Answer4. Nessus Vulnerability Scanner

Step1
Download the Nessus Vulnerability scanner from the www.nessus.org/download website it's a free version.

Step3
Fill out the information for software licence agreement to register and submit it then i got a activation code through my email.

Step5.
After activated i started Nessus server and configuration application and accept the default setting.

Step6.

Then i started the nessus client to shoe the main interfaces.

Step10
and connect to the server by clicking connect button,When i connect with local host then i received a message that it is a first connection to the remote host. then it will ask for do u continue yes/no? Then i did yes

Step13

Entered the range of address that encompass computers connected to network such as 192.168.1.1-192.168.1.255.

Step15

Then it scan and connect with the network assign range and then finally, the scanner will show a report displaying the scanned IP addresses and their details and their vulnerabilities and Risk Factors.

Step17

Vulnerability scanning assist to recognize in system to accumulate against the attack. It will help helps to fix before attack. Screenshot vulnerability scan was done in range 192.168.1.1-192.168.1.255 in my system. After scanning it found the vulnerability to 192.168.0.115 in my system. It provides vulnerabilities, solutions and risk factors.

As Nessus scanner is mainly a port scanner, protocol analyzer and a password cracker, it is very helpful at this level. On the other hand, it cannot be used instead of an anti-virus software because it only can detect viruses that use ports or open them

References:-

Ciampa, M. (2008) Security+ Guide to Network Security Fundamentals. Boston, USA: Cengage Learning.

Nessus. (2010). In Wikipedia. Retrieved 21st jan, 2010, from

http://en.wikipedia.org/wiki/Nessus_(software)

Answer3 Spoof a mac address

Step1The mac spoofer is using is smac2.0 which i Download from the klc consulting website

www.klcconsulting.net/smac is a free download edition.

Step7
When prompted for registration id, then i click proceed, it displays network interface card adapter that it discovered.

Step9

when i select a active network adaptor its current Mac address displayed current under active Mac address field.

Step11Now i clicked in the Update the mac address button to update the address.

Step13

This screen shoot showing in command prompt that the Verified mac address changed.

Step14
In command prompt enter ipconfig/all then mac address will appear.

Now re-enable the original mac and remove the Mac button in Smac then reboot.

This project done by using the mac2.0 from the website

www.klcconsulting.net/smac

Case project 6-3

Rouge Access Points can be detected in many ways. One way is to perform manually checks or PDA running Nets tumbler. c detects all wireless networks that are within a broadcast area. A map is created showing the locations of all wireless Access Point within that area. Walk in the direction that produce the greatest strength from Access point using a Laptop with NETSTUMBLER running. In this way we can detect the Rouge Access Point in a small area. For larger organization the vendor will deploy an advanced RF monitoring System in their network that can monitor the air and detect the Rouge Access Point. (P.Ronald,2009)

Efficient monitoring of network is required, the network should be monitored efficiently. The Network Administer not only need to make new safeguards into the network environment, but he/she also have to make sure that anyone who uses the network is properly educated in proper security practices.

References:-

P.Ronaldo(2009), Retrived on 25th jan 2010 from,

http://www.wi-fiplanet.com/tutorials/article.php/3590551

Small business hot topics,Retrived 22nd jan 2010 from

http://www.smallbusinesscomputing.com/webmaster/

Answer 2 Cryptography

Step1

First of all i download a compressed folder Md5 using the website

md5deep.sourceforge.net

Step5,6

After downloading and extracting the file i make a microsoft word document saved with the name country1.doc in the same folder that my snapshot is showing in step5,6.


Step9
In command prompt i entered MD5deep country1.doc to start the application that creates an MD5 hash of country1.doc
The ciphertext length of this hash is 128 bit.



Step11
This time i create another file name country2.doc without fullstop that i written in it and saved it in the same folder.




Step13
In command propt again i entered md5 country2.docto start the application


step14

Hashes is 32 characters

Now using the sha1deep for country1.docx length is 40 characters

Now using whirlpooldeep length is 128 for country1.docx

Now for country2.docx using whirlpooldeep length is 128 but characters are different.

References:-

The is done using SMAC 2.0 from the website:

www.klcconsulting.net/smac ,

and it can be found in the book "Security+ Guide to Network Security Fundamentals" 2008 by Mark Ciampa (page 222, Project 6-3).

Case project11.1

Hases using beside Atm's and paswords

Hashes is very useful technique today.it gives us very secure and safe way to keep information available for the authorised users. hashes are commanly used for downloading music, software and videos also. in this downloading a music or videos are stored in the web server and they have this hashes. when some one try to download this music or video the connection is established with the web server and than web server send a hash of a video or music to the local computer than when local computer download that music or video it compare the hash with origanal hash and than it allow the connection to download music or video.

Digital signature is the one of other example to use of hashes.Hashes are use to identify or authentication of source of information.I t is using for some message purpose systems. if the recipient can be sure, the message source. In addition, the recipient will be able to trace the source of their brand (Digital Signature, 2010).

References

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ft_md5v.html

From Cisco system, inc(1992,2010), retrived 25th jan 2010

http://www.hashtechnologies.com/about_us.htm

From hash technology Pvt Limited(2006.07), retrived 26th jan 2010

http://www.x5.net/faqs/crypto/q96.html

http://en.wikipedia.org/wiki/Cryptographic_hash_function

from digital signature wiki, retrived 26th jan 2010

Wireshark Analyzer

step1.This the free download option snapshot for wireshark. from the http://www.wireshark.org/.

website.

Step6

After downloading an installing Wireshark start capturing the packets by clicking the capture, interface and then start button next to it.

Step7
when traffic is low then i typed in command prompt "ftp server1"then packets appears in wireshark.

Step8

To detect and decode username and password i Opened a web browse

www.bluehost.com/cgi-bin/uftp/

In this snapshot i type the usernmae Gerald and passwors Happy but it saying no such account exits.
After username and password i came back to wireshark window and click edit and the click find packets search for Gerald as a string and it will show and then we can read and decode data in the packet.

In step 7 when we typed "ftp server1" in command prompt then wireshark start capturing packets for the ftp server and we can see al different types of packets through wireshark.

In step 8 when i entered username and password then wireshark will start capturing packets that send to that server and when we search for that packet then wireshark shows that captured packet.

References:-

Wireshark Protocol Analyzer from:

http://www.wireshark.org/,

and it can be found in the book "Security+ Guide to Network Security Fundamentals" 2008 by Mark Ciampa (page 148, Project 4-1).

Parmenter, T. (2007). Using a packet sniffer for network packet analysis. In Search Networking. Retrieved January 25, 2010, from http://searchnetworking.techtarget.com/news/interview/0,289202,sid7_gci1266202,00.html

Question 3

Q3. Latest Virus and its Attacks:-

One of the latest threat commonly known as Banbra.GHM which is categorised as a Trojan was detected on 10th December, 2009 poses threat on bank users. The users dealing with Brazilian banks online are the most vulnerable to this threat as their information is stolen when the access the website of their banks. This Trojan enters via email which contains few party pictures and some message in Portuguese language. This is mainly affecting computers based on of windows 2003, windows XP, windows 2000, Windows NT, windows ME and other older platforms. When the user tries to view the images attached in the email it shows an error and the Trojan enters the computer in this way. Once all the information is stored in a hidden file it is sent to the creator of the Trojan.

Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/216004/Banbra.GMH



The other type of threat commonly now a day is Antitroy which is type of a Adware was detected on 10th December, 2009. The alarm program adware users AntiTroy tricks on your computer, so that a particular program that can removal from the market of your computer. Some areas may get AntiTroy computer when the user uses the display banners or pop-window to download. It mainly affects the systems with Windows 2003/XP/2000/NT/ME/98/95. Here is some link enable to obtain through spam, scam sites and access to a computer.
Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/215978/AntiTroy


The other dangerous virus is called as a FakeWindows.A and technical name is Trojan and it was detected on 7th December, 2009. This is a fake in the Windows XP activation process is used to prevent the Windows product can be used as pirated software. To activate it, users will need to enter some data, including bank information. Once entered, the computer will be blocked. FakeWindows.A to reach the computer files, the file's icon with a pair of keys. However, it does not automatically mean that its own distribution. However, System does not automatically mean that their own distribution. It affects Windows 2003/XP/2000/NT.

Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/215885/FakeWindows.A


First detection of Koobface.GQ was on 3rd December 2009 called as a worm technical name. Its main objective is through the spread of its own social networks like Face book and affects many computers. This shows on the display of information, require users to enter a few characters on the screen to avoid a computer restart. In addition, links to web sites to download malicious files, including other variants Koobface, in order to expand their distribution. It produces a link to a video of the affected primary site Face book users, will share all of their contacts. If the link, the website, similar to YouTube's (in fact YuoTube) Display: It affecting computers based on of windows 2003, windows XP, windows 2000, Windows NT, windows ME and 95 other older platforms.

Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/215782/Koobface.GQ


Every day a new virus is coming to the market, that affect the lot of important works, in 2nd December 2009 a new Trojan was came with a common name Kates.D. This was very harmful and affected the Windows 2003/XP/2000/NT/ME/98/95/3.X platforms. It changes the configuration of Windows, monitoring network traffic, and block access to websites, publish information relating to computer security. This virus used several techniques, in order to avoid detection. It does not spread automatically using its own ways. In addition,, using a variety of techniques to prevent their detection of viruses. If it detects the computer antirootkit tool, it is to remove and registry entries to disable access to create their own.

Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/215740/Kates.D

Question 4. Anti virus Software

Step 4

Its a Screenshoot of System and Maintainance page in windows vista(control panel) .


Step 6

In advance tab when we click on setting under performance and then click the tab Data Execution Prevention.

Step 7


This Image shows the configuration when i select the option Turn on DEP for all Windows Programs and services except those i selected.

Step 12




When i right click on the file eicar_com.zip and then i scaned it i got 2 virus infected or healed but not removed.

Step 13


Then i again download file eicarcom2.zip. This is double compressed file with same fake viruses.

Step 18


Again i right click and scanned this time it shows 3 virus healed but same thing that it not removed.

Q3. Latest Virus and its Attacks:-

One of the latest threat commonly known as Banbra.GHM which is categorised as a Trojan was detected on 10th December, 2009 poses threat on bank users. The users dealing with Brazilian banks online are the most vulnerable to this threat as their information is stolen when the access the website of their banks. This Trojan enters via email which contains few party pictures and some message in Portuguese language. This is mainly affecting computers based on of windows 2003, windows XP, windows 2000, Windows NT, windows ME and other older platforms. When the user tries to view the images attached in the email it shows an error and the Trojan enters the computer in this way. Once all the information is stored in a hidden file it is sent to the creator of the Trojan.

Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/216004/Banbra.GMH



The other type of threat commonly now a day is Antitroy which is type of a Adware was detected on 10th December, 2009. The alarm program adware users AntiTroy tricks on your computer, so that a particular program that can removal from the market of your computer. Some areas may get AntiTroy computer when the user uses the display banners or pop-window to download. It mainly affects the systems with Windows 2003/XP/2000/NT/ME/98/95. Here is some link enable to obtain through spam, scam sites and access to a computer.
Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/215978/AntiTroy


The other dangerous virus is called as a FakeWindows.A and technical name is Trojan and it was detected on 7th December, 2009. This is a fake in the Windows XP activation process is used to prevent the Windows product can be used as pirated software. To activate it, users will need to enter some data, including bank information. Once entered, the computer will be blocked. FakeWindows.A to reach the computer files, the file's icon with a pair of keys. However, it does not automatically mean that its own distribution. However, System does not automatically mean that their own distribution. It affects Windows 2003/XP/2000/NT.

Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/215885/FakeWindows.A


First detection of Koobface.GQ was on 3rd December 2009 called as a worm technical name. Its main objective is through the spread of its own social networks like Face book and affects many computers. This shows on the display of information, require users to enter a few characters on the screen to avoid a computer restart. In addition, links to web sites to download malicious files, including other variants Koobface, in order to expand their distribution. It produces a link to a video of the affected primary site Face book users, will share all of their contacts. If the link, the website, similar to YouTube's (in fact YuoTube) Display: It affecting computers based on of windows 2003, windows XP, windows 2000, Windows NT, windows ME and 95 other older platforms.

Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/215782/Koobface.GQ


Every day a new virus is coming to the market, that affect the lot of important works, in 2nd December 2009 a new Trojan was came with a common name Kates.D. This was very harmful and affected the Windows 2003/XP/2000/NT/ME/98/95/3.X platforms. It changes the configuration of Windows, monitoring network traffic, and block access to websites, publish information relating to computer security. This virus used several techniques, in order to avoid detection. It does not spread automatically using its own ways. In addition,, using a variety of techniques to prevent their detection of viruses. If it detects the computer antirootkit tool, it is to remove and registry entries to disable access to create their own.

Panda Security (n.d) Encyclopedia Retrieved 21st December 2009
http://www.pandasecurity.com/homeusers/security-info/215740/Kates.D