In your own words provide a brief definition of user access control (UAC). Does it do any good or complicate thiings? Is a software vendor’s lack of adequate security a violation of ethics? Is it a fiscal decision? Do vendors have a responsibility to their shareholders?
– No plag
– 350-400 words only
– 3 citations.
Starting with the downloadable assignment files, write the Javascript needed for the application. Use the book and lectures as a guide. In this exercise, you’ll develop an Image Gallery application that displays different images when the user clicks on the links at the top of the page. This works like the Image Swap application below.
1. You’ll find the HTML, CSS, and image files for this application in the week 6 folder
You’ll also find an empty JavaScript file named image_gallery.js. You can add your code to this file. Customize the interface with your first and last names.
2. In the JavaScript file, add an event handler for the ready() event method.
3. Use the each() method to run a function for each <a> element in the unordered list of items. Then, add jQuery code that gets the URL and caption for each image and preloads the image. You can get the URL from the href attribute of the <a> element, and you can get the caption from the title attribute.
4. Add an event handler for the click event of each link. The function for this event handler should accept a parameter named evt. The jQuery code for this event handler should display the image and caption for the link that was clicked. In addition, it should use the evt parameter to cancel the default action of the link.
5. Add a jQuery statement that moves the focus to the first link on the page when the page is loaded.
Write a program that prompts for the scores of 10 quizzes (max 10 points each) and then 10 mini-projects (max 20 points each). You must use a loop when prompting for these. Be sure to check that each answer is within range (see example below). In the end, write out some basic statistics as shown below. Be sure to look at all three examples below.
© Paul Koester, Dallas County Community College, 2018
COSC 2425 – Computer Organization
Lab #2 – Hamming Code
Attached to this assignment is a Java program that converts a text file to a list of hexadecimal
numbers. Each of those hexidecimal numbers represents the bit pattern of a character from
the file with the parity bits (even parity) for a hamming code inserted. Each text character
takes 8 bits and the hamming code adds 4 bits. This hamming code provides single-bit error
correction.
Requirements
1. The program must be written in Java. If you have not used Java before, you can learn it
enough to do this assignment, by looking at the provided program.
2. You can use Eclipse to write, compile and test your program, but you may also use any
other development environment you like. Only the .java file will be submitted.
3. The program will use the provided Hamming class. It will implement the decode
function. The decode function is the reverse of the encode function, but it also performs
single bit correction when necessary.
4. Display a message to the console when an error is corrected, as in the example below.
5. The main function must be rewritten to read hexidecimal numbers from hamming.txt
file and write decoded and corrected text to output.txt.
6. Test the program with different input files. The instructor will test it with a hamming.txt
file different from the one provided.
Hint: The Java hasNextInt(16) and nextInt(16) input functions are helpful in reading hexadecimal numbers from a file.
Upload: Your Java (.java) file.
Sample Output File hamming.txt opened
Error in bit 9 corrected in character 2
Error in bit 3 corrected in character c
Error in bit 10 corrected in character p
File output.txt closed
Note: In addition to the output shown above, the output of this program includes the decoded text
written to output.txt.
HackerView Vulnerability Assessment
Silicon Forest Technology Group
IP Address Analyzed 1.2.3.4 (example purposes only)
Operating System Fingerprint
Multiple
Technical Attention Priority SIGNIFICANT – Remote Access Risk & Unsupported
Operating Systems (Windows 2000)
Type of Analysis
External Scan
Analysis Date July 29, 2011
Document ID #
HV11201-01
THIS IS AN EXAMPLE HACKERVIEW – THIS CONTAINS DATA FOR EXAMPLE PURPOSES ONLY.
HackerView Vulnerability Assessment Page 2 of 17
Table of Contents
HACKERVIEW VULNERABILITY ASSESSMENT OVERVIEW 3 EXECUTIVE SUMMARY 3 SUMMARY FINDINGS 3 ASSESSMENT OF FINDINGS 3 NETWORK VISIBILITY 4
TECHNICAL ANALYSIS 5 IP ADDRESS ANALYSIS 5
ICMP PING RESULTS 5 TRACEROUTE RESULTS 5 DNS RECORDS QUERY RESULTS 6 WEBSITE INFORMATION FROM IP ADDRESS 6
PUBLIC IP & DOMAIN NAME REGISTRIES 6 IP ADDRESS REGISTRATION 6 DOMAIN NAME REGISTRATION 7
ONLINE PUBLIC DATABASE SEARCH 7 LOCATION MAPPING RESULTS 8
SCREENSHOTS OF FINDINGS 8
SUGGESTED NEXT STEPS 10 DEFENSE-IN-DEPTH STRATEGY 10 FIREWALL ANALYSIS 10 REMOTE WORKFORCE PRECAUTIONS 11 ONGOING SECURITY TESTING 11
EDUCATION & REFERENCE 12
INFORMATION SECURITY BASICS 12 UNDERSTANDING VULNERABILITY RISK 12 WHY IS NETWORK SECURITY IMPORTANT? 12 RISK MANAGEMENT 13 TOP MYTHS VS FACTS ABOUT NETWORK SECURITY 14
STANDARDIZED TERMINOLOGY 15 COMMON ACRONYMS 15 SECURITY DEFINITIONS 15
APPENDIX A – NETWORK DEVICES SUMMARY 16
APPENDIX B – RAW SCANNER OUTPUT 17
HackerView Vulnerability Assessment Page 3 of 17
HACKERVIEW VULNERABILITY ASSESSMENT OVERVIEW
Executive Summary This HackerView Vulnerability Assessment (HackerView) is considered a “black box” vulnerability assessment, which measures the “hackability” of a network given an attacker with a certain amount of skill, resources and no prior knowledge of the network being assessed. As such, black box vulnerability assessments are best defined as an outcome -based metric for measuring the security of a network, where the findings point to the most likely avenues for a hacker on the Internet to exploit.
The scope of this analysis was to remotely audit and analyze the system and resources of these subnets. This provides a “hacker’s eye view” of the system to discover its security vulnerabilities and weaknesses to possible hacker pene tration or attack. BlackHat Consultants used multiple tools and tested for thousands of different potential security vulnerabilities.
For this HackerView, I would rate the security of the network at a significant risk for an external compromise. The rating of a significant risk is weighted by the service that is publicly accessible and the potential information that a hacker would fin d on the compromised network.
SERIOUS MODERATE MINOR
During the process of this analysis, BlackHat Consultants discovered numerous weaknesses, which range from misconfigurations, to data leakage, to unsupported operating systems, to general poor security practices.
Summary Findings
Highlights discovered from enumerating and scanning the IP addresses:
Remote Desktop Protocol (RDP).
o RDP should only be used in conjunction with a Virtual Private Network (VPN) connection, rather than a substitute for it. While RDP does have some security features, it does not create a secure tunnel like a VPN connection establishes and this is a security risk. RDP directly from the Internet is a poor security practice.
o There are well-published “man in the middle” attacks on RDP, where the credentials and entire traffic of RDP sessions can be captured and decrypted. This would provide a hacker unfettered access to your network.
o There is an astonishing amount of data displayed from several of the server RDP pages, which are visible to everyone on the Internet.
Unsupported Operating System (OS). o Microsoft officially retired Windows Server 2000 on July 13, 2010. This server should have been replaced by
Windows Server 2003 and once again by Windows Server 2008, so it is past due for retirement. o As an unsupported OS, no new software updates or security patches will be released. This means a ny new
vulnerability that comes out affecting the OS will be a permanent risk. o From a liability perspective, running an unsupported OS is a negligent act on behalf of a company since it is a
failure to show due care and due diligence by maintaining only supported systems. The only prudent measure is to decommission this system and use a supported OS.
Unpatched Firewall. o The Cisco ASA firewall appears to be unpatched and has vulnerabilities associated with the current version. o The associated vulnerabilities affect the security of the VPN and also uptime, since it can lead to a denial of
service.
Assessment of Findings
There are several ways to start, if a hacker was going to attack the network with information available today. A hacker may start with attacks against RDP or Server 2000. If that was unsuccessful, the hacker may go after u sers since they would know the naming convention of the user accounts and it would not be hard to launch a “spear phishing” campaign to send malware – embedded email to an employee and have them open it, such as a PDF attachment or a hyperlink to follow. While there are worse networks out there, as compared to this one, the bottom line is that this network fails to make itself look less appeal ing than other business networks for hackers. By being in the category of “low hanging fruit” for the perceived ease of exploiting, this network rates an elevated risk for hackers to attack.
HackerView Vulnerability Assessment Page 4 of 17
Network Visibility
IP Information – 1.2.3.4
ISP Comcast
HackerView Vulnerability Assessment
Country United States IP: 1.2.3.4 Scan Type: External Country Code US Region Oregon
Page 1 of 1
City Portland Postal Code 97204 Latitude 142.3333 Longitude -65.5506 Area Code 503
Internet
Internal Use Only
Router
Firewall
ISP : Comcast Firewall: Cisco ASA 5500 Series
**UNSUPPORTED OPERATING SYSTEM
DETECTED **
Internal Network
Open Ports on Firewall : 21 – FTP (File Transfer Protocol) 25 – SMTP (Email) 443 – HTTPS (Dead Link – error page) 3389 – RDP (Remote Desktop Protocol)
Findings:
Ports 21, 25, 443 & 3389 Windows 2000 Server
– FTP server allows anonymous connections (see screenshot) – Email server running on port 25 – HTTPS websites are inoperable (see screenshot) – RDP is directly accessible from the Internet (Windows 2000) (see screenshot)
HackerView Vulnerability Assessment Page 5 of 17
TECHNICAL ANALYSIS
The Technical Analysis Report provides documentation and details of the technical -focused analysis conducted for this document. This report includes the technical details of an examination of the discovered security threats and quantifies relational data about the target network. The Technical Analysis Report also provides the in -depth details of each potential security threat discovered during the scan analysis.
This report is purposely technical and the intended audience is technical individuals, technical consultants, technical service providers, or in-house technology/engineering staff. The Technical Analysis Report presents all of the technical details and findings of the Scan analysis. For the intended audience, this report will contain the majority of the relevant information and data.
IP Address Analysis
This section queried the IP address to determine if the address is “live” and can be externally queried from the Internet.
ICMP Ping Results The IP address does respond to ping requests.
Ping 1.2.3.4 Round trip time to 1.2.3.4: 46 ms Round trip time to 1.2.3.4: 46 ms Round trip time to 1.2.3.4: 46 ms Round trip time to 1.2.3.4: 46 ms Round trip time to 1.2.3.4: 46 ms Round trip time to 1.2.3.4: 46 ms Round trip time to 1.2.3.4: 45 ms Round trip time to 1.2.3.4: 45 ms Round trip time to 1.2.3.4: 46 ms Round trip time to 1.2.3.4: 46 ms Average time over 10 pings: 45.8 ms
Traceroute Results The IP address does not return a Fully Qualified Domain Name (FDQN) , but it is associated with a pool IP addresses associated with ACME Internet.
Hop 1
(ms) 0
(ms) 0
(ms) 0
IP Address 206.123.64.46
Host name –
2 0 0 1 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net 3 0 0 0 4.69.145.126 vlan70.csw2.dallas1.level3.net 4 0 0 0 4.69.151.146 ae-73-73.ebr3.dallas1.level3.net 5 20 20 20 4.69.134.22 ae-7-7.ebr3.atlanta2.level3.net 6 33 34 33 4.69.132.86 ae-2-2.ebr1.washington1.level3.net 7 33 33 33 4.69.134.134 ae-71-71.csw2.washington1.level3.net 8 33 33 33 4.69.134.149 ae-72-72.ebr2.washington1.level3.net 9 47 38 38 4.69.132.102 ae-4-4.ebr2.newark1.level3.net 10 38 38 38 4.69.156.37 ae-21-52.car1.newark1.level3.net 11 38 38 38 4.79.188.53 monmouth-in.car1.newark1.level3.net 12 41 40 40 209.191.13.249 ACME.level3.net 13 45 45 45 209.191.23.39 – 14 46 46 45 1.2.3.4 –
HackerView Vulnerability Assessment Page 6 of 17
DNS Records Query Results There are three Domain Naming Service (DNS) records associated with the IP address. This means there are associated pointers on the Internet to route specific domain traffic to these IP addresses, which would indicate to a hacker that the network belongs to a smaller company that has consolidated IT resources in its main office.
These record ties the IP addresses to the domain name siliconforest.com.
1.2.3.4 mail1.thesiliconforest.com 1.2.3.4 smtp1.thesiliconforest.com 1.2.3.4 vpn.thesiliconforest.com
Website Information From IP Address
THESILICONFOREST.COM
Website appears to be hosted off-site at ACME Hosting Solutions, Inc in California.
Public IP & Domain Name Registries
This section attempted to resolve the domain name. Then, that domain name, if any, was searched in the InterNIC and domain name registry databases. The results of this query should report the owner (and associated contacts) for the domain name, if any. This should probably be your company directly, your ISP, or maybe even your hosting provider (if applicable). The entity listed below is considered the authoritative owner of the domain name:
IP Address Registration This section queried the ARIN IP Address registry for information. The results of this query should show the owner (and associated contacts). This should probably be your company directly, your ISP, or maybe even your hosting provider (if applicable). The entity listed below is considered the authoritative owner of the IP addresses:
The record ties the IP addresses to Silicon Forest Technical Group.
NetRange: 1.2.3.4 CIDR: 1.2.3.4/26 OriginAS: NetName: COMCAST-S33446-0 NetHandle: NET-1-2-3-4 Parent: NET-1-2-3-4 NetType: Reallocated RegDate: 2006-03-30 Updated: 2006-03-30 Ref: http://whois.arin.net/rest/net/NET-1-2-3-4
OrgName: Silicon Forest Technical Group OrgId: WRT-12 Address: 123 Any Street Address: STE 51 City: Your City StateProv: OR PostalCode: 12345 Country: US
HackerView Vulnerability Assessment Page 7 of 17
Domain Name Registration This section queried the domain registry information. The results of this query should show the owner . The entity listed below is considered the authoritative owner of the domain name:
Registrant: Silicon Forest Technology Group 123 Any Street, Suite 51 Your City, OR 12345 US
Domain Name: THESILICONFOREST.COM
Administrative Contact, Technical Contact: jdoe@thesiliconforest.com Silicon Forest Technology Group
123 Any Street, Suite 51 Your City, OR 12345 (123) 123-1234
Record expires on 11-Nov-2010. Record created on 10-Nov-1995. Database last updated on 11-Oct-2010 01:40:07 EDT.
Online Public Database Search
There are various public databases, accessible via the Internet, which may contain information about your network, systems, and company. Under normal circumstances, this information is not confidential and does not contain any errors. How ever, it is also possible for these public databases to contain sensitive and/or incorrect data. If this is the case, the potential impact could vary widely. It may be a simple typo, it may allow your network to be hijacked by hackers, or it may expose proprietary information to the Internet.
Because this information is specific to your network, a hacker cannot automatically determine if this information is correct or not. Please review the results listed below for each of these queries to ensure that the information is both correct and non – confidential.
In this section, the IP address 1.2.3.4 was queried using the Google search engine. Specifically, BlackHat Consultants searched for suspicious public information that may contain confidential details about 1.2.3.4, like password or login information.
Nothing was found from the Google search
HackerView Vulnerability Assessment Page 8 of 17
Location Mapping Results Once a company name can be found, a quick search locates an address and a hacker can also use that information to conduct a physical reconnaissance for a possible physical attack. Office location is shown below:
Screenshot: Image of storefront from Google Street View.
Screenshots of Findings
Screenshot: 1.2.3.4 from PuTTY (no logon banner)
HackerView Vulnerability Assessment Page 9 of 17
Screenshot: 1.2.3.4 from HTTPS (dead website – possible misconfiguration)
Screenshot: 1.2.3.4 from Remote Desktop Protocol (RDP) (outdated OS with no domain)
Appendix A – Network Device Summary
none:[64.39.106.242-64.39.106.249](11)
IP DNS NetBIOS Router OS Approved Scannable Live Netblock
64.39.106.242 demo1.sea.qual XP-SP2 68.177.224 . Windows XP Service Pack 2-3 S L ys.com 180
Discovery Method Port DNS
ICMP
TCP 135 TCP 139 TCP 445
UDP 137
64.39.106.243 demo2.sea.qual 2K-SP4-OE50 68.177.224 . Windows 2000 Service Pack 3-4 S L
ys.com 1 180
Discovery Method Port
DNS ICMP
TCP 25 TCP 80
TCP 135 TCP 139 TCP 443
TCP 445 UDP 135
UDP 137
64.39.106.244 demo3.sea.qual 68.177.224 . Linux 2.4-2.6 / Embedded S L
ys.com 164 Device / F5 Networks Big-IP
Discovery Method Port DNS
ICMP
TCP 22 TCP 111
UDP 111
64.39.106.245 demo4.sea.qual 68.177.224 . Linux 2.4-2.6 / Embedded S L
ys.com 180 Device / F5 Networks Big-IP
Discovery Method Port
DNS ICMP
TCP 22 TCP 111 UDP 111
64.39.106.246 demo5.sea.qual 68.177.224 . Solaris 9-10 S L
ys.com 180
Discovery Method Port
DNS ICMP TCP 21
TCP 22 TCP 23 TCP 25
TCP 111 UDP 111
UDP 161
Appendix B – Raw Scanner Output
Report Summary
Sort by: Host
IP Restriction: 64.39.106.242-64.39.106.244 Hosts Matching Filters: 3 scan/1323728798.4048: 12/12/2011 at 14:26:38 (GMT-0800)
Summary of Vulnerabilities
Vulnerabilities Total 51 Security Risk (Avg) 4.7
by Severity Severity Confirmed Potential Information Gathered Total 5 14 – – 14 4 4 – – 4 3 8 – – 8 2 21 – – 21 1 4 – – 4 Total 51 – – 51
5 Biggest Categories Category Confirmed Potential Information Gathered Total Windows 19 – – 19 Web server 7 – – 7 TCP/IP 7 – – 7 SMB / NETBIOS 6 – – 6 RPC 4 – – 4 Total 43 – – 43
HackerView – Example Raw Scanner Output page 1
HackerView – Example Raw Scanner Output page 2
Vulnerabilities by Severity
Operating Systems Detected
HackerView – Example Raw Scanner Output page 3
Services Detected
Detailed Results
64.39.106.242 (xp-sp2, XP-SP2) Windows XP
Vulnerabilities (8)
5 Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067)
QID: 90464 CVSS Base: 10 Category: Windows CVSS Temporal: 8.3 CVE ID: CVE-2008-4250 Vendor Reference: MS08-067 Bugtraq ID: 31874 Service Modified: User Modified:
02/12/2009 –
Edited: No PCI Vuln: Yes
THREAT: The Microsoft Windows Server service provides RPC support, file print support and named pipe sharing over the network. The Server service allows the sharing of local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication between applications running on other computers and your computer, which is used for RPC.
The Server service is vulnerable to remote code execution issue, due to the service not properly handling specially-crafted RPC requests. Any anonymous user who can deliver a specially-crafted message to the affected system could try to exploit this vulnerability. Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s): December 2008 Updates are Available (including for XPe SP3 and Standard) (http://blogs.msdn.com/embedded/archive/2008/12/26/december-2008-updates-are-available-including-for-xpe-sp3-and- standard.aspx)
HackerView – Example Raw Scanner Output page 4
(KB958644)October 2008 Security Updates Include a Bonus (http://blogs.msdn.com/embedded/archive/2008/10/30/october-2008-security-updates-include-a-bonus.aspx) (KB958644)
IMPACT: An attacker who successfully exploits this vulnerability could take complete control of the affected system.
SOLUTION: Patch: Following are links for downloading patches to fix the vulnerabilities:
Microsoft Windows 2000 Service Pack 4: http://www.microsoft.com/downloads/details.aspx?familyid=E22EB3AE-1295-4FE2-9775- 6F43C5C2AED3 (http://www.microsoft.com/downloads/details.aspx?familyid=E22EB3AE-1295-4FE2- 9775-6F43C5C2AED3) Windows XP Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03 (http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E -9265-44B9-A376-2067B73D6A03) Windows XP Service Pack 3: http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03 (http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E -9265-44B9-A376-2067B73D6A03) Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25 (http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25) Windows XP Professional x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25 (http://www.microsoft.com/downloads/details.aspx?familyid=4C16A372-7BF8-4571-B982-DAC6B2992B25) Windows Server 2003 Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D (http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D) Windows Server 2003 Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D (http://www.microsoft.com/downloads/details.aspx?familyid=F26D395D-2459-4E40-8C92-3DE1C52C390D) Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400 (http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F-4B944A2DE400) Windows Server 2003 x64 Edition Service Pack 2: http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42-9E1F- 4B944A2DE400 (http://www.microsoft.com/downloads/details.aspx?familyid=C04D2AFB-F9D0-4E42- 9E1F-4B944A2DE400) Windows Server 2003 with SP1 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF (http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC- A85A43077ACF) Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC-A85A43077ACF (http://www.microsoft.com/downloads/details.aspx?familyid=AB590756-F11F-43C9-9DCC- A85A43077ACF) Windows Vista and Windows Vista Service Pack 1: http://www.microsoft.com/downloads/details.aspx?familyid=18FDFF67-C723-42BD-AC5C- CAC7D8713B21 (http://www.microsoft.com/downloads/details.aspx?familyid=18FDFF67-C723-42BD- AC5C-CAC7D8713B21) For a complete list of patch download links, please refer to Microsoft Security Bulletin MS08-067 (http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx).
EXPLOITABILITY:
Core Security Reference: CVE-2008-4250 Description: MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) – Core Security Category : Exploits/Remote
Immunity
Reference: CVE-2008-4250 Description: Windows Server Service Underflow (MS08-067) – Immunity Ref : ms08_067 Link: http://qualys.immunityinc.com/home/exploitpack/CANVAS/ms08_067/qualys_user
Metasploit
Reference: CVE-2008-4250 Description: Microsoft Server Service Relative Path Stack Corruption – Metasploit Ref : /modules/exploit/windows/smb/ms08_067_netapi Link: http://www.metasploit.com/modules/exploit/windows/smb/ms08_067_netapi
The Exploit-DB
Reference: CVE-2008-4250 Description: MS Windows Server Service Code Execution PoC (MS08-067) – The Exploit-DB Ref : 6824 Link: http://www.exploit-db.com/exploits/6824
Reference: CVE-2008-4250 Description: MS Windows Server Service Code Execution Exploit (MS08-067) – The Exploit-DB Ref : 7104 Link: http://www.exploit-db.com/exploits/7104
HackerView – Example Raw Scanner Output page 5
Reference: CVE-2008-4250 Description: MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3) – The Exploit-DB Ref : 7132 Link: http://www.exploit-db.com/exploits/7132
Reference: CVE-2008-4250 Description: Microsoft Server Service Relative Path Stack Corruption – The Exploit-DB Ref : 16362 Link: http://www.exploit-db.com/exploits/16362
ASSOCIATED MALWARE:
Trend Micro Malware ID: WORM_SPYBOT Risk: Low Type: Worm Platform: Windows 98, ME, NT, 2000, XP, Server 2003 Link: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_SPYBOT.AZI
Malware ID: WORM_NEERIS Risk: Low Type: Worm Platform: Windows ME, NT, 2000, XP, Server 2003, Vista 32 Bit Link: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_NEERIS.A
Malware ID: WORM_KOLAB Risk: Low Type: Worm Platform: Windows 98, ME, NT, 2000, XP, Server 2003 Link: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_KOLAB.DL
Malware ID: WORM_STUXNET Risk: Low Type: Worm Platform: Windows 98, ME, NT, 2000, XP, Server 2003, Vista 32-bit Link: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_STUXNET.A
Malware ID: WORM_DOWNAD Risk: Low Type: Worm Platform: Windows 2000, XP, Server 2003, Vista Aliases: Net-Worm.Win32.Kido.dam.y (Kaspersky), W32/Conficker.worm (McAfee), W32.Downadup (Symantec),
Worm/Conficker.AC (Avira), W32/Downldr2.EXAE (exact) (F-Prot) Link: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_DOWNAD.A
Malware ID: WORM_CONFICKER Risk: Low Type: Worm Platform: Windows 98, ME, NT, 2000, XP, Server 2003 Link: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_CONFICKER.D
Malware ID: WORM_NETWORM Risk: Low Type: Worm Platform: Windows 98, ME, NT, 2000, XP, Server 2003 Link: http://about-threats.trendmicro.com/Malware.aspx?language=us& ;name=WORM_NETWORM.C
Malware ID: WORM_WECORL Risk: Low Type: Worm Platform: Windows 98, ME, NT, 2000, XP, Server 2003 Link: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_WECORL.A
HackerView – Example Raw Scanner Output page 6
Malware ID: WORM_KERBOT Risk: Low Type: Worm Platform: Windows 98, ME, NT, 2000, XP, Server 2003 Link: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_KERBOT.A
Malware ID: TROJ_DUCKY Risk: Low Type: Trojan Platform: Windows 2000, XP, Server 2003 Link: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=TROJ_DUCKY.N
RESULTS: Detected through MSRPC Interface
5 Microsoft SMB Remote Code Execution Vulnerability (MS09-001)
QID: 90477 CVSS Base: 10 Category: Windows CVSS Temporal: 7.8 CVE ID: CVE-2008-4834, CVE-2008-4835, CVE-2008-4114 Vendor Reference: Bugtraq ID:
MS09-001 –
Service Modified: 03/26/2009 User Modified: – Edited: No PCI Vuln: Yes
THREAT: The Server Message Block (SMB) Protocol is a network file sharing protocol used to provide shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It is a client-server implementation and consists of a set of data packets, each containing a request sent by the client or a response sent by the server.
The following remote code execution and denial of service vulnerabilities have been identified in Microsoft SMB protocol which occur when processing specially crafted SMB packets.
1) A vulnerability exists in the way SMB allocates space for a transaction structure and later tries to clear more memory than it should when a TRANS request is processed, allowing an attacker to take control of the system. (CVE-2008-4834)
2) A flaw exists in the way SMB allocates and clears a data structure relating to the OPEN2 command. SMB protocol software insufficiently validates the buffer size before writing to it, allowing attackers to take complete control of the system and allowing remote execution of code. (CVE-2008-4835)
3) A denial of service vulnerability exists due to the way “srv.sys” handles malformed SMB WRITE_ANDX packets sent to an interface that uses a Named Pipe as endpoint. This flaw allows remote attackers to send a specially-crafted network message to a computer running the Server service causing it to stop responding. (CVE-2008-4114)
Attempts to exploit any of the above listed vulnerabilities does not require authentication.
Microsoft has rated the issues as critical for Windows 2000, Windows XP, and Windows Server 2003, and moderate for Windows Vista, and Windows Server 2008. Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s): February Security Updates are Now Available (http://blogs.msdn.com/embedded/archive/2009/03/02/february-security-updates-are-now-avaiable.aspx) (KB958687)January 2009 Security Updates for Runtimes Are Available (http://blogs.msdn.com/embedded/archive/2009/01/22/january-2009-security-updates-for-runtimes-are-available.aspx) (KB958687)
IMPACT: An attacker who successfully exploits this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation also results in denial of service which causes the affected system to crash and stop responding.
HackerView – Example Raw Scanner Output page 7
SOLUTION: Workaround: TCP ports 139 and 445 should be blocked at the firewall to protect systems behind the firewall from attempts to exploit this vulnerability. Impact of workaround: Blocking the ports can cause several windows services or applications using those ports to stop functioning.
Patch: Following are links for downloading patches to fix the vulnerabilities:
Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=E0678D14 -C1B5-457A-8222-8E7682760ED4&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=E0678D14-C1B5-457A-8222-8E7682760ED4&displaylang=en)
Windows XP SP2 and SP3: http://www.microsoft.com/downloads/details.aspx?familyid=EEAFCDC5-DF39-4B29-B6F1-7D32B64761E1&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=EEAFCDC5-DF39-4B29-B6F1-7D32B64761E1&displaylang=en)
Windows XP Professional x64 Edition and XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=26898401-F669-4542-AD93- 199ED1FE9A2A&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=26898401 -F669-4542- AD93-199ED1FE9A2A&displaylang=en)
Windows 2003 Server SP1 and SP2: http://www.microsoft.com/downloads/details.aspx?familyid=588CA8E8-38A9-47ED-9C41-09AAF1022E49&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=588CA8E8-38A9-47ED-9C41-09AAF1022E49&displaylang=en)
Windows 2003 Server x64 Edition and 2003 Server x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=EE59441C-1E8F-4425-AE8D-DEC14E7F13FB&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=EE59441C-1E8F-4425-AE8D-DEC14E7F13FB&displaylang=en)
Windows 2003 Server with SP1 and SP2 for Itanium based systems: http://www.microsoft.com/downloads/details.aspx?familyid=CAEC9321-FA5B-42F0-9F26- 61F673FE6EEF&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=CAEC9321-FA5B-42F0- 9F26-61F673FE6EEF&displaylang=en)
Windows Vista and Vista SP1: http://www.microsoft.com/downloads/details.aspx?familyid=9179C463 -C10A-452A-990F-B7E37CDD889B&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=9179C463-C10A-452A-990F-B7E37CDD889B&displaylang=en)
Windows Vista x64 Edition and Vista x64 Edition SP1: http://www.microsoft.com/downloads/details.aspx?familyid=6B26952E-B59D-4B0F-A52D-025E45ECD233&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=6B26952E-B59D-4B0F-A52D-025E45ECD233&displaylang=en)
Windows 2008 Server for 32-bit systems: http://www.microsoft.com/downloads/details.aspx?familyid=7245B411-7C9E-41E5-9841-4C586336086C&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=7245B411-7C9E-41E5-9841-4C586336086C&displaylang=en)
Windows 2008 Server for x64-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=A241EAAD-95A0-442B-978F-F21A6F0C7DB4&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=A241EAAD-95A0-442B-978F-F21A6F0C7DB4&displaylang=en)
Windows 2008 Server for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?familyid=AB7C7015-20BB-4A0C-977A-969F4E2A5189&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=AB7C7015-20BB-4A0C-977A-969F4E2A5189&displaylang=en)
Refer to Microsoft Security Bulletin MS09-001 (http://www.microsoft.com/technet/security/bulletin/MS09-001.mspx) for further details.
EXPLOITABILITY:
Core Security Reference: CVE-2008-4834 Description: Microsoft Windows SMB Trans Buffer Overflow DoS (MS09-001) – Core Security Category : Denial of Service/Remote
Metasploit
Reference: CVE-2008-4114 Description: Microsoft SRV.SYS WriteAndX Invalid DataOffset – Metasploit Ref : /modules/auxiliary/dos/windows/smb/ms09_001_write Link: http://www.metasploit.com/modules/auxiliary/dos/windows/smb/ms09_001_write
A digital forensics professional must know basic IT skills, understand computer architecture and networking, and have analytical and investigative skills, as well as strong attention to detail. Why do think all of these skills are necessary? Please explain.
Instructions In this assignment you will create a Software Reference Architecture (SRA) document for a fictitious Information Technology department of a large government agency. Your SRA should include at least one software framework. You can assume that the data storage is part of software because it normally uses a database.
Before beginning the project read Reference Architecture Description by the Office of the Assistant Security of Defense at http://dodcio.defense.gov/Portals/0/Documents/DIEA/Ref_Archi_Description_Fina l_v1_18Jun10.pdf This explains how to create a Reference Architecture document. This document was primarily created for Network Reference Architecture, but we are going to write a Software Reference Architecture. But we can still learn a lhttps://www.homeworkmarket.com/files/softwarereferencearchitectureproject-pdf-5321821ot from this document.
must be turning eligible, no plagiarism, and use the ref PDF as a reference.
CS10 Python Programming Homework 4 40 points
Lists, Tuples, Sets, and Files
1. You must turn in your program listing and output for each program set. Start a new sheet or sheets of paper for each program set. Each program set must have your student name, student ID, and program set number/description. All the program sets must be printed and submitted together with your Exam 4. Once you complete your Exam 4 and leave the classroom you will not be able to submit Homework 4. Late homework will not be accepted for whatever reasons you may have.
******************************************************************************************************************************** for this homework, you are also to submit All Program Sets to Canvas under Homework 4 link ********************************************************************************************************************************
a. Name your file : PS1_firstinitial_lastname.py for Program Set 1. PS means program set b. You still have to submit the paper copy together with the rest of the Homework 4. c. You have till 11:59pm the night before the day of Exam 4 to submit all Program Sets to Canvas.
If the deadline is past, Program Sets will not be graded even if you submit the paper copy on time.
d. You must submit both hardcopy and upload the Program Sets to Canvas to be graded. If you only submit the hardcopy or only upload to Canvas you will receive a zero for the Program Sets. You must submit all the hardcopies of all Program Sets of Homework 4.
e. if you do not follow instructions on file naming provided in this section you will receive a zero for the whole of Homework 4.
2. You must STAPLE (not stapled assignments will not be graded resulting in a zero score) your programming
assignment and collate them accordingly. Example Program set 1 listing and then output, followed by Program Set 2 listing and output and so on.
3. Please format you output properly, for example all dollar amounts should be printed with 2 decimal places.
Make sure that your output values are correct (check the calculations). 4. Each student is expected to do their own work. IF IDENTICAL PROGRAMS ARE SUBMITTED, EACH
IDENTICAL PROGRAM WILL RECEIVE A SCORE OF ZERO. Grading: Each program set must run correctly syntactically, logically, and display the correct output as specified. If the program set does not run correctly, a zero will be given. For each Program set, if the program executes properly with proper syntax, logic, and displays the correct output, then points will be deducted for not having proper:
a. Comments (1 pt deducted for each occurrence) – Your name, description at the beginning of each program set. Short description of the what each section of your codes do.
b. Consistency/Readability (2 pts deducted for each occurrence) – Spacing(separate each section of codes with a blank line
– Indentation – Style (proper naming of variables no a,b,c – use descriptive and mnemonics) -each function must include type hints or annotations except for the main() -include docstrings for every function
c. Required elements (2 pts deducted for each occurrence) – Use tools that have been covered in class – proper formatting for output when specified – all monetary values must be in 2 decimal places
d. Output if no output is provided for either the hardcopies or uploaded file, a zero will be given for
that program set. Output must to be displayed at the end of the program listing(codes) must use test cases when provided in the Program set question. Provide your own test
cases if the program set does not ask for any. The minimum test cases you provide on your own is 5 or more. If you provide less then 5 test cases per Program Set then that program set will receive a zero grade.
Program Set 1 (40 points) Write list functions for items a to j that carry out the following tasks for a list of integers.
a. Swap the first and last elements in the list. b. Shift all elements by one to the right and move the last element into the first position.
For example, 1 4 9 16 25 would be transformed into 25 1 4 9 16. c. Replace all even elements with 0 (zeroes) d. Replace each element except the first and last by the larger of its two neighbors. e. Remove the middle element if the list length is odd, or the middle two elements if the length is even. f. Move all even element to the front, otherwise preserving the order of the elements. g. Return the second largest element in the list. h. Return true if the list is currently sorted in increasing order. i. Return true if the list contains two adjacent duplicate elements. j. Return true if the list contains duplicate elements (which need not be adjacent).
The main() function to test each of the functions is included here for you. You must use the same function names that is provide for you below. Using other function names will result in a zero for this program. # Program to test functions a to j. # # Define constant variables. ONE_TEN = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] def main() : print(“The original data for all functions is: “, ONE_TEN) #a. Demonstrate swapping the first and last element. data = list(ONE_TEN) swapFirstLast(data) print(“After swapping first and last: “, data) #b. Demonstrate shifting to the right. data = list(ONE_TEN) shiftRight(data) print(“After shifting right: “, data) #c. Demonstrate replacing even elements with zero. data = list(ONE_TEN) replaceEven(data) print(“After replacing even elements: “, data) #d. Demonstrate replacing values with the larger of their neighbors. data = list(ONE_TEN) replaceNeighbors(data) print(“After replacing with neighbors: “, data) #e. Demonstrate removing the middle element. data = list(ONE_TEN) removeMiddle(data) print(“After removing the middle element(s): “, data)
#f. Demonstrate moving even elements to the front of the list. data = list(ONE_TEN) evenToFront(data) print(“After moving even elements: “, data) #g. Demonstrate finding the second largest value. print(“The second largest value is: “, secondLargest(ONE_TEN)) #h. Demonstrate testing if the list is in increasing order. print(“The list is in increasing order: “, isIncreasing(ONE_TEN)) #i. Demonstrate testing if the list contains adjacent duplicates. print(“The list has adjacent duplicates: “, hasAdjacentDuplicate(ONE_TEN)) #j. Demonstrate testing if the list contains duplicates. print(“The list has duplicates: “, hasDuplicate(ONE_TEN)) main() The output should look like this: Run 1 >>> ====== RESTART: E:/IVC/CS10 Python/Homework/HW4 Files/HW4_sp2018_PS1.py ====== The original data for all functions is: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] After swapping first and last: [10, 2, 3, 4, 5, 6, 7, 8, 9, 1] After shifting right: [10, 1, 2, 3, 4, 5, 6, 7, 8, 9] After replacing even elements: [1, 0, 3, 0, 5, 0, 7, 0, 9, 0] After replacing with neighbors: [1, 3, 4, 5, 6, 7, 8, 9, 10, 10] After removing the middle element(s): [1, 2, 3, 4, 7, 8, 9, 10] After moving even elements: [2, 4, 6, 8, 10, 1, 3, 5, 7, 9] The second largest value is: 9 The list is in increasing order: True The list has adjacent duplicates: False The list has duplicates: False >>> Run 2 ======= RESTART: E:/IVC/CS10 Python/Homework/HW4 Files/HW4Fa2018_Q1.py ======= The original data for all functions is: [12, 20, 10, 14, 54, 16, 75, 38, 79, 103] After swapping first and last: [103, 20, 10, 14, 54, 16, 75, 38, 79, 12] After shifting right: [103, 12, 20, 10, 14, 54, 16, 75, 38, 79] After replacing even elements: [0, 0, 0, 0, 0, 0, 75, 0, 79, 103] After replacing with neighbors: [12, 12, 14, 54, 54, 75, 75, 79, 103, 103] After removing the middle element(s): [12, 20, 10, 14, 75, 38, 79, 103] After moving even elements: [12, 20, 10, 14, 54, 16, 38, 75, 79, 103] The second largest value is: 79 The list is in increasing order: False The list has adjacent duplicates: False The list has duplicates: False >>>
Software Reference Architecture Project
Instructions In this assignment you will create a Software Reference Architecture (SRA) document for a fictitious Information Technology department of a large government agency. Your SRA should include at least one software framework. You can assume that the data storage is part of software because it normally uses a database. Before beginning the project read Reference Architecture Description by the Office of the Assistant Security of Defense at http://dodcio.defense.gov/Portals/0/Documents/DIEA/Ref_Archi_Description_Fina l_v1_18Jun10.pdf This explains how to create a Reference Architecture document. This document was primarily created for Network Reference Architecture, but we are going to write a Software Reference Architecture. But we can still learn a lot from this document. Outline Please use the following sample outline, which is modified from Appendix A in Reference Architecture Description. Feel free to add sub-sections (ie x.x.x) if needed.
Software Reference Architecture Outline
1 Introduction
1.1 Overview 1.2 Scope 1.3 Key Authoritative Sources
2 Context
2.1 Guiding Principles 2.2 Constraints and Assumptions
2.2.1 Constraints 2.2.2 Assumptions
2.3 Alignment Priority Areas
3 Data
3.1 Storage 3.2 Data Integrity
3.3 Data Archiving
4 Software
4.1 Business Logic 4.2 User Interface
5 Technical Positions Additional Instructions In section 2.3 you need to align your architecture with the priorities of the organization. Consider these four guiding priorities.
1. Like most government agencies cost is a very important factor. Congress can increase or decrease you budget at any time. So, you have to build an architecture that has low maintenance and purchase costs.
2. All government agencies must comply with government regulations. One major one is the Freedom of Information Act (FOIA) which provides government information to people that request it in a timely manor.
3. 508 is a regulation that requires systems to be handicap accessible. 4. Other government regulations prohibit certain types of information to be
stored about US citizen beyond a certain date. For example, this type of information can only be stored for 30 days for US citizens.
Hints This can be a very difficult project. Most organizations have a Software Reference Architecture but there is no real standard. Many organization don’t even have it documents or even call it a Software Reference Architecture. But by talking with them you can quickly realize that they have these standards. More mature organizations document their Software Reference Architecture, but there is no real standard format. Begin by thinking back across all of the courses you have taken. Try to develop a list of common problems that occur when building software. Depending upon the size of your list you might have to narrow it down to major issues. We have already discussed the benefits of everyone in an organization performing a task the same way. Next think of good solutions to these problems. In many organizations Non-functional Requirements are such solutions. Remember to write clearly. Rubric
1. Includes a software framework and the framework is used correctly. (25%) 2. Solve specific recurring problems in a problem space; explain context, goals,
purpose and problem solving. (25%)
3. Alignment with priorities. (25%) 4. Clearly written and free of spelling and grammar mistakes. (25%)
Use a search engine to find the names of five different cyber viruses.
Using WORD, write a short paragraph on each.
Use your own words and do not copy the work of another student.
Attach your WORD document here.
Please one of Our representative below to Place an Order or email us at support@writerscholar.com
