Download CIS 3700 Lab 1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts

Parallel port wikipedia , lookup

Network tap wikipedia , lookup

Computer network wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

IEEE 1355 wikipedia , lookup

Lag wikipedia , lookup

AppleTalk wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Cross-site scripting wikipedia , lookup

Internet protocol suite wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

TCP congestion control wikipedia , lookup

Transcript 
Lab 3
Wednesday 3/9/2016
Page 1/6
MIS 4850
Systems Security
Lab 3
Attacks | Firewalls
Student Name:
Understanding Session Hijacking and XSS attacks
1)
2)
3)
4)
5)
6)
Start your Web browser
Enter the www.owasp.org URL In the Address bar and press Enter
Click the Attacks link on the left side of the main web page (Note: check under Reference)
Scroll down to the Pages in Category “Attacks” section
Scroll down to the letter S, and click on Session Hijacking attack.
Read the article in order to answer the following questions:
Question 1: What is a session token? (Choose all that apply).
a) A key used to encrypt and decrypt messages being transmitted between a client and a server
computer.
b) A random number generated by the client computer and sent to the server computer during
a TCP connection.
c) A string of characters that the server generates and sends to the client after a
successful client authentication.
d) A string of characters that uniquely identify each of the many TCP connections that a
network communication consists of.
e) None of the above.
Question 2: Which of the following techniques can a session hijacker use in order to get the
session token? (Choose all that apply).
a) Using telephone social engineering to get a user reveals the session token.
b) Predicting the session token based on prior knowledge about a communication taking
place between a client and a server.
c) Using sniffing techniques to intercept data being transmitted.
d) Attacking the client using things like malicious JavaScript codes or Trojans.
e) Performing a man-in-the-middle attack.
f) All of the above.
Question 3: What is a cross-site scripting (XSS) attack? (Choose all that apply).
a) A sort of attack that can be used to make two sites collide.
b) A sort of attack that may be used to get information that could be used in a session
hijacking.
c) A sort of attack where the attacker sends a crafted link to the victim with a malicious
JavaScript that could reveal a session token when executed.
d) All of the above.
© Abdou Illia
769846864
1
Lab 3
Wednesday 3/9/2016
Page 2/6
7) Scroll to the top of the page, and click the Home link in the Navigation section
8) From the top-right side of the main page, click the Top Ten link
9) In the page that appears, scroll down to the Quick Download section, and click the OWASP Top
10 2013- wiki link.
10) Click the 2013 Top 10 List link
11) From the Top 10 2013 list of attacks, click A3 - Cross Site Scripting (XSS).
12) Read the article in order to answer the following questions:
Question 4. XSS attacks occur because some web applications are designed and
developed in a way that input data are sent to web browsers or web servers
without, first, being validated or escaped to prevent illegal or harmful input.
Question 5. A successful XSS can lead to a hacker changing the front page of a
website to something other than what was originally there, which is known as
website defacement.
Question 6. Assessing a system’s vulnerability to XSS attacks shouldn’t include
manually reviewing programs’ code and performing penetration testing.
T
F
T
F
T
F
Account Lockout attack
1)
2)
3)
4)
5)
Scroll to the top of the page, and click the Home link in the Navigation section
Click the Attacks link on the left side of the main web page (Note: check under Reference)
Scroll down to the Pages in Category “Attack” section
Click on Account Lockout Attack.
Read the article in order to answer the following questions:
Answer the following two questions based on your understanding of that kind of attack and what you
have learned in class about TCP/IP messages and how IP addresses are included in messages and
requests that are exchanged between computers.
Question 7: It is possible that someone lockout your EIU email account? What do they need to in
order to try to lockout the account? How can they get what they need? Explain in details.
Question 8: Is there a way for the IT staff in charge of the security of EIU network to locate the IP
address of the computer used to attempt the account lockout attack? Can the IT staff pinpoint the
location of the computer used? Explain in details.
© Abdou Illia
769846864
2
Lab 3
Wednesday 3/9/2016
Page 3/6
First Generation Firewalls configuration
Student Name:
Exhibit 1
Figure 1: Access Control List (ACL) for INGRESS Filtering at a border firewall
Trusted network
60.47.3.1
60.47.3.5
Firewall
60.47.3.2
Untrusted
network
60.47.3.9
1
2
3
4
5
6
7
8
9
10
11
12
If Source IP Address = 10.*.*.*, DENY [Private IP Address Range]
If Source IP Address = 172.16.*.* to 172.31.*.*, DENY [Private IP Address Range]
If Source IP Address = 192.168.*.*, DENY [Private IP Address Range]
If source IP address = 60.47.*.*, DENY [internal address range]
If TCP SYN=1 AND FIN=1, DENY [crafted attack packet]
If Destination IP Address = 60.47.3.9 AND TCP Destination Port = 80 or 443, PASS
If TCP SYN = 1 and ACK = 0, DENY [Attempt to open connection from the outside]
If TCP Destination Port = 20, DENY
If TCP Destination Port = 135 Through 139, DENY
If TCP destination port = 513, DENY [UNIX rlogin without password]
If UDP Destination Port = 69, DENY [Trivial FTP; no login necessary]
DENY ALL
The following questions are not related.
1. As the network administrator in charge of configuring the company’s firewall, you have to change
the ACL in Figure 1 to add a rule that permits incoming requests to a particular computer (IP
address 60.47.23.41) that hosts trivial file transfer service. (Note: the Appendix contains a list of
TCP/UDP ports for common services).
a. Write down the rule: _IF Dest IP Address = 60.47..23.41 AND Dest TCP port = 69,
PASS
b. Where should that rule be inserted? Why? _Anywhere between 5 and 7________
_______________________________________________________________________
2. What would be the possible consequences of making the rule you created when answering
Question 1 (above) the very first rule of the ACL?
a. This may allow attackers spoofing internal IP addresses to succeed
b. This may allow an attacker using IP spoofing with a Class A IP address in the private range
to get to the corporate web server.
c. This may allow an attacker using IP spoofing with a Class A IP address in the private
range to get to target the DNS server.
d. None of the above
© Abdou Illia
769846864
3
Lab 3
Wednesday 3/9/2016
Page 4/6
The following questions do not refer to the exhibit above.
3. Create an ACL (i.e. write down the rules) for Ingress Filtering in a case where the only messages
allowed are those coming from external web servers, external email servers, or external file transfer
servers. (Note: the Appendix contains a list of TCP/UDP ports for common services).
IF Source TCP port = 80 or 443, PASS
IF Source TCP port = 25 or 110, PASS
IF Source TCP port = 20, 21 or 69, PASS
DENY ALL
4. Create an ACL (i.e. write down the rules) for Egress Filtering in a case where the only messages
allowed are those destined to external web servers, external email servers, or external file transfer
servers. (Note: the Appendix contains a list of TCP/UDP ports for common services).
IF Destination TCP port = 80 or 443, PASS
IF Destination TCP port = 25 or 110, PASS
IF Destination TCP port = 20, 21 or 69, PASS
DENY ALL
5. What does a firewall use to ensure that each packet is part of an established TCP
(Transmission Control Protocol) session?
a. a packet filter.
b. a static filtering.
c. a stateful filtering.
d. a circuit level gateway.
6.
Ingress filtering is used to filter packets...
a.
b.
c.
7.
coming into the network from an external network
going out of the network to an external network
Both a. and b.
If a firewall is overloaded with more traffic than it can handle, what does it do with
packets it cannot filter?
a.
b.
c.
d.
© Abdou Illia
It quarantines them.
It drops them.
It passes them without filtering.
It passes them but copies them into the log file.
769846864
4
Lab 3
8.
Wednesday 3/9/2016
Static packet filter firewalls examine...
a.
b.
c.
d.
9.
headers (IP header, TCP header)
application messages
connections
All of the above.
What type of firewall examines packets one at a time in isolation?
a.
b.
c.
10.
Page 5/6
static packet filtering firewall
stateful packet filtering firewall
both of the above.
In an ACL, I have two rules: A (to deny access to all mail servers) and B (to permit access
to a particular mail server that will receive e-mail from the outside). Which rule will come
first?
a.
b.
c.
d.
A.
B.
It does not matter.
Having these two rules is contradictory and should not be done.
11.
Proxies are used to filter ________ layer messages.
a. application
b. transport
c. internet
d. data link
e. Both b. and c.
12.
Which of the following are usually found in a DMZ?
a. public web servers
b. DNS servers
c. All of the above.
d. Neither a nor b
© Abdou Illia
769846864
5
Lab 3
Wednesday 3/9/2016
Page 6/6
**********************************************************************************************************
Appendix
Common TCP/UDP ports
Port
Primary
Application
Number Protocol
20
TCP
FTP Data Traffic
21
TCP
FTP Supervisory Connection. Passwords sent in the clear
22
TCP
SSH (Secure Shell). Used for secure logins and file transfers (sftp)
23
TCP
Telnet. Passwords sent in the clear
25
TCP
Used for SMTP email transfer between email servers
53
TCP/UDP Domain Name System (DNS)
69
UDP
Trivial File Transfer Protocol (TFTP). No login necessary
80
TCP
Hypertext Transfer Protocol (HTTP). Used for transferring web pages b/w
clients and non secure web servers.
110
TCP
POP3 (Post Office Protocol Ver. 3). Used for retrieving emails b/w clients
and mailservers
137-139 TCP
NETBIOS service for P2P file sharing in older versions of Windows
443
TCP
HTTP over SSL/TLS. Used for secured transfer of web pages b/w clients and
web servers.
© Abdou Illia
769846864
6
Related documents
CLIENT SERVER ARCHITECTURE
CLIENT SERVER ARCHITECTURE
How the Internet Works
How the Internet Works
Internet & WWW
Internet & WWW
Proposed Differentiated Services on the Internet
Proposed Differentiated Services on the Internet
Wireless Communications and Networks
Wireless Communications and Networks
The Internet and the World Wide Web
The Internet and the World Wide Web
Layer 1 of the TCP/IP protocol stack
Layer 1 of the TCP/IP protocol stack
TCP forking TCP forking TCP forking The single
TCP forking TCP forking TCP forking The single
The TCP/IP reference model and OSI reference model IPv4 vs. IPv6
The TCP/IP reference model and OSI reference model IPv4 vs. IPv6
MIS 4850 Systems Security
MIS 4850 Systems Security
layering
layering
Network Protocols
Network Protocols
Computer Networks [Opens in New Window]
Computer Networks [Opens in New Window]
Networks and Internet Technology
Networks and Internet Technology
Microsoft Word
Microsoft Word