WGU C844 Emerging Technologies in Cybersecurity Task 1 GRP1

TASK 1: NMAP AND WIRESHARK GRP1 TASK 1: NMAP AND WIRESHARK Emerging Technologies in Cybersecurity-C844 Western Governors University Jennifer Goodchild Student ID # # December 29, 2021 1 TASK 1: NMAP AND WIRESHARK A. The Network Topology After opening the root emulator and typing Zenmap, I ran a network scan of the domain 10.168.27.0/24. I selected the Quick scan plus option, then clicked scan. The network scan showed a star topology with six devices connected to a local host. Results: • IP 10.168.27.20 – 1 Open Port – OS Linux 2.6.32 • IP 10.168.27.14 – 1 Open Port – OS Linux 2.6.32 • IP 10.168.27.132 – 1 Open Port – OS Linux 2.6.32 • IP 10.168.27.10 – 8 Open Ports – OS MS Windows Server 2012 R2 • IP 10.168.27.15 – 10 Open Ports – OS MS Windows Server 2008 R2 or Windows 8.1 • IP 10.168.27.1 – 0 Open Ports – OS Unknown 2 TASK 1: NMAP AND WIRESHARK B. Summary of nmap/Zenmap Results After completing the scan with Zenmap, I identified several problems. The vulnerabilities and their implications based on the scan are as follows: 1. 10.168.27.14 (Linux 2.6.32) ssh service OpenSSH 5.5p1 Debian, (protocol 2.0). Vulnerability: This version of OpenSSH grants a remote attacker access to itemize all accounts on the system while processing authentication requests. Implication: Attackers can send specifically constructed series of packets and observe behavior of a server to detect the presence of a valid username. If this system isn’t configured appropriately or a user account is set with a default password, a hacker can weaken the port and control the entire system. 3 TASK 1: NMAP AND WIRESHARK 2. 10.168.27.15 - Microsoft Windows Server 2008 R2 or Windows 8.1 Vulnerability: The scan revealed this host has ten open ports. Port 135 msrpc is concerning. MS Remote Procedure Call (RPC) is a service that allows other systems to spot services are publicized on a server and what port to find them on. Implication: Tools used by hackers such as "epdump" (Endpoint Dump) can quickly identify every DCOM- related server/service running on a host computer and match them up with known exploits. 4 TASK 1: NMAP AND WIRESHARK 3. 10.168.27.15 – Microsoft Windows Server 2008 R2 or Windows8.1: Port 21 Open Vulnerability: Port 21 connects servers using FTP to the internet; these servers carry many vulnerabilities such as anonymous authentication capabilities, directory traversals, and cross-site scripting, making port 21 an ideal target. Implication: FTP is considered insecure because it isn’t encrypted, which means that if someone is sniffing traffic anywhere in a network path, then everything traversing it can be read. This includes username, password, and all data being transferred. The attacker can also elevate user rights directly, execute code, or cause a target system to stop responding. 5 TASK 1: NMAP AND WIRESHARK C. Anomalies found when running Wireshark In this section I analyzed anomalies that are found by executing a scan using Wireshark Pg. 1. An anomaly found was ICMP traffic being blocked. In the traffic that Wireshark shows, ICMP requests being sent in accelerated succession without waiting for a response from the target system. 2. The first thing I noticed was that an external IP address 10.16.80.243 (from the 10.168.27.0/24 network) attempts to browse machines on the network. This is a kind of Nmap scan will reveal what ports and services are running on which hosts. 6