chapter 12

User Generated

Nqrywhzznu

Writing

Description

here are some project and cases I need you to do so it is really clear and organized they all not that hard but you need to do them all in a good quality . thank you so much and do your best

Unformatted Attachment Preview

Hands-On Projects The following Hands-On Projects assume that you are working in a Windows 7 or Windows 10 Professional environment, that you have installed the Wireshark for Windows software, and that you have acquired the trace (data) files necessary to work through many of the Hands-On Projects in this book. Hands-On Project 12-1 Time Required: 10 minutes Objective: Examine a local scan in Wireshark. Description: This project lets you examine a trace file of an ARP-based reconnaissance probe. As you scroll through the ARP broadcasts, you should notice that this scan has some redundancy built in—for example, it repeats a broadcast for 10.0.0.55 and a few other IP addresses. To examine a local scan: 1. 1. Start Wireshark. (In Windows 7, click the Start button, point to All Programs, and then click Wireshark. In Windows 10, click the Startbutton, click All apps, and then click Wireshark. Alternatively, use the Start menu search box [Windows 7] or the Search box on the taskbar [Windows 10], type Wireshark, and then click Wireshark in the resulting list.) 2. 2. Click File on the menu bar, click Open, select the ch12_Arpscan.pcapngtrace file, and then click the Open button. The packet summary window appears. This file contains a reconnaissance probe using ARP broadcasts to find active hosts. 3. 3. Select Packet #1 in the trace file (if not already highlighted). The packet details pane (middle pane) displays the content of this frame. You see the Ethernet header addressed to broadcast (0xff-ff-ff-ff-ff-ff). 4. 4. Expand the Ethernet II and Address Resolution Protocol subtrees in the middle pane. Then click each packet in the upper pane and answer the following questions: 1. What is the IP address of the device sending out the ARP broadcasts? 2. What hosts were discovered? 3. How could this type of scan be used on a small routed network? 5. 5. Close Wireshark. Hands-On Project 12-2 Time Required: 15 minutes Objective: Examine a port scan in Wireshark. Description: This project lets you examine a TCP-based port scan. TCP and UDP port scans are effective methods of reconnaissance, so you should learn to spot them as they take place. 1. 1. Start Wireshark. (In Windows 7, click the Start button, point to All Programs, and then click Wireshark. In Windows 10, click the Startbutton, click All apps, and then click Wireshark. Alternatively, use the Start menu search box [Windows 7] or the Search box on the taskbar [Windows 10], type Wireshark, and then click Wireshark in the resulting list.) 2. 2. Click File on the menu bar, click Open, select the ch12_Portscan.pcapng trace file, and then click the Open button. The packet summary window appears. This file contains a TCP reconnaissance probe process. 3. 3. Click Packet #1 and expand the Internet Protocol Version 4 and Transmission Control Protocol subtrees to view the full details of the packet. The first packet was sent to destination port number 1. What TCP flag is set in this packet? 4. 4. Select the Packet #2 entry in the upper capture window. Examine the flags in the response packet. What flags are set in this packet? 5. 5. Click through the remaining packets in the trace file and answer these questions: 1. 2. 3. 6. How obvious is this port probe? If this probe continues through all the ports, will it detect the DHCP service process? Based on this set of probes, what ports are active on the destination device? 6. Close Wireshark. Hands-On Project 12-3 Time Required: 15 minutes Objective: Create a filter in Wireshark to catch port scans to blocked ports. Description: Your firewall is configured to block all TCP handshake packets sent to the Echo port. This project helps you learn how to build a filter in Wireshark to check for any packets sent to the Echo port and test this filter on the ch12_Portscan.pcapng trace file to ensure it works properly. 1. 1. Start Wireshark. (In Windows 7, click the Start button, point to All Programs, and then click Wireshark. In Windows 10, click the Startbutton, click All apps, and then click Wireshark. Alternatively, use the Start menu search box [Windows 7] or the Search box on the taskbar [Windows 10], type Wireshark, and then click Wireshark in the resulting list.) 2. 2. Click Analyze, and then click Display Filters to open the Display Filters window. 3. 3. Click the plus sign (+) at the bottom of the window, double-click in the Name field on the left and enter the name Echo-port filter. 4. 4. Double-click in the Filter string field on the right, enter tcp.port == 7(the Echo port number). This filter will locate packets from and to port 7. 5. 5. Click OK to close the Display Filters window. 6. 6. Close any currently open packet captures. Next, test the filter to see if it can catch the Echo packets in the ch12_Portscan.pcapng file. 7. 7. Click File on the menu bar, click Open, select the ch12_Portscan.pcapng trace file and then click the Open button. The packet summary window appears. 8. 8. Click on the ribbon button on the far left side of the display filter bar. 9. 9. Select Echo-port filter and then click the right-facing arrow button on the right side of the display filter bar. The filter is applied to the packets. Note that the upper capture window now shows the packets that match the selection criteria. Did your filter work? Do you see packets to and from the Echo port? This filter can be used to catch packets addressed to or from the Echo port. For example, if you set up a firewall to block all traffic to and from the Echo port, you can test the firewall by setting up this filter inside the firewall. 10. 10. Close Wireshark. Hands-On Project 12-4 Time Required: 10 minutes Objective: Set up a Boolean filter in Wireshark to locate all traffic to and from suspect port numbers. Description: This project helps you learn how to create a complex filter to look for traffic that uses the standard Back Orifice and Trinoo port numbers (31337, 31335, and 27444). This project illustrates how filters can be built to capture specific attack traffic crossing the network. The suspect port numbers you use in this project are: 31337 Back Orifice 31335 Trinoo agent to handler communications 27444 Trinoo handler to agent communications To set up a filter to catch traffic associated with Back Orifice and Trinoo communications: • • • 1. 1. Start Wireshark. (In Windows 7, click the Start button, point to All Programs, and then click Wireshark. In Windows 10, click the Startbutton, click All apps, and then click Wireshark. Alternatively, use the Start menu search box [Windows 7] or the Search box on the taskbar [Windows 10], type Wireshark, and then click Wireshark in the resulting list.) 2. 2. Click Capture, and then click Capture Filters to open the Capture Filters window. 3. 3. Click the plus sign (+) at the bottom of the window, double-click in the Name field on the left and enter the name BO-Trinoo. 4. 4. Because you are interested in packets that match 31337, 31335, or 27444, use the OR operand between sequence points of the capture filter string. Double-click in the Filter string field on the right, enter the following in the Filter string field: port 31337 or port 31335 or port 27444. 5. 5. Click OK to close the Capture Filters window. 6. 6. Close Wireshark. By running this filter on a network, you can capture traffic that is on the way to or coming from these suspect ports. Hands-On Project 12-5 Time Required: 15 minutes Objective: Examine a specific type of port scan based on IPv4 in Wireshark. Description: This project lets you examine a TCP-based port scan where the scan is trying to determine the type of operating system clients are using. While an operating system type cannot be determined using TCP and/or UDP scans, some attacker applications use information they glean from making queries against a wide array of mostly TCP port scans and, based on those, have internal tables they consult to determine which operating system might have those ports open and/or how it may reply in general. This is not an absolute nor always accurate process, but over time they have gotten better in the determination. 1. 1. Start Wireshark. (In Windows 7, click the Start button, point to All Programs, and then click Wireshark. In Windows 10, click the Startbutton, click All apps, and then click Wireshark. Alternately, use the Start menu search box [Windows 7] or the Search box on the taskbar [Windows 10], type Wireshark, and then click Wireshark in the resulting list.) 2. 2. Click File on the menu bar, click Open, select the ch12_Osscan.pcapngtrace file, and then click the Open button. The packet summary window appears. This file contains a TCP reconnaissance probe process specifically trying to determine the operating system of a client. 3. 3. Click Statistics, click IPv4 Statistics, then click All Addresses. In the All Addresses window, click the Count heading twice to sort highest to lowest. This view will indicate who the “top talkers” are in this trace file, and most likely you can determine who the attacker is and who is being attacked. Who are the top three talkers? 4. 4. Close the All Addresses window. 5. 5. The first test the attacker executes is trying to determine the host name via DNS reverse lookup. Click the Protocol heading to re-sort the displayed packets by protocol type. Look for a DNS reverse lookup query and query response (hint, IPv4 & PTR). Expanding the packet detail of those two packets, answer these questions: 1. 2. 3. 4. What is the host name that is resolved? What is the probable IPv4 address of the attacker? What is the probable IPv4 address of the attacked? How do the IPv4 addresses you identified in questions b and c correlate to the top talkers list you made in Step 3? 6. 6. Close Wireshark. Hands-On Project 12-6 Time Required: 15 minutes Objective: Examine a specific type of port scan based on IPv6 in Wireshark. Description: This project lets you examine a TCP-based port scan where the scan is trying to determine the type of operating system clients are using. While an operating system type cannot be determined using TCP and/or UDP scans, some attacker applications use information they glean from making queries against a wide array of mostly TCP port scans and, based on those, have internal tables they consult to determine which operating system might have those ports open and/or how it may reply in general. This is not an absolute nor always accurate process, but over time they have gotten better in the determination. 1. 1. Start Wireshark. (In Windows 7, click the Start button, point to All Programs, and then click Wireshark. In Windows 10, click the Startbutton, click All apps, and then click Wireshark. Alternatively, use the Start menu search box [Windows 7] or the Search box on the taskbar [Windows 10], type Wireshark, and then click Wireshark in the resulting list.) 2. 2. Click File on the menu bar, click Open, select the ch12_Osscan.pcapngtrace file, and then click the Open button. The packet summary window appears. This file contains a TCP reconnaissance probe process specifically trying to determine the operating system of a client. 3. 3. Click Statistics, click IPv6 Statistics, and then click All Addresses. In the All Addresses window, click the Count heading twice to sort highest to lowest. This view will indicate who the “top talkers” are in this trace file, and most likely you can determine who the attacker is and who is being attacked. Who are the top three talkers? 4. 4. Close the All Addresses window. 5. 5. The first test the attacker executes is trying to determine the host name via DNS reverse lookup. Click the Protocol heading to re-sort the displayed packets by protocol type. Look for a DNS reverse lookup query and query response (hint, IPv6 & PTR). Expanding the packet detail of those two packets, answer these questions: 1. What is the host name that is resolved? 2. What is the probable IPv6 address of the attacker? 3. What is the probable IPv6 address of the attacked? 4. How do the IPv6 addresses you identified in questions b and c correlate to the top talkers list you made in Step 3? 6. 6. Close Wireshark. Case Project 12-1 Firewall Filters You are the network security technician for a large shoe manufacturer based in Detroit, MI. Your internetwork connects six buildings through fiber links. You have experienced numerous attacks on your corporate Web server. The company CEO decides to pay for a firewall. Describe the filters you will implement in your firewall, and note how you will test your firewall. Case Project 12-2 Firewall Research, Planning, and Implementation Your network currently has an old basic technology firewall that needs a software upgrade in order to support the newer security features and capabilities that are available. However, your manager would rather invest in a newer technology firewall solution that is more capable and can provide protection for the network. In addition, it has been decided that perhaps a single firewall protecting the external side of the network may not be sufficient for overall network and systems protection. Your manager has tasked you with the “firewall replacement” project. Your goals are to design a new firewall protection strategy that offers a multilayered approach using firewalls for network protection. You must also produce a report that lists firewall vendors who will meet your needs and the overall plan for selection and deployment of the new firewall solution.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

this is the work...


Anonymous
Just what I needed. Studypool is a lifesaver!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags