Systems - Cyber Threats, Vulnerabilities and Countermeasures (Coursework Sample)

CSI_7_SYS Systems - Cyber Threats, Vulnerabilities and Countermeasures Table of contents TOC \h \u \z 1. Introduction32. “Description of ONE tool that is included in Kali-Linux distribution, and defining its role in Cyber Security.”43. “Explanation of all the possible use cases where this tool can be used by either system administrators or attackers.”54. “Creation of the proper environment (network, software, hardware, etc.) to simulate a use case.”75. “Performing experimentation and testing of the tool under specific circumstances and providing usage examples with sufficient narrative.”106. “Demonstrating the tool in ONE of the possible use cases or implementation scenarios.”147. “Evaluating the effectiveness of the tool based on its role and nature, either in attacking or protecting a system, by providing a critical analysis.”168. Conclusion189. References19 1. Introduction Security of the network is an essential component for protecting the data of an organisation. This report will describe one of the tools that are already provided in the kali Linux distribution and expand on what role it has in the cyber security space. It will then highlight its use cases by administrators and attackers. Then a proper environment will be created and experimentation and one use case will be highlighted in the report. Then the tool will be evaluated based on effectiveness. 2. “Description of ONE tool that is included in Kali-Linux distribution, and defining its role in Cyber Security.” Nmap is the chosen tool for this case. Nmap is a widely used and powerful tool in the field of cybersecurity, that plays a crucial role in network exploration and auditing of security. It enables security professionals to identify services and hosts on a network. It helps in finding open ports and conducting vulnerability scans. By providing various customisable options and features, Nmap helps in the detection of potential security risks and vulnerabilities in a network, which is essential in developing effective strategies for security purposes. Moreover, it can also help in monitoring network activities, detecting unauthorised access attempts, and assisting in incident response (Rustamovna, 2022). Given its flexibility and versatility, Nmap is an indispensable tool for cybersecurity professionals who aim to enhance the network security posture of the organisation. 3. “Explanation of all the possible use cases where this tool can be used by either system administrators or attackers.” Use cases for system administrators: Network mapping: Using the Nmap tool, the administrator can scan the network to detect the ports and Ip addresses associated with it. It can also be used to detect the applications installed in the systems connected to the network (Tanner, 2019). It can help in managing the inventory of the network and can help in checking the uptime of the service. It can also help the administrator in scheduling the upgradation of the services. Service detection: Nmap can be used by system admins to check the services running on the network devices. Using the Nmap-services-probes file, the administrator can read the version of the applications and services running on the devices on the network (Tanner, 2019). The responses from the target host can be gathered by the service admin and analysed to detect the issues. Security auditing: With the help of Nmap the security can be audited, as it helps in pointing out the ports that are open in the network. It can help in the identification of passwords which are set in default. It can also help in the detection of vulnerabilities in security. The administrators can then patch the weaknesses in the security ahead of the discovery of that weak point by the attacker (Tanner, 2019). Network monitoring: Using Nmap, the administrator can regularly monitor the network, to trace the activities which are suspicious in nature. Attacks such as packet sniffing, port scanning and others which are based on network, can be traced beforehand using network monitoring by Nmap (Liao et al., 2020). This can help in avoiding the attack from the attacker and handling security more effectively. Use cases for attackers: Network reconnaissance: Using the various types of scans that are available by the Nmap tools, the attacker can arrange to further attack the system. These scans can be formatted and arranged as per the needs of the attacker by changing and updating the prompts used for the scan (Shah et al., 2019). Service detection: Using the Nmap, the attacker can detect the various services running on the system which is targeted. This helps the attacker in tracking the vulnerabilities in the system which can be exploited. Nmap can also help the attacker in accessing the system to find uncontrolled ports (Hwang and Kim, 2019). OS detection: For detecting the operating system of the target the Nmap tool can be used. Using the fingerprint of the operating system the attacker can collect the attributes for the configuration of the system which is being targeted (Rahalkar and Rahalkar, 2019). 4. “Creation of the proper environment (network, software, hardware, etc.) to simulate a use case.” Figure 1: Virtual box homepage (“Source: Created by the learner”) To create the environment, at first, the virtual box was installed to run Kali Linux on the windows pc. Figure 2: Downloading Kali Linux image for virtual box (“Source: Created by the learner”) From figure 2, it can be observed that there were different prebuilt images present on the official website of Kali Linux. In this case, the image for Virtualbox was chosen. Figure 3: After installing the image in the Virtual box (“Source: Created by the learner”) From figure 2, the image of the Kali Linux can be observed in the left panel of the Virtual box. Figure 4: Kali Linux login page (“Source: Created by the learner”) The login page of Kali Linux can be observed in figure 4, for the first use the default username of “kali” and password “kali” was entered. Figure 5: Kali Linux home window (“Source: Created by the learner”) From figure 5, the home window for the kali operating system can be used. The nmap data is preinstalled with the operating system and can be assessed by the main menu of Kali Linux. 5. “Performing experimentation and testing of the tool under specific circumstances and providing usage examples with sufficient narrative.” Figure 6: Nmap tool starting page (“Source: Created by the learner”) Figure 6, it can be observed what the nmap tools look like upon starting in the Kali operating system. Figure 7: Experimenting with example 1 present in the Nmap (“Source: Created by the learner”) From figure 7, the instruction “nmap -v -A scanme.nmap.org” can be observed. This set of code was utilised in this case for scanning the host with the domain scanme.nmap.org. The “-v” in the instruction stands for the verbose, which provides information regarding the scan in a detailed structure. With the help of “-A”, the version, OS, of the host can be detected. With this instruction, information regarding the target host was gained. Figure 8: Experimenting with example 1 present in the Nmap continued (“Source: Created by the learner”) Figure 9: Dummy website provided by Nmap (“Source: Created by the learner”) From figure 9, it can be observed that the website scanme.nmap.org, exists for the purpose of learning and testing the Nmap tool. Figure 10: Experimenting with basic code in the Nmap 1 (“Source: Created by the learner”) From figure 10, it can be observed that the code was utilised to look up the DNS for the hostname scanme.nmap.org. In figure 10, the name of the server and the address can be observed as the output of the code “nslookup scanme.nmap.org”. In this case, the command is asking the DNS server to resolve the IP address of scanme.nmap.org. Figure 11: Experimenting with basic code in the Nmap 2 (“Source: Created by the learner”) It can be observed in figure 11, that when the IP address was looked up using the nslookup command, the details of the website were provided. The information about the port, state, and service was obtained using the “nmap nslookup 45.33.32.156” code. 6. “Demonstrating the tool in ONE of the possible use cases or implementation scenarios.” Figure 12: Demonstration of use case in Nmap (“Source: Created by the learner”) The “nmap -sS -A -T4 45.33.32.156” code is demonstrated in this case in figure 12. In this case, the instruction is used for performing the “TCP SYN scan” (-sS) with “aggressive OS detection”. It also utilised a timing template of 4 (-T4) to perform scanning of version (-A) against the IP address 45.33.32.156. Using aggressive scanning, the user will be able to gain the maximum amount of details regarding the system which is being targeted (Li et al., 2020). The details include application version detection, script scanning and others. There are other individual comments that come with this aggressive scanning, such as version detection (-sV), OS detection (-O) and others. Utilising the timing template, the aggressiveness of the scanning can be determined (Foote et al., 2022). A higher value indicates more aggressive scanning with chances of false positives. For this case, the value 4 for the timing template is relatively safe. It can be observed from figure 12 that port 22 is open and TCP wrapped. The information about the operating system can also be observed in the output in figure 12. With the aggressive OS attack, a list of operating systems was provided with different probabilities. In that list, as per the guess of the aggressive OS attack, the operating system GlobespanVistara GS8100, Huawei MT800 or Solwise SAR 1 has the highest chance of being used for the IP address being targeted. For administrators, this command can be uti...