CyberSecurity Technical Report: Findings, Analysis and Recommendations
Verified
Added on 2023/06/15
|24
|2693
|115
AI Summary
This technical report provides findings, analysis and recommendations for a breach incident scenario. It includes steps to avoid breaches and tools used in digital forensics such as Nmap, Tomcat, Ngrep, SSL, Keystore, Tcpdump and Tshark.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
CYBERSECURITY
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1.Introduction A breach incident will be taken and response Technical Report will be created based on practical work (scenario). Walkthrough will be used on virtual machine as a breach investigator. Breach is a first and foremost Virtual Machine in multi-part series, it will be arranged with constant IP address and configuration will be done for host- only adaptor to this particular subnet. The main objective of the project will be provided. The Background of the Initech Company will then be investigated and the findings will be provided. Analysis will be provided. Suitable recommendations will be made finally. 2.Background INITECH Co., Ltd., is a financial IT and the security company, this helps in providing the information safety solutions. This mainly develops in the systems like e-banking and this offers e-banking services, there are services such as service preparation and consulting, development, control and monitoring, and maintenance; and operatesdata centers that provide various supplementary services for enterprises. The company also offers IT professional services, such as security system. The system has the following scenario. Scenario Initech got through and the board of directors chosen to bring in their internal Initech Cyber Consulting, LLP division to assist. Given the high profile nature of the breach and, nearly catastrophic losses, there have been many following attempts at a company. Initech has tasked their foremost top consultants, this is led by the head, Bill Lumbergh, and Peter Gibbons to contain and perform an analysis of the breach (The Balance, 2018). Then the company realizes that the breach was not the work of skilled hackers but a parting gift from a disgruntled former employee on his way out. The top consultants are hard at work for containing the breach. However, their work ethics and the mess left behind may be a downfall of the company (Digital-forensics.sans.org, 2018). 2
3.Findings Installed an Oracle Virtual Box and opened the Virtual Box is given below. After install the Ubuntu in Virtual box was running shown in figure(Baggili, 2011). In Virtual Box after installed the Ubuntu operating system, the Ubuntu desktop is opened. 3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Check the IP address in Ubuntu Virtual Box, Go to settings -> select Network settings, Network window will open. There is IP address which is with v4 taken as IP address is given below. On the desktop Right click -> select terminal, The window will open, then type ifconfig. Check it and there is something wrong. 4
Click on machine>>settings>>network window gets opened. Adapter1>> NAT is choosen NAT is changed to Bridged Adapter 5
Network setting>>method is set to DHCP DNS server address is set right in the option below. 6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IP address is changed and is shown below Ping command is used and is shown below 7
In windows, go to Run Now in command prompt, ping command is used. The screenshot is provided below 8
IP address of Virtual box is now connected with windows and is shown below There are certain tools which are analysed that they are used to investigate the breach. The tools are listed below and the explanation are provided in the analysis part. 1.Nmap 2.Tomcat 3.Ngrep 4.SSL 9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5.Keystore 6.Tcpdump 7.Tshark 4.Analysis Analysis is done for the project and the tools are analyzed. The tools are analyzed that they are used in the field of breach in Digital forensics. They are listed below with brief description. Nmap With a basic functionalities of networking user can learn how to not only execute a port scanner(Goel, 2010). Nmap is the port scanner and most populist in world-wide that is a hosted security tools. Nmap is an online scanner for port can to scan your network servers and devices from an external perspectives of external of user firewall. This helps in utilizing the framework that works. Nmap will keep running on a Windows framework, it works better and is quicker under Linux. Likewise having background with Linux based frameworks is an awesome method to access a wide choice of security apparatuses. Steps for using Nmap in Linux Step-1: Operating system Installation Step-2: Ubuntu Installation Step-3: Nmap Installation from source Initially we need to find Nmap scan with following categories results. 10
Then we implemented some python code for execute Nmap scanner as follows(Stark State College - North Canton, Ohio, 2018). 11
Tomcat The Java servlet or web server from the project of the Apache software is called as Tomcat. The webpages in replied to requests from a user when a web browser. It will been standard but it is often utilized behind cultural web servers such as Apache software with the cultural server providing static pages and it can providing a dynamic servlet and requests. The following steps are used in Tomcat web server(Jahankhani, 2010). oInstall Java oUnzip Tomcat oDownload Eclipse oSay Eclipse about Tomcat oTest the server oAdjust Eclipse preferences Ngrep Ngrep is a basic packet sniffing and it can supports the basic packet sniffing filter condition that means to tell constraining what Ngrep looks and shows a simple as something such as”ngrephostfoo.bar.com”. The following some examples of similar invocations of Ngrep to do depends upon basic packet sniffing. The Ngrep is used to attach the specified Ethernet adaptor and recently UNIX implementations this can advised Ngrep to attach all interface at once in local and every output interfaces that may or may not be live. Some examples of Ngrep as follows. Ngrep-d port 25 TheSimpleMailTransferProtocolmonitortheprocessingof crossingsourceor destination port 25(Lillard, 2010). Ngrep-d any ‘error’ port syslog Ngrep controls any network depends on syslog traffic for the situation of the word ‘error’. 12
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Ngrep-wi –d any ‘user|pass’ port 25 The File Transfer Protocol controls every traffic crossing source and destination port 21. Now we seen a Ngrep user requests… SSL SSL stands for Secure Socket Layer and it is a standard security method for publishing an encrypted link between a web browser and a web server. These links are combined that each and every information passed between the web browsers and web server remain integral and private. It is an industry standard and is utilized by many websites in the security of their transactions in online with the customers. To be capable to implement a SSL links a web server wants a SSL certificate. When user select to enable SSL on your web server user can be prompted to finish a number of tasks about the identity of user website and user-company. User web server then implements 2 cryptographic keys such as private key and public key(Blackstone, n.d.). The difficulties of the SSL protocol remain not visible to customers. Depends their browsers produce them with a key indicator to know them. They are recently secured by a SSL encrypted session. The lock symbol in the bottom right hand edge, clicking on the lock symbol shows user SSL certificate and the information about it. Every SSL certificates are provided to nor companies legally accountable unique. Keystore Java key tool is a key that also certificate management tool and it is utilized for control Java keystores and it can be included with Java. The Java keystore container for authentication 13
certificates and public key certificates. It is often utilized by Java based applications for authentication, encryption and HTTP servers. The entries are secured by a keystores password. It contains implementing and updating Java Keystores because they will be utilized with user Java applications(Nelson, Phillips and Steuart, n.d.). Tcpdump Tcpdump is a network travels for traffic in data packets and every data packet include the data that it wants to travel surround the network. This data is included in a TCP ( Transmission Control Protocol ) header. The TCP header can include the source and destination address and also it can contains the protocol identifiers and state information. The remain of the packet includes the information that been sent. The routing read the data in the packets and send them to the wright destination is responsible by devices. Tcpdump also a packet sniffing tool that utilized by admin of network to sniff and calculate traffic on a network(OpenLearn, 2018). The pair of reasons for sniffing traffic on a network will be to validate links between to calculate the traffic and hosts that is used for traversing the network. Here, various tools available. They are Snort, Ethereal, Etherape and etc. Tshark Tshark is called as network protocol analyzer. It lets user shot packet information from a network and read the packets from a last saved shot file, nor printing a decoded form of packets to the organized results for writing the packets to a data(Niccs.us-cert.gov, 2018). Once the shell connects to it, this is then upgraded to the session named meterpreter. Portpoof Finally, the system is now much protected by portpoof. The file contains the background information or the data and the scripts are writable. 5.Recommendations There will be process for completing eliminate for the breaches security is an incredible task. But some important steps to be followed for avoiding breaches. 14
It is suggested to follow the below recommendation steps. 1.An employee leaves, that the employer account will be disable. When an employee is terminated by the company, immediately company will disable the leaving employee account even that the employee sendoff below agreeable terms or not(Weerasinghe, 2010). 2.Default passwords will be changed, because the company has more devices and the software applications are endangered by the default username and passwords is not possible, this will be easily attacked by the attackers. So the company employees have to follow password policy properly and will change the default passwords for security purpose. 3.Network scans will be do properly and regularly because there is inventory of baseline operational is invalid, then it allows to know rogue applications is install in network by the administrator. The regular network scan is done by the use programs like Net view with Microsoft command(InterWorks, 2018). 4.The traffic in outbound network will be monitor, because there is suspicions raise then the connections of outbound and traffic deviates from the normal operation of baseline. But the truth is sensitive information has stolen and also spamming, the most applications of firewall is to monitor the traffic of outbound(SearchSecurity, 2018). 5.To implement a plan for security purpose, there is no matter size of the organization small or big. When the company is in danger condition, then the security plan will give solutions for that problem. It is much more important in all organization. 6.Conclusion A breach incident is chosen and Technical Report is created based on practical work (scenario). Walkthrough is used on virtual machine as a breach investigator. TheBreach is a first and foremost Virtual Machine in multi-part series, it is arranged with constant IP address and configuration is done for host-only adaptor to this particular subnet.The Background of the Initech Company is investigated and the findings are provided. Suitable recommendations are made finally. Analysis and report are also made. 15
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7.References Baggili, I. (2011).Digital forensics and cyber crime. New York: Springer. Blackstone, W. (n.d.).Commentaries on the laws of England. [S.l.]: Forgotten Books. Digital-forensics.sans.org. (2018).SANS Digital Forensics and Incident Response Blog | How to Make a Difference in the Digital Forensics and Incident Response Community | SANS Institute. [online] Available at: https://digital-forensics.sans.org/blog/2011/12/06/how-to-make-a- difference-in-the-digital-forensics-and-incident-response-community [Accessed 20 Feb. 2018]. Goel, S. (2010).Digital forensics and cyber crime. Berlin: Springer. InterWorks. (2018).What Is Digital Forensics?. [online] Available at: https://www.interworks.com/blog/bstephens/2016/02/05/what-digital-forensics [Accessed 20 Feb. 2018]. Jahankhani, H. (2010).Handbook of electronic security and digital forensics. New Jersey: World Scientific. Lillard, T. (2010).Digital forensics for network, internet, and cloud computing. Amsterdam [u.a.]: Syngress/Elsevier. Nelson, B., Phillips, A. and Steuart, C. (n.d.).Guide to computer forensics and investigations. Niccs.us-cert.gov. (2018).Digital Forensics | National Initiative for Cybersecurity Careers and Studies. [online] Available at: https://niccs.us-cert.gov/workforce-development/cyber-security- workforce-framework/digital-forensics [Accessed 20 Feb. 2018]. OpenLearn. (2018).Digital forensics. [online] Available at: http://www.open.edu/openlearn/science-maths-technology/digital-forensics/content-section-4.3 [Accessed 20 Feb. 2018]. SearchSecurity. (2018).What is computer forensics (cyber forensics)? - Definition from WhatIs.com. [online] Available at: http://searchsecurity.techtarget.com/definition/computer- forensics [Accessed 20 Feb. 2018]. 16
Stark State College - North Canton, Ohio. (2018).Cyber Security and Computer Forensics Technology | Stark State College - North Canton, Ohio. [online] Available at: https://www.starkstate.edu/academics/programs/cyber-security-and-computer-forensics- technology/ [Accessed 20 Feb. 2018]. The Balance. (2018).Just What Do Digital Forensics Experts Do and What Can They Earn?. [online] Available at: https://www.thebalance.com/digital-forensics-job-and-salary-information- 974469 [Accessed 20 Feb. 2018]. Weerasinghe, D. (2010).Information Security and Digital Forensics. Berlin, Heidelberg: Springer-Verlag Berlin Heidelberg. 8.Appendix Source of evidence: The link is provided below. https://fas.org/sgp/crs/misc/R43831.pdf https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf Items of evidence The following are evidences for connecting ubuntu virtual box to the windows 17
DNS server address is set right in the option below. 18
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IP address is changed and is shown below 19
IP address of Virtual box is now connected with windows and is shown below 20
Some tools are analyzed that they are used in the field of breach in Digital forensics. They are Nmap, Tomcat, Ngrep, SSL, Keystore, Tcpdump, Tshark etc.., Nmap: 21
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Timeline: Investigating the background of company: 1 hours Findings of breach: 1hour Analysis: 1 hour Report: 2 hours Walkthrough links: https://www.chrismaddalena.com/2016/07/vulnhub-breach-1-0-walkthrough/ https://itfellover.com/vulnhub-breach-1-0-boot2root-ctf-challenge-walkthrough/ 22