Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Www pearsonhighered com go student data files

15/11/2021 Client: muhammad11 Deadline: 2 Day

Adding to your security skills

This assignment is a tour of techniques and tools that are related to topics of this course. This will give you additional hands-on experience with some of methods to apply parts of what of we have learned. These mini projects are based on the main reference book of the course. You will be responsible for all topics those tools touch on. Objectives: 1- Employing a tool for applying some cryptography techniques 2- Illustrate understanding of a famous encryption cipher which is AES 3- Performing network administration tasks such as: check the MAC (physical) address of the

network, check its SSID, find the channel it is using, notice a signal-to-noise ratio, identify the type of security the network is using, identify the type and speed of the network, and notice the times the network appears.

4- Illustrate the ability control access to a system by using a well-known password auditing program

5- Identify the role of a firewall by using a well-known tool to monitor packets flowing in and out a network.

6- Illustrate what constitutes a host hardening process to protect assets on the scale of a single machine or parts of this machine.

7- Performing an evaluation of the level of security an application has and to appreciate the critical need for curing any vulnerabilities the application may have.

Please follow these guidelines closely: 1- Create a report that has all parts below.

a. The report has a title page i. Title page has names and ids of all students of the project.

b. The report should have a table of content page showing each part and the page numbers.

c. The report mainly focuses on snapshots of performing different tasks, so make sure you follow exactly the described guidelines.

i. Please add captions to the snapshots describing what the snapshot is about. And highlight the task to the snapshot (e.g., the snapshot is about ENCRYPTION PART_28)

d. Make sure that the report is very well organized before submitting. Make it look very professional. If not, expect points to be taken off.

e. Submit the report as pdf file. f. The project is to be done in groups of 2 or less. Groups have to be from the same

section in case we have several sections. i. Forming groups, if you want to have a group, is the responsibility of students. ii. Therefore, not finding a group is not an excuse not to do the project; you still

can do it on your own. g. Copying and cheating will have serious consequences. So, avoid that.

Due date is 4/15/2017 @ 11:59 pm CDT

Please perform all the tasks below:

ENCRYPTION PART: AxCrypt® is a great third-party encryption tool. You just select the files you want encrypted, enter your password, and you’re done. It is even available as an option in the shortcut menu when you right-click a file. AxCrypt will automatically re-encrypt the file after you are done modifying it. It uses 128-bit AES and is completely free. Let’s look at some of the functionality built into AxCrypt. 1. Download AxCrypt from http://www.axantum.com/AxCrypt. 2. Click Download. 3. Click on the appropriate version for your operating system. 4. Click Save. 5. Select your download folder. 6. If the program doesn’t automatically open, browse to your download folder. 7. Right-click AxCrypt-Setup.exe. 8. Click Run as administrator. 9. Click Yes if prompted. 10. Click I Agree. 11. Click Custom Installation. 12. Deselect all the bloatware (from Amazon). 13. Click Install. 14. Deselect Register. 15. Click Finish. 16. Save all your work, exit all other programs, and reboot your computer. Once your computer is rebooted you can continue on to the next step. 17. Right-click your desktop. 18. Click New and Text Document. 19. Name the file YourName.txt. Replace YourName with your first and last name. 20. Right-click the file named YourName.txt. 21. Select AxCrypt, and Encrypt. 22. Enter the password “tiger1234” (without quotes). 23. Click OK. 24. Double-click the new YourName-txt.axx file you just created. 25. Enter the password “tiger1234” (without quotes). 26. Click OK. 27. Close the text file that you just opened. 28. Take a screenshot of your desktop showing the newly created files. 29. Right-click the file named YourName-txt.axx. 30. Select AxCrypt and Decrypt. 31. Enter the password “tiger1234” (without quotes). 32. Click OK. 33. Right-click the file named YourName.txt. (This time you’re going to make an executable file that can be opened by anyone. They won’t have to have Axcrypt installed on their computer to be able to open the .exe.) 34. Select AxCrypt, and Encrypt copy to .EXE. 35. Enter the password “tiger1234” (without quotes). 36. Click OK. 37. TAKE A SCREENSHOT OF YOUR NEWLY CREATED YOURNAME-TXT.EXE FILE.

http://www.axantum.com/AxCrypt
NETWORK SECURITY PART: A useful program that network administrators can use to manage their wireless networks is inSSIDer®. It shows (1) the MAC (physical) address of the network, (2) its SSID, (3) the channel it is using, (4) a signal-to-noise ratio, (5) the type of security the network is using, (6) the type and speed of the network, and (7) the times the network appear.

Another benefit of inSSIDer is that it displays the encryption type used on a specific network. This is important information if you are doing a penetration test or a security audit. If your company is using wired equivalent privacy (WEP), it would be wise to switch to Wi-Fi protected access (WPA) or WPA2 (even better). There are several tools available that can crack WEP keys.

Running a quick scan of your network using inSSIDer may help you determine if you need to make changes to your network. It can also tell you if your network has dead spots or rogue access points. Let’s look at a simple example.

1. Download inSSIDer from http://www.metageek.net/products/inssider. 2. Click Download inSSIDer for Windows. 3. Click Save. 4. Select your download folder. 5. If the program doesn’t automatically start, browse to your download folder. 6. Double-click the inSSIDer installer (Inssider_Installer.exe). 7. Click Next, Next, Next, and Close. 8. Click Start, All Programs, MetaGeek, and inSSIDer. 9. Select your wireless network card from the drop-down menu.

10. Click Start Scanning. 11. Click on the 2.4 GHz Channels tab in the lower pane. 12. Wait a few minutes for surrounding networks to show up on the list. 13. Take a screenshot.

ACCESS CONTROL PART:

One of the most well-known password auditing programs is John the Ripper® (JtR), written by Solar Designer (Alexander Peslyak). You can read all about it and get a free copy from http://www.openwall.com/john/. It has been used for many years and has proven to be both robust and easy to use.

In this project, you are going to run JtR in a command prompt (DOS). You are going to perform both a dictionary attack and a brute-force attack on a sample password file that you will download from www.pearsonhighered.com/boyle/. 1. Make a folder labeled “security” on your C: drive (C:\security\). 2. Download JtR from http://www.openwall.com/john/. 3. Scroll down and click on the link labeled John the Ripper 1.7.9 (Windows). Download the latest version available. 4. Click Save. 5. Select your C:\security folder. (If you haven't already created this folder, you will need to do so now.) 6. If the program doesn’t automatically open, browse to C:\security. 7. Right-click john179w2.zip. (If a later version was available, this file may have a slightly different name.) 8. Select Extract All, and Extract. 9. Download the sample password database labeled "hackme.txt" from www.pearsonhighered.com/boyle/. (The files may be listed under Student Project Files, Chapter 5.) 10. Extract all of the student project files (including hackme.txt) into your C:\security folder.

http://www.metageek.net/products/inssider
http://www.openwall.com/john/
http://www.pearsonhighered.com/boyle/
http://www.openwall.com/john/
http://www.pearsonhighered.com/boyle/
11. Copy the "hackme.txt" file from the student project folder to C:\security\john179w2\john179\run. (It is important that the hackme.txt file be in the "run" directory with the JtR executable.) 12. Click Start. 13. In the search box, type cmd 14. Press Enter. (This will open a command prompt.) 15. Type cd .. 16. Press Enter. (This will move up one directory.) 17. Type cd .. 18. Press Enter. (This will move up one directory. You should now be at the C:\) 19. Type cd security 20. Press Enter. (This will move you into the C:\security directory.) 21. Type cd john179w2 22. Press Enter. (This will move you into the C:\security\john171w2 directory.) 23. Type cd john179 24. Press Enter. (This will move you into the C:\security\john171w2\john1701 directory.) 25. Type cd run 26. Press Enter. (This will move you into the C:\security\john171w2\john1701\run directory.) 27. Type dir 28. Press Enter. (This will give you a listing of the files in the "run" directory. You can confirm that both john.exe and hackme.txt are in this directory. Note: You need to make sure you have a copy of the hackme.txt file in the run directory. You need to give john.exe something to crack. After the passwords are cracked they will be stored in a file called john.pot in the C:\security\john179w2\john179\run directory. 29. Type john.exe -wordlist=password.lst hackme.txt 30. Press Enter. (This will start a dictionary attack using a built-in dictionary (password.lst) that came with JtR. The extension on password.lst file is ".lst" where the “l” is an L as in lemon.) 31. Type time 32. Press Enter twice. (This will provide a timestamp.) 33. Take a screenshot. 34. Type john.exe hackme.txt 35. Press Enter. (This will start a brute force attack. JtR will start trying all possible combinations until it cracks all of the passwords. The passwords you see were cracked in addition to the ones found during the dictionary attack.) 36. Stop the brute force attack by pressing Ctrl-C. (You can let it run for a couple of minutes.) 37. Take a screenshot. 38. Type notepad john.pot 39. Press Enter twice. (This will open the john.pot file where the cracked passwords are stored.) 40. Take a screenshot showing hashes and passwords you have cracked.

FIREWALLS PART:

One of the most well-known packet sniffers is called Wireshark® (formerly Ethereal®). It is a powerful tool that can capture, filter, and analyze network traffic. It can promiscuously capture traffic on both wired and wireless networks. It is used by security and networking professionals to troubleshoot networking problems.

In this project, you will install Wireshark, capture packets, and look at the contents of a packet. When placed correctly, a network administrator can use Wireshark to see all the traffic coming into and out of a network. Network administrators can, among other things, see which hostnames are being requested and who is requesting them. Surfing the Web is not anonymous. 1. Download Wireshark from http://www.wireshark.org/download.html. 2. Click Download Windows Installer. (Download the latest stable release.) 3. Click Save. 4. Save the file in your download folder. 5. If the program doesn’t automatically open, browse to your download folder. 6. Double-click Wireshark-setup-1.8.5.exe. (The software version numbers will be slightly different

as newer versions are released.) 7. Click Next, I Agree, Next, Next, Next, and Install. 8. Click Next to install WinPCap. 9. Click Next, I Agree, Install, and Finish. 10. Click Next, and Finish. 11. Double-click the Wireshark icon on your desktop. (You can also access it through your Start

menu.) 12. Click Interface List. (This will display a list of all available network interfaces on your computer.

You will want to want to note the description and IP address of the interface with the most traffic. You will need to select this interface in the following steps.)

13. Note the interface with the most traffic. (You will select this interface in the following steps.) If there are duplicate names for the Network Interface Card (NIC), you can use the last 3 or 4 values of the MAC address to identify the appropriate NIC.

14. Close the Capture Interfaces window. 15. Click Capture, and Options. 16. Select your Network Interface Card (NIC) if it is not already selected. 17. Take a screenshot. 18. Close ALL other programs you currently have open except your word processing program (MS

Word, LibreOffice Writer®, etc.). 19. Click Start. 20. Let it run for 10 seconds. 21. While you are waiting open a Web browser and go to www.google.com. 22. Return to your Wireshark window. 23. In the file menu click Capture and Stop (or use the keyboard shortcut—Ctrl+E). 24. Scroll up until you see a green and blue area. (These are the packets you captured when you

requested Google’s main page.) 25. Take a screenshot. 26. Scroll down until you see a line that has GET / HTTP/1.1. (You may have to try more than one

until you get to the packet that shows “www.google.com” in the bottom pane.) 27. Select that row. 28. In the bottom pane, you will see a bunch of numbers to the left. (It’s the packets contents in

hexadecimal.) Just to the right you will see the content of the packet in a column. 29. Select the text: www.google.com. 30. Take a screenshot.

http://www.wireshark.org/download.html
http://www.google.com/
http://www.google.com/
http://www.google.com/
http://www.google.com/
HOST HARDENING PART:

FileVerifier++® is a tool that will compute hashes on any single file, or all of your files at once. These hashes are then checked to see if there have been any changes to those files. FileVerifier++

can quickly check the integrity of a large number of files. FileVerifier++ is useful if you need to verify that a given set of files has not been changed or

altered in any way. For example, it could be used to verify that customer, employee, financial, or sales records were not manipulated. If a file was changed without authorization, it can be compared with an earlier version to determine which changes were made. Using a file verifier is one way IT security professionals can detect a possible intrusion. 1. Download and install FileVerifier++ from http://www.programmingunlimited.net. 2. Click Start, All Programs, FileVerifier++, and FileVerifier++. 3. In FileVerifier, click the Options button. 4. Change the Default Algorithm to MD5. 5. Click OK. 6. Click on the Dirs button to select the directories you want. (You can also select individual files.) 7. Browse to and select your downloads directory. 8. Click OK. 9. Take a screenshot. 10. Click the Verify All button. (Browse to your downloads directory if necessary.) 11. Click OK. 12. Take a screenshot. 13. Create a new text file named YourNameHash.txt, and save it in your downloads folder. (Replace

YourName with your first and last names.) 14. Open the text file labeled YourNameHash.txt you just created in your downloads folder. 15. Add your name to the contents of the text file. 16. Save your changes to that text file by clicking File, and Save. 17. Close the text file. 18. In the FileVerifier++ window, click Verify All again. (Browse to your downloads folder if

necessary.) 19. Scroll down until you can see the text file that you changed. (It should be highlighted in red.) 20. Take a screenshot.

APPLICATION SECURITY PART:

Gaining practical experience related to testing and securing application weaknesses is difficult. Most applications have already patched known vulnerabilities. Websites are typically not willing to let users “test” their website or web applications for vulnerabilities. Testing for vulnerabilities can cause applications, web applications, and even whole websites to crash.

Open Web Application Security Project® (OWASP) is a project that contains tools that focuses specifically on application security (www.OWASP.org). It has robust tools for testing the security of your existing Web applications, and impressive training tools that won’t harm any outside websites.

OWASP’s training tool, WebGoat®, will walk you through several of the main types of application weaknesses. If you are interested in learning more about application testing, both WebGoat and WebScarab® (a custom testing proxy) are great places to start. They will help you understand specific application vulnerabilities and test them without causing any harm.

WARNING: Do not use any of the material shown in these tutorials on real websites. They can cause harm, and you will be held accountable for any damage you may do. These tools are available to help

http://www.programmingunlimited.net/
systems administrators learn how to secure their own systems. 1. Download OWASPs WebGoat® from http://code.google.com/p/webgoat/downloads/list. 2. Click on WebGoat-5.4-OWASP_Standard_Win32.zip 3. On the next page, click on WebGoat-5.4-OWASP_Standard_Win32.zip. 4. Click Save. 5. Select your download folder. 6. Click Save. 7. If the program doesn’t automatically open, browse to your download folder. 8. Right-click WebGoat-5.4-OWASP_Standard_Win32. 9. Click 7-Zip, and Extract to “\WebGoat…” 10. Browse to the newly extracted folder (\WebGoat-5.4-OWASP_Standard_Win32). 11. Open the WebGoat-5.4 folder. (You will see 5 or 6 files.)

http://code.google.com/p/webgoat/downloads/list
12. Double-click the file named webgoat.bat. (This will open a runtime viewer. You can minimize this viewer, but do not close it.) 13. Click Allow access if you see a Windows Security Alert. 14. Open an Internet browser (e.g., Firefox or Internet Explorer). 15. Type the URL http://localhost/WebGoat/attack. 16. Type “guest” for the username and “guest” for the password (without quotation marks). 17. Click on Start WebGoat. 18. You will now see the WebGoat application running through your Internet Browser. While running WebGoat, your machine is extremely vulnerable to attack. If possible, you should disconnect from the Internet while using this program. 19. With WebGoat running, open a browser and type: http://localhost/WebGoat/attack. This address is case-sensitive, so be sure to capitalize the W and G in the address line. 20. Click on Start WebGoat. 21. On the left-hand side, click on Concurrency. (The links labeled Lesson Plan and Solution provide detailed explanations about why coding errors make this attack possible.) 22. Click on Shopping Cart Concurrency Flaw. 23. Right click on the link Shopping Cart Concurrency Flaw and select Open Link in New Window. (You should have two tabs open with the exact same content.) 24. Align the windows so they are side-by-side. 25. In the left window, change the quantity of Hitachi Hard Drives from 0 to 1. 26. Click Purchase. (Do not click Confirm.) 27. In the right window, change the quantity of Hitachi Hard Drives from 0 to 15. 28. Click Update Cart. 29. Take a screenshot of your entire desktop (Ctrl-PrintScreen) showing both windows. 30. In the left window, click Confirm. (This confirms the charged amount of $169.00 while having updated the quantity to 15 in your cart! This will now process the transaction charging the original amount of one item and process the order for the updated quantity amount.) 31. Take a screenshot of your entire desktop (Ctrl-PrintScreen) showing both windows. 32. Close the right window. 33. In the left window, click Restart this lesson in the top right-hand side of the page. 34. Repeat the steps in this exercise to reproduce a similar concurrency flaw using a different product (not the Hitachi hard drive) and different quantities. 35. Take a screenshot of your entire desktop (Ctrl-PrintScreen) showing both windows after you have reproduced the concurrency flaw.

http://localhost/WebGoat/attack
http://localhost/WebGoat/attack

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Financial Assignments
Academic Mentor
Top Essay Tutor
ECFX Market
Top Class Engineers
Maths Master
Writer Writer Name Offer Chat
Financial Assignments

ONLINE

Financial Assignments

I have done dissertations, thesis, reports related to these topics, and I cover all the CHAPTERS accordingly and provide proper updates on the project.

$38 Chat With Writer
Academic Mentor

ONLINE

Academic Mentor

I will be delighted to work on your project. As an experienced writer, I can provide you top quality, well researched, concise and error-free work within your provided deadline at very reasonable prices.

$16 Chat With Writer
Top Essay Tutor

ONLINE

Top Essay Tutor

I am a professional and experienced writer and I have written research reports, proposals, essays, thesis and dissertations on a variety of topics.

$30 Chat With Writer
ECFX Market

ONLINE

ECFX Market

I have worked on wide variety of research papers including; Analytical research paper, Argumentative research paper, Interpretative research, experimental research etc.

$17 Chat With Writer
Top Class Engineers

ONLINE

Top Class Engineers

I have read your project description carefully and you will get plagiarism free writing according to your requirements. Thank You

$41 Chat With Writer
Maths Master

ONLINE

Maths Master

I have written research reports, assignments, thesis, research proposals, and dissertations for different level students and on different subjects.

$21 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Iprocrastinate app download mac - Determine the size of square bearing plates - Bex web application designer step by step - Standardization of sodium hydroxide naoh solution - Shadow health cough danny rivera - Huawei vision and mission 2018 - Study the caretakers footprints believer beach - Hughes wholesale cars toowoomba - Does tantoo cardinal have a cleft palate - Team Data Collection - One page memo - Case studies in abnormal psychology answers - Coca cola goals and objectives - Cert 3 frontline management - Week 7 Reflection Paper (for Noorfatima) - Short Synthesis Essay - Microsemi libero free license - Mike 11 user manual - Aerosoft airbus fuel planner - How many au is saturn from the sun - Internet Marketing Discussion Board - Interesting facts about the hawaiian hawk - Cisco partner program enrollment - Proving triangles similar answers - Reflect on Week Two - War production board apush - Writing Exercise 5 - Feast watson floor clear - Social and cultural perspectives and biases - Notre dame fremantle campus map - Kaiser permanente opportunities and threats - Fass fuel system dealers - Irwin mobile command center amazon - Eat em like junk food - A rolling stone gathers no moss amplification - Disscuion - How many frames per second can we see - Companies that use hybrid costing system - Examples of elimination complexities - Calculating elasticity of demand midpoint method - Martin collects stamps - Response Paper #11: "Chekov and Zulu" - Usa patriot act powerpoint presentation - Order 2607585: Identity Diversity & Community - Metal frame picture style powerpoint - Can g6pd eat almonds - Verivide light box manual - If i save 200 a month - Describe the criteria for classifying leases by a lessee - Loulou robert erwan larher - Assume that the weight loss for the first month - Lumière supporting a virtual workspace on the cloud - John invested the following amounts in three stocks - Job analysis and recruiting method - Animal farm propaganda poster - Cheshire fire service jobs - Ancient greek numeral system - Compute the ending inventory at september 30 - How to use gibbs reflective cycle in an essay - Reposted - Ministry of Health’s (MOH) vision and strategy to improve healthcare quality - Aft2 task 4 staffing plan - Statesman journal e edition - Gross death rate - What channel is hgtv on cox - Austria embassy in cambodia - Moderation in spss - Water by the spoonful full pdf - The following transactions pertain to smith training company for 2016 - Goldilocks and the three bears meaning - To kill a mockingbird essay ideas - Liverpool city council clean up - Electric field plotting lab report - Declare a 8x8 two dimensional array of strings named chessboard - Dissemination of evidence based practice in nursing - Current and Emerging Technologies - Heart i want to make love to you - Does age affect reaction time - Business report title page - The financial value placed on an object involved in an exchange is - The federal response to hurricane katrina lessons learned - Ucl natural sciences careers - English Homework - Case 1 monsanto attempts to balance stakeholder interests - LifeLong Leadership - The liabilities section of o brian's balance sheet - How to read old handwriting - Suds and duds laundry washed and pressed - Programming - Temple university starbucks hours - Biological old regime definition - 6 month training program - Principles of advocacy in nursing - Why culture counts teaching children of poverty - Gateshead council waste collection - Multiple mini interview monash - Examples of tension in poetry - How much is 53.5 kg - Change Implementation and Management plan - Short answer