Reference no: EM13926486

This assignment can be done using either Windows (XP, Vista, 7, or 8), Mac OS/X, or Linux.

If you have a choice, please use Windows. Marked out of 60.

1. Let's see what command line utilities can tell us about a computer and its network activity.

Connect to the internet and surf around a little. Then go to Command Prompt on your computer (if you're using Windows XP,

Vista, or 7 you'll find it under Accessories - in Windows 8 it's an app under Windows System). To close the window type exit. If

you're using a Mac open a Terminal. Then do the following:

a. Let's see how a ping works. Type in ping www.independent.ie - copy and submit the result. How can the good and bad guys

use a ping?

b. Let's find the IP address that goes along with a domain name. Type in nslookup whitehouse.gov - copy and submit the

result. How can the good and bad guys use this information?

c. Finally let's try whois. On Windows you'll have to use a third party utility. Go to whois.net and type in flemingcollege.ca - Mac

users can enter whois trentu.ca in the Terminal.

Copy and submit the Technical Contact information. How can the good and bad guys use this type of information?

2. [16 marks] Let's see what we can find by using the traceroute and IP address utilities. Go to https://www.monitis.com

/traceroute/ and enter the URL for the Sydney Morning Herald newspaper in Australia at https://www.smh.com.au. This will give

you the path from North America, Europe, and Asia to the newspapers servers.

Go to the North American and Europe paths and check the IP addresses to see where the message went. If you mouse over

the stops it will give you the IP address.

Take the IP address and go to https://whatismyipaddress.com/ , go to the grey box in the top right of the page and enter the

IP address and see what it says.

a.  List the cities (if known - determined from IP address search) shown in the trace for North America and do the same for the

European trace.

b. Is there anything surprising with where the paths end? What does this mean?

c. Do several traces for the Sydney Morning Herald. Are the paths always the same? Why is that?

3. Let's see how files are stored on a computer. Windows users should go to https://www.hexworkshop.com/ and download the

latest demo version of Hex Workshop. Mac and Linux users should go to https://www.sweetscape.com/010editor/ and download

the free trial version of the 010 Editor. Install the software on your computer. Open the hex editor.

The left panel will contain addresses, the middle panel contains the bit values stored (in hexadecimal) and the next panel

contains possible character values for the bits stored.

See my clip on Hex Workshop on Blackboard.

a. Most files have signatures so that the computer knows what kind of a file it is so let's see what some common signatures are.

Open a pdf file - what are the first few hex digits you see?

Some files also have trailers that tell the computer that the file has ended. What is the trailer for a pdf file in hex?

b. Then open an rtf file (Word can make this type of file) -

what do you think the signature is for this file in hex?

c. A good way to see if a file has been altered is to do a checksum. Open the file 4550fin-13.doc posted to Blackboard in Hex

Workshop.

Go to Tools and then Generate Checksum. Select CRC (32 bit) as your algorithm, select Entire Document, and generate the

checksum.

How many digits are there in the hex checksum?

What is the checksum in hex? Do another checksum only this time select SHA-2 (512 bit) (or SHA512 in 010 editor) as the

algorithm.

How many digits are there in the hex checksum? What are the first 7 digits of this hex checksum?

d.  Now let's see what effect changing the content of the file has on the checksum.

Save the 4550fin-13.doc file (in case we need it in court) and use a copy of the file for this step.

Go to the right pane in Hex Workshop and change the first letter of the document text from upper case to lower case (i.e.

Trent to trent).

What is the hex checksum CRC (32 bit) and what are the first 7 digits in hex using SHA-2(512 bit)?

How much did the checksums change?

e. Let's see what effect changing the file name has on the checksum.

Save the 4550fin-13.doc file (the original version that was not altered in part (d)) as test.doc then run the CRC (32 bit) and

SHA-2 (512 bit).

How much did the checksums change?

f. Now let's try to recover corrupted files using our hex editor.

Try to open the corrupted1.jpg file. Now use your hex editor and try to figure out why it doesn't open.

Make the needed changes needed to open the file.

What did you do to fix the image?

Describe the picture. (Hint: use your hex editor to open similar image file types and check their signatures).

g.  Now try to open the corrupted2.doc file. Use your hex editor and try to figure out why it doesn't open.

Make the needed changes needed to open the file.

What did you do to fix the file? Describe the contents of the file.

4. [16 marks] Let's do some risk analysis on your own information assets.

a.  List any information that you store on a computer system

(school, financial, social, etc.) that you use and which would be expensive, inconvenient, or impossible to replace if it was lost,

damaged or stolen.

b. Next consider what the impact would be if the information was stolen or lost and what the likelihood is that the information

could be stolen or lost.

Now categorize your information as one of: High impact- High likelihood, High impact - Low likelihood, Low impact - High

likelihood or Low impact and Low likelihood.

State why you think the information fits in that category.

c. Now let's look at how we can manage the risk. Basic techniques are: avoiding the risk, modifying the risk (impact and/or

likelihood), transferring the risk to others, and accepting the risk.

We don't need to worry about Low impact-Low likelihood items but for the rest of them we need to consider how you can

manage your risk.

What techniques would you use and how would you implement it?