User Account

All Pages

Create a report exploring the stages

Assignment Help Computer Networking
Reference no: EM13190436

Create a report exploring the stages involved in a specific attack (of your choice) against a computing system.

Select and research an attack of your choice. The attack should be technical in nature and exploit a vulnerability to compromise the security of a process, service, system, or network. You are required to show evidence that you have successfully carried out this exploit within a lab environment. If you wish, you may choose to use one of the vulnerabilities that you exploit within the lab exercises: for example, the RPC DCOM or WebDav exploit. However, selecting an attack it should be better.

You are required to use attack software of your choice (such as Metasploit, Armitage, sqlmap, a stand-alone custom exploit, or other software of your choosing), and take screenshots demonstrating each of the stages in the attack. These screenshots are used to illustrate the content of your report.

A bibliographic tool, such as Zotero, may be helpful.

Your report should have the following outline and content:

Introduction

Begin your report with a brief paragraph noting the attack software used, and the vulnerability and exploit covered in your report.

Description of the vulnerability, exploit, and attack software

Describe the vulnerability that the attack exploits, including how or why the vulnerability exists, what versions of software are vulnerable. Include a technical overview of the category of vulnerability (for example, SQL Injection, buffer overflow, or other as appropriate). Then introduce the exploit and attack software you have chosen to use, and give a detailed description in technical low-level terms of how the attack software is able to exploit the vulnerability. Be sure to describe

and differentiate between the vulnerability, exploit, and the attack software.

Anatomy of an attack

Describe each of the steps of the attack using the attack software of your choice to exploit the vulnerability you have chosen. This will typically include information gathering (such as footprinting, scanning, and enumeration), exploitation, and postexploitation.

Throughout this section use screenshots demonstrating how each of the stages of attack are carried out, and to illustrate the practical implications of the attack.

Information gathering: How can an attacker gather all of the information needed to identify a target, determine that it is vulnerable to attack, and gain all the information needed to attack the target?

Exploitation: How can an attacker exploit the vulnerability to impact a process, system, or network? Describe the technical goings on behind the steps taken by the attacker.

Post-exploitation: What malicious actions are possible after a successful attack? For example, can the attacker modify a user's file, add user accounts, modify system files/programs, modify the kernel, and so on? What are the limitations of what the attacker can do? What actions could the attacker take to maintain access and cover their tracks?

Recommendations for preventing the attack

In this section, describe recommendations that you believe should be implemented for a system/organisation that is vulnerable to this attack. Briefly describe the various layers of security controls (such as firewalls, access controls, anti-malware, IPS, or as appropriate) that can be used to mitigate the risk posed by the attack, and explain which stages of the attack can be thwarted by those security controls. Provide any other recommendations for mitigating the risk, (for example, choosing different software, or training users). Only make recommendations that apply to defend or prevent against the attack you have described.

Provide a screenshot demonstrating a failed attack attempt against a protected (or not vulnerable) system. For additional marks, show evidence that you have secured the originally vulnerable target against the attack.

Related software

Provide a summary of the attack software you have used, and further describe the scope of the attack software: what else can the software be used to do? Briefly describe other attack software that can be used as an alternative to achieve the attacks demonstrated in the report.

Critical reflection

Describe what you think the underlying deficiency is that has resulted in this vulnerability. What impact could this have on businesses and organisations that are vulnerable? What are the legal and ethical issues?

Conclusion

Conclude your report with a summary of your attack, software, and the implications for ICT security.

Reference no: EM13190436

Questions Cloud

Explain aggregate demand and aggregate supply analysis : In the boom years of the late 1990s, it was often said that rapidly increasing stock prices were responsible for much of the rapid growth of real GDP. Explain how this could be true, using aggregate demand and aggregate supply analysis.
Compute the concentration of cadium chloride contaminant : Calculate the concentration of cadium chloride contaminant in the original groundwater sample. Round your answer to 2 important digits.
How foreign exchange market affect the quantity of imports : How would a substantial appreciation in the European euro in the foreign exchange market affect the quantity of imports of European products by the U.S. How would such an appreciation of the European euro affect travel by Americans to Europe
Define temprature of the ideal gas after equilibration is v : Consider n moles of ideal gas kept in a heat isolated cylinder (all processes are adiabatic) with a piston at extrnal pressure P(i), and at the temperature T(i). the extrnal pressure is suddenly changed to P=2P(i), and we wait for the system to eq..
Create a report exploring the stages : Create a report exploring the stages involved in a specific attack (of your choice) against a computing system.
Compute the standard deviation of the return : Assume that the economy can experience high growth, normal growth, or recession. You expect the following stock market returns for the coming year under these conditions. State Probability Return High Growth 0.2 +30%
How to obtain pure naphthoic acid from the mixture : Using active extraction (changing the polarity) and a gravity filtration to remove a component, describe how you would obtain pure naphthoic acid from this mixture.
Mechanism for bromobenzene and magnesium turnings : Mechanism for bromobenzene + magnesium turnings + annhydrous diethyl ether + benzaldehyde + H2SO4
Why are patents important to those who hold them : To maximize profits, a perfectly competitive firm should produce until:  price is greater than average total cost.marginal cost is equal to price. average total cost is minimized. per unit profits are maximized.

Reviews

Write a Review

Computer Networking Questions & Answers

  Subnets diagram working lan depicting network subnets

Subnet classful Class C network into 2 subnets Diagram working LAN depicting two network subnets (can be in Word of Visio) Network should include

  Explaining web-based interface running on another serve

Display it via a Web-based interface running on another server. What are security issues that could plague this solution if not attended to?

  Advantages and disadvantages of connection method

Prepare a three-column table (one column for each technology) in which you list the advantages and disadvantages of each connection method.

  Encapsulation for information given by wireshark protocols

Identify and link both Protocols represented and protocol layer and encapsulation types of models with information given by Wireshark relate the protocols?

  Explain the purposes of poe in wlan design

Explain the purposes of POE in WLAN design. Provide at least 3 scenarios of POE being used as the prime element in WLAN design to address the projects cost

  Explaining system development life cycle

What is the system development life cycle and what are the best ways to bring social networking to life within this cycle?

  Authentication factor utilized by authentication server

which authentication factor is being utilized by authentication server which respond to login request by creating a random number or code.

  How client process in given end system can find location

Describe how client process in given end system can find location of given user to establish connection, for instance, Internet telephone, at given point in time.

  Explain multiprogramming and time-sharing environment

Write down two such problems? Can we make sure same degree of security in time-shared machine as in dedicated machine?

  Computing time take to send file over a direct link

Assume the file is sent continuously as one big message. How long does it take to send file assuming it is sent continuously.

  Consider this scenario.a new three level building

Consider this scenario. A new three level building will be built to accommodate three computer labs. It will be a separate building from the existing one. Each level will accommodate one lab. 50 personal computers (PCs) and a shared printer will b..

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd