WGU C844 Task 1 Emerging Technologies in Cyber Security

A. Describe the network topology that you found when running Nmap. 6 hosts were found using nmap -sn 10.168.27.0/24. The hosts are in a STAR topology as shown in the screenshot below. A star topology means that all hosts are connected to a central device, usually a switch. This makes it easier to add and take away new hosts with no disruption to the network. The switch also provides a central management point for all devices. The major drawback to a star topology is the switch or central device everything connects to is a single point of failure for all devices connected to it. A larger screenshot of the above image. B. Summarize the vulnerabilities on the network and their potential implications based on NMAP results. On 10.168.27.14, 10.168.27.20 and 10.168.27.132 I found that these devices are running on Linux kernel 2.6.32. This version has vulnerabilities such as CVE- which can be used to perform a denial of service (DoSti attack. (Vulnerability Details: Cve-ti On 10.168.27.15 I found that FileZilla FTP is running on port 21. FTP is an insecure protocol that sends data in clear text across the network making it an easy target for gaining usernames and passwords. 10.168.27.15 is also running Microsoft Windows Server 2008R2 or a lower version as indicated in the OS details. This is a concern as server 2008r2 is end of life and is no longer getting any updates from Microsoft. Therefore, any vulnerabilities that were present when this OS went end of life will still be present. A few specific vulnerabilities include CVE- A use-after-free vulnerability in the DNS server could allow remote attackers to execute arbitrary code via crafted requests. A use-after-free error occurs when a software application continues to use a pointer after it has been freed. CVE- The Telnet service in Windows Server 2008 is vulnerable to buffer overflows attacks, which could allow remote attackers to execute arbitrary code specially via crafted packets. (Top 20 Critical Windows Server 2008 Vulnerabilities And Remediation Tips) C. Describe the anomalies you found when running Wireshark. I used the file Pg The first anomaly I found when running Wireshark was a high volume of TCP traffic sent from 10.16.80.243 to the 10.168.27.0/24 network. The attacker was scanning through all ports on the source devices presumably to map out the network. The second anomaly I found was when I filtered for FTP traffic, I found that 10.168.27.10 was using FileZilla FTP which is an insecure protocol that sends data unencrypted in clear text. I was able to see the username and password used for this connection. D. Summarize the potential implications of not addressing each of the anomalies found. In the first Wireshark anomaly the attacker was scanning the network to map the network. By mapping out the network the attacker would then be able to create a more focused attack based on the information that was gathered from the port scans. Using a tool such as Nmap the attacker could figure out which ports are open, what operating system versions are being used and what the easiest attack surface would be. FTP being used in the second anomaly found by Wireshark is of concern because FTP allows anonymous login and also allows for traffic to be sent in clear text. This makes it especially easy for an attacker to find credentials that they can try against other systems. E. Recommend solutions The biggest issue found when running Nmap was the use of outdated operating systems and software. The hosts running Server 2008 or older need to be either updated to a current operating system that can receive security and software patches or they need to be decommissioned and removed from the network to remove the vulnerabilities associated with unsupported software. Microsoft announced that Server 2008 will be end of life and extended support will end in 2020. Their recommendation for