Network Security Vulnerability Analysis and Remediation: A Case Study, Thesis of Accounting

A detailed analysis of network security vulnerabilities identified using nmap and wireshark. It examines specific vulnerabilities related to outdated operating systems, insecure remote access protocols, and insecure file transfer methods. Practical recommendations for mitigating these vulnerabilities, drawing upon industry-respected research and sources.

Typology: Thesis

2024/2025

Available from 12/11/2024

helperatsof-1
helperatsof-1 🇺🇸

4.2

(5)

14K documents

1 / 7

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Emerging
T
e
c
hno
lo
gie
s in
C
y
b
e
r
s
e
c
u
r
it
y
C
844
PRFA
GRP1 Task
1:
NMAP
and
Wir
e
s
h
ar
k
S
u
s
an
C
r
o
w
e
S
t
ud
e
n
t
ID:
011374378
06:02:49 GMT -05:00
pf3
pf4
pf5

Partial preview of the text

Download Network Security Vulnerability Analysis and Remediation: A Case Study and more Thesis Accounting in PDF only on Docsity!

Emerging Technologies in Cybersecurity – C 844

PRFA – GRP 1 Task 1: NMAP and Wireshark

Susan Crowe

Student ID: 011374378

A. Describe the network topology you found when running Nmap. Include screenshots

as evidence of running Nmap.

Based on the zenmap scan conducted, there are approximately six (6) hosts active.

The table below provides a summary of the host IP addresses with their identified open

ports. The screenshot below provides a view of the zenmap scan result. Within zenmap

there is a diagram available, provided in a screenshot below, that provides the topology

of the network. By the diagram displayed, we can see that a star topology is being

used.

HOST OPEN PORTS OPERATING SYSTEM

Windows Server 2012

22 Linux 2. 6. 32

7 , 9 , 13 , 21 , 80 , 135 , 139 , 445 , 49154 , 49155 Windows Vista 2008

22 Linux 2. 6. 32

22 Linux 2. 6. 32

10. 168. 27. 1 None Linux 2. 6. 32

Anomaly 1

A review of the Pcap1.pcapng file was conducted. The packet capture was able to capture a significant amount of data which allowed me to explore different organizational methods of looking at the data collected. I decided to filter the list by source IP address which immediately identified a potential threat. By grouping the captures, it was evident there are a high volume of TCP packets For IP address 1 0. 1 68.27. 1 7. This could be evidence of a Denial of Service attempt or to map the network.

Anomaly 2

Upon scanning the results of this Pcap1.pcapng file, I also noticed each IP address listed in the table at the top of this document has tried to initiate an RDP (Port 3 389) session, including the 10 .168. 2 7.1 device. Each of these attempts also appear that they could be trying execute port forwarding.

Anomaly 3

After looking at traffic based on IP grouping, I then filtered based on the FTP protocol. There was a connection found to Filezilla, which is an insecure file sharing platform. The IP address and potentially clear text password is visible. This connection was successful over Port standard Port 21.

D. Summarize the potential implications of not addressing each of the anomalies found

when running Wireshark.

The first anomaly is potentially one of two possible issues. It is either a possible Denial of Service attempt, which would congest up the connection and ultimately cause the system to crash, or it could be a process of mapping the network. If this scanning is not stopped, either the attacker can gain valuable information about the network layout, what ports are open, what IP addresses are active, and other critical data. For a potential denial of service attack, it could take the system offline and cause an outage. I feel it is more likely that this is an nmap scan being run to map the network drive. The second Anomaly discovered was an RDP connection. RDP is currently used, but it should only be used for internal connections. It appears this connection attempt was internal, but it is still worth cautioning. More secure remote access sessions should be leveraged, such as SSH or a connection tool that would ensure the connection is encrypted. The third anomaly observed is an insecure file share attempt over FTP. FTP is no longer considered a safe method to transfer data from one device to another. FTP is an insecure connection that allows traffic to be transmitted over clear text with no encryption. This makes it extremely easy for an attacker to intercept this data.

E. Recommend solutions for eliminating or minimizing all identified vulnerabilities or

anomalies from Wireshark and Nmap. Use current, industry-respected, reliable

research and sources to support your recommendations for each vulnerability or

anomaly.

Beginning with the Operating Systems vulnerabilities, devices running operating systems that are out of support with the vendor create a significant risk. These devices can no longer be protected or patched by the vendor. Depending on the criticality of the data and the requirements it needs to be available for business needs, there are a couple of options on how to address this problem. If the system needs to have network or internet access to conduct critical business functions, it could be isolated to its own VLAN. This would separate it from the rest of the network. In order to allow it to communicate it could also have its own virtual firewall placed on the VLAN to protect the device from outside. It can also be configured to have an encrypted tunnel to any devices that it needs to access within the network itself. Another option is to apply Application Control

9. Williams, L. (November 2023 ), FTP vs. SFTP: Key Difference Between Them. Retrieved on 12 February

20 24, from https://www.guru 99 .com/ftp-vs-sftp.html

10. Exavault (April 2020 ), The Difference Between FTP, FTPS, and SFTP. Retrieved on 12 February 2 024,

from https://www.exavault.com/blog/difference-between-ftp-ftps-and-sftp

11. Levy, M. (July 2020 ), Security Risks of Remote Desktop Access and How to Prevent them. Retrieved on 15

February 20 24, from https://www.n-able.com/blog/security-risks-of-remote-desktop-access

12. Dunn, M. (July 2021 ), Is Remote Desktop Protocol Secure? It Can Be. Retrieved on 15 February 20 24,

from https://threatpost.com/remote-desktop-protocol-secure/ 167719 /