IST 462NAME ___Nick Adams______

Test 2, Part 1

After answering the following questions, name your file:

LastName.FirstName.Test2Part1

and save your file in the correct folder on Blackhawk.

1.Define the term back door and explain how one is created.

An attack in which an attacker creates an account without the administrator’s knowledge or permission. The back door is not easily detectable and allows for remote access to the system.

2.Explain the concept of DNS poisoning.What kind of addresses are used?

An attack alters DNS records in either the hosts file or on a legitimate DNS server. The attacker substitutes fraudulent IP addresses for legitimate ones linked to symbolic (e.g., domain) names. When the user enters the domain name into his web browser, he is directed to a fraudulent site instead of the real one.

3.DNS spoofing is a specific form of DNS poisoning. Explain how DNS spoofing works.

DNS spoofing takes advantage of the DNS process called zone transfers. An attacker uses a fraudulent DNS server to convince a legitimate DNS server to accept the DNS entries on the fraudulent server. These spoofed entries then redirect users seeking legitimate web sites to fraudulent web sites.

4.Define ARP poisoning and explain how this can take place. What kind of addresses are involved in this type of attack?

Computers on a network send our Address Resolution Protocol messages on their connected network to construct a table linking IP addresses to MAC addresses for devices in the network (ARP table). ARP poisoning occurs when a computer sends out a request for a MAC address belonging to a given IP and an attacker’s computer responds with a fraudulent MAC address. The first computer then associates the attacker’s computer with the IP, and traffic meant for a legitimate computer is directed instead to the attacker’s.

5.What is war driving? Is it illegal?

War driving is the process of searching for wifi (via car, airplane, bike, etc.). It is only illegal when the user connects to the wifi without the owner’s permission, and it is only illegal in certain localities.

6.Suppose a company owns an IP address of 198.60.18.0/24. Through subnetting they want to create four equal-size subnets.

A.How many bits will this subnetting require?

At least 26

B.Where are these bits located?

If using /26, then the highest two digits in the fourth octet:

(.11000000)

C.Give two ways this can improve network security.

-Isolates each group to avoid compromising the entire network if one group is compromised.

-Allows for confidentiality within each subnet.

7.Describe the concept of a VLAN. How does this improve network security?

VLANs allow the network to be grouped logically. Scattered users can belong to the same network using VLAN.

Like subnetting, VLANs isolate each group to prevent compromising the entire network if one group is compromised. Also allows for confidentiality within each VLAN.

8.Describe how NAT works. What kind of addresses are involved? Explain how it works.

As a packet leaves a network, NAT removes the private IP address from the sender’s packet and replaces it with an alias IP address.The process is reversed when the user receives a response.

9.Explain the concept of a honey pot. How does this improve network security?

Honeypots are fake servers with fake data which mimic real servers but which, when attacked by hackers, do not threaten the actual network. Hackers are tricked or trapped into attacking a honeypot but gain no access to the actual network. Honeypots provide the network administrator with valuable data concerning attacks and attacker habits so that he can secure the real network.

10.Explain what a DMZ is and describe how it enhances network security.

The Demilitarized Zone is a separate network which contains web servers, email servers, and honeypots. The DMZ is available to the public as needed, but it insures network security because of the firewalls and security devices separating it from the rest of the related network. The key is the separation.

11.Explain how a NAC works. How does it enhance network security?

Network access is monitored and controlled by NAC. It is a program which checks all connected clients for updated antivirus software and other security criteria before it allows them full connectivity. If the client does not pass the criteria, the NAC assigns it to a quarantined VLAN where it can go through the process of becoming secure (updating, downloading required software). This insures network security by restricting access to potentially harmful computers.

12.In the Windows NAC system, what happens if a client is not approved for connection to the network?

The client is quarantined in a restricted access VLAN until the client becomes secure.

13.In Lab 4.2 we monitored FTP data using what program?

Wireshark

14.Does FTP encrypt data in transit? Explain.

No, FTP does not have a mechanism for transferring dataencrypted. Users should use SFTP or SSH to encrypt data.

15.Explain the following Snort rule:

Log icmp any any -> 192.168.21.0/24 111

Snort logs any pings from any IP and any port that are sent to 192.168.21.111

16.What type of network attack is shown in the following figure?

DNS poisoning