ICT5350 Securing IT Systems Workshop 02

by Posted on

                   ICT5350 Securing IT Systems

Workshop 02

Note: Write your answers in the spaces, and submit your work to the canvas

 

Part I:  Answer the following questions

  1. Identify two circumstances where the implications of false negatives hold considerably more gravity than false positives?
  2. Medical Diagnostics:

A medical test fails to detect an existing disease when it provides a negative result to patients who actually have the disease or condition. A situation arises when cancer screening tests miss detecting cancer because patients avoid getting the required medical treatment that enables the condition to advance toward fatal outcomes. False positive cases produce moderate consequences through increased stress while resulting in insufficient examination and deteriorating patient health compared to false negative situations.

  1. Security Systems:

The detection process of security systems will sometimes produce a harmful result where a threat such as malware or intrusion fails to receive proper notification. The successful bypassing of security systems leads organizations to experience substantial financial loss along with harm to their reputation as well as operational deficits.

  1. Describe a scenario where a simple and less robust password might suffice?

The identification of an authentic operation as security hazard result in an investigative process but does not comprise system security. The negative effects stemming from such errors remain less damaging than those of incorrect negative readings. In cases where data protection involves non-sensitive or critical systems an uncomplicated password standards would work adequately. For example: A basic password works adequately for a personal blog if the content does not include sensitive user information or protected data. The threat of systems infiltration is minimal yet the ease of simple passwords makes them more desirable than the minimal security risks.

The use of a simple password proves acceptable when dealing with temporary accounts which function in controlled environments such as test environments since these accounts lack access to sensitive information and will not be utilized permanently.

  1. Describe the following password attacks:

 

  1. Rainbow Tables:

The precomputed table known as a rainbow table contains all hash values for various possible passwords. These tables serve attackers to decode password hashes so they can recover the original passwords from their hash value. When a system stores hash versions of passwords in its database attackers who get database access can achieve password retrieval using pre-built rainbow tables.

  1. Dictionary Attacks:

The procedure of dictionary attacks works by attempting every word from predetermined lists which contain common password words. Simple passwords chosen by users remain vulnerable to such cryptographic analysis. A dictionary attack would easily identify “password123” because it launches tests of standard dictionary words and their derivatives.

  1. Brute Force Attack:

The method of brute force attack works by computing all potential character sequences until it discovers the exact password match. The method requires significant computing power effectively making it possible to solve any password when resources increase and execution time becomes unlimited. A brute force attack would check each possible combination from “aaaa” to “zzzz” when a 4-character password needs to be identified.

  1. Each vulnerability needs what kind of protection?
  2. Rainbow Tables:

The use of salting in password hashing represents one possible method to limit attacks. Adding salt to passwords before hash creation produces unique hash values no matter if the passwords remain identical. The use of salting prevents rainbow table effectiveness because the precomputed hash entries in the table no longer correspond to the salted hash values.As a security measure users get salted hashes by adding their individual random value to the output of hash(“PAassword12.203”).

  1. Dictionary Attacks:

Strong password regulations encompass complex tactics which demand users to create passwords having a mixture of uppercase letters and lowercase letters and numbers and special characters.  The password policy demands a minimum of 12 characters accompanied by one digit and one capital letter and at least one special character.

  1. Brute Force Attack:

Rate limiting cryptographic mechanisms together with account lockout limits should be activated to control login attempts. Users must use their smartphones to receive secure verification codes after five successive failed login attempts because the system locks their account for 15 minutes before permitting access.SAML functions as an identity federation protocol which operates similarly to OpenID in its purpose.

  • SAML (Security Assertion Markup Language):

The XML-based standard SAML serves as a communication protocol that exchanges authentication and authorization data between two entities mainly the identity provider (IdP) and the service provider (SP). SSO systems utilize this protocol to enable users access many services through one-time login and avoid repeating the login process. A single authentication at the company SSO portal enables users to access multiple connected applications including email and HR system automatically without additional logins.

  • OpenID:

Users utilize OpenID as an open standard for decentralized authentication to manage a single digital identity which enables them to log in to various websites. This protocol provides an easier alternative to SAML and proves useful for websites that face consumers directly. A user can activate their Google account and leverage this identity to access different websites which implement OpenID authentication.

  • Comparison:

Large enterprises tend to use SAML because it requires complex implementation yet it delivers advanced security features needed for identity federation on the enterprise level.

 

Task1:  Netcat

 

Turn on Kali VM and Metasploitable VM. Log into Kali VM and start a terminal. Log into Metasploitable as (msfadmin as user name and password) Administrator. Then, complete the following tasks. Respond to the questions in the boxes below.

  • Use Netcat to perform a banner grabbing on the Telnet service on the Metasploitable

 

 

 

  1. Based on the output, what is the Telnet server software used in this Metasploitable VM?

 

 

 

 

 

  1. What is this software’s version number?

 

 

 

 

  • Use netcat to perform a banner grabbing on the Web service service on the Metasploitable VM.

.

 

 

 

 

  1. What is this software’s version number?

 

 

 

 

  1. Grab a screenshot to support your answer.

 

 

 

 

 

 

 

 

 

 

  • In the Metasploitable VM, there are files in \vulnerable\tikiwiki\*. Use netcat to transfer this any Tikiwiki zipped folder  to Kali VM and store it in ‘/root/Downloads’. In doing so, you should run netcat in server mode on Kali VM.
  1. What are the command lines run in Kali VM?

 

 

 

 

  1. What are the command lines run in Metasploitable VM?

 

 

 

 

  1. Include a screenshot on your success. This screenshot should include the results of executing the command ‘ls -l’ on the ‘/root/Downloads’ folder.

 

 

  • In the Metasploitable VM, there is another file \vulnerable\tikiwiki\*. Use netcat to transfer any zipped folder to Kali VM and store it in ‘/root/Documents’. This time, you should run netcat in server mode on Metasploitable VM.
  1. What are the command lines run in Kali VM?

 

 

 

 

  1. What are the command lines run in Metasploitable VM?

 

 

 

 

 

 

  1. Add a screenshot that include the results of executing the command ‘ls -l’ on the ‘/root/Documents’ folder.

 

 

 

 

 

 

Task2: Wireshark

 

Now start Wireshark in Kali VM. Choose eth0 to capture the traffic.

 

Write Nmap command to do TCP scan  scan on  Metasploitable VM (Nmap –sT  “IP of the Metasploitable”). Leave the scan running, and access the web server on the Metasploitable machine from the Kali VM  web  browser by writing the Metasploitable IP in the URL space as shown below. Click on MyPhpAdmin link. Once the scan finish stop the WireShark capture and save it as pcapng file on Kali VM desktop.

 

 

  1. Use the terminal to navigate to the desktop and apply the ls –l on the desktop to show the Wireshark file.

 

 

 

 

 

 

 

 

 

  1. Start Wireshark again and open the  saved capture , use the capture to explain how the Nmap do the TCP scan, hint (3 way handshake)

 

 

 

 

 

 

 

 

 

 

  1. What are the first  five ports involved in the TCP handshake.

 

 

 

 

 

 

 

 

 

  1. Use the Wireshark Display filter to show HTTP packets only.
    1. How many packets you have? Hint look at the bottom right corner

 

 

 

 

 

 

 

    1. What is the name of the css file used on the page?

 

 

 

 

 

 

    1. Click on any packet and identify the src, dst ports, user agent details.

 

 

 

 

 

 

 

 

  1. Restart Wireshark again and start new capture. Navigate to myPhpAdmin login page   server installed on the Metasplotable VM from kali VM. Enter admin/ admin as username/password, click  GO.
    1. From the capture show the the username and password entered in the login form in a screenshot. Hint (POST request)

 

 

 

 

 

 

 

 

 

 

 

 

    1. Explain why we were able to see the user name and password as plain text? And what could be used to mitigate that security breach?

 

 

 

 

 

 

Published by howdy