



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A detailed analysis of network security vulnerabilities identified using nmap and wireshark. It examines specific vulnerabilities related to outdated operating systems, insecure remote access protocols, and insecure file transfer methods. Practical recommendations for mitigating these vulnerabilities, drawing upon industry-respected research and sources.
Typology: Thesis
1 / 7
This page cannot be seen from the preview
Don't miss anything!




A review of the Pcap1.pcapng file was conducted. The packet capture was able to capture a significant amount of data which allowed me to explore different organizational methods of looking at the data collected. I decided to filter the list by source IP address which immediately identified a potential threat. By grouping the captures, it was evident there are a high volume of TCP packets For IP address 1 0. 1 68.27. 1 7. This could be evidence of a Denial of Service attempt or to map the network.
Upon scanning the results of this Pcap1.pcapng file, I also noticed each IP address listed in the table at the top of this document has tried to initiate an RDP (Port 3 389) session, including the 10 .168. 2 7.1 device. Each of these attempts also appear that they could be trying execute port forwarding.
After looking at traffic based on IP grouping, I then filtered based on the FTP protocol. There was a connection found to Filezilla, which is an insecure file sharing platform. The IP address and potentially clear text password is visible. This connection was successful over Port standard Port 21.
The first anomaly is potentially one of two possible issues. It is either a possible Denial of Service attempt, which would congest up the connection and ultimately cause the system to crash, or it could be a process of mapping the network. If this scanning is not stopped, either the attacker can gain valuable information about the network layout, what ports are open, what IP addresses are active, and other critical data. For a potential denial of service attack, it could take the system offline and cause an outage. I feel it is more likely that this is an nmap scan being run to map the network drive. The second Anomaly discovered was an RDP connection. RDP is currently used, but it should only be used for internal connections. It appears this connection attempt was internal, but it is still worth cautioning. More secure remote access sessions should be leveraged, such as SSH or a connection tool that would ensure the connection is encrypted. The third anomaly observed is an insecure file share attempt over FTP. FTP is no longer considered a safe method to transfer data from one device to another. FTP is an insecure connection that allows traffic to be transmitted over clear text with no encryption. This makes it extremely easy for an attacker to intercept this data.
Beginning with the Operating Systems vulnerabilities, devices running operating systems that are out of support with the vendor create a significant risk. These devices can no longer be protected or patched by the vendor. Depending on the criticality of the data and the requirements it needs to be available for business needs, there are a couple of options on how to address this problem. If the system needs to have network or internet access to conduct critical business functions, it could be isolated to its own VLAN. This would separate it from the rest of the network. In order to allow it to communicate it could also have its own virtual firewall placed on the VLAN to protect the device from outside. It can also be configured to have an encrypted tunnel to any devices that it needs to access within the network itself. Another option is to apply Application Control
20 24, from https://www.guru 99 .com/ftp-vs-sftp.html
from https://www.exavault.com/blog/difference-between-ftp-ftps-and-sftp
February 20 24, from https://www.n-able.com/blog/security-risks-of-remote-desktop-access
from https://threatpost.com/remote-desktop-protocol-secure/ 167719 /