Why is keeping Linux updated essential for security

Assignment Help Computer Network Security

Reference no: EM133999878

Tutorial 1 - Reconnaissance

Penetration Testing & Countermeasures

Choose a Target
Option A - Juice Shop (Docker):
1. Install Docker.
2. Run: docker run -d --name juice -p 3000:3000 bkimminich/juice-shop
Target = localhost:3000
Stop/cleanup: docker stop juice && docker rm juice

Option B - Metasploitable2 (VirtualBox host-only):
1. Import the Metasploitable2 OVA into VirtualBox.
2. Attach Host-Only Adapter, start VM and note its IP (e.g., 192.168.56.101).
Target = VM IP.

Note: You may use Kali, BackBox, or Parrot as your attacking VM. If Docker/VM targets are not possible, consult your tutor for alternatives.
Workspace & Start Log
Open a terminal in your attacker VM and run:
mkdir -p ~/lab_recon/week1 && cd ~/lab_recon/week1
echo "$(date) | START Recon | operator: <YourName> | ID: <YourID>" >> commands-log.txt
Commands to Run (Kali/BackBox/Parrot)
Passive Recon (10-15 min):
# WHOIS (if you have a real domain)
whois lab.example.local > whois-lab.txt

# DNS queries
dig lab.example.local ANY +noall +answer > dig-any.txt
dig lab.example.local A +short > dig-A.txt
dig lab.example.local MX +short > dig-MX.txt
dig _dmarc.lab.example.local TXT +short > dig-dmarc.txt

Active Recon (20-25 min):
# Host discovery
nmap -sn 192.168.56.0/24 -oN nmap-discovery.txt
# OR for Juice Shop
nmap -p 3000 localhost -oN nmap-discovery.txt

# Service/version scan
nmap -sV -p 22,80,443 <targetIP> -oN nmap-sv-<targetIP>.txt
nmap -sV -p 3000 localhost -oN nmap-sv-juice.txt

# Banner grabs
echo -e "HEAD / HTTP/1.0\r\n\r\n" | nc <targetIP> 80 > banner-<targetIP>-80.txt
echo -e "HEAD / HTTP/1.0\r\n\r\n" | nc localhost 3000 > banner-juice-3000.txt
nc <targetIP> 25 > banner-<targetIP>-25.txt < /dev/null
Wireshark / Packet Capture (Optional)
If Wireshark is installed, start a capture while scanning and save as scan_capture.pcap.
Take a screenshot of filtered traffic (e.g., DNS queries or HTTP requests).
If Wireshark is not available, this step may be skipped.

Report (One Page)

1. Header: name, student ID, date/time, target type (Docker/VM)

2. Targets tested (domain/IPs - lab only)

3. Exact commands run (3-8 lines)

5. Declaration: 'I confirm I ran tests only on lab targets and saved evidence.' No AI shortcuts — Get genuine assignment help from experienced, real tutors.

6. Answers to Q1-Q12 (concise, numbered)

Q1-Q12 (Answer in your Report)

Q1: Domain(s) queried & filenames for WHOIS/DNS outputs

Q2: WHOIS field(s) for registrar & name servers

Q3: DNS record types queried & which file shows mail server config

Q4: One follow-up active recon action you would plan

Q5: One Google dork (text) and why it might reveal sensitive data

Q6: Filename of Nmap discovery file & IP you selected

Q7: Filename of Nmap service/version output file

Q8: Filenames of banner outputs

Q9: Port numbers open on the chosen host

Q10: One-line mitigation for the highest-risk port

Q11: Exact ZIP filename you will upload

Q12: Confirm (Y/N) that evidence-sha256.txt includes all hashes

Tutorial 2 - Enumeration

This tutorial complements the Week 2 lecture (concepts) by providing practical, step-by-step guidance.
1. Safety (read first)
• Only scan systems you own or instructor-provided targets.
• Use VirtualBox host-only networking to isolate labs from the internet.
• Attacker VM: Kali Linux (default), or alternatively BackBox or Parrot.
• Targets:
- Option A: Juice Shop (Docker, localhost:3000)
- Option B: Metasploitable2 (VirtualBox VM, host-only IP e.g. 192.168.56.101)
• Wireshark is optional this week (recommended for capture).
• If you see real personal data, stop immediately and notify your tutor.
2. Workspace setup
mkdir -p ~/lab_enum/week2 && cd ~/lab_enum/week2
echo "$(date) | START Enumeration | operator: <YourName> | ID: <YourID>" >> commands-log.txt
3. Windows/SMB Enumeration
nbtscan <targetIP> > nbtscan-<targetIP>.txt
enum4linux -a <targetIP> > enum4linux-<targetIP>.txt
smbclient -L //<targetIP>/ -N > smbshares-<targetIP>.txt
4. Service and Directory Enumeration
nmap -sV <targetIP> -oN nmap-enum-<targetIP>.txt
nmap --script=smb-os-discovery <targetIP> -oN nmap-smb-<targetIP>.txt
dirb https://localhost:3000 > dirb-juice.txt
5. SNMP Enumeration (if enabled)
snmpwalk -v1 -c public <targetIP> > snmp-<targetIP>.txt
6. Wireshark / tcpdump (Optional)
sudo tcpdump -i <iface> -w enum_capture.pcap
Or use Wireshark GUI, filter on smb || snmp || http
7. Evidence to collect
• nbtscan-<targetIP>.txt
• enum4linux-<targetIP>.txt
• smbshares-<targetIP>.txt
• nmap-enum-<targetIP>.txt
• nmap-smb-<targetIP>.txt
• dirb-juice.txt (if using Juice Shop)
• snmp-<targetIP>.txt (if applicable)
• enum_capture.pcap (optional)
• commands-log.txt
• 2-3 screenshots (nbtscan, enum4linux, dirb output)
8. Report (1 page)
Include:
• Header (name, student ID, date, target used)
• Short description of tools used
• Top 3 findings (Target | Evidence file | Short description | Risk | Recommendation)
• Answers to 6 short questions
9. Questions to answer in report
Q1: What did nbtscan reveal about the target system?
Q2: What user or share information did enum4linux or smbclient provide?
Q3: Which open services were confirmed by Nmap?
Q4: Did the directory enumeration reveal hidden resources?
Q5: What information did SNMP (if tested) expose?
Q6: Why is enumeration considered noisy compared to recon?

Tutorial 3: Desktop and Server OS Vulnerabilities
Part A: Windows Vulnerabilities
Activity 3.1 - Exploring Windows Updates and Misconfigurations
1. Boot into your Windows virtual machine (VM).
2. Go to Settings → Update & Security → Windows Update.
3. Check if updates are pending. Note down any missing updates.
4. Open Command Prompt and run:
- systeminfo - review OS version, patches installed, and hotfixes.
- net user - list user accounts and note if Guest account is enabled.
5. Write a short note: What vulnerabilities might exist if updates are missing or if unnecessary accounts are enabled?
Activity 3.2 - Password Policy Check
1. On the Windows VM, open Local Security Policy (type secpol.msc).
2. Under Account Policies → Password Policy, check:
- Minimum password length.
- Password complexity requirements.
- Account lockout threshold.
3. Compare the settings with best practices discussed in the lecture.
4. Write your observations: Would these settings be considered secure in a corporate environment?
Part B: Linux Vulnerabilities
Activity 3.3 - Checking for Updates
1. Boot into your Kali Linux (or Parrot/BackBox) VM.
2. Run the following commands:
- lsb_release -a - to see the Linux version.
- sudo apt-get update && sudo apt-get upgrade -s - simulate upgrade and check if packages are outdated.
3. Note down how many packages could be upgraded.
4. Write a reflection: Why is keeping Linux updated essential for security?
Activity 3.4 - Samba Service Investigation
1. In your Linux VM, check if Samba is installed and running:
- systemctl status smbd
- netstat -tulnp | grep 445
2. If Samba is running, identify if it has any shared folders:
- smbclient -L localhost -U
3. Record what you find. Discuss why misconfigured Samba shares are dangerous.
Part D: Reflection Questions
Write short answers (2-3 sentences each):
1. Why are null sessions considered a high security risk, even though they don't require a password?
2. How can buffer overflow vulnerabilities be exploited in operating systems?
3. Which is more challenging to secure in your opinion: Windows OS or Linux OS? Why?
4. What are two best practices you would recommend for hardening OS systems in a real organization?

Week 4 Tutorial: Social Engineering and DNS Security
Part A - Social Engineering Tasks
1. Discuss different social engineering techniques (phishing, shoulder surfing, dumpster diving, piggybacking).
2. Provide one real-world example of each and explain how the attack could have been prevented. No AI shortcuts — Get genuine assignment help from experienced, real tutors.
3. In small groups, role-play a social engineering attempt (e.g., an attacker calling IT support pretending to be an employee).
Part B - DNS Security
Objective: Learn how to identify DNS servers and test if they are vulnerable to zone transfer attacks.
Activity Steps:
1. Open a command line terminal in your Kali Linux or Windows environment.
2. Use the nslookup tool to find authoritative DNS servers for a target domain. Example:
nslookup
> set type=ns
> example.com
3. Once you have identified the DNS server, attempt a zone transfer using:
nslookup
> server dns.example.com
> ls -d example.com
4. If the zone transfer is successful, the server is vulnerable. If it fails, the server is properly secured.
5. Record your findings: Which DNS servers responded? Were any vulnerable to zone transfers?
Deliverable:
Write a two-page report including:
- Tools used (e.g., nslookup, dig, host)
- Steps followed
- Results of testing (whether zone transfers were allowed)
- Recommendations to secure DNS servers (e.g., disable zone transfers, restrict to secondary DNS servers only)

Week 5 Tutorial: Web Server and Application Vulnerability Testing

Objective: To practice identifying basic vulnerabilities in web servers and web applications, and to explore simple tools used for testing.
Task 1: Identifying Web Server Vulnerabilities
1. Open a browser and research common IIS vulnerabilities (IIS 8.5).
- Example search: "IIS 8.5 vulnerabilities OWASP" or "IIS 8.5 security risks."
2. Write down two possible vulnerabilities that could exist in IIS 8.5.
- Example: outdated modules, weak authentication settings.
3. For each vulnerability, note one simple recommendation to improve security.

Deliverable: Short bullet list with 2 vulnerabilities and 2 recommendations.
Task 2: Exploring Web Application Attack Tools
1. In Kali Linux (or through research if Kali is unavailable), search for Wapiti (a web application vulnerability scanner).
- Command: sudo apt-get install wapiti (if not installed).
- Run a help command: wapiti --help to see its options.
2. In your notes, answer briefly:
- What does Wapiti do?
- How would a tester use it to find vulnerabilities?
3. If time allows, identify one more tool (e.g., Burp Suite, Nikto, OWASP ZAP) and briefly state its purpose.

Reference no: EM133999878

Questions Cloud

Prime example of german expressionism : Specific examples from the film The Cabinet of Dr. Caligari, explain why the scenic design of Caligari is considered a prime example of German Expressionism?

How you can implement each in clinical and academic settings : Evaluate three evidence-based teaching strategies with which you are familiar. Explain how you can implement each in the clinical and academic settings.

What number would you give your marriage : What number would you give your marriage? What would be different in your life? These questions are used in what therapeutic modality?

Discuss the use of music during conflict : Discuss the use of music during conflict. What are musical choices that fit into this category?

Why is keeping Linux updated essential for security : Write a short note: What vulnerabilities might exist if updates are missing or if unnecessary accounts are enabled - Would these settings be considered secure

Art is not blameless and art can inflict harm : Art is not blameless. Art can inflict harm. The Taliban know that. It's about time we learned. Do you agree with this statement?

Child star by putting hundreds of millions of dollars : Is Disney Corp. actually making art as it churns out child star after child star by putting hundreds of millions of dollars behind them to make them popular?

Ballad for americans as resistance to incarceration : How does the author explain the contradictory relationship of Ballad for Americans as resistance to incarceration?

Thesis statement or basis of your paper : Thesis statement or basis of your paper, and a very preliminary overview of the evidence you will use to support it. Finally, the introduction should include

User Account

All Pages