BSYS702
SEMESTER 1 2024
ASSIGNMENT 3
** This assignment has 4 sections: 3A, 3B, 3C and 3D **
SECTION 3A: ATTACK TREE
Create an attack tree for the server for a neighbourhood second-hand car dealership. You can make the attack tree in Word, PowerPoint, etc. [4 marks]
The tree should:
* Have at least three different attacks (second-level nodes).
* Have at least one attack with a path at least three sub-nodes deep.
* Have at least two attacks that have sub-nodes with at least two immediate children below them
Each node should have an indication for “difficulty” and “cost” .
** Question 3A: which attack do you think is most likely and why? [1 mark]
We did this practice in class in Week 6, based on Schneier’s Chapter 21, so you should be familiar with it. Here’s an example below:
SECTION 3B: NETWORK SCANNING
In this assignment, you will use different applications to analyse networks.
PART 1: NETWORK SCANNING WITH NMAP
Nmap, a network scanning programme, is used to:
- collect information about the IP addresses on your network, so you can find out if any IP address has been compromised and is being used by an external party;
- give you a list of live hosts on your network, their operating systems, and open ports, which is useful for monitoring;
- scan your own webserver to identify vulnerabilities.
It has many (https://www.ceos3c.com/hacking/nmap-on-windows-complete- beginner-guide/), many (https://linux.die.net/man/1/nmap) features
(https://www.varonis.com/blog/nmap-commands/) and has been featured in movies (https://nmap.org/movies/), such as Ocean’s 8, Die Hard 4, and Bourne Ultimatum, because it can be used to find weaknesses in networks. You are going to use it here.
a) First, download Nmap (https://nmap.org/download.html) for your operating system (Windows, MacOS, etc.).
. Instructions for MacOS here: https://nmap.org/book/inst-macosx.html
b) Then, start Nmap by clicking on “Nmap - Zenmap GUI” in your Start Menu or Desktop. (Zenmap is the name of the graphical user interface. Classic Nmap runs over the command line.) This window appears:
c) Click on the empty text field besides “Target” and type in scanme.nmap.org
d) Click the “Scan” button on the extreme right-hand side.
It will take a few minutes to run, and when it is finished, a line at the bottom of the screen will read: “Nmap done” .
e) Click on the “Scan” menu option at the top left-hand of the screen and click on “Save Scan”. Save it as yournameNmap.xml (for example, my file would be harminderNmap.xml). Open it in a text editor (Notepad in Windows, TextEdit in MacOS), and “copy and paste” it into your Word file.
Questions:
3B (a) “OS” stands for operating system. What is the operating system of the server you just scanned?
3B (b) If a system has many open ports and services, hackers could exploit the vulnerabilities of these ports/services to access the system. How many open ports did you find on the server you accessed? What services were running on them?
PART 2: FINDING DEVICES ON THE INTERNET WITH SHODAN
Shodan (https://www.shodan.io/) is a search engine for devices connected to the Internet. This assignment will familiarize you with Shodan.
a) First, go to Shodan and register for an account following the instructions here https://www.wikihow.com/Use-Shodan).
b) Then, search for devices that use default logins and passwords. Type in this in the search box:
c) A list of devices will appear in the results. Take a screenshot of a system where the password and username are listed.
Question 3B (c): How can a company use Shodan to improve its level of cybersecurity? Refer to this article
(https://www.makeuseof.com/what-is-shodan/).
PART 3: CAPTURING NETWORK TRAFFIC WITH WIRESHARK
(This part of the assessment is adapted from "Wireshark Lab: HTTP", by J.F. Kurose, K.W. Ross, available here (http://www-net.cs.umass.edu/wireshark- labs/). THIS MATERIAL IS SUBJECT TO THEIR COPYRIGHT.)
Wireshark (https://www.wireshark.org/) is a free analysis tool that display the
contents of messages being sent or received over a network. It runs on Windows,
Mac, and Linux/Unix, and is very widely used. The user-guide is here (http://www.wireshark.org/docs/wsug_html_chunked).
a) Download (https://www.wireshark.org/download.html) and install the appropriate version of Wireshark (Windows/Mac).
b) If your browser is open, close it.
c) Then, start Wireshark from your Start Menu or Desktop. This window appears:
c) Select “WiFi” and double-click. A window like this appears (what you see may differ based on your operating system):
d) The window is showing you the data that Wireshark is capturing:
Details of
selected packet
header
|
Packet content
in ASCII and
hexadecimal
format
|
[Choose “Stop and Quit without Saving”]
f) Open a browser (Firefox or Chrome).
g) Open Wireshark. Click on the filter field and type in http. This way, only the messages that use the HTTP protocol will be displayed. Wait for 1 to 2 minutes.
h) On your browser, go to this page: http://gaia.cs.umass.edu/wireshark-
labs/INTRO-wireshark-file1.html Your browser should display a webpage with only one sentence in it.
i) Stop Wireshark packet capture by clicking here:
g) You will see two messages in the list of captured packets.
h) Look at the packet header details window.
Question 3B (d): What is the IP address of your computer, and of the
gaia.cs.umass.edu server? When was the HTML file that you are retrieving last modified at the server? [1 mark]
i) Clear your browser’s cache. (Here are instructions if you’re not sure:
https://www.wired.com/story/how-to-clear-your-browsers-cache/.)
j) Open Wireshark.
k) Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark- labs/protected_pages/HTTP-wireshark-file5.html A pop up box will appear asking for a user name and password. The username is “wireshark-students” (without
the apostrophes/quotation marks) and the password is “network” (also without the apostrophes/quotation marks).
l) Stop Wireshark packet capture.
m) Enter “http” in the filter-specification window, so that only HTTP messages will be displayed in the packet-listing window.
n) In the list of captured packets, click on the first HTTP GET message from your browser:
** Make sure the boxes at the far left of the Frame, Ethernet, IP and TCP information have a plus sign or a right-pointing triangle (which means
there is hidden, undisplayed information), and the HTTP line has a minus sign or a down-pointing triangle (which means that all information about the HTTP message is displayed).
Question 3B (e): What is the server’s response (status code and phrase) in
response to the initial HTTP GET message from your browser?
o) Click on the second HTTP GET message from your browser.I
Question 3B (f): In the packet header details window below, what new field has been added? What important information is in that field?
PART 4: OVERALL NETWORK SECURITY
Questionc 3B (g): What information did you gain from the three exercises
(Wireshark, Shodan and Nmap)? What sort of network threats or attacks can this information be used for?
[3 marks]
ASSIGNMENT 3C: WEB PRIVACY AND ANONYMITY
Several major companies allow you to check out and examine the data they have on you. This can be very revealing. Use the links below to download your data
from at least two of these companies:
. Amazon:
https://www.usatoday.com/story/tech/columnist/saltzman/2018/04/04/am azon-and-alexa-know-whole-lot-you-heres-how-download-and-delete-
info/482286002/
. Apple: https://support.apple.com/en-us/HT208502
. Google: https://support.google.com/accounts/answer/3024190?hl=en
. Instagram: https://help.instagram.com/181231772500920
. LinkedIn:
https://www.linkedin.com/help/linkedin/answer/a1339364/downloading- your-account-data
. Pinterest: https://help.pinterest.com/en/article/download-your-pinterest- data
. Snapchat: https://support.snapchat.com/en-US/a/download-my-data
If you aren’t a customer for any of the above companies, try to check out your data for another company you use.
Question: 3C: Is data collection by these firms an example of unethical IT use? Why or why not? [2 marks]
Answer this question by referring to the types of information these online services have collected about you, and whether anything you found in the data about yourself surprised you.