C844 WGU Task 1 Mapping and Monitoring | Emerging Technologies in Cyber Security
A. Nmap Topology
The topology found using Zenmap is a Star topology (See Figure 1). It indicated there were 5
hosts connected to the switch, and at least one of them was running linux OS. A Star topology is
when each computer or host is connected to one central point like a hub or a network switch. This
is the most beneficial type of topology for a few reasons, being: Easy to connect new
computers/hosts without affecting the rest of the network, centralized management of all
connected devices. Along with if one host/computer goes down it will not affect any other nodes, as
well as no data collision which improves network performance. Some of the disadvantages of a Star
Topology are: There is a single point of failure. If the switch goes down, so do all of the devices
connected to it.Capacity of switch determines network performance and can become bottlenecked
with too many devices.
Along with increased overall cost for the network.
Figure 1
B. Nmap Vulnerabilities
The first vulnerability I found in the system was on the IP address of 192.168.27.15. It has an open
port of 21 which is used for FTP traffic (See figure 2). FTP traffic is sent through the network in cleartext,
meaning anyone listening in on that port can directly see what is being sent with no encryption. This is
an easy target for man-in-the-middle attacks and malware attacks. Malware can be injected into the
applications directly that use FTP. Malicious users can also “sniff” for credentials while monitoring the
cleartext and gain unauthorized access into the network and other devices/accounts.
®™
, C844 WGU Task 1 Mapping and Monitoring | Emerging Technologies in Cyber Security
From the same IP address of 192.168.27.15 there is another unsecure port of port 25 (See figure 2).
This port is SMTP which is used for email communication. However, this port also sends traffic in
cleartext. “SMTP was not initially designed for verifying, or encrypting or otherwise protecting emails in
transit.” (Hammerstrom, 2017, F5.com) This leaves it exposed to man-in-the-middle attacks as well as
social engineering attacks such as Phishing. Port 25 is commonly used by spammers to acquire
credentials, load malware via attachments, or steal other personal information by clicking on links. This
port is also very commonly used for Denial of Service (DOS) attacks. Since the port is open with high
visibility and usage, a cybercriminal can flood the email server with messages, thus overloading the
server and causing it to crash or not respond.
Figure 2
Hosts 192.168.27.15 and 192.168.27.10 are running Windows 2008 and 2012 respectively. This
is a major vulnerability as these versions of Windows no longer receive patches or security updates.
This leaves these hosts open to any Zero day attacks along that developers created after the last
patch. They are also open to other security threats of Legacy protocols and firmware leaving the
hosts open to easy attacks such as WORMS and ransomware.
®™
A. Nmap Topology
The topology found using Zenmap is a Star topology (See Figure 1). It indicated there were 5
hosts connected to the switch, and at least one of them was running linux OS. A Star topology is
when each computer or host is connected to one central point like a hub or a network switch. This
is the most beneficial type of topology for a few reasons, being: Easy to connect new
computers/hosts without affecting the rest of the network, centralized management of all
connected devices. Along with if one host/computer goes down it will not affect any other nodes, as
well as no data collision which improves network performance. Some of the disadvantages of a Star
Topology are: There is a single point of failure. If the switch goes down, so do all of the devices
connected to it.Capacity of switch determines network performance and can become bottlenecked
with too many devices.
Along with increased overall cost for the network.
Figure 1
B. Nmap Vulnerabilities
The first vulnerability I found in the system was on the IP address of 192.168.27.15. It has an open
port of 21 which is used for FTP traffic (See figure 2). FTP traffic is sent through the network in cleartext,
meaning anyone listening in on that port can directly see what is being sent with no encryption. This is
an easy target for man-in-the-middle attacks and malware attacks. Malware can be injected into the
applications directly that use FTP. Malicious users can also “sniff” for credentials while monitoring the
cleartext and gain unauthorized access into the network and other devices/accounts.
®™
, C844 WGU Task 1 Mapping and Monitoring | Emerging Technologies in Cyber Security
From the same IP address of 192.168.27.15 there is another unsecure port of port 25 (See figure 2).
This port is SMTP which is used for email communication. However, this port also sends traffic in
cleartext. “SMTP was not initially designed for verifying, or encrypting or otherwise protecting emails in
transit.” (Hammerstrom, 2017, F5.com) This leaves it exposed to man-in-the-middle attacks as well as
social engineering attacks such as Phishing. Port 25 is commonly used by spammers to acquire
credentials, load malware via attachments, or steal other personal information by clicking on links. This
port is also very commonly used for Denial of Service (DOS) attacks. Since the port is open with high
visibility and usage, a cybercriminal can flood the email server with messages, thus overloading the
server and causing it to crash or not respond.
Figure 2
Hosts 192.168.27.15 and 192.168.27.10 are running Windows 2008 and 2012 respectively. This
is a major vulnerability as these versions of Windows no longer receive patches or security updates.
This leaves these hosts open to any Zero day attacks along that developers created after the last
patch. They are also open to other security threats of Legacy protocols and firmware leaving the
hosts open to easy attacks such as WORMS and ransomware.
®™
