Cyber Security Tutorial 2
Instructions
In this tutorial you should work preferably in pairs or alone. Try to answer all the questions together and discuss the possible answers/solutions. You will be given 30 minutes to complete this task and, in the end, a general discussion will take place in class based on the content of this tutorial. Try to answer as many questions as youcan!
Question 1
Copyright By PowCoder代写 加微信 powcoder
You are given a variety of port numbers. Please fill in the table with the protocols normally associated with these port numbers and briefly explain what every protocol is used for.
Port Protocol Number
53 DNS (Domain Name System)
20 FTP-data (File Transfer Protocol)
(tcp/udp/sctp)
25 SMTP (Simple Mail Transfer Protocol) (tcp/udp)
80 HTTP (HyperText Transfer Protocol)
(tcp/udp/sctp)
Description
Default port for dns; transport layer can use either tcp or udp. DNS deals with any dns requests as mentioned in our lectures. No use of cryptographic signatures.
Default port (active) for ftp-data; transport layer can use either tcp, udp or sctp (stream control transmission protocol). FTP- data is used for transferring files. No encryption used.
Default port for smtp; transport layer can use either tcp or udp. SMTP is an Internet standard for email transmissions. No authentication.
Default port for http; transport layer can use either tcp, udp or sctp. HTTP is encounterented on the World Wide Web in order to access web content. No use of encryption.
TELNET(tcp/udp)
Default port for telnet connection; transport layer can use either tcp or udp. Telnet is a text based two-way communication protocol, used for accessing remote hosts. Lacks authentication policies and encryption.
NICNAME/WHOIS (tcp/udp)
Default port for nicname/whois; transport layer can use either tcp or udp. Nicname/whois deals with requests on databases that hold information about internet resources like IP address allocations, domain names and more. Lacks access control, integrity and confidentiality.
TFTP (Trivial File Transfer Protocol) (tcp/udp)
Default port for tftp; transport layer can use either tcp or udp. TFTP (more limited features than FTP) mostly used for reading/writing files/mail to or from a remote server. No security or authentication while transferring files.
SSH (Secure Shell) (tcp/udp/sctp)
Default port for SSH connection; transport layer can use either tcp, udp or sctp (stream control transmission protocol). SSH is used for accessing remote hosts; described by many as the secure version of telnet.
ODMR (On- Demand Mail Relay) (tcp/udp)
Default port for odmr; transport layer can use either tcp or udp. ODMR is an Internet standard for email transmissions and is an extension of SMTP. The main difference is that it uses dynamic IP addresses instead of static ones.
POP3 (Post Office Protocol) (tcp/udp)
Default port for pop3; transport layer can use either tcp or udp. POP3 is the most recent protocol for email transmissions but only on the receiving side (protocol which deals with receival of emails). Can support encryption.
Default port for https; transport layer can use either tcp, udp
(tcp/udp/sctp)
or sctp. HTTPs is encounterented on the World Wide Web in order to access web content. HTTPS is the encrypted version of HTTP.
FTP (File Transfer Protocol) (tcp/udp/sctp)
Default port for ftp (passive); transport layer can use either tcp, udp or sctp (stream control transmission protocol). FTP is not responsible for transferring the data but for mainly dealing with control data. Like OK messages, relevant that the file has been received and more. No encryption used.
SFTP (Secure File Transfer Protocol) (tcp/udp)
Default port for sftp; transport layer can use either tcp or udp. That is for unsecured connection. If SSH is used for authentication and then a secure file access, transfer and management is ensured then is port 22.
FTPS-data (File Transfer Protocol) (tcp/udp)
Default port for ftps-data; transport layer can use either tcp or udp. FTPS-data is used for transferring files. The difference with ftp-data is that ftps is using TLS which is secure transfer of data by using encryption.
123 NTP (Network Time Protocol)
445 MICROSOFT-DS (Directory Service)
Question 2
Discuss between your team why it is important to know which protocol is associated with a port number. Is there any good reason considering the cyber security aspect?
Port scanning is used to identify which ports are open and which are closed. This helps experts to identify if the security policies which are employed are active and on the other side hackers can identify what is open and might be exploitable. Just see it as a door that can be identified, and someone can try to break through. By identifying this port, they can search for any known services that use this port or known vulnerabilities if the system is unpatched and start to plan the next step of their multistage attack.
Question 3
Identify different types of DNS records and explain their meaning. Try to identify through your research at least five of them.
DNS server provides important information about a domain/hostname and its relevant IP address. This information is provided by the creation of something known as DNS records. Some common types of DNS records are the following:
1) Address Mapping (A) → DNS host record; stores hostname and corresponding IPv4 address.
2) IPv6 Address record (AAAA) → Exactly the same as previously but instead of IPv4, the IPv6
address is stored.
3) Name Server records (NS) → redirects to a specific Authoritative Name server and provides the address of the name server, as in our schema from the lecture with Amazon.
4) Certificate record (CERT) → stores encryption certificates.
5) Start of Authority (SOA) → this record is encountered in the beginning of the DNS file and has
Default port for ntp; transport layer can use either tcp or udp. NTP is used for the clock synchronization between the computing systems.
Default port for microsoft-ds; transport layer can use either tcp or udp. MICROSOFT-DS is used to provide access to file and print sharing services (Wannacry exploit).
NETBIOS-NS (Network Basic Input Output System-Name Service) (tcp/udp)
Default port for netbios-ns; transport layer can use either tcp or udp. NETBIOS-NS is used for similar purposes like DNS, but in this case is asking information about NETBIOS names. This is normally traffic you would encounter on Windows machines and the names which help specify the workgroups.
important information; the relevant Authoritative Name Server, domain serial number, refreshing rate of DNS information, contact details for the domain administrator.
6) Text record (TXT)→contains machine readable data like sender policy framework and more.
7) Mail exchanger record (MX) → information regarding the SMTP email server for the domain
(responsible for routing outgoing email to an email server).
8) Canonical Name record (CNAME) → Basically when a record of another hostname is requested (aliases).
9) Service Location (SRV) → Same with MX but for other communication protocols.
10) Reverse-lookup Pointer records (PTR) → for reverse DNS lookup (provide IP and receive
hostname).
Question 4
How many versions of IP addresses exist and what are their differences?
There are two versions of IP addresses; IPv4 and IPv6. IPv6 is the successor of IPv4 (32 bit addresses). Most of IPv4 addresses have been assigned, so the creation of IPv6 was necessary (128 bit addresses).
Question 5
Below you will be given two columns that you will be asked to match accordingly. One column refers to different type of addresses in networking and the other gives examples. You are being asked to make the correct connection.
There is an intentional confusing bit in this question. For the DNS in column A, DNS is not really represented with AAAA as this is not an address. However, AAAA is referring to a type of DNS record.
MAC address DNS
IPv4 address IPv6 address Domain address
Question 6
What is the range of local IPv4 addresses?
2001:db8:85a3:0:0:8a2e:370:7334
192.168.43.58
www.bbc.co.uk AAAA
00:0a:95:9d:68:16
This what is known as RFC 1918 addresses which is a standard that assigns IP addresses in a private network. The following table demonstrates addresses that cannot be routed on the Internet and are reserved for use in private networks.
10.0.0.0 – 10.255.255.255 172.16.0.0 – 172.31.255.255 192.168.0.0 – 192.168.255.255
Question 7
DISCLAIMER: UNDER NO CIRCUMSTANCE YOU MUST USE WIRESHARK OTHER THAN WHAT INSTRUCTED BY YOUR LECTURER. YOU WILL ONLY OPEN THE SAMPLE WHICH WAS PROVIDED THROUGH MOODLE FOR EXAMINATION. YOUR LECTURER WILL NOT BE RESPONSIBLE FOR ANY OTHER USE.
You will be given a networking sample that you can open with Wireshark. All necessary files have been uploaded to Moodle. Investigate the sample and try to identify important information:
1) What is the communication about?
In this communication we can identify lots of things that we discussed in the lecture. First of all, we have a DNS request going through our router asking for the IP address, both IPv4 (A) and IPv6 (AAAA) for the website: www.gla.ac.uk. The purple area describes the functionality of the browser for a secure communication; so, it enables the https functionality of the website and you will see that port 443 is activated (https). After this a response will come through our router to our host system (refer it as laptop for simplicity) with the information we asked, which is the IP address of the website. Afterwards, a handshake is taking place between the machine that made the initial request (laptop) and the server IP address of the website. After the handshake the laptop will get access to the website and load the webpage. GET request is satisfied.
2) Which protocols can you identify and what is their use?
DNS, TCP and TLS. DNS is for identifying the IP address. TCP for exchanging the information and the request. TLS is for enabling the secure communication in the browser.
3) What is the source IP address, port and the destination IP, port?
Source IP (laptop): 10.0.2.15
Source port (laptop): 39769 for DNS request 51424 for webpage connection Destination IP (webpage): 130.209.16.90
Destination port (webpage): 80
Port 443 (https) is enabled by the browser before the handshake.
4) Anything else that is notable in the sample?
Code 301 Moved permanently is used for permanently redirection, meaning that current links should be updated. The 301 redirection is a good practice from upgrading from http to https.
DNS Response
Access to Web
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com