Tuesday, February 9, 2010

ITC 358 Ass02 _Task02

Step 01
Hash Generator program can be downloaded from the followiing URL as shown in the figure below.




Step 05
In the process of generating md5deep Hash , I'm writing some text in the Ms Word 2003 to show some the effects of it.



Step 06
Now I saved the following document as the filename as Country1.doc.




Step 09
Now to start the application  "MD5DEEP" , to generate some hash function, on the designated location of the file, I typed the following md5deep conutry1.doc command as follow.



The length for this Hash is 64 bits.

Step 10
This is the process of generating the Hash for the accompanying documentation file MD5DEEP.TXT


The result for the application, comes as the length of this hash is 64 bits which is very similar to the length of the country1.doc, since it's the accompanying documentation file of the MD5DEEP application the strength of this particular document is quite different and higher is rate than of Country1.doc, user created file.

Step 11
Again to try different with different scenario , I'm opening the same Country1.doc file.




Step 12

Now here, i have removed the period at the end of the sentence and saved the document as Country2.doc




Step 13

To create the MD5 hash for the Country2.doc, I did the following action.



The difference to the hash has been to the different way but the size remain same, although the data in the following document is same as Conutry1.doc but removing the period made such changes.
Step 14

Following is the screenshot for the more hash functions



The comparasion result between Country1.doc and Country2.doc file with the variuos hash application are as follows in the Respective order.

Application   Length of Country1.doc Length of  Country2.doc  Comment
MD5DEEP         128 bits                               128 bits                      Non Identical
SHA-1              160 bits                             160 bits                      Non Identical
SHA-256          256 bits                              256 bits                      Non Identical
Whirlpool          512 bits                             512 bits                        Non Identical.


Reference:
P. Dalmaris. Security + Guice to the Network Security Fundamentals, Third Edition, Chapter 11, Basic Cryptography, Lecture Slides
Posted by at No comments:

Tuesday, February 2, 2010

ITC 358 Ass02 _Task03

Spoof a MAC Address using SMAC
Step 01
Go to the following URL for downloading SMAC 2.0 software for spoofing MAC address.





Step 07
SMAC displays the Network interface card adapters as following in the picture.



Step 09
To record the current MAC address click on Active MAC as in the following screenshot.





Step 11
To update the MAC address into the new spoofed one click on Updtae MAC and Click YES.




Step 13
To verify the updates or spoofed MAC address , go to command prompt and note the spoofed MAC address as follows.




Step 14
To find out the updated ip address type ipconfig/all in the command prompt screen.

Posted by at No comments:

Friday, January 29, 2010

ITC 358 Ass02 _Task01

Step 01

The Wireshark is one of the protocol analyzer(also called a Sniffer) which captures the packets to decode and analyze its co
Onntents. To download the following program we can browse the following website and download as required.



Step 06
To capture the network interface adapter following procedure as shown in figure helps out, to capture desired network interface we can just select and click on Start



Step 07
To generate some network traffic here I have used some command which is highlighted in the following 2 network traffic





Step 08

Due to security reason the bluehost.com doesn't allow to host the website for following task (kindly have a look on the following figure as type the site as given), so I'm proceeding as Step09





Step 09
Now I'm searching some username and password as Gerald and happy respectively as follows as I did in ITC358 assignment 01.



Step 14

The in search for Gerald as username and happy for password has been generated at the bottom of the screen as shown.



To prevent Wireshark to capture the datas, various filters can be used like capture filter, various firewall rules can be applied.So I found wireshark as a very flexible network protocol analyzer can be composed according to the user.
Posted by at No comments:

Retest01

This is the 1st test LINE

Thsi= is the 2nd test line

3rd post

4th post
Posted by at No comments:

Thursday, January 28, 2010

ITC 358 Ass02 _Task04

Nessus Vulnerability Scanner


Step 01
In order to download the program called Nessus following URL helps and can be done as shown in figure



Step 03
To register the software enter the detail as shown in figure



Step 05
To start the Nessus Derver configuration following displayed windows will be fruitful and the task can be operated as desired by the Admin.



Step 06

Nessus Client Software can be opearated for any host as shown in the figure.






Step 10

While Starting the Nessus Client Software for the host, the following message appears stated as shown in the figure below.


Step 13
To scan the Networks the IP range has to be provided , and has to be provided as shown in the figure below, which scans for the host in the network.



Step 15
Scanning the network is done as shown in the figure, which shows the host that are connected in the Network in the form of IP addresses.



Step 17
When the scan of the network is finished the detailed about protocols and services can be found in the left pane and and its details can be generated from the right pane as shown in the figure, while noting the Risk Factor of each item, the status shows as None  which means the system is under contorl and no vulenrable act has been in the particular protocol or  service of the particular host of the network.




The information that has been detailed by the following Nessus Vulnerability Scanner can be very useful to the anyone , where most of the details of the Network Activities are scanned and listed. By analysing all these information we can prevent the Network system from the Vulenerable attacks in order to run the Network system smoothly.
Posted by at No comments:

Friday, December 25, 2009

Task 03 -- Virus Attacks

Question 3 – Virus attacks (5 marks)

Complete Case Project 2-1, page 76. Report your findings in your blog.


Answer 3


Along the development of computer technology the development of its destruction stuff which is known as virus are also being repidly developed. one after another millions of viruses have been discovered which destroys the computer data, inofrmation and can even crash the system and boot sector as well.


The latest information regarding current viruses:


SeverityNameTypeProtected*
W32.Qakbot!gen1Trojan, Virus, Worm12/24/2009
W32.SillyFDC.BDHWorm12/23/2009
W32.NoobertVirus, Worm12/22/2009
Bloodhound.Exploit.313 Trojan, Virus, Worm12/21/2009

FileExecSecurity Assessment Tool12/21/2009

SysDefenceMisleading Application12/18/2009
Packed.Generic.275Trojan, Virus, Worm12/18/2009
Bloodhound.Exploit.312 Trojan, Virus, Worm12/18/2009
Trojan.Gord Trojan12/17/2009


Reference:

symantec corporation (1995-2009) http://www.symantec.com/business/security_response/threatexplorer/index.jsp, extracted on 22/12/2009




Recently discovered viruses by the McAfee

Threat Activity


Recent Threats Information with name type risk date discovered
Name Type DAT Risk Date Discovered
PWS-Nemqe.dll!1b8decd9d516 Trojan 5842 Low 12/23/2009
AdClicker-BJ!DB57F91EA980 Trojan 5791 N/A 12/23/2009
JS/Redirector.b Trojan 5836 Low-Profiled 12/17/2009
PatchedSFC Program 5831 N/A 12/17/2009
Generic.dx!iuf Trojan 5835 Low 12/17/2009
FakeAlert-KW Trojan 5835 Low-Profiled 12/17/2009
Exploit-PDF.ag Trojan 5834 Low-Profiled 12/15/2009
ProcKill-FD Trojan 5834 Low 12/15/2009
BackDoor-DOQ.gen.y Trojan 5830 Low-Profiled 12/11/2009
Generic.dx!htp Trojan 5827 Low 12/9/2009
W32/Sdbot.worm!fn Virus 5827 Low 12/9/2009
FakeAlert-DefenceLab Trojan 5829 Low-Profiled 12/9/2009
BackDoor-AWQ.b!bvb Trojan 5827 Low 12/9/2009
OSX/iPHSponey.A Program 5826 Low-Profiled 12/4/2009
Generic Dropper!bir!0181eb37fc26 Trojan 5821 Low 12/3/2009
Generic PWS.y!bhd Trojan 5821 Low 12/3/2009
Ransom-O Trojan 5819 Low 12/2/2009
Generic Downloader.x!bur Trojan 5817 Low 11/29/2009
FakeAlert-SpyPro Trojan 5817 Low 11/29/2009
Generic.dx!hhx Trojan 5816 Low 11/28/2009
Generic Downloader.x!46485cd1ea1c Trojan 5813 Low 11/25/2009
Generic Dropper!3443e72e04d4 Trojan 5813 Low 11/25/2009
Generic BackDoor!0c90dc700e85 Trojan 5813 Low 11/25/2009
Generic PWS.y!642ca194dfed Trojan 5813 Low 11/25/2009
Generic.dx!e085af882b30 Trojan 5813 Low 11/25/2009
FakeAlert-JU!a427fe051b61 Trojan 5813 Low 11/25/2009
W32/Fujacks.ay!rootkit Malware 5814 Low-Profiled 11/25/2009
Downloader.gen.a!5e30399cfdaa Trojan 5813 Low 11/25/2009
BackDoor-EIF!8d9d49af6468 Trojan 5812 Low 11/24/2009
BackDoor-EIF!9f4ebb31c4a1 Trojan 5812 Low 11/24/2009


Reference:


McAfee corporation (2003-2009). http://home.mcafee.com/VirusInfo/ThreatActivity.aspx , viewed on 22-12-2009


The latest attack by the viruses.

------Computer virus attack at Pentagon

THE US military has banned the use of flash drives and DVDs on its computers as it tries to combat a virus spreading rapidly through its networks.

The Pentagon ordered an unprecedented ban on all external hardware but refused to comment on the source of the attack, saying such information was classified.

"We have detected a global virus for which there has been alerts, and we have seen some of this on our networks," a Pentagon official told Fox News.

Full details on :

http://www.news.com.au/computer-virus-attack-on-pentagon/story-0-1111118102184


-----Twitter hacked, attacker claims Iran link

A COMPUTER hacker briefly hijacked Twitter.com on Friday, redirecting users to a website and claiming to represent a group calling itself the Iranian Cyber Army.


Details on:

http://www.theaustralian.com.au/australian-it/twitter-hacked-attacker-claims-iran-link/story-e6frgakx-1225812345024



----What platforms are the most vulnerable?

The mostly used platform is known to be Windows, so by the research and study also it shows the computer having Operating System as Windows are more chances to be affected by the virus.




What type of damage can the virus do?
The virus can damage the file, disk drives, boot sector of drives, system crash,etc.
There are various type of virus as the it is connected with intention.
Virus can damage the whole system, which interrupts the office works , personnel works,



Posted by at No comments:

Task 04-- Anti virus software

Question 4 – Anti virus software (5 marks)

Complete project 3-2, page 111. Provide screenshots of steps 4, 6, 7, 12, 13, 18. Ensure you answer the questions in steps 6, 7, 12, 13, 18. Provide a description of each step.

Answer 4:

(Step 04)

Enter the URL www.eicar.org/anti_virus_test_file.htm in the web broswer for which screenshot has been provided


(Step 06)

Click on the eicar.com which normally download the file into the computer.

My antivirus software didn't detect this file as the virus at this point, it normally download and have been saved into the folder.


(Step07)

Click on the eicar_com.zip file

By clicking , the zip file has been downloaded into my computer without any notification in the download folder of google chrome download folder


(Step 12)

To scan the downloaded file for virus, I went to download folder then on the file named as eicar_com.zip, the antivirus result shown me that there are 2 virus in this file.


(Step 13)

I again downloaded the double compressed zip file named as eicarcom2.zip, the file has been downloaded without nay virus notification from the antivirus software


(Step 18)

Here, while scanning the double-compressed ZIP file for virus , my Antivirus prgram shown me that there are 3 infection in this file now.






Posted by at No comments:
Subscribe to: Posts (Atom)