answered: Just copy from file( class mates final technical report) to new one in own words. Instructions are a

Just copy from file( class mates final technical report) to new one in own words. Instructions are also given in Instructions of project 1 file as well. In simple words, copy from given file to own words. Try to look like not simple. Only keep the numbers exact same. That’s all. 

Final Technical Report

31 January 2022

Llyjerylmye Amos

COP 620 Project 1 Final Technical Report

Well-known ports range from 0 to 1023, and are assigned by Internet Assigned Numbers Authority
(IANA) base on the default services that are associated with the assigned ports. Administrators may
obfuscate services that are running on well-known ports by configuring services to be utilized on unused
ephemeral ports. However, the default configuration of well-known ports allow tech savvy personnel
and software vendors to speak a common language when configuring networking devices, information
systems (IS)s and or software applications. Within this lesson, 22-SSH, 23- Telnet, 25-SMTP, 53-DNS, 80-
HTTP, 110-POP3 and 443-HTTPS were the common ports and protocols that were reviewed, table 1.

Port Protocol
22 SSH
23 Telnet
25 SMTP
53 DNS
80 HTTP
110 POP3
443 HTTPS

Table 1. Common ports studies.

Firewalls are the most common network security devices installed on information systems (IS).
According to Cisco (n.d.), “a firewall is a network security device that monitors incoming and outgoing
network traffic and decides whether to allow or block specific traffic based on a defined set of security
rules”. Security rules may be applied to specific ISs, host-based firewalls, or to the entire network,
network-based firewalls to scan emails, hard drives for malware or to allow traffic on certain sections of
the subnet. Firewalls are also categorized into specific type such as, proxy firewalls, stateful inspection
firewalls, unified threat management firewalls, next-generation firewalls (NGFW), threat-focused
NGFWs and virtual firewalls to increase granularity on modern threats.

Network diagnostic tools “allows users to monitor network traffic for various [Network Interface Card]
NICs” (Microsoft, n.d.). Administrators can check IS status, services running, port connectivity and
troubleshoot networking issues. Threat actors can use these devices as well to compromise systems for
malicious intent. Within this lab, a few common network diagnostic tools used were Ping, Nslookup/Dig,
Ipconfig/Ifconfig, Traceroute, Nmap, Wireshark and Legion. Knowing how to use network diagnostic tool
and being aware of what is going on within an IS may increase security awareness and prevent system
compromise.

Ping may be one of the most widely used network diagnostic tools. It is an active network discovery
protocol that send ICMP packets to host (s) on a network and waits for a response to determine if host
(s) are available. It also measures the latency by timing the round trip time to see if data is transmitted
in a timely manner. During the process, it performs domain name translation by converting domain
names into IPs, and or IPs into domain names. It is integrated into most active network discovery tools,
and can be simply used in a command line interface (CLI) by using the command “ping x.x.x.x” (x which
stand for host IP address). In the Wireshark lab, “ping -c 4 3.91.242.220” was used against UMGC-COP-
620-Target to discover that it was an active host.

Nslookup and Dig are network diagnostic tools that query domain name systems (DNS) and translate IP
addresses into domain names, and vice versa. Nslookup is supported on Window’s systems while Dig is

typically on Linux systems. Dig also have the functionality to query for DNS record types such as A, AAAA
and MX. In this lab, Dig was use to locate the A record for Walmart.com, which revealed an IP address of
161.170.232.170.

Ipconfig/ifconfig are network diagnostic commands that allow users to view information about network
interfaces and to configure them. Information such as IPv4/IPv6 address, default gateway, MAC address,
subnet, DNS, DHCP, etc., can be viewed to assist with network diagnostics. Most popular operating
systems (OS) offer this functionality, however the commands may differ between systems. Windows is
most notably known for using ipconfig, while Linux OS operates on ifconfig in the CLI.

Traceroute/tracert benefit administrators by providing feedback on network connectivity. It follows the
path data is sent to its destination by sending ICMP packets, which are timed and incremented as data is
traversed across each router, and calculates the returned echo to determine the network status of the
device along the way. If the ICMP packet does not reach its destination, it usually indicates a network
issue between the path after the last identified known good router and the next hop. It should be noted
that not all incomplete traces constitutes a network issue, as administrators may configure devices to
not respond to ICMP packets for security reasons. Traceroute was ran from UMGC-COP-620-
Workstation to the umgc.edu web server. Traceroute indicated that 15 routers were traversed to
successfully reach umgc.edu-13.32.201.27.

Nmap or Zenmap, is a scanning device use to perform inventory and or reconnaissance on devices
located on a network. It identifies IP addresses, port status, services in use, along with built-
in/customizable scripts to automate functionality. It is an active network diagnostic tool that capitalizes
off of using ICMP packets and by manipulating TCP flags when attempting a handshake with another
device. The software can be executed specifically from the CLI using Nmap or, if preferred, from the
graphical user interface (GUI) by using Zenmap. Nmap -p- 3.91.242.220 was used to perform a scan on
all open ports on UMGC-COP-620-Target. It indicated that 8 ports were open and that 1 was filtered, as
shown in table 2.

Port State Service
21 Open FTP
22 Open SSH
23 Open Telnet
25 Filter SMTP
53 Open DNS
80 Open HTTP
443 Open HTTPS
3128 Open Squid HTTP
8080 Open HTTP Proxy

Table 2. Port scan on 3.91.242.220

Wireshark is a packet analyzing utility that differs from the other network diagnostic tools mentioned
previously, mainly because it is a passive scanning tool. ICMP packets are not used, instead the NIC is
configured to allow data to be captured from a specify device or on an entire network when tapped into
a switch. Wireshark is capable of capturing password exchanges during a three-way handshake when
secure encryption protocols are not in use. Other network data can be viewed also by administrators to

study the traffic on the network and to analyze the data that is passed within it. While reviewing a PCAP,
with the FTP filter applied, Wireshark captured the username, anonymous, and password, anonymous
from a three-way handshake between 192.168.202.128 and 192.168.202.131.

Legion is a “semi-automated network penetration testing framework that aids in discovery,
reconnaissance and exploitation of information systems” (Ranjith, 2019). It is an all in one tool that
integrates the functionality of Nmap, password crackers and vulnerability scanners. It also displays
Common Vulnerabilities and Exposures (CVE)s and Common Platform Enumeration (CPE)s, which aids
with associating captured vulnerabilities to the National Vulnerability Database (NVD) managed by
National Institute of Standards and Technology (NIST). In the Wireshark lab, Legion revealed several
open ports, their services, cracked a SSH password and displayed the CVEs associated with the
vulnerability.

Wireshark was an invaluable tool that captured behind the scene data that was transferred between the
host and client of two sites. Unfortunately it was not able to display the plane text data from
http://stealmylogin.com nor https://umgc.edu because Transport Layer Security (TLS) was being used.
However, it was able to capture the sequence number from the three way handshake,
source/destination IP, source/destination port and other helpful data from the packet capture.

Within this lab, Legion impressed me the most because of its easy to use, network diagnostics and
inclusive penetration testing capabilities. It reduces burdens and time that would be used to switch
between multiple scanning tools to diagnose network issues. It also take it a step further by
incorporating password cracking and vulnerabilities assessment utilities. If the active approach was too
noisy or bandwidth intense, and a stealthier method was needed, Wireshark would be a great network
administration tool to monitor data flowing across the network. It is passive by nature, allow
administrators to see detailed packet information, and can be ran with minimum interference on
network traffic. Both tools could be used daily by administrators to increase the network’s security
posture, however Legion may be required to run during hours of less network traffic.

Cyber operation analyst are at the forefront of protecting the nation’s critical infrastructures and data
systems from cyber-attacks, however they require accurate information about the threat and diverse
functionality in network diagnostic tools. In addition to the tools used in the lab, a cyber operation
analyst would benefit greatly from using a network intrusion device. An intrusion detection system (IDS)
monitors the network for unusual or anomalous activity and notifies the system administrator if erratic
or suspicious behavior is taking place. Intrusion prevention systems (IPS)s are capable of completing the
same tasks but may be configured to respond to the threat.

Network diagnostic tools can identify a wealth of information within a network but may cause some
adverse effects within it as well. Network bandwidth may be degraded, causing high priority data to be
delayed or even corrupted during the process. Prior to conducting a vulnerability scan, administrators
should project the schedule timelines and identify the network to scan for leadership’s approval. This
will keep everyone informed of the process and deconflict with network traffic consumption during high
bandwidth usage hours.

References

Cisco. (n.d.). What Is a Firewall? Cisco.
https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html

Microsoft. (n.d.) Network Diagnostic Tool. Microsoft. https://www.microsoft.com/en-us/p/network-
diagnostic-tool/9mwptk5qhvxm#activetab=pivot:overviewtab

Ranjith. (2019, March 10). Legion: An Open Source, Easy-To-Use, Super-extensible & Semi-Automated
Network Penetration Testing Tool. Kalitutorials. https://kalilinuxtutorials.com/legion-penetration-
testing/

For your final step, you will synthesize the previous steps and labs to summarize the major findings from this project.

Specifically, you will prepare a technical report that summarizes your findings including:

1. Provide a table of common ports for protocols we studied. Discuss how security devices can be used to within a larger network to control subnets and devices within those subnets.

2.  Discuss network diagnostic tools you used in this lab. Summarize their functionality and describe specifically how you used each tool. Discuss the results you used to assist in both the discovery phase and protocol analysis of the sites you analyzed. What tools impressed you the most and would be most useful for an analyst to employ in the daily activities? What other functionality do you think would be useful to cyber operations analysts?

3. Research and discuss the ethical use of these tools. For example, if you discover a serious vulnerability, what you should you do? What communications should you have with site owners prior to conducting vulnerability scans?

The report should include a title page, table of contents, list of tables and figures (as applicable), content organized into sections. Be sure to properly cite your sources throughout, and include a list of references, formatted in accordance with APA style.

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more