LAB 2: Vulnerabilities

 

Materials Needed:

1. Computer running either Windows or Linux/Unix
2. Internet connection
3. NetBrute (http://www.rawlogic.com/products.html or http://www.1clickdownload.com/download.php?o=down;id=125;url=0)
4. SuperScan (http://www.foundstone.com/resources/proddesc/superscan.htm)

 

Activity

 

LOCAL SYSTEMS

1)      In this exercise, you will test your computer for Internet Security.

·        Go to Gibson Research Corporation’s Web site at grc.com

·         Click on the ShieldsUp! link and click on the Test My Shields!

                                                               i.       Describe the vulnerabilities found on your computer.

·        Click on the Probe My Ports!

                                                               i.       Describe the ports that are open and what services are running on these ports.

·         How secure is your system? Explain

 

2)      SuperScan4 is a free security scanner written and maintained by Foundstone (a division of McAfee). It is designed to help administrators locate and fix security holes in their computer systems. In this exercise, you will scan your own computer to determine the processes running and any obvious vulnerability.

·        Install the scanner

·        Run SuperScan4 (Go to the Host and Service Discovery tab and the TCP Port Scan section and change the Scan Type from SYN to Connect.

·        Go back to the Scan tab and start the scan on your own computer (127.0.0.1).

·        Review the results of the scan.

·        Briefly describe what you found.

·        How secure is your computer?

 

NETWORK SYSTEMS

• Use SuperScan or NetBrute to scan remote computers. CSU does monitor it's networks very tightly, so you must be careful using this tool. Students have been locked out of the university network and servers when they used this carelessly. Inspect cpsc.ColumbusState.edu and sail-1.ColumbusState.edu using the PortScan feature of SuperScan or NetBrute.
• Web servers are notorious for containing large numbers of vulnerabilities. Find out which of the hosts in the same subdomain as cpsc.ColumbusState.edu (168.26.193.209/28) have web servers running. Select a few of these and try and determine what the server is used for. Describe what you found and how you found it.

Questions

1. Discuss the information that you found about

• cpsc.ColumbusState.edu,

 

• crta.info,

 

• sail-1.ColumbusState.edu,

 

• and one other system.

 

 

2. Discuss ways that a hacker would be able to exploit this information.