WGU C844 Emerging Technologies in Cybersecurity Task 1 |Latest
Update with Complete Solution
GRP1 Task 1: NMAP and Wireshark
A.
When..running..an..intense..scan..on..Zenmap..for..10.168.27.0/24,..the..topology..f
ound..was..a..star..topology...You..can..clearly..see..in..the..snapshot,..that..the..six..nodes..a
re..connected..to..a..central..local..host,..represented..as..the..black..center..dot...A..star..top
ology..normally..works..with..each..device..or..node..on..the..network..connected..to..a..centr
al..hub...This..central..hub..could..either..be..a..switch..or..router...In..a..star..topology,..all..co
mmunication..between..devices..must..pass..through..the..hub..first...From..there..it..dictate
s..where..the..communication..must..flow..between..the..devices..connected..to..it.
B.
1. There..are..two..vulnerabilities..with..address..10.168.27.15...The..first..one..being..the..use..of
an..FTP..on..port..21...FTP..is..known..to..be..insecure..as..to..its..counterpart..SFTP...The..reason..bei
ng..is..that..it..fails..to..implement..encryption..leaving..information..and..sign..in..credentials..vulnera
ble..to..interception...It..also..leaves..open..to..attacks..such..as..sniffing,..brute..force,..or..spoofing...If
..sensitive..data..were..to..pass..through..this..FTP..it..could..lead..to..interception..which..would..com
promise..the..CIA..triad...Exposure..of..company..data..could..be..a..huge..violation..in..compliance..wi
th..HIPAA..or..PCI..DSS.
2. Second..vulnerability..with..10.168.27.15..is..that..it..uses..an..outdated..operating..syst
em...From..the..Nmap..results..you..can..see..that..the..version..is..Microsoft..Windows..Server..20
08...Per..Microsoft,..the..“Windows..Server..2008..are..approaching..the..end..of..their..support..life
cycle”..(Deland-
Han.)...The..end..of..the..support..means..that..there..will..be..no..additional..security..updates,..leavi
ng...15..vulnerable..to..new..attacks..past..the..life..cycle..end..date...With..an..outdated..software..it
, leaves..it..open..to..the..possibility..of..malware..and..ransomware..attacks...If..left..so,..data..could..b
e..compromised..by..making..it..accessible..to..attackers.
3. Based..on..the..Nmap..results..for..10.168.27.10..multiple..ports..are..open,..some..of..whi
ch..should..not..be..open...One..port..that..should..be..closed..is..port..445..that..runs..the..Microsoft..
Windows..Server..2008,..which..discussed..for...15..is..outdated..and..should..not..be..used..due..to..t
he..end..of..lifecycle...Another..port..that..should..be..closed..and..discontinued..is..139..(NetBIOS)...
There..are..many..security..concerns..with..NetBIOS..as..it..becomes..more..of..a..legacy..protocol...
NetBIOS..operates..over..unencrypted..channels,..making..it..susceptible..to..eavesdropping...Sens
itive..information..becomes..vulnerable..and..could..be..intercepted...NetBIOS..also..does..not..have
..built-
in..authentication,..“making..it..susceptible..to..unauthorized..access,..spoofing..attacks,..and..man-
in-the-
..middle..attacks”..(WireX.)...Leaving..both..139..and..445..open..leaves..the..system..vulnerable..to..
attackers..in..intercepting..data..and..compromising..its..integrity.
4. 10.168.27.10..also..has..port..389..open..which..runs..LDAP...LDAP..is..often..used..for..
directory..services..which..contain..information..on..users,..groups,..and..organizational..structure
s...This..information..operates..over..plaintext,..making..data..transmitted..over..port..339..suscepti
ble..to..eavesdropping...LDAP..does..not..use..encryption..like..its..counterpart..LDAPS,..leading..t
o..unauthorized..users..querying..or..modifying..directory..information...If..intercepted,..attackers..c
ould..gain..sensitive..data,..like..login..information.
5. Last..vulnerability..has..to..do..with..10.168.27.14..running..Secure..Shell..over..port..22..wi
th..OpenSSH..5.5p1..as..its..version...According..to..OpenSSH..Security,..any..OpenSSH..version..b
etween..5.5..and..9.3p..is..susceptible..to..remote..code..execution...Remote..code..execution..(RCE).
.is..a..security..vulnerability..that..allows..an..attacker..to..execute..commands..on..a..target..from..a..r
emote..location...This..attack..allows..the..user..to..fully..control..the..device..remotely...With..total..ac
cess,..they..have..the..free..range..to..manipulate,..delete,..or..extract..sensitive..data...Once..an..atta
cker..has..achieved..RCE..on..one..system,..it..also..has..the..capability..to..move..laterally..across..th
e..network,..compromising..more..nodes.
C. All..anomalies..are..related..to..Pcap1
1. First..anomaly..relates..to..the..FTP..for..10.168.27.10...Using..the..credentials..tool
..in..Wireshark..I..was..easily..able..to..obtain..the..credentials..for..the..FTP...As..you..can..se
e..in..the..screenshot,..the..username..is..FileZilla..and..password..is..3.55.1.
Update with Complete Solution
GRP1 Task 1: NMAP and Wireshark
A.
When..running..an..intense..scan..on..Zenmap..for..10.168.27.0/24,..the..topology..f
ound..was..a..star..topology...You..can..clearly..see..in..the..snapshot,..that..the..six..nodes..a
re..connected..to..a..central..local..host,..represented..as..the..black..center..dot...A..star..top
ology..normally..works..with..each..device..or..node..on..the..network..connected..to..a..centr
al..hub...This..central..hub..could..either..be..a..switch..or..router...In..a..star..topology,..all..co
mmunication..between..devices..must..pass..through..the..hub..first...From..there..it..dictate
s..where..the..communication..must..flow..between..the..devices..connected..to..it.
B.
1. There..are..two..vulnerabilities..with..address..10.168.27.15...The..first..one..being..the..use..of
an..FTP..on..port..21...FTP..is..known..to..be..insecure..as..to..its..counterpart..SFTP...The..reason..bei
ng..is..that..it..fails..to..implement..encryption..leaving..information..and..sign..in..credentials..vulnera
ble..to..interception...It..also..leaves..open..to..attacks..such..as..sniffing,..brute..force,..or..spoofing...If
..sensitive..data..were..to..pass..through..this..FTP..it..could..lead..to..interception..which..would..com
promise..the..CIA..triad...Exposure..of..company..data..could..be..a..huge..violation..in..compliance..wi
th..HIPAA..or..PCI..DSS.
2. Second..vulnerability..with..10.168.27.15..is..that..it..uses..an..outdated..operating..syst
em...From..the..Nmap..results..you..can..see..that..the..version..is..Microsoft..Windows..Server..20
08...Per..Microsoft,..the..“Windows..Server..2008..are..approaching..the..end..of..their..support..life
cycle”..(Deland-
Han.)...The..end..of..the..support..means..that..there..will..be..no..additional..security..updates,..leavi
ng...15..vulnerable..to..new..attacks..past..the..life..cycle..end..date...With..an..outdated..software..it
, leaves..it..open..to..the..possibility..of..malware..and..ransomware..attacks...If..left..so,..data..could..b
e..compromised..by..making..it..accessible..to..attackers.
3. Based..on..the..Nmap..results..for..10.168.27.10..multiple..ports..are..open,..some..of..whi
ch..should..not..be..open...One..port..that..should..be..closed..is..port..445..that..runs..the..Microsoft..
Windows..Server..2008,..which..discussed..for...15..is..outdated..and..should..not..be..used..due..to..t
he..end..of..lifecycle...Another..port..that..should..be..closed..and..discontinued..is..139..(NetBIOS)...
There..are..many..security..concerns..with..NetBIOS..as..it..becomes..more..of..a..legacy..protocol...
NetBIOS..operates..over..unencrypted..channels,..making..it..susceptible..to..eavesdropping...Sens
itive..information..becomes..vulnerable..and..could..be..intercepted...NetBIOS..also..does..not..have
..built-
in..authentication,..“making..it..susceptible..to..unauthorized..access,..spoofing..attacks,..and..man-
in-the-
..middle..attacks”..(WireX.)...Leaving..both..139..and..445..open..leaves..the..system..vulnerable..to..
attackers..in..intercepting..data..and..compromising..its..integrity.
4. 10.168.27.10..also..has..port..389..open..which..runs..LDAP...LDAP..is..often..used..for..
directory..services..which..contain..information..on..users,..groups,..and..organizational..structure
s...This..information..operates..over..plaintext,..making..data..transmitted..over..port..339..suscepti
ble..to..eavesdropping...LDAP..does..not..use..encryption..like..its..counterpart..LDAPS,..leading..t
o..unauthorized..users..querying..or..modifying..directory..information...If..intercepted,..attackers..c
ould..gain..sensitive..data,..like..login..information.
5. Last..vulnerability..has..to..do..with..10.168.27.14..running..Secure..Shell..over..port..22..wi
th..OpenSSH..5.5p1..as..its..version...According..to..OpenSSH..Security,..any..OpenSSH..version..b
etween..5.5..and..9.3p..is..susceptible..to..remote..code..execution...Remote..code..execution..(RCE).
.is..a..security..vulnerability..that..allows..an..attacker..to..execute..commands..on..a..target..from..a..r
emote..location...This..attack..allows..the..user..to..fully..control..the..device..remotely...With..total..ac
cess,..they..have..the..free..range..to..manipulate,..delete,..or..extract..sensitive..data...Once..an..atta
cker..has..achieved..RCE..on..one..system,..it..also..has..the..capability..to..move..laterally..across..th
e..network,..compromising..more..nodes.
C. All..anomalies..are..related..to..Pcap1
1. First..anomaly..relates..to..the..FTP..for..10.168.27.10...Using..the..credentials..tool
..in..Wireshark..I..was..easily..able..to..obtain..the..credentials..for..the..FTP...As..you..can..se
e..in..the..screenshot,..the..username..is..FileZilla..and..password..is..3.55.1.
