable connection such as UDP. The handshake allows the server and client to agree on parameters that provide for security as well as reliability.

7. What was the SEQ# of the initial SYN TCP packet and the ACK# of the SYN ACK TCP packet?

Initial SEQ# is 30 and ACK# is 31.

8. What is…...

Similar Documents

Itt 255 Lab 6

...Lab 6 – Assessment Worksheet: 1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Ans: Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations .Risk analysis doesn’t view the organization from the mission critical Business Process point of view. More over BIA perceives the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered 2. What is the difference between a Disaster Recovery Plan and a Business Continuity Plan? Ans: Disaster recovery is the older of the 2 functions. DR planning is an essential part of business planning that – too often – gets neglected. Part of this has to do with the fact that making a Disaster Recovery plan requires a lot of time and attention from busy managers and executives from every functional department within the company. Business continuity is a newer term which was first popularized as a response to the Y2K bug. In order to stop your company from bleeding money in these situations, you need a plan that will allow the organization to continue generating revenue and providing services – although possibly with lower quality – on a temporary basis until the company has regained its bearings. 3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents......

Words: 835 - Pages: 4

Itt Nt2580 Unit 5

...Unit 5 Assignment 1: Testing and Monitoring Security Controls Learning Objectives and Outcomes * You will learn to recognize security events and baseline anomalies that might indicate suspicious activity. * You will learn to identify policy violations and security breaches and to appropriately monitor threats and control activity across the network. Assignment Requirements Refer to the handout Testing and Monitoring Security Controls. It contains information on security events or breaches and baseline anomalies. After studying the handout, answer the following questions: * Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. * Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling and monitoring each incident. Identify the methods to mitigate risk and minimize exposure to threats or vulnerabilities. Required Resources Worksheet: Testing and Monitoring Security Controls (attached) Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Length: 1–2 pages * Due By: Unit 6 Self-Assessment Checklist * I have identified at least two security events and baseline anomalies. * I have indicated the best options for controlling and monitoring three of the policy violations and security breaches from the list. * I have identified the methods to mitigate risk and to...

Words: 1036 - Pages: 5

Nt2580 Lab 8

...1. To make sure no one can penetrate your web application before you put it in a live situation. 2. computer security vulnerability typically found in web applications that enables attacks to inject client side script into web pages viewed by others 3. A reflective attack involves the web application dynamically generating a response using non-sanitized data from the client scripts 4. methods, including character scrambling and masking, numeric variance and nulling, rely on an array of built-in SQL Server system functions that are used for string manipulation. 5. to enter the database with administrator rights, best way to avoid this using Java on the website. 6. Well-coordinated and regularly audited security checks are the best way forward. 7. Large numbers of binary planting vulnerabilities known as “dll spoofing” or “dll preloading attacks” have been discovered in third party applications running on Microsoft windows platforms. 8. SQL Inject Me allows you to test for SQL injection vulnerabilities that hackers can use to hijack your data and modify the contents of a database. Some of these vulnerabilities will even allow an attacker to execute administrative operations on the database, which is disastrous. 9. The primary components that make up your network infrastructure are routers, firewalls, and switches. They act as the gatekeepers guarding your servers and applications from attacks and intrusions. 10. The C-I-A pf production web application and web servers......

Words: 252 - Pages: 2

Nt2580 Lab 2

...NT 2580 Week 2 Lab 2 1. What is the application ZenMap GUI typically used for? Describe a scenario in which you would use this type of application. It’s used for port scanning. It can be used to see what hosts are on the network and to see what services they are running. 2. What is the relationship between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? Threats and vulnerabilities lead risks, if you don’t have then then you don’t have any risk of anyone getting into your network 3. Which application is used for Step #2 in the hacking process to perform a vulnerability assessment scan? That would be Nessus is the application used. 4. Before you conduct an ethical hacking process or penetration test on a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? You must get written permission 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? A CVE (Common Vulnerabilities and Exposures) are known vulnerabilities and also show you how to patch them. They are from the Mitre Corporation but are under contract for Homeland Security and NCSD. 6. Can ZenMap GUI detect what operating systems are present on IP servers and workstations? What would that option look like in the command line if running a scan on Yes it can detect what OS are being used. The command would be...

Words: 405 - Pages: 2

Itt 255 Lab 6

...ITT Technical Institute NT2580 Introduction to Information Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 56 (34 Theory Hours, 22 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: NT1330 Client-Server Networking II or equivalent, NT1430 Linux Networking or equivalent Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definitions of terms, concepts, elements and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Security Syllabus Where Does This Course Belong? This course is required for the associate degree program in Network Systems Administration (NSA). The following diagram demonstrates how this course fits in the program: NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420 Introduction to Programming NT1110 Computer Structure and Logic NT1210 Introduction to Networking NT1310 Physical Networking CO2520 Communications SP2750 Group Theories EN1420 Composition II EN1320 Composition I GS1140 Problem Solving......

Words: 3887 - Pages: 16

Nt2580 Lab 1

...Lab #1 – Assessment Worksheet Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Course Name & Number: Overview Hackers traditionally follow a 5-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying your target and learning as much as possible about the target. Hackers traditionally perform an initial reconnaissance & probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, students will plan an attack on where the VM server farm resides. Using ZenMap GUI, students will then perform a “Ping Scan” or “Quick Scan” on the targeted IP subnetwork. Lab #1 Assessment Questions & Answers 1. Name at least five applications and tools pre-loaded on the Windows 2003 Server Target VM (VM Name: “WindowsTarget01”) and identify whether that application starts as a service on the system or must be run manually? Windows Applications Loaded Starts as Service Y/N 1. Splunk Y 2. Putty N 3. Nessus® Y 4. tftpd32 Y 5. Filezilla FTP Y 6. There are others… Y/N 2. What was the DHCP allocated source IP host address for the Student VM, DHCP Server, and IP default gateway router? At the DOS Command Prompt, type “ipconfig” to display the IP address of your Student VM workstation. After you “ping” other devices, you can display the ARP cache in your Student VM workstation by typing “arp –a” to obtain the answer to this......

Words: 825 - Pages: 4

Itt Lab 6 Nt2580

...Lab #6 – Business Recovery Strategy Assessment Spreadsheet e-Commerce/e-Business Organization List of Key Business Functions & Processes - E-commerce processes – primary revenue source for the organization -E-mail based communications – internal for business communications and external for customer service -Telephone call center and on-line customer services – enhanced e-customer service delivery with call center and self-service customer website -Manufacturing and production line – just in time inventory and distribution of products -Production processes – just in time manufacturing and integrated supply chain -Quality control mechanisms – maximize product quality -Maintenance and support services – keep production lines open -Sales and sales administration – inside sales, online sales, sales support, resellers and distributors, etc. -Finance and accounting – G/L, A/R, A/P, Payroll, Benefits -Research and development activities – product development -Human resources management – employee services -Information technology services & Internet connectivity – supports e-commerce and e-business infrastructure -Premises (Head Office and branches) – headquarters facility and administration office -Marketing and public relations – internet marketing and branding Lab #6 – Business Recovery Strategy Assessment Spreadsheet e-Commerce/e-Business Organization List of Impacted IT Systems, Applications, & Data Business......

Words: 938 - Pages: 4

Itt Week 1 Lab

...Charles M. Krout June 17, 2014 Week 1 Lab: Clear-Text Data in Packet Trace Learning Objectives and Outcomes * You will learn how to identify clear-text data in a packet trace. * You will become familiar with the NetWitness Investigator interface. Assignment Requirements You need a computer and Internet access to complete this assignment. You are newly hired as a technology associate in the information systems department at Corporation Techs in Dallas, Texas. Corporation Techs is an IT services organization supporting a number of clients in the Dallas/Fort Worth area. It’s a Wednesday, a dull day where you have nothing much exciting to do. Suddenly, you get a call from your manager. He appreciates the work you have been doing so far and thinks that you have the ability to take on more challenging work. To complete challenging tasks, you need to become familiar with the tools of the trade. So, you need to learn about a new packet analyzer called NetWitness Inspector. First, you must download and install the NetWitness Investigator software, and then open a demo trace file and find a clear-text password. You must also explore the tools on the toolbar in NetWitness Investigator to understand the options available. Perform the following steps: 1. Download and install the free version of NetWitness Investigator from the NetWitness Corporation Web site: 2. Register and activate the......

Words: 366 - Pages: 2

Nt2580 Lab 1

...Alison Young NT2580 Lab 1 – Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) 1. Name five applications and tools that launch on TargetWindows01. Windows Application Loaded | Starts as service Y/N | 1. FileZilla Server | Y | 2. Nessus Client | N | 3. Nessus Server Manager | N | 4. Wireshark | N | 5. Tftpd32_SE Admin | N | 2. What was the allocated source IP host address for TargetWindows01 server, TargetUbuntu01 server, and the IP default gateway router? IP for TargetWindows01 is, TargetUbuntu01 is _, and the 3. Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? Unable to as there isn’t a workstation VM that is required for this action. 4. If you ping the TargetWindows01 server and the UbuntuTarget01 server, which fields in the ICMP echo-request/echo-replies vary? Unable to as there isn’t a workstation VM that is required for this action. 5. What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet of Nmap –T4 –A –v 6. Name at least five different scans that may be performed from the Zenmap GUI. Document under what circumstances you would choose to run those particular scans. Five other kinds of scans are: ping scan which performs pings on target, quick...

Words: 438 - Pages: 2

Nt2580 Labs

...Lab 3: Enabling Windows Active Directory and User Access Controls Introduction Computer security is accomplished using many different systems, but the fundamental concepts are all rooted in the security triad known as CIA (Confidentiality, Integrity and Availability). Confidentiality is preventing the disclosure of secure information to unauthorized individuals or systems. Integrity is maintaining and assuring the accuracy of data over its life-cycle. For information to be useful it must be available when needed: thus the need for Availability. This means the data may need to be in highly redundant, highly protected storage areas with adapted power and cooling. Microsoft has developed their Active Directory Domain structure so that a central authority, the Domain Controller, is the central repository for all domain security records. It has several layers of authentication and authorization, including standard user/password, and several forms of two factor authentication. Two-factor authentication combines something you know (such as a password) with something you are (for instance, a fingerprint or retina scan) or something you possess (such as a smart card or USB stick). It can also employ a certificate system: either a selfsigned or third-party certificate system that adds a distinct third layer to the authentication process. The domain can be a stand-alone entity, or can join with other domains in a forest with offices in several cities or countries.......

Words: 4785 - Pages: 20

Lab 3 Nt2580

...Lab Assessment Questions & Answers 1. What are the three fundamental elements of an effective security program for information systems? Identification, Authentication, and Authorization 2. Of these three fundamental controls, which two are used by the Domain User Admin to create users and assign rights to resources? Authentication and Access control 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? List Folder Contents – Security Policy based control. 4. What is the mechanism on a Windows server where you can administer granular policies and permissions on a Windows network using role-based access? Group Policy Editor 5. What is two-factor authentication, and why is it an effective access control technique? Knowledge, Ownership and Characteristics 6. Relate how Windows Server 2012 Active Directory and the configuration of access controls achieve CIA for departmental LANs, departmental folders, and data. It creates security principals in the Active Directory domain partition 7. Is it a good practice to include the account or user name in the password? Why or why not? It is not a good idea since it would be too easy for people to attempt hacks or decode the password. 8. Can a user who is defined in Active Directory access a shared drive on a computer if the server with the shared drive is not part of the......

Words: 290 - Pages: 2

Nt2580 Lab 2 Assessment

...Lab #2 - Assessment Worksheet Performing a Vulnerability Assessment Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used Nmap commands within the Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also used OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you used the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings. Lab Assessment Questions & Answers 1. What is Zenmap typically used for? How is it related to Nmap? Describe a scenario in which you would use this type of application. Typically used for initial IP host discovery It is the graphical interface Would be used for scanning and Vulnerability phase of ethical hacking process. 2. Which application can be used to perform a vulnerability assessment scan in the reconnaissance phase of the ethical hacking process? Zenmap 3. What must you obtain before you begin the ethical hacking process or penetration test on a live production network, even......

Words: 373 - Pages: 2

Nt2580 Unit 3 Assignment & Lab

...NT2580 Unit 3 Assignment & Lab Unit 3. Assignment 1 - Remote Access Control Policy Definition There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentication. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must......

Words: 477 - Pages: 2

Nt2580 Lab#1 Assesment

...NT2580 Lab#1 – Assessment Worksheet WITH PICTURES ADDED. 1. Name at least five applications and tools used in the lab. Introduction: Wireshark, NetWitness, OpenVAS, FileZilla, Tftpd64, PuTTY and Zenmap 2. What is promiscuous mode? Promiscuous mode allows applications to listen to all traffic on given subnets and VLAN. 3. How does Wireshark differ from NetWitness Investigator? Wireshark captures live traffic and displays results at packet level. NetWitness Investigator allows an overview of previously captured traffic which can be used to spot anomalies, compliance issues, and Denial of Service attacks. 4. Why is it important to select the student interface in the Wireshark? It is important to enable the student lab environment. Choosing the Public network will prevent Wireshark from seeing traffic that is related to the lab and cause a lot of clutter. 5. What is the command line syntax for running an Intense Scan with Zenmap on a target subnet of nmap -T4 -A -v 6. Name at least five different scans that may be performed with Zenmap. Intense scan, Intense scan plus UDP, Intense scan all TCP ports, Intense scan no ping, Ping scan, Quick Scan, Quick Scan Plus, Quick Traceroute, Regular Scan, Slow comprehensive scan 7. How many different tests (i.e., scripts) did your Intense Scan perform? Ping (or Arp Ping), TCP Port Scan (SYN Stealth), Service Scan, Operating System Detection (OS detection), & Traceroute. 8. Based on your......

Words: 356 - Pages: 2

Itt Lab 7 Lab Doc

...© Jones & Bartlett Learning, LLC. NOT FOR SALE OR DISTRIBUTION Lab #7 - Assessment Worksheet Using Encryption to Enhance Confidentiality and Integrity Course Name and Number: _____________________________________________________ john schenberger Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you learned how cryptography tools can be used to ensure message and file transfer integrity and how encryption can be used to maximize confidentiality. You used Kleopatra, the certificate management component of GPG4Win, to generate both a public and private key as both a sender and a receiver. You used the sender’s keys to encrypt a file, sent it to the receiver, and decrypted it using the receiver’s copy of the keys. Lab Assessment Questions & Answers 1. If you and another person want to encrypt messages, should you provide that person with your public key, private key, or both? The public key is the only key that I will share with another person as part of the handshake in order of the encryption take place. 2. What does Kleopatra allow you to do once it is installed? Kleopatra allow you to encrypted messages, files and text with a private key. 3. What key type was used to create the certificate on Kleopatra? What other types of encryption key......

Words: 285 - Pages: 2

8 K Движение вверх 2017 | The Guernsey Literary and Potato Peel Pie Society (2018) RATING 7.1 / 10 QUALITY | Recambios para coches