AMAIZING OFFER GET 25% OFF YOUR FIRST ORDER CODE FIRST25
Cyber Security Task Firewall We will also in the laboratory perform a forensic data examination of some image files (mirror copies of data media) from a fictitious digital crime scene. Firewall and system scanning Do an Internet search on open source firewall or free firewall. Refuel some firewall solutions that suit your computer environment. Install and install some of these firewall solutions on your virtual / physical computer or in home network / company. Feel free to use any book for help or resources on the internet for examples of comparison and case study. If you have a simple NAT router (most home or small business access points have) a simpler built-in firewall) or a free / commercial firewall at home or in the company, also compare against it if possible. Often the operating system has a personal firewall already installed which you can also compare against. Testing your own computer / router / access point from the internet can be done with a scan service such as for example. shieldsup. You can also put your computer as a DMZ or directly in the WAN socket if it should can be accessed from the outside without interfering with the NAT router. You can compare with e.g. to have the personal firewall turned on and off when you scans with the tools. However, Nessus only looks for vulnerabilities on certain ports. If you can not arrange or have access to a server-based firewall, you can report it theoretical around such. You can also attack nb-hjo.du.se [22.214.171.124] which is behind it school firewall and test some of the attack tools. It is very difficult to test firewalls and the result can be difficult to interpret. You need to add down a number of hours on the part (the total number of hours of the course divided by the number delmoment). The part has great freedom in how it is performed and you must have your own solutions to them problems specified, as the environment for the task can be very different between students. Some tools we can use to test the firewall are: Nmap, http://www.insecure.org/nmap/download.html – port scanner as with special switches can try to “go through” the filtering in a firewall.
Nessus / NessusWX, http://www.nessus.org/ – systems scanner that finds known and
FTester (Linux), link to article describing how to use the tool –
Tools in Kali Linux such as. Firewalk.
HoneyBOT, http://www.atomicsoftwaresolutions.com/ can be used to register
Websites such as: https://www.grc.com/shieldsup
Or tools freely chosen by yourself. Kali Linux has most of it built in already, though not
What type are the firewalls?
What features / functions are there in them?
What are the advantages and disadvantages of each solution?
Your opinion on performance, authentication, security, services?
Your opinion on interfaces, administration, documentation?
Verify the function and state your assessment of the firewalls you have used practically
Attack with Nmap, Nessus or a suitable tool from outside, check the firewall log and tool log. Keep in mind that when you attack with Nmap, you have to use TCP packages (ACK scans for example) that are formatted to be able to go through firewalls.
unknown system and configuration vulnerabilities. This is not a tool to test one firewall but can provide a picture of the security mode of open gates. http://www.howtoforge.com/test_your_linux_firewall… and collect attacks / traffic on different gates. Nessus but it can be downloaded and installed with a simple command. Questions the moment. Ie. test the firewall’s functions practically. What happens, for example. about one scanning performed against victim? How to set up firewall protection, etc. The principle behind an ACK scan is to trick the firewall that the inside already has one connection SYN (which it does not have) to the outside and that the outside responds with SYNACK or just ACK. In this scenario, some firewalls can let traffic through, especially if they are of the stateless type. Write a report that compares / evaluates the firewall solutions. If possible, you should include at least 3 different firewalls in the comparison, preferably of different types. Ie. personal, NAT router, server-based, etc. Where the server-based in many cases will probably be a theoretical comparison. Keep in mind that the protection can be found at different levels such as stateless / stateful and in the application layer. Task: Digital forensics – MBR (Master Boot Record) We will perform a forensic data examination of some image files (mirror copies of data media). A digital crime scene investigation is very similar to a regular crime scene investigation. The three steps which are normally performed in a digital crime scene investigation are: 1. Collect and copy data without destroying or altering original data and evidence disappears or becomes invalid. 2. Analyze the copies (the focus is often on the criminal suspicion). Preferably with different tools to verify the same result. 3. Write a report on the results of the survey. Point one has already been performed by your employee in this case. Download and unzip the file forensic_cases.zip located in the same folder as the lab. The file contains 6 binaries examined. Case-0 through case-3 represents only the first sector, ie. MBR (Master Boot Sector) from a storage medium such as hard disk, USB memory, diskette etc. Guided by information, you should be able to figure out a lot about what media the saved sector is coming from from. To help you, you can use a hex editor or other forensic tool that allows you examine low-level data. Some information about what it can look like in MBR can be found here: http://en.wikipedia.org/wiki/Master_boot_record Some appriotiate programs: Active Disk editor – http://www.disk-editor.org DiscExplorer – http://www.runtime.org WinHex – http://www.x-ways.com For the work : Try to find as much MBR information as possible from the contents of each file. Present the result of your survey in a table or other appropriate format.
Requirements: .doc file