INFORMATION TECHNOLOGY DEPARTMENT

ITWELEC6

(BASIC NETWORK SECURITY)

LAB EXERCISE

1B
Researching Network Attacks and Security Audit Tools

DELA VEGA, MARIA ANGELA D.

B31

April 19, 2018

I. OBJECTIVES:
At the end of the experiment students must be able to:

 Identify the different network attacks.

 Select a network attack and develop a report for presentation to the class.
 Identify the different security audit tools.
 Select a tool and develop a report for presentation to the class.

II. BACKGROUND INFORMATION

Attackers have developed many tools over the years to attack and compromise networks. These
attacks take many forms, but in most cases, they seek to obtain sensitive information, destroy
resources, or deny legitimate users access to resources. When network resources are
inaccessible, worker productivity can suffer, and business income may be lost.

To understand how to defend a network against attacks, an administrator must identify network
vulnerabilities. Specialized security audit software, developed by equipment and software
manufacturers, can be used to help identify potential weaknesses. Additionally, the same tools
used by individuals to attack networks can also be used by network professionals to test the
ability of a network to mitigate an attack. After the vulnerabilities are known, steps can be
taken to help protect the network.

III. LABORATORY ACTIVITY:

Required Resources
 Computer with Internet access for research
 Presentation computer with PowerPoint or other presentation software installed
 Video projector and screen for demonstrations and presentations

A. Research various network attacks that have actually occurred and select one on which to report
on. Fill in the form below based on your findings.

List some of the attacks you identified in your search.

Robert Tappan Morris and the Morris Worm (1988):
Google China hit by cyber-attack (2009)
Teen hacks NASA and US Defense Department
Phone lines blocked to win Porsche (1995)
Hacker targets Scientology (2008)
Solar Sunrise (1998)
The Melissa virus (1999)
Internet attacked (2002)
Fill in the following form for the network attack selected.

Name of attack:
Type of attack:
Dates of attacks:
Computers / Organizations affected:
How it works and what it did:
Mitigation options:
References and info links:
Robert Tappan Morris and the Morris Worm (1988)
Denial-of-Service Attack
November 2, 1988, November 3, 1988
The Massachusetts Institute of Technology
It was loosed by Robert Morris from a public
MIT account into the institution’s network and it
immediately ripped through the internet. It broke into
email accounts and guessed some obvious passwords and
took advantage of the loopholes in “Sendmail” email
program and sent itself to newly found targets. After it
has sent itself to other targets, it meticulously ran itself
for many times indefinitely and clogged up mail serves
which resulted to malfunctioning and preventing the
mail servers to work correctly.
Reboot the system and delete the traces of it
CERT’s emergence
Firewalls
https://www.zdnet.com/article/the-morris-worm-internet-
malware-turns-25/
http://www.cs.umd.edu/class/fall2017/cmsc818O/papers/m
orris-worm.pdf
http://www.cs.unc.edu/~jeffay/courses/nidsS05/attacks/seel
y-RTMworm-89.html
https://www.atlasobscura.com/articles/in-1988-one-rogue-
worm-shut-down-10-percent-of-the-internetPresentation
support graphics (include PowerPoint filename or web
links):

B. Research network security audit and attacker tools. Investigate one that can be used to
identify host or network device vulnerabilities. Fill in the report below based on your
findings.

List some of the tools that you identified in your search.

Nessus
RedSeal SRM
Packet Capture Tools
Wireshrak/Tshark
Core Impact
Fill in the following form for the security audit or network attack tool selected.

Name of tool: Nessus

Developer: Tenable Network Security
Type of tool (character-based or GUI): GUI
Used on (network device or computer host) both network and web application
Cost: The initial purchase price of Tenable Nessus is
$1,500, and licensing follows a yearly renewal
schedule. The yearly renewal cost is $1,200
Description of key features and capabilities of product or tool:
Easy to Use
Policy creation is simple and only requires a few clicks to scan an entire network

Comprehensive Detection
The Nessus scanner covers more technologies and identifies more vulnerabilities, providing
a higher detection rate than competing solutions

Low Total Cost of Ownership (TCO)

Complete vulnerability scanning solution with unlimited scans against unlimited IPs for one
low cost

Fast & Accurate

High-speed accurate scanning with low false positives lets you quickly identify those
vulnerabilities that need fixing first

Timely Protection
Tenable researchers leverage extensive intelligence sources – providing plug-ins that deliver
timely response for the latest vulnerabilities and threats

Accommodate Growth
Easily move to Tenable.io – with tools that speed migration – as vulnerability management
needs increase.
(https://www.tenable.com/products/nessus/nessus-professional)

References and info links:

https://www.tenable.com/products/nessus/nessus-professional
http://www.ciscopress.com/articles/article.asp?p=1606900&seqNu
m=5
IV. QUESTION AND ANSWER:

1. What is the prevalence of network attacks and what is their impact on the operation of an
organization? What are some key steps organizations can take to help protect their networks and
resources?

In terms of determining the prevalence of a network attack, this will vary and depend on
what type of attack was to measure. This is also applicable in terms of determining the impact
of these attacks on the operation of a target or organization. In a worm attack, the most
notorious attack were dated way back 1988 and up to 2003. This means that this kind of
attack is not that prevalent anymore; this could be due to the mitigation strategies
implemented and the ever progress of technology and its security nowadays. On the pasts
recorded attacks of worm, it has affected its host in terms of exploiting known buffers,
infecting the network across an organization and corrupting it by means of replication;
denial-of-service is the most labeled impact of the attack known in the past reports. This
attack also cost an organization millions and billions of dollars dedicated only to fix what
was damaged by the attack.

On the other hand, keeping a network or resources safe have different approaches. One is to
know and be knowledgeable of your network and its components. In this way, the basic parts
and drivers of your network identified. You will know what to protect and what are the
measures to be done in order to protect it. Subscribing to vulnerability analysis tools can be
your easiest way to keep up and identify the security holes of your network. Administrators
can easily plan and execute protocols and steps in order to correct the undermining problems
of your network. The usage of firewalls, prevention and detection of intruders, and
hardening your network services are some of the least you can do to protect your network
out of many security measure there is available.

Resources: https://crypto.stanford.edu/cs155old/cs155-spring06/16-worms.pdf

2. What would be the situation of an organization if the network was compromised? What was the
impact to the organization and what did it do about it?

Compromised network may result to a temporary or permanent damage across the

organization. This could be in terms of hardware or software that is to be replaced and
amounts expensively to be restored. It can affect the way the organization works and it can
cost an organization a large amount of money. An organization can prevent these attacks by
taking precautionary measure or hire security administrators that are essentially
knowledgeable of how and what are the components in order for a network to work and be
protected.
3. What steps can you take to protect your own PC or laptop computer?

Installing an anti-virus is one way to protect your personal computers or laptops. Enabling
the firewall is also a recommended step before using your computers. Some of the software
and applications installed in your computer needs an update from time to time; and keeping
these applications updated can keep your computer from attacks or viruses to be harmed.
Implementing admin accounts and passwords can further more secure your computer.