text.123docz.net
Open in
urlscan Pro
107.167.189.210
Public Scan
URL:
https://text.123docz.net/document/9883685-mang-may-tinh-nang-cao.htm
Submission: On April 24 via manual from EE — Scanned from NL
Submission: On April 24 via manual from EE — Scanned from NL
Form analysis 0 forms found in the DOM
Text Content
luanvansieucap
luanvansieucap
* Luận Văn - Báo Cáo
* Kỹ Năng Mềm
* Mẫu Slide
* Kinh Doanh - Tiếp Thị
* Kinh Tế - Quản Lý
* Tài Chính - Ngân Hàng
* Biểu Mẫu - Văn Bản
* Giáo Dục - Đào Tạo
* Giáo án - Bài giảng
* Công Nghệ Thông Tin
* Kỹ Thuật - Công Nghệ
* Ngoại Ngữ
* Khoa Học Tự Nhiên
* Y Tế - Sức Khỏe
* Văn Hóa - Nghệ Thuật
* Nông - Lâm - Ngư
* Thể loại khác
* Báo Cáo Thực Tập
* Luận Văn - Báo Cáo
* Kỹ Năng Mềm
* Mẫu Slide
* Kinh Doanh - Tiếp Thị
* Kinh Tế - Quản Lý
* Tài Chính - Ngân Hàng
* Biểu Mẫu - Văn Bản
* Giáo Dục - Đào Tạo
* Giáo án - Bài giảng
* Công Nghệ Thông Tin
* Kỹ Thuật - Công Nghệ
* Ngoại Ngữ
* Khoa Học Tự Nhiên
* Y Tế - Sức Khỏe
* Văn Hóa - Nghệ Thuật
* Nông - Lâm - Ngư
* Thể loại khác
Tải bản đầy đủ (.pdf) (9 trang)
1. Trang chủ
>>
2. Công nghệ thông tin
>>
3. Mạng căn bản
MẠNG MÁY TÍNH NÂNG CAO
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu
tại đây (732.97 KB, 9 trang )
Lab 3:
Network Security Threats
Student Name: Hoàng Nguyễn Anh Quốc
Student No: 51002641
I.
Objectives
Get to know some common network security threats
Using Nmap to analyze vulnerabilities of a specific host
II.
Preparation
Download and install nmap from select the version that is appropriate to
your operating system version.
III.
Some common network security threats
a. Viruses and worms
A Virus is a “program or piece of code that is loaded onto your computer without
your knowledge and runs against your wishes, Viruses can cause a huge amount of
damage to computers.
In relation to a network, if a virus is downloaded then all the computers in the
network would be affected because the virus would make copies of itself and
spread
itself across networks
A worm is similar to a virus but a worm can run itself whereas a virus needs a
host
program to run.
Virus: W32.UsbFakeDrive - Khi mở USB bị nhiễm virus, người sử dụng sẽ thấy
một ổ đĩa nữa trong USB đó và phải mở tiếp ổ đĩa thứ hai này mới thấy được dữ
liệu. Thực chất, ổ đĩa thứ hai chính là một shortcut chứa file virus. Khi người
dùng mở dữ liệu cũng là lúc máy tính bị nhiễm mã độc từ USB.
Worm
nhiên
:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n "windows auto update" = msblast.exe
Triệu chứ
, v.v…)
b. Trojan Horses
CuuDuongThanCong.com
/>
A Trojan Horse is “a program in which malicious or harmful code is contained
inside
apparently harmless programming or data in such a way that it can get control
and do
its chosen form of damage, such as ruining the file allocation table on your
hard disk.
In a network if a Trojan Horse is installed on a computer and tampers with the
file
allocation table it could cause a massive amount of damage to all computers of
that
network.
Một thí dụ mẫu về Trojan horse có ở www.freewebs.com/em_ce_do/doctor.exe. Chương
trình này sẽ tự động tắt máy khi chạy và sẽ tự chép phiên bản vào thư mục
"StartUp" và
như vậy máy sẽ tự động tắt ngay lập tức mỗi lần máy được khởi động. Con Trojan
horse
này sẽ tự hủy sau một giờ hoạt động hay có thể được xóa bỏ bằng cách khởi động
vào chế
độ chờ lệnh (command prompt) và từ đó xóa tệp này bằng lệnh xóa. Chương trình
này chỉ
chạy được trên Windows XP.
c. SPAM
SPAM is “flooding the Internet with many copies of the same message, in an
attempt
to force the message on people who would not otherwise choose to receive it.
Spam mail, spam chat…
d. Phishing
Phishing is “an e-mail fraud method in which the perpetrator sends out
legitimatelooking emails in an attempt to gather personal and financial
information from
recipients.
CuuDuongThanCong.com
/>
e. Packet Sniffers
A packet sniffer is a device or program that allows eavesdropping on traffic
travelling
between networked computers. The packet sniffer will capture data that is
addressed
to other machines, saving it for later analysis.
In a network a packet sniffer can filter out personal information and this can
lead to
areas such as identity theft so this is a major security threat to a network.
CuuDuongThanCong.com
/>
Giải pháp: mã hóa dữ liệu được gửi đi để tránh sniff các thông tin quan trọng.
f. Maliciously Coded Websites
Some websites across the net contain code that is malicious. Malicious code is
“Programming code that is capable of causing harm to availability, integrity of
code
or data, or confidentiality in a computer system.
The source code of this page contains various “.js” files. The “search.js” file
is infected
with malicious JavaScript code. Here is the source code of that file:
The malicious JavaScript code is inserted at the bottom of this “.js” file. Here
is the
malicious content:
CuuDuongThanCong.com
/>
g. Password Attacks
Password attacks are attacks by hackers that are able to determine passwords or
find
passwords to different protected electronic areas.
Many systems on a network are password protected and hence there are more
chances
for a hacker to hack into the systems and steal data.
Dùng keylogger, sniff hoặc phishing… để lấy password.
h. Hardware Loss and Residual Data Fragments
Hardware loss and residual data fragments are a growing worry for companies,
governments etc.
i. Shared Computers
Shared computers are always a threat.
Shared computers involve sharing a computer with one or more people.
1 máy tính mang virus kết nối vào mạng LAN và máy này cho phép các máy khác truy
cập
vào. Hậu quả có thể là toàn bộ máy trong mạng LAN bị nhiễm virus.
j. Zombie Computers and Botnets
“A zombie computer, or “drone” is a computer that has been secretly compromised
by hacking tools which allow a third party to control the computer and its
resources
remotely.
A hacker could hack into a computer and control the computer and obtain data.
A botnet “is a number of Internet computers that, although their owners are
unaware
of it, have been set up to forward transmissions (including spam or viruses) to
other
computers on the internet.
This is a major security threat on a network because the network, unknown to
anyone, could be acting as a hub that forwards malicious files etc to other
computers.
Hacker dùng kiểu tấn công DdoS và click fraud để hướng nạn nhân click vào các
trang
web, quảng cáo của họ.
Exercise:
1. Give example and solution for each threat
IV.
NMap
Nmap, short for Network Mapper, is a very versatile security tool that should be
included
in every professional’s toolkit. Nmap is an open source utility for network
exploration,
security scanning and auditing. It comes with a very wide range of options that
can make
the utility more robust and can add or change features to your specifications.
Nmap was created by Gordon Lyon, a.k.a. Fyodor Vaskovich, and first published in
1997. Since the source code has been available the software has been expanded
greatly.
In addition to improvements in the functionality of the program, graphical user
interfaces
and support for numerous operating systems have been developed. Currently Nmap
can
run on Linux, Windows, OS X, FreeBSD, Solaris, Amiga, HP-UX, and others. GUI
versions are also available on most of these systems along with the command line
CuuDuongThanCong.com
/>
versions. There are also implementations that can take advantage of web browsing
to
allow for access to Nmap via a web browser.
Nmap is very popular among security professionals as well as black hat hackers
because
of its numerous uses. The most recent version of the program can be used to
check for
network host discovery, port scanning, version and OS detection, network
inventory, ping
sweeps, and detailing logging mechanisms. These various uses are all important,
but what
the most basic sections of the program deal with are host discovery and port
scanning.
Nmap can be used to check to see what other devices and machines are connected
to the
network. It can also be used to check which ports on these devices are open and
closed.
The results of these type scans can be saved to a log file which can be analyzed
at a later
time or saved for future comparison.
Complete documentation and download information can be found at as
well as much more information pertaining to the use of the product.
Nmap is often used in combination with other open source security tools such as
Snort,
Nessus, and Wireshark to help secure networks from attacks. In combination with
these
other tools a powerful security suite can be established that can help to ensure
protection
of networks. Other important techniques to follow include frequently patching
all
systems, routine security audits, and enforcement of security policies.
a. Host Discovery Using NMAP
At the command line, type “nmap” and press Enter to see available nmap scan
types and
options.
2. Which is the option to determine whether a host is online or not?
At the command line, type “nmap –sP [Network Address].*”and press Enter. The *
at
the end of the network address means to scan every possible IP address on that
network.
The –sP option tells Nmap to only perform a ping scan (host discovery), then
print out
the available hosts that responded to the scan. This will take some time, please
be patient.
You can press Enter to check the progress of the scan.
3. How many hosts did you discover? 57
4. How many IP addresses were scanned? 256
5. What are the IP addresses of the hosts? (List 5 IP addresses)
Host is up (0.066s latency).
MAC Address: 00:0E:84:54:E2:FF (Cisco Systems)
Nmap scan report for 172.28.13.2
Host is up (0.0020s latency).
MAC Address: EC:30:91:EC:C0:41 (Cisco Systems)
Nmap scan report for 172.28.13.5
Host is up (0.0020s latency).
MAC Address: 00:25:45:22:92:76 (Cisco Systems)
Nmap scan report for 172.28.13.6
Host is up (0.0030s latency).
MAC Address: 00:17:E0:15:22:80 (Cisco Systems)
Nmap scan report for 172.28.13.7
Host is up (0.0030s latency).
MAC Address: 00:17:E0:15:17:C0 (Cisco Systems)
Nmap scan report for 172.28.13.14
CuuDuongThanCong.com
/>
Minh họa cho câu 3,4,5:
Starting Nmap 6.40 ( ) at 2013-09-18
13:42 SE Asia Standard Time
Nmap scan report for 172.28.13.1
Host is up (0.066s latency).
MAC Address: 00:0E:84:54:E2:FF (Cisco Systems)
Nmap scan report for 172.28.13.2
Host is up (0.0020s latency).
MAC Address: EC:30:91:EC:C0:41 (Cisco Systems)
Nmap scan report for 172.28.13.5
Host is up (0.0020s latency).
MAC Address: 00:25:45:22:92:76 (Cisco Systems)
Nmap scan report for 172.28.13.6
Host is up (0.0030s latency).
MAC Address: 00:17:E0:15:22:80 (Cisco Systems)
Nmap scan report for 172.28.13.7
Host is up (0.0030s latency).
MAC Address: 00:17:E0:15:17:C0 (Cisco Systems)
Nmap scan report for 172.28.13.14
Host is up (0.0020s latency).
MAC Address: 00:21:5E:57:18:6E (IBM)
Nmap scan report for 172.28.13.15
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:17:63 (Dell)
Nmap scan report for 172.28.13.27
Host is up (0.00s latency).
MAC Address: 00:25:90:0F:15:AC (Super Micro
Computer)
Nmap scan report for 172.28.13.28
Host is up (0.00s latency).
MAC Address: 00:25:90:30:EA:DC (Super Micro
Computer)
Nmap scan report for 172.28.13.29
Host is up (0.0010s latency).
MAC Address: 00:25:90:30:EA:80 (Super Micro
Computer)
Nmap scan report for 172.28.13.41
Host is up (0.0010s latency).
MAC Address: 00:22:19:AC:65:16 (Dell)
Nmap scan report for 172.28.13.42
Host is up (0.0010s latency).
MAC Address: 00:0C:29:7A:23:58 (VMware)
Nmap scan report for 172.28.13.43
Host is up (0.00s latency).
MAC Address: 00:0C:29:00:DD:40 (VMware)
Nmap scan report for 172.28.13.44
Host is up (0.00s latency).
MAC Address: 00:0C:29:65:A3:B9 (VMware)
Nmap scan report for 172.28.13.45
Host is up (0.0010s latency).
MAC Address: 00:0C:29:B1:AF:D5 (VMware)
Nmap scan report for 172.28.13.46
Host is up (0.0010s latency).
MAC Address: 00:0C:29:29:ED:60 (VMware)
Nmap scan report for 172.28.13.47
Host is up (0.00s latency).
MAC Address: 00:0C:29:7A:3A:AC (VMware)
Nmap scan report for 172.28.13.49
Host is up (0.00s latency).
MAC Address: 00:0C:29:6C:BC:7D (VMware)
Nmap scan report for 172.28.13.55
Host is up (0.0010s latency).
MAC Address: 00:21:5E:28:BE:FC (IBM)
Nmap scan report for 172.28.13.56
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:29:3A (Dell)
Nmap scan report for 172.28.13.57
Host is up (0.0010s latency).
MAC Address: 08:00:27:C8:60:54 (Cadmus Computer
Systems)
Nmap scan report for 172.28.13.58
Host is up (0.0010s latency).
MAC Address: 08:00:27:FF:D0:B2 (Cadmus Computer
Systems)
Nmap scan report for 172.28.13.62
Host is up (0.00s latency).
MAC Address: 00:50:56:2D:6C:B7 (VMware)
Nmap scan report for 172.28.13.63
Host is up (0.00s latency).
MAC Address: 00:50:56:37:1B:B2 (VMware)
Nmap scan report for 172.28.13.75
Host is up (0.013s latency).
MAC
Address:
70:F1:A1:35:FF:E8
(Liteon
Technology)
Nmap scan report for 172.28.13.77
Host is up (0.013s latency).
MAC
Address:
1C:65:9D:2C:B4:A1
(Liteon
Technology)
Nmap scan report for 172.28.13.79
Host is up (0.013s latency).
MAC Address: 00:22:FB:5C:CF:A6 (Intel Corporate)
Nmap scan report for 172.28.13.81
Host is up (0.013s latency).
MAC
Address:
1C:65:9D:2C:B4:A1
(Liteon
Technology)
Nmap scan report for 172.28.13.91
Host is up (0.010s latency).
MAC
Address:
AC:81:12:00:DA:3D
(Gemtek
Technology Co.)
Nmap scan report for 172.28.13.92
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:29:26 (Dell)
Nmap scan report for 172.28.13.99
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:2A:D5 (Dell)
Nmap scan report for 172.28.13.100
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:18:8F (Dell)
Nmap scan report for 172.28.13.105
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:29:D0 (Dell)
Nmap scan report for 172.28.13.119
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:2A:84 (Dell)
Nmap scan report for 172.28.13.126
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:16:F1 (Dell)
Nmap scan report for 172.28.13.128
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:25:E5 (Dell)
Nmap scan report for 172.28.13.131
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:2A:71 (Dell)
Nmap scan report for 172.28.13.132
Host is up (0.018s latency).
MAC
Address:
70:F1:A1:35:FF:E8
(Liteon
Technology)
Nmap scan report for 172.28.13.134
Host is up (0.00s latency).
MAC Address: 00:25:64:CC:91:E4 (Dell)
Nmap scan report for 172.28.13.135
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:18:AC (Dell)
Nmap scan report for 172.28.13.137
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:26:AE (Dell)
Nmap scan report for 172.28.13.145
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:29:35 (Dell)
Nmap scan report for 172.28.13.146
Host is up (0.00s latency).
MAC Address: 00:24:E8:2D:2B:E0 (Dell)
Nmap scan report for 172.28.13.151
Host is up (0.00s latency).
MAC Address: 00:21:5E:29:67:D7 (IBM)
Nmap scan report for 172.28.13.157
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:26:4B (Dell)
Nmap scan report for 172.28.13.160
Host is up (0.0010s latency).
MAC Address: 00:24:E8:2D:24:AB (Dell)
Nmap scan report for 172.28.13.166
Host is up (0.020s latency).
MAC Address: 00:26:C7:DB:71:72 (Intel Corporate)
Nmap scan report for 172.28.13.167
Host is up (0.00s latency).
MAC
Address:
20:CF:30:4B:E8:CB
(Asustek
Computer)
Nmap scan report for 172.28.13.168
Host is up (0.00s latency).
MAC Address: 48:5B:39:66:D2:87 (Asustek Computer)
Nmap scan report for 172.28.13.171
Host is up (0.0010s latency).
MAC Address: 14:FE:B5:B4:5F:B5 (Dell)
Nmap scan report for 172.28.13.173
Host is up (0.0010s latency).
MAC Address: 00:24:BE:46:49:E5 (Sony)
Nmap scan report for 172.28.13.175
Host is up (0.0020s latency).
MAC Address: 00:24:E8:2D:2B:C7 (Dell)
Nmap scan report for 172.28.13.176
Host is up (0.0020s latency).
MAC Address: F0:4D:A2:BF:3B:5F (Dell)
Nmap scan report for 172.28.13.188
Host is up (0.00s latency).
MAC Address: 00:21:5E:29:68:8C (IBM)
Nmap scan report for 172.28.13.200
Host is up (0.0020s latency).
MAC Address: 00:24:E8:2D:16:CB (Dell)
Nmap scan report for 172.28.13.251
Host is up (0.0010s latency).
MAC Address: 00:21:5E:28:BF:58 (IBM)
Nmap scan report for 172.28.13.170
Host is up.
Nmap done: 256 IP addresses (57 hosts
up) scanned in 12.63 seconds
You can also use Nmap to scan other networks (use –n option to save time). For
example,
if the available networks are 192.168.101.*, 192.168.102.*, 192.168.103.*, and
192.168.104.*, you can type “nmap –sP 192.168.101‐104.* ‐n” to scan all networks
in
one command. “101‐104” means the range of the networks 101, 102, 103, and 104.
b. Port Scan
Nmap is an efficient port scanner. Port scanning is to detect any valunabilitis
on a
network or host computer. Network administrator can use Nmap to detect undesired
CuuDuongThanCong.com
/>
services running on a network. The simple command nmap target scans more than
1660
TCP ports on the host target and indentify open ports. In the following
exercise, you will
use nmap to scan port on a host.
Identify the IP address of your network’s default gateway. At the command line,
type
“nmap [Default Gateway IP Address]” and press Enter. This may take several
seconds.
6. How many ports are open? 1 (1309/tcp)
7. Does the target host the web, ftp, and telnet services? jtag-server
(Yêu cầu đưa hình ảnh minh họa được đưa ra sau buổi học lab nên mục này chưa có
hình.)
Identify another target on your local area network. You can use a target host
that you
have discovered in the earlier exercise. At the command line, type “nmap –sT
[target]”
and press Enter. This may take several seconds. The –sT option is to perform a
TCP port
scan.
Use –O option to discover the operating system of your target. At the command
line, type
“nmap –O [target]”.
8. Identify which ports are open on a specific machine, corresponding services
and their
versions. How can an attacker exploit these information?
Starting Nmap 6.40 ( ) at 2013-09-18 14:10 SE Asia Standard Time
Nmap scan report for 172.28.13.135
Host is up (0.00062s latency).
Not shown: 984 closed ports
PORT
STATE
SERVICE
135/tcp
open
msrpc
139/tcp
open
netbios-ssn
445/tcp
open
microsoft-ds
554/tcp
open
rtsp
2869/tcp
open
icslap
3389/tcp
open
ms-wbt-server
5357/tcp
open
wsdapi
5800/tcp
open
vnc-http
5900/tcp
open
vnc
10243/tcp
open
unknown
49152/tcp
open
unknown
49153/tcp
open
unknown
49154/tcp
open
unknown
49155/tcp
open
unknown
49156/tcp
open
unknown
49158/tcp
open
unknown
MAC Address: 00:24:E8:2D:18:AC (Dell)
Nmap done: 1 IP address (1 host up) scanned in 1.97 seconds
CuuDuongThanCong.com
/>
V.
References
/> />
CuuDuongThanCong.com
/>
TÀI LIỆU LIÊN QUAN
* Tài liệu Mạng máy tính nâng cao pptx
* 22
* 748
* 9
* Giáo án Bài giảng: Giáo án môn mạng máy tính nâng cao Chương 1: Tổng quan về
mạng máy tính
* 46
* 1
* 1
* Giáo án Bài giảng: Giáo án môn mạng máy tính nâng cao Chương 2: Mô hình OSI
và TCP/IP
* 53
* 1
* 3
* Giáo án Bài giảng: Giáo án môn mạng máy tính nâng cao Chương 4: Tầng liên kết
dữ liệu
* 74
* 993
* 4
* Giáo án Bài giảng: Giáo án môn mạng máy tính nâng cao Chương 5: Tầng mạng
* 59
* 608
* 1
* Giáo án Bài giảng: Giáo án môn mạng máy tính nâng cao Chương 6: Tầng vận
chuyển
* 69
* 647
* 1
* Giáo án Bài giảng: Giáo án môn mạng máy tính nâng cao Chương 7: Tầng ứng dụng
* 50
* 625
* 0
* Giáo án Bài giảng: Giáo án môn mạng máy tính nâng cao Chương 8: Thiết bị mạng
* 33
* 644
* 0
* Đề thi Mạng Máy Tính nâng cao pot
* 1
* 311
* 0
* Bài giảng điện tử môn tin học: Truyền số liệu và Mạng máy tính nâng cao doc
* 48
* 783
* 3
TÀI LIỆU BẠN TÌM KIẾM ĐÃ SẴN SÀNG TẢI VỀ
(732.97 KB - 9 trang) - Mạng máy tính nâng cao
Tải bản đầy đủ ngay
×
Copyright © 2020 123Doc. Design by 123DOC