{"id":566,"date":"2024-11-27T01:00:42","date_gmt":"2024-11-27T01:00:42","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/?page_id=566"},"modified":"2024-11-27T01:00:42","modified_gmt":"2024-11-27T01:00:42","slug":"sword-vs-shield","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/sword-vs-shield\/","title":{"rendered":"Sword vs. Shield"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-text-align-center\"><strong>\u00a0<\/strong>Old Dominion University<\/h1>\n\n\n\n<h1 class=\"wp-block-heading has-text-align-center\">CYSE 301 Cybersecurity Techniques and Operations<\/h1>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">Assignment 3: Sword vs. Shield<\/h2>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">Edwin C Wells IV<\/h2>\n\n\n\n<p><strong>Task A: Sword &#8211; Network Scanning<\/strong><\/p>\n\n\n\n<ol>\n<li>Use Nmap to profile the basic information about the <strong>subnet<\/strong> topology (including open ports information, operation systems, etc.)\u00a0 You need to get the <strong>service<\/strong> and <strong>backend software<\/strong> information associated with each opening port in each VM.\n<ol>\n<li>192.168.10.10 Ubuntu\n<ol>\n<li>Open Ports\n<ol>\n<li>Port 21\n<ol>\n<li>Service: ftp\n<ol>\n<li>Version: vsftpd 3.0.3<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-19.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"818\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-19.png\" alt=\"\" class=\"wp-image-567\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-19.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-19-300x252.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-19-768x644.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-19-358x300.png 358w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>192.168.10.11 windows server 2008\n<ul>\n<li>Open ports<ul><li>Port: 21<ul><li>Service: FTP<ul><li>Version: Microsoft ftpd<\/li><\/ul><\/li><\/ul><\/li><\/ul><ul><li>Port: 80<ul><li>Service: http<ul><li>Version: Microsoft ITS httpd 7.5<\/li><\/ul><\/li><\/ul><\/li><\/ul><ul><li>Port 135<ul><li>Service: msrpc<ul><li>Version: Microsoft Windows RPC<\/li><\/ul><\/li><\/ul><\/li><\/ul><ul><li>Port 445<ul><li>Service: Microsoft-ds<ul><li>Version: Windows Server 2008 R2 Standard 7600 microsoft-ds<\/li><\/ul><\/li><\/ul><\/li><\/ul><ul><li>Port 3389<ul><li>Service: ms-wbtserver<ul><li>Version: not listed<\/li><\/ul><\/li><\/ul><\/li><\/ul>\n<ul>\n<li>Port 49154\n<ul>\n<li>Service: msrpc\n<ul>\n<li>Version: Microsoft windows RPC<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-20.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"817\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-20.png\" alt=\"\" class=\"wp-image-568\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-20.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-20-300x251.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-20-768x644.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-20-358x300.png 358w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>192.168.10.2 pfsense\n<ul>\n<li>Open Ports<ul><li>Port 53<ul><li>Service: tcpwrapped<ul><li>Version: not listed<\/li><\/ul><\/li><\/ul><\/li><\/ul><ul><li>Ports 80<ul><li>Service: http<ul><li>Version: nginx<\/li><\/ul><\/li><\/ul><\/li><\/ul>\n<ul>\n<li>Port: 443\n<ul>\n<li>Service: ssl\/http\n<ul>\n<li>Version: nginx<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-21.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"818\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-21.png\" alt=\"\" class=\"wp-image-569\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-21.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-21-300x252.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-21-768x644.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-21-358x300.png 358w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li><strong><\/strong>Run Wireshark in Ubuntu VM while External Kali is scanning the network. Discuss the traffic pattern you observed. What do you find?<strong><u> Please write a 200-word essay to discuss your findings.<\/u><\/strong><\/li>\n<\/ul>\n\n\n\n<p>At the beginning of the Wireshark capture there is the normal TCP and DNS traffic between Ubuntu and Pfsense. Then as Zenmap started its intense scan a flood of broadcast ARP happened for 192.168.10.0\/24 subnet. Two pings were successfully made from ubuntu to external kali during the ARP broadcast. After the broadcast then came external kali trying to establish a connection on all ports. The only port that ubuntu was responding for was TCP port 21. External Kali then verified the software and service for port 21 which was FTP service with vsFTPd 3.0.3. Then the stream went back to the standard TCP and DNS request from ubuntu for ntp.ubuntu.com. This probably happened while zenmap was testing the other endpoint for open ports. Once Zenmap came back to ubuntu it retested the connection to port 21 and pinged the ubuntu system as well, several more times. The TCP recconection to port 21 also was coming from different source port sequentially. Zenmap also tried to connect to port 37263 via UDP but was unreachable. Responses were in ICMP. Zenmap tried to login to the FTP server on Ubuntu several times with the username anonymos and the password IEUser@. It also tried to connect to the FTP server with the Transport Layer Security&nbsp; however quit afterwards. Zenmap also utilized the SYST and STAT commands to attempt to gather system information about the FTP server. Then it returned to the normal TCP and DNS stream indicating that Zenmap was finished with its scan. <strong><br><\/strong><\/p>\n\n\n\n<p><strong>Task B: Shield \u2013 Protect your network with firewall<\/strong><\/p>\n\n\n\n<ol>\n<li>Configure the pfSense firewall rule to block the ICMP traffic from External Kali to Ubuntu VM.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Rule #<\/td><td>Interface<\/td><td>Action<\/td><td>Source IP<\/td><td>Destination IP<\/td><td>Protocol (port # if appliable)<\/td><\/tr><tr><td>1<\/td><td>WAN<\/td><td>Block<\/td><td>192.168.217.3<\/td><td>192.168.10.10<\/td><td>ICMP<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ol style=\"list-style-type:lower-alpha\">\n<li>Initial test<ol><li>Ping ubuntu and WS 2008<\/li><\/ol>\n<ol>\n<li>Connect FTP on Ubuntu<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-22.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"821\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-22.png\" alt=\"\" class=\"wp-image-570\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-22.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-22-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-22-768x647.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-22-356x300.png 356w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Rule<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-23.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"823\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-23.png\" alt=\"\" class=\"wp-image-571\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-23.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-23-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-23-768x648.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-23-355x300.png 355w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Validation of rule\n<ul>\n<li>Affected parameters\n<ul>\n<li>Block ping from external kali to ubuntu<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-24.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"820\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-24.png\" alt=\"\" class=\"wp-image-572\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-24.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-24-300x252.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-24-768x646.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-24-357x300.png 357w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ol style=\"list-style-type:lower-roman\">\n<li>Unaffected parameters\n<ol>\n<li>Ping WS 2008 and FTP to ubuntu successfully<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-25.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"820\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-25.png\" alt=\"\" class=\"wp-image-573\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-25.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-25-300x252.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-25-768x646.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-25-357x300.png 357w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Clear the previous firewall policies and configure the pfSense firewall to block all ICMP traffic from External Kali to the LAN side.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Rule #<\/td><td>Interface<\/td><td>Action<\/td><td>Source IP<\/td><td>Destination IP<\/td><td>Protocol (port # if appliable)<\/td><\/tr><tr><td>1<\/td><td>WAN<\/td><td>Block<\/td><td>192.168.217.3<\/td><td>*<\/td><td>ICMP<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ol style=\"list-style-type:lower-alpha\">\n<li>Initial test<ol><li>Ping ubuntu and WS 2008<\/li><\/ol>\n<ol>\n<li>Connect FTP on Ubuntu<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-26.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"820\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-26.png\" alt=\"\" class=\"wp-image-574\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-26.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-26-300x252.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-26-768x646.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-26-357x300.png 357w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Rule<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-27.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"823\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-27.png\" alt=\"\" class=\"wp-image-575\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-27.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-27-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-27-768x648.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-27-355x300.png 355w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Validation of rule\n<ul>\n<li>Affected parameters\n<ul>\n<li>Blocked pings to both ubuntu and WS 2008<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-28.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"821\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-28.png\" alt=\"\" class=\"wp-image-576\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-28.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-28-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-28-768x647.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-28-356x300.png 356w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ol style=\"list-style-type:lower-roman\">\n<li>Unaffected parameters\n<ol>\n<li>FTP connection to ubuntu sucess<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-29.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"821\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-29.png\" alt=\"\" class=\"wp-image-577\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-29.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-29-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-29-768x647.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-29-356x300.png 356w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Clear the previous firewall policies and configure the pfSense firewall to block ALL traffic from External Kali to the LAN side, except for the FTP protocol towards Windows Server 2008.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Rule #<\/td><td>Interface<\/td><td>Action<\/td><td>Source IP<\/td><td>Destination IP<\/td><td>Protocol (port # if appliable)<\/td><\/tr><tr><td>1<\/td><td>WAN<\/td><td>Pass<\/td><td>192.168.217.3<\/td><td>192.168.10.11<\/td><td>FTP Port 21<\/td><\/tr><tr><td>2<\/td><td>WAN<\/td><td>Block<\/td><td>192.168.217.3<\/td><td>*<\/td><td>*<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ol style=\"list-style-type:lower-alpha\">\n<li>Initial test<ol><li>Ping ubuntu and WS 2008<\/li><\/ol>\n<ol>\n<li>Connect FTP on Ubuntu<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-30.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"822\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-30.png\" alt=\"\" class=\"wp-image-578\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-30.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-30-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-30-768x647.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-30-356x300.png 356w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ol style=\"list-style-type:lower-roman\">\n<li>HTTP to WS 2008<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-31.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"819\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-31.png\" alt=\"\" class=\"wp-image-579\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-31.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-31-300x252.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-31-768x645.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-31-357x300.png 357w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ol style=\"list-style-type:lower-roman\">\n<li>FTP to WS 2008<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-32.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"820\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-32.png\" alt=\"\" class=\"wp-image-580\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-32.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-32-300x252.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-32-768x646.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-32-357x300.png 357w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Rule<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-33.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"822\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-33.png\" alt=\"\" class=\"wp-image-581\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-33.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-33-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-33-768x647.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-33-356x300.png 356w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Validation of rule\n<ul>\n<li>Affected parameters<ul><li>Blocked pings to ubuntu and WS 2008<\/li><\/ul>\n<ul>\n<li>Blocked FTP to ubuntu<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-34.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"822\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-34.png\" alt=\"\" class=\"wp-image-582\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-34.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-34-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-34-768x647.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-34-356x300.png 356w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Blocked http to WS 2008<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-35.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"821\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-35.png\" alt=\"\" class=\"wp-image-583\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-35.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-35-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-35-768x647.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-35-356x300.png 356w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ol style=\"list-style-type:lower-roman\">\n<li>Unaffected parameters<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-36.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"821\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-36.png\" alt=\"\" class=\"wp-image-584\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-36.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-36-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-36-768x647.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-36-356x300.png 356w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<ul>\n<li>Keep the firewall policies you created in Task B.3 and repeat Task A.1. What\u2019s the difference?\n<ul>\n<li>All of the host were down\/blocked during the ping broadcast from zenmap. This then prevented zenmap from further scanning the subnet. Wireshark on the ubuntu side only saw the normal TCP\/DNS stream from ubuntu to pfsense.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-37.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"821\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-37.png\" alt=\"\" class=\"wp-image-585\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-37.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-37-300x253.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-37-768x647.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-37-356x300.png 356w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<p><strong><br><\/strong><\/p>\n\n\n\n<p><strong>Extra credit (15 points): Use NESSUS to enumerate the security vulnerabilities of Microsoft Windows Server 2008 VM in the CCIA network.<\/strong><\/p>\n\n\n\n<p>There are 18 listed vulnerabilities and 36 informations<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-38.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"816\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-38.png\" alt=\"\" class=\"wp-image-586\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-38.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-38-300x251.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-38-768x643.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-38-358x300.png 358w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<p>There are 3 critical vulnerabilities and 3 high vulnerabilities<\/p>\n\n\n\n<ul>\n<li>Critical<ul><li>Microsoft RPD RCE CVE 2019-0708<\/li><\/ul><ul><li>MS 14-066 Vulnerability in Schannel cloud allow remote code execution 2992511<\/li><\/ul>\n<ul>\n<li>Unsupported windows OS<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>High<ul><li>MS12-020 vulnerabilities in remote desktop cloud all remote code execution 2671387<\/li><\/ul><ul><li>MS17-010 secuiryt update for Microsoft windows SMB server 4013389<\/li><\/ul>\n<ul>\n<li>Unsupported web server detection<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-39.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"817\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-39.png\" alt=\"\" class=\"wp-image-587\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-39.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-39-300x251.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-39-768x644.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-39-358x300.png 358w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n\n\n\n<p>There are 11 medium security vulnerabilities and 1 low security vulnerability<\/p>\n\n\n\n<ul>\n<li>Medium<ul><li>SSL certificate cannot be trusted<\/li><\/ul><ul><li>SSL self-signed certificate<\/li><\/ul><ul><li>TLS version 1.0 protocol detection<\/li><\/ul><ul><li>Microsoft Windows Remote desktop protocol server man-in-the-middle weakness<\/li><\/ul><ul><li>Ms 12-073 vulnerabilities in Microsoft IIS cloud allow information disclosure 1733829<\/li><\/ul><ul><li>SMB singing not required<\/li><\/ul><ul><li>SSL certificate signed using weak hashing algorithm<\/li><\/ul><ul><li>SSL medium strength cipher suites supported<\/li><\/ul><ul><li>SSL RC4 cipher suites supported<\/li><\/ul><ul><li>Terminal Services Encryption level is medium or low<\/li><\/ul>\n<ul>\n<li>Terminal serviced doesn\u2019t use network level authentication only<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Low\n<ul>\n<li>Terminal Services encryption level is not FIPS-140 Compliant<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-40.png\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"817\" src=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-40.png\" alt=\"\" class=\"wp-image-588\" srcset=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-40.png 975w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-40-300x251.png 300w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-40-768x644.png 768w, https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-content\/uploads\/sites\/30994\/2024\/11\/image-40-358x300.png 358w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0Old Dominion University CYSE 301 Cybersecurity Techniques and Operations Assignment 3: Sword vs. Shield Edwin C Wells IV Task A: Sword &#8211; Network Scanning At the beginning of the Wireshark capture there is the normal TCP and DNS traffic between Ubuntu and Pfsense. Then as Zenmap started its intense scan a flood of broadcast ARP&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/sword-vs-shield\/\">Read More<\/a><\/div>\n","protected":false},"author":25223,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-json\/wp\/v2\/pages\/566"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-json\/wp\/v2\/users\/25223"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-json\/wp\/v2\/comments?post=566"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-json\/wp\/v2\/pages\/566\/revisions"}],"predecessor-version":[{"id":589,"href":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-json\/wp\/v2\/pages\/566\/revisions\/589"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/edwin-wells-4\/wp-json\/wp\/v2\/media?parent=566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}