Question #1 ========= The world has to deal with newly released vulnerabilities on a daily basis.

Question #1

=========

The world has to deal with newly released vulnerabilities on a daily basis.  These vulnerabilities eventually lead to active exploits of systems, and it is our job as cyber security professionals to stop that from happening.

I would like for each of you to research (5) vulnerabilities have been release since Jan 1, 2008 and report back on:

1) What systems, services are affected;

2) What attack vectors could be used to exploit the vulnerable systems;

3) What mitigation factors could be used to stop the attack of the vulnerability;

Two URLs that should help in the search:

http://nvd.nist.gov/nvd.cfm

and

http://www.ciac.org

Question #2

==========

Do you know what you machine is up to?  We are going to get a better understand of what it is with this question.  Ensure that you are on a machine that is connected to the Internet, and perform a netstat of your current situation.  Cut and paste the results of this command into your homework assignment.

1) In your own words, describe what you are seeing;

2) Comment on the active connections that you see, including the hosts/connections and the ports used for those connections.

3) Do you see any connections that you did not expect?

Extra Exercise:

If you see a connection that does not make sense, or are interested in making a tie back to the executable which is responsible for it...  Gather the process id from netstat and research through Task Manager which executable is responsible.

Question #3

==========

We are going to build an IDS signature using English terms and not technical terms.  I would like for each of you to explain how you would build an "IDS Signature" to help detect the following:

1) A host on the internet is performing recon across your subnet, looking for machines that are responsive.  The hacker is using the simple tool of "ping" to do his/her recon.

2) A hacker on the internet is performing a port scan looking for active web servers (both un-secure and secure versions).

3) A user stumbles upon a wonderful application named nmap.  They decide to do a little bit of ready about the product, and fires it up.  While running the nmap tool they cross your subnet.

4) A user on your network has some extra time on their hands and decides to perform some web surfing from their desk.  They stumble upon a web page that tells that about this great location in Florida and welcomes them to fly down.  In one of the pictures of the resort, is an embedded vulnerability when viewed by a vulnerable system.  With your security hat on, you find that this vulnerability always has the following hex string in the file:  x00 x09 x01 x00 x01 x00 x00