Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Www pearsonhighered com go student data files

15/11/2021 Client: muhammad11 Deadline: 2 Day

Adding to your security skills

This assignment is a tour of techniques and tools that are related to topics of this course. This will give you additional hands-on experience with some of methods to apply parts of what of we have learned. These mini projects are based on the main reference book of the course. You will be responsible for all topics those tools touch on. Objectives: 1- Employing a tool for applying some cryptography techniques 2- Illustrate understanding of a famous encryption cipher which is AES 3- Performing network administration tasks such as: check the MAC (physical) address of the

network, check its SSID, find the channel it is using, notice a signal-to-noise ratio, identify the type of security the network is using, identify the type and speed of the network, and notice the times the network appears.

4- Illustrate the ability control access to a system by using a well-known password auditing program

5- Identify the role of a firewall by using a well-known tool to monitor packets flowing in and out a network.

6- Illustrate what constitutes a host hardening process to protect assets on the scale of a single machine or parts of this machine.

7- Performing an evaluation of the level of security an application has and to appreciate the critical need for curing any vulnerabilities the application may have.

Please follow these guidelines closely: 1- Create a report that has all parts below.

a. The report has a title page i. Title page has names and ids of all students of the project.

b. The report should have a table of content page showing each part and the page numbers.

c. The report mainly focuses on snapshots of performing different tasks, so make sure you follow exactly the described guidelines.

i. Please add captions to the snapshots describing what the snapshot is about. And highlight the task to the snapshot (e.g., the snapshot is about ENCRYPTION PART_28)

d. Make sure that the report is very well organized before submitting. Make it look very professional. If not, expect points to be taken off.

e. Submit the report as pdf file. f. The project is to be done in groups of 2 or less. Groups have to be from the same

section in case we have several sections. i. Forming groups, if you want to have a group, is the responsibility of students. ii. Therefore, not finding a group is not an excuse not to do the project; you still

can do it on your own. g. Copying and cheating will have serious consequences. So, avoid that.

Due date is 4/15/2017 @ 11:59 pm CDT

Please perform all the tasks below:

ENCRYPTION PART: AxCrypt® is a great third-party encryption tool. You just select the files you want encrypted, enter your password, and you’re done. It is even available as an option in the shortcut menu when you right-click a file. AxCrypt will automatically re-encrypt the file after you are done modifying it. It uses 128-bit AES and is completely free. Let’s look at some of the functionality built into AxCrypt. 1. Download AxCrypt from http://www.axantum.com/AxCrypt. 2. Click Download. 3. Click on the appropriate version for your operating system. 4. Click Save. 5. Select your download folder. 6. If the program doesn’t automatically open, browse to your download folder. 7. Right-click AxCrypt-Setup.exe. 8. Click Run as administrator. 9. Click Yes if prompted. 10. Click I Agree. 11. Click Custom Installation. 12. Deselect all the bloatware (from Amazon). 13. Click Install. 14. Deselect Register. 15. Click Finish. 16. Save all your work, exit all other programs, and reboot your computer. Once your computer is rebooted you can continue on to the next step. 17. Right-click your desktop. 18. Click New and Text Document. 19. Name the file YourName.txt. Replace YourName with your first and last name. 20. Right-click the file named YourName.txt. 21. Select AxCrypt, and Encrypt. 22. Enter the password “tiger1234” (without quotes). 23. Click OK. 24. Double-click the new YourName-txt.axx file you just created. 25. Enter the password “tiger1234” (without quotes). 26. Click OK. 27. Close the text file that you just opened. 28. Take a screenshot of your desktop showing the newly created files. 29. Right-click the file named YourName-txt.axx. 30. Select AxCrypt and Decrypt. 31. Enter the password “tiger1234” (without quotes). 32. Click OK. 33. Right-click the file named YourName.txt. (This time you’re going to make an executable file that can be opened by anyone. They won’t have to have Axcrypt installed on their computer to be able to open the .exe.) 34. Select AxCrypt, and Encrypt copy to .EXE. 35. Enter the password “tiger1234” (without quotes). 36. Click OK. 37. TAKE A SCREENSHOT OF YOUR NEWLY CREATED YOURNAME-TXT.EXE FILE.

http://www.axantum.com/AxCrypt
NETWORK SECURITY PART: A useful program that network administrators can use to manage their wireless networks is inSSIDer®. It shows (1) the MAC (physical) address of the network, (2) its SSID, (3) the channel it is using, (4) a signal-to-noise ratio, (5) the type of security the network is using, (6) the type and speed of the network, and (7) the times the network appear.

Another benefit of inSSIDer is that it displays the encryption type used on a specific network. This is important information if you are doing a penetration test or a security audit. If your company is using wired equivalent privacy (WEP), it would be wise to switch to Wi-Fi protected access (WPA) or WPA2 (even better). There are several tools available that can crack WEP keys.

Running a quick scan of your network using inSSIDer may help you determine if you need to make changes to your network. It can also tell you if your network has dead spots or rogue access points. Let’s look at a simple example.

1. Download inSSIDer from http://www.metageek.net/products/inssider. 2. Click Download inSSIDer for Windows. 3. Click Save. 4. Select your download folder. 5. If the program doesn’t automatically start, browse to your download folder. 6. Double-click the inSSIDer installer (Inssider_Installer.exe). 7. Click Next, Next, Next, and Close. 8. Click Start, All Programs, MetaGeek, and inSSIDer. 9. Select your wireless network card from the drop-down menu.

10. Click Start Scanning. 11. Click on the 2.4 GHz Channels tab in the lower pane. 12. Wait a few minutes for surrounding networks to show up on the list. 13. Take a screenshot.

ACCESS CONTROL PART:

One of the most well-known password auditing programs is John the Ripper® (JtR), written by Solar Designer (Alexander Peslyak). You can read all about it and get a free copy from http://www.openwall.com/john/. It has been used for many years and has proven to be both robust and easy to use.

In this project, you are going to run JtR in a command prompt (DOS). You are going to perform both a dictionary attack and a brute-force attack on a sample password file that you will download from www.pearsonhighered.com/boyle/. 1. Make a folder labeled “security” on your C: drive (C:\security\). 2. Download JtR from http://www.openwall.com/john/. 3. Scroll down and click on the link labeled John the Ripper 1.7.9 (Windows). Download the latest version available. 4. Click Save. 5. Select your C:\security folder. (If you haven't already created this folder, you will need to do so now.) 6. If the program doesn’t automatically open, browse to C:\security. 7. Right-click john179w2.zip. (If a later version was available, this file may have a slightly different name.) 8. Select Extract All, and Extract. 9. Download the sample password database labeled "hackme.txt" from www.pearsonhighered.com/boyle/. (The files may be listed under Student Project Files, Chapter 5.) 10. Extract all of the student project files (including hackme.txt) into your C:\security folder.

http://www.metageek.net/products/inssider
http://www.openwall.com/john/
http://www.pearsonhighered.com/boyle/
http://www.openwall.com/john/
http://www.pearsonhighered.com/boyle/
11. Copy the "hackme.txt" file from the student project folder to C:\security\john179w2\john179\run. (It is important that the hackme.txt file be in the "run" directory with the JtR executable.) 12. Click Start. 13. In the search box, type cmd 14. Press Enter. (This will open a command prompt.) 15. Type cd .. 16. Press Enter. (This will move up one directory.) 17. Type cd .. 18. Press Enter. (This will move up one directory. You should now be at the C:\) 19. Type cd security 20. Press Enter. (This will move you into the C:\security directory.) 21. Type cd john179w2 22. Press Enter. (This will move you into the C:\security\john171w2 directory.) 23. Type cd john179 24. Press Enter. (This will move you into the C:\security\john171w2\john1701 directory.) 25. Type cd run 26. Press Enter. (This will move you into the C:\security\john171w2\john1701\run directory.) 27. Type dir 28. Press Enter. (This will give you a listing of the files in the "run" directory. You can confirm that both john.exe and hackme.txt are in this directory. Note: You need to make sure you have a copy of the hackme.txt file in the run directory. You need to give john.exe something to crack. After the passwords are cracked they will be stored in a file called john.pot in the C:\security\john179w2\john179\run directory. 29. Type john.exe -wordlist=password.lst hackme.txt 30. Press Enter. (This will start a dictionary attack using a built-in dictionary (password.lst) that came with JtR. The extension on password.lst file is ".lst" where the “l” is an L as in lemon.) 31. Type time 32. Press Enter twice. (This will provide a timestamp.) 33. Take a screenshot. 34. Type john.exe hackme.txt 35. Press Enter. (This will start a brute force attack. JtR will start trying all possible combinations until it cracks all of the passwords. The passwords you see were cracked in addition to the ones found during the dictionary attack.) 36. Stop the brute force attack by pressing Ctrl-C. (You can let it run for a couple of minutes.) 37. Take a screenshot. 38. Type notepad john.pot 39. Press Enter twice. (This will open the john.pot file where the cracked passwords are stored.) 40. Take a screenshot showing hashes and passwords you have cracked.

FIREWALLS PART:

One of the most well-known packet sniffers is called Wireshark® (formerly Ethereal®). It is a powerful tool that can capture, filter, and analyze network traffic. It can promiscuously capture traffic on both wired and wireless networks. It is used by security and networking professionals to troubleshoot networking problems.

In this project, you will install Wireshark, capture packets, and look at the contents of a packet. When placed correctly, a network administrator can use Wireshark to see all the traffic coming into and out of a network. Network administrators can, among other things, see which hostnames are being requested and who is requesting them. Surfing the Web is not anonymous. 1. Download Wireshark from http://www.wireshark.org/download.html. 2. Click Download Windows Installer. (Download the latest stable release.) 3. Click Save. 4. Save the file in your download folder. 5. If the program doesn’t automatically open, browse to your download folder. 6. Double-click Wireshark-setup-1.8.5.exe. (The software version numbers will be slightly different

as newer versions are released.) 7. Click Next, I Agree, Next, Next, Next, and Install. 8. Click Next to install WinPCap. 9. Click Next, I Agree, Install, and Finish. 10. Click Next, and Finish. 11. Double-click the Wireshark icon on your desktop. (You can also access it through your Start

menu.) 12. Click Interface List. (This will display a list of all available network interfaces on your computer.

You will want to want to note the description and IP address of the interface with the most traffic. You will need to select this interface in the following steps.)

13. Note the interface with the most traffic. (You will select this interface in the following steps.) If there are duplicate names for the Network Interface Card (NIC), you can use the last 3 or 4 values of the MAC address to identify the appropriate NIC.

14. Close the Capture Interfaces window. 15. Click Capture, and Options. 16. Select your Network Interface Card (NIC) if it is not already selected. 17. Take a screenshot. 18. Close ALL other programs you currently have open except your word processing program (MS

Word, LibreOffice Writer®, etc.). 19. Click Start. 20. Let it run for 10 seconds. 21. While you are waiting open a Web browser and go to www.google.com. 22. Return to your Wireshark window. 23. In the file menu click Capture and Stop (or use the keyboard shortcut—Ctrl+E). 24. Scroll up until you see a green and blue area. (These are the packets you captured when you

requested Google’s main page.) 25. Take a screenshot. 26. Scroll down until you see a line that has GET / HTTP/1.1. (You may have to try more than one

until you get to the packet that shows “www.google.com” in the bottom pane.) 27. Select that row. 28. In the bottom pane, you will see a bunch of numbers to the left. (It’s the packets contents in

hexadecimal.) Just to the right you will see the content of the packet in a column. 29. Select the text: www.google.com. 30. Take a screenshot.

http://www.wireshark.org/download.html
http://www.google.com/
http://www.google.com/
http://www.google.com/
http://www.google.com/
HOST HARDENING PART:

FileVerifier++® is a tool that will compute hashes on any single file, or all of your files at once. These hashes are then checked to see if there have been any changes to those files. FileVerifier++

can quickly check the integrity of a large number of files. FileVerifier++ is useful if you need to verify that a given set of files has not been changed or

altered in any way. For example, it could be used to verify that customer, employee, financial, or sales records were not manipulated. If a file was changed without authorization, it can be compared with an earlier version to determine which changes were made. Using a file verifier is one way IT security professionals can detect a possible intrusion. 1. Download and install FileVerifier++ from http://www.programmingunlimited.net. 2. Click Start, All Programs, FileVerifier++, and FileVerifier++. 3. In FileVerifier, click the Options button. 4. Change the Default Algorithm to MD5. 5. Click OK. 6. Click on the Dirs button to select the directories you want. (You can also select individual files.) 7. Browse to and select your downloads directory. 8. Click OK. 9. Take a screenshot. 10. Click the Verify All button. (Browse to your downloads directory if necessary.) 11. Click OK. 12. Take a screenshot. 13. Create a new text file named YourNameHash.txt, and save it in your downloads folder. (Replace

YourName with your first and last names.) 14. Open the text file labeled YourNameHash.txt you just created in your downloads folder. 15. Add your name to the contents of the text file. 16. Save your changes to that text file by clicking File, and Save. 17. Close the text file. 18. In the FileVerifier++ window, click Verify All again. (Browse to your downloads folder if

necessary.) 19. Scroll down until you can see the text file that you changed. (It should be highlighted in red.) 20. Take a screenshot.

APPLICATION SECURITY PART:

Gaining practical experience related to testing and securing application weaknesses is difficult. Most applications have already patched known vulnerabilities. Websites are typically not willing to let users “test” their website or web applications for vulnerabilities. Testing for vulnerabilities can cause applications, web applications, and even whole websites to crash.

Open Web Application Security Project® (OWASP) is a project that contains tools that focuses specifically on application security (www.OWASP.org). It has robust tools for testing the security of your existing Web applications, and impressive training tools that won’t harm any outside websites.

OWASP’s training tool, WebGoat®, will walk you through several of the main types of application weaknesses. If you are interested in learning more about application testing, both WebGoat and WebScarab® (a custom testing proxy) are great places to start. They will help you understand specific application vulnerabilities and test them without causing any harm.

WARNING: Do not use any of the material shown in these tutorials on real websites. They can cause harm, and you will be held accountable for any damage you may do. These tools are available to help

http://www.programmingunlimited.net/
systems administrators learn how to secure their own systems. 1. Download OWASPs WebGoat® from http://code.google.com/p/webgoat/downloads/list. 2. Click on WebGoat-5.4-OWASP_Standard_Win32.zip 3. On the next page, click on WebGoat-5.4-OWASP_Standard_Win32.zip. 4. Click Save. 5. Select your download folder. 6. Click Save. 7. If the program doesn’t automatically open, browse to your download folder. 8. Right-click WebGoat-5.4-OWASP_Standard_Win32. 9. Click 7-Zip, and Extract to “\WebGoat…” 10. Browse to the newly extracted folder (\WebGoat-5.4-OWASP_Standard_Win32). 11. Open the WebGoat-5.4 folder. (You will see 5 or 6 files.)

http://code.google.com/p/webgoat/downloads/list
12. Double-click the file named webgoat.bat. (This will open a runtime viewer. You can minimize this viewer, but do not close it.) 13. Click Allow access if you see a Windows Security Alert. 14. Open an Internet browser (e.g., Firefox or Internet Explorer). 15. Type the URL http://localhost/WebGoat/attack. 16. Type “guest” for the username and “guest” for the password (without quotation marks). 17. Click on Start WebGoat. 18. You will now see the WebGoat application running through your Internet Browser. While running WebGoat, your machine is extremely vulnerable to attack. If possible, you should disconnect from the Internet while using this program. 19. With WebGoat running, open a browser and type: http://localhost/WebGoat/attack. This address is case-sensitive, so be sure to capitalize the W and G in the address line. 20. Click on Start WebGoat. 21. On the left-hand side, click on Concurrency. (The links labeled Lesson Plan and Solution provide detailed explanations about why coding errors make this attack possible.) 22. Click on Shopping Cart Concurrency Flaw. 23. Right click on the link Shopping Cart Concurrency Flaw and select Open Link in New Window. (You should have two tabs open with the exact same content.) 24. Align the windows so they are side-by-side. 25. In the left window, change the quantity of Hitachi Hard Drives from 0 to 1. 26. Click Purchase. (Do not click Confirm.) 27. In the right window, change the quantity of Hitachi Hard Drives from 0 to 15. 28. Click Update Cart. 29. Take a screenshot of your entire desktop (Ctrl-PrintScreen) showing both windows. 30. In the left window, click Confirm. (This confirms the charged amount of $169.00 while having updated the quantity to 15 in your cart! This will now process the transaction charging the original amount of one item and process the order for the updated quantity amount.) 31. Take a screenshot of your entire desktop (Ctrl-PrintScreen) showing both windows. 32. Close the right window. 33. In the left window, click Restart this lesson in the top right-hand side of the page. 34. Repeat the steps in this exercise to reproduce a similar concurrency flaw using a different product (not the Hitachi hard drive) and different quantities. 35. Take a screenshot of your entire desktop (Ctrl-PrintScreen) showing both windows after you have reproduced the concurrency flaw.

http://localhost/WebGoat/attack
http://localhost/WebGoat/attack

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Financial Assignments
Academic Mentor
Top Essay Tutor
ECFX Market
Top Class Engineers
Maths Master
Writer Writer Name Offer Chat
Financial Assignments

ONLINE

Financial Assignments

I have done dissertations, thesis, reports related to these topics, and I cover all the CHAPTERS accordingly and provide proper updates on the project.

$38 Chat With Writer
Academic Mentor

ONLINE

Academic Mentor

I will be delighted to work on your project. As an experienced writer, I can provide you top quality, well researched, concise and error-free work within your provided deadline at very reasonable prices.

$16 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I am a professional and experienced writer and I have written research reports, proposals, essays, thesis and dissertations on a variety of topics.

$30 Chat With Writer
ECFX Market

ONLINE

ECFX Market

I have worked on wide variety of research papers including; Analytical research paper, Argumentative research paper, Interpretative research, experimental research etc.

$17 Chat With Writer
Top Class Engineers

ONLINE

Top Class Engineers

I have read your project description carefully and you will get plagiarism free writing according to your requirements. Thank You

$41 Chat With Writer
Maths Master

ONLINE

Maths Master

I have written research reports, assignments, thesis, research proposals, and dissertations for different level students and on different subjects.

$21 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Hih 4000 humidity sensor - A linear downward sloping demand curve is - The sagebrush state 5th edition pdf - Curtin oasis my results - Intel server board s1200spl - Kellogg company swot analysis free - 1.8 5 journal rural wireless internet answers - Indian and international number system - Find the attachment look for question 3, it's summary report - Charlie and the chocolate factory chocolate castle - Nrs 490 capstone project change proposal - Siop lesson plan checklist - Tipping point leadership ppt - Fundamental accounting principles 23rd edition answers - Cold lay tarmac jewsons - Blue bananas book bands - Business Finance - An acpi power object failed to transition state - Hustle and bustle song - How to say lunchtime in japanese - 110 e 2nd st silver grove ky 41085 - Discussion Board - Weimaraner club of america vaccination protocol - Gane sarson symbols - I need 500 words in my coca cola company for impact in industry structure - Case study healing and autonomy - Animal farm propaganda poster - Application of access control techniques in daily job - Gcse history civil rights past papers - Ctrip scientifically managing travel services - Ron bachman reaching for the sky - What is server side scripting language - 4 main earth systems - Gases in the atmosphere pie chart - Gym management system project source code in html - American orchid society books - Comprehensive car insurance woolworths - Shelly cashman word 2016 module 1 sam project 1a - Lyapunov central limit theorem - 2 pages angia - Gateacre brow medical centre - Nonstop sql mx reference manual - Brodie's law crimes act - Alpha cell deep cycle battery - Penn foster biology research paper example - Wk 2 Individual Assignment - Create a Project Plan Draft [due Mon] - Anthropology1 Discussion Forum - Gran 1 - Employees with negative affectivity are inclined to - J.burrows sd and usb case black - Distribued Computing - What is the heaviest boneless animal - If we shadows have offended puck - COMPARATIVE REASONING - Geometry proof practice worksheet with answers - Zootapia - Army lesson plan examples - International business aviation council - Developing a pool of leadership successors combines evaluating - Bt employer super pds - Importance of river capture - Genetically modified foods harmful or helpful deborah b whitman - Discuss the effectiveness of red bull sponsorships - Chemistry homework answers chapter 3 - Boq stamp duty calculator - I need 1700 words in web app relating to car garage structure - Thank you letter assignment - Examples of questions for family health assessment - Assignment 4 mobile devices and self service e commerce - Delimitation of study in research - Chick fil a marketing mix - Biodegradable plastic bags business plan - Christopher little net worth - Track 2 discretionary data format - Stainless steel earth boss - Health - International driving permit service nsw - Balloon breathing conscious discipline - Word chapter 2 formatting and customizing documents - Kristen's cookie company case answers - 750-1000 word healthcare statistics paper - Oculus biomed pty ltd - Case 35 deluxe corporation solution - Nursing F S W (24 hours) - Applications Security 3questions. - Examples of quantitative research questions and hypotheses - The red badge of courage and camouflaging the chimera - Raisin in the sun play pdf - Common source amplifier at high frequency - Mathematics for machine technology 6th edition answer key - Am i too fat for disneyland paris rides - What is the domain of a rational expression - Binomial distribution worksheet answer key - Come up a business to business idea that is not in the market. - Bullet iron works birmingham al - Capital asset pricing model example problems - Ace star model evidence based practice process - Swot analysis lululemon athletica inc - Intercultural communication DB - Barrioization example