Answered You can hire a professional tutor to get the answer.
Area 1:
Area 1: Wireshark
Questions that involve Wireshark will concern the usage of Wireshark as a network monitoring tool, the various functions within it that can be used to expedite this process, and the types of information that can be obtained by examination of traffic logs. These will involve the lab activities that we've done in class. Example questions:
· Explain, what exactly Wireshark does and how this is valuable to a professional in the network security field.
· Many network attacks involve repeated series of short conversations between the attacker and the target. What is the easiest way to identify the attacker and target via Wireshark. Explain your answer.
· When an ARP poisoning attack is occurring, what information in a Wireshark traffic capture makes it obvious that this is malicious activity and not just a large amount of ARP traffic? Explain.
Area 2: Zenmap(nmap)
For Zenmap, you should be able to describe the functionality of the program and how it is useful for both an attacker and defender in the network. You should be able to, as a related matter, discuss CVE's and how they can be found and used based on public knowledge and knowledge gained in an nmap scan.
· Using Zenmap, what information can you find out about a target system?
· How likely are the various scan types to arouse suspicion in a network defender? Explain.
· If Zenmap identifies that a port on a system is open and determines the program attached to the port, how can you leverage this information into a possible attack?
· What is a CVE, and why should security practitioners always be aware of any that might apply to their systems?
Area 3: Armitage (Metasploit)
You should be able to describe how Armitage is used to launch attacks upon a target system. This includes the modules within it (of the types we have discussed in class so far), the general process of using one, and the functionality provided. This includes the in-class demonstration of the smb exploit used to get root access to the target, and the usage of fuzzer modules to look for buffer overflows. You should also be able to describe how buffer overflows work, and why they are both common in programs and dangerous security risks.
· When using Armitage and launching an attack, you have to provide certain information to the module to work. How do you determine this information and how do you provide it to the module?
· Describe how a buffer overflow attack works against a program.
· Once Armitage has been used to compromise a system, what actions can the attacker take on the system.
Area 4: Process of network attacks
The questions in this area involve the process involved in planning and executing a network (or physical) attack against a target. This starts with the process of information gathering and ends up with cleaning up your tracks. You should be able to discuss the various stages of the attack preparation, planning, and execution, and describe the activities that take place at each stage and how they benefit the attacker. You should also spend some time to consider ways in which these activities could be counteracted by a defender. For example, when considering the final step in the process of obscuring your actions, a prepared defender could have remote logging support that would retain an accurate picture of what happened on the system.
· Describe briefly each stage in the process of properly planning and executing a network attack.
· Which stage is the most important to an attacker? Justify your answer
· When cleaning up your tracks, the two general options are to obfuscate the log files or to delete the log files. Which is preferred and why? Under what circumstances would you settle for the second option?