SlideShare uma empresa Scribd logo

Bortniker_S610_ReconProject

Transferir como DOCX, PDF
J
Justin Bortniker

The reconnaissance assessment of Utica College involved three phases: 1) asset identification to discover IP addresses and associated assets, 2) human intelligence gathering information on employees from social media and employment sites, and 3) vulnerability assessment to identify vulnerabilities in public services. Phase 1 uncovered IP addresses, DNS records, and contact information. Phase 2 found skills listings and personal details that could be exploited. Phase 3 identified vulnerabilities that could allow attacks like denial of service or information theft. Recommendations included software updates, firewalls, limiting posted employee information, and training on secure practices.

1 de 9
RUNNINGHEADER: Recon Project 1 Reconnaissance Assessment of Utica College Justin Bortniker CYB-610 Performed by Bortniker Consultants Group
ReconProject 2 Contents: 1. Executive Summary…………………………………………..3 2. Methods and Tactics………………………………………….3 2.1. Phase 1 Tactics…………………………………………..3 2.2. Phase 2 Tactics…………………………………………..4 2.3. Phase 3 Tactics…………………………………………..4 3. Results………………………………………………………..5 3.1. Asset Identification Results……………………………...5 3.2. Human Intelligence Results……………………………..6 3.2. Vulnerability Assessment Results……………………….6 4. Recommendations……………………………………………7 5. Appendix…………………………………………Excel attachment
ReconProject 3 1. Executive Summary Businesses and organizations face the challenge of protecting their systems from cyber- attacks. While companies feel their computers are safe from attack, many of these organizations are unaware of the vulnerabilities in their systems. Utica college hired our company—Bortniker consultants—to perform a risk assessment of their organization. This report highlights the three phases of reconnaissance performed—asset identification, human intelligence and vulnerability assessment. The first phase, asset identification, lists the IP addresses and subsequent assets associated with those IP addresses. The second phase, human intelligence, displays all information on Utica College’s employees that attackers can use against the employee as well as the organization. Finally, the third phase, vulnerability assessment, lists all the vulnerabilities associated with Utica’s public facing services. The amount of information available to cybercriminals on the internet allows for potential attacks against Utica College. This report displays the results, methods employed and recommendations to mitigate the risk of attack. 2. Methods and Tactics The tools that the Bortniker Consultant group employs for reconnaissance are open source websites. These tools help to identify problems with the current security parameters and policy set in place by the college. Each phase requires specific resources to gather adequate intelligence on the target organization. 2.1. Phase 1 tactics In the first phase, the tools are centralops.net, robtex.com and pentest-tools.com. These three websites help to identify the IP range and any asset associated with that range. For example,
ReconProject 4 centralops.net and robtex.com display the DNS records (IP addresses, Start of authority, mail exchange, nameserver, address, text, and pointer for inverse lookup records), subnet range, location, and phone number. By entering Utica’s domain name (ex. Utica.edu), the public facing information is displayed for anyone to see. While pentest-tools.com performs the same duties, this website presents all of the subdomains linked to the college. When on the pentest-tools webpage, there is a link on the left for finding subdomains. Enter Utica.edu for the list of subdomains. The next phase performs human intelligence on the employees. 2.2. Phase 2 Tactics The second phase of the reconnaissance relies heavily on social media and employment websites. The purpose of this phase is to gain insight into the employees and job opportunities of the organization. Many employment sites—Linkedin, Indeed, and Monster—gives copious information about an employee or job opportunity. By simply entering a Utica College into one of these sites, the search provides a list of employees and job positions. After searching the employees or job openings, the next step is to turn to social media, which includes Facebook, Twitter, and Instagram. Enter the employee’s name into one of these websites to find personal information. Although not every employee is a member of these websites, there are enough employees for a potential attacker to gather enough information to use it against the organization. While the second phase relies on human intelligence tools, the third phase requires the use of tools that will find vulnerabilities linked to the public facing services. 2.3. Phase 3 Tactics The vulnerability assessment phase requires the use of websites to find the server application and version, as well as the vulnerabilities associated with the applications. The tools to distinguish the applications are builtwith.com, whatweb.net, and shodan.com. By entering the domain name of the target organization into the search bar, the list of applications, appear. Shodan.com, though, is slightly different in regards to performing the search; the user can enter the domain name, IP address or range, and the city of origin. The next step for this phase is to discover the vulnerabilities in the applications by using cvedetails.com and cve.mitre.org. For finding the vulnerabilities, enter the name of the application into cvedetails.com and then look for the version to find the vulnerabilities. The vulnerabilities are listed by a scoring system that
ReconProject 5 recognizes the most recent and serious vulnerabilities. The next section of the report describes the findings of the reconnaissance. 3. Results The results of the surveillance reveals the information that cybercriminals can use to exploit Utica College’s systems. Each phase exposes both the flaws and strengths of the security parameters that Utica has in place. This section describes the data and the correlation of the data between the three phases. 3.1. Asset Identification Results In the asset identification phase, the surveillance uncovers many of assets associated with the IP range of Utica College. The domain names associated with Utica College are Utica.edu, ecii.edu, and cimip.org. All of these domains have the same IP address, which is 72.237.4.113. Knowing the IP addresses of the domain name allows the attacker to gain access to the DNS (Domain Name System) records of the domains. Within the DNS records, our consultants found the address record, nameserver record, mail exchange record, text record, pointer for inverse lookups record, and start of authority records for all of the domains. These records give an attacker vital information regarding the organization. An attacker can use the IP address and DNS records to find the location of the domain name. The root email in the start of authority record allows cyber criminals to know the system administrator’s email, which leaves the email susceptible to attack. The mail exchange record gives an attacker information regarding the email provider that the college uses. Furthermore, knowing the email service can provide information, such as authentication questions and passwords to use against Utica College. The phone number of the college is available as well. The college needs to be aware of imposters trying to phish for information. Fortunately, our consultants were unable to retrieve Host Information Record (HINFO). These records provides the hardware and operating system that the organization is running, which allows an attacker to find vulnerabilities in the operating system. 3.2. Human Intelligence Results
ReconProject 6 The reconnaissance of the employees and job openings at Utica College presents some issues concerning the information available on the internet. One of the common issues found is the listing of skills for the job on employee and job posting profiles. For example, the director of infrastructure services job posting requires the applicant to have knowledge of Cisco switching and routing. Another job posting requires that the applicant have experience with bannerweb software. While this information might seem innocuous, listing specific companies or software gives an attacker knowledge of the hardware and software configurations that the company uses. Another issue found is copious employees provides personal skills that are not necessarily needed by the organization. For example, one employee has knowledge of programming languages, such as pearl, python and c++. The problem with listing these skills is that the attacker knows the experience of the employee, which allows the hacker to use advanced skills against the employee. Along with the skills, many of the help desk employees post the type of operating system that they maintain or work with. As explained in the first result section, this type of information can give insight into the systems that Utica College runs. The last problem is that many employees posts their emails on Linkedin, which can lead to phishing by unknown assailants. The next section will cover the results from the vulnerabilities assessment. 3.3. Vulnerabilities Assessment Results Most of vulnerabilities that exist in the applications do pose a serious threat to the college’s systems. For example, one vulnerability—CVE-2014-0026—allows attackers to perform a denial-of-service attack as well as the possibility of obtaining sensitive information against apache/2.4.9. If students were to take an online test using this application and a denial-of-service attack occurs on the application, the students will be unable to access the test. The college will have to spend time and money eradicating the vulnerability in the application. Another vulnerability found allows for unauthorized disclosure of information and unauthorized modification. Exploiting this vulnerability can mean serious repercussions for the school. Cybercriminals can steal social security, credit card and other pertinent information from the school’s database. The attacker can also modify school records—like grades and financial reports—to wreak more havoc on the school. Again, this can cause the school immense time and money in solving the problems.
ReconProject 7 The three phases can give an attacker all the ammunition that they need to execute a cyber- attack on the school. Knowing the IP address and mail exchange records helps to give an attacker a clearer idea of the location of the school’s servers and systems. Once the attacker obtains the IP address of the school, the assailant can decipher the experience and skill level of the employees. Then the attacker can exploit the various applications and software that Utica College uses. The final section will discuss recommendations on how to protect Utica College’s systems. 4. Recommendations The recommendations made in this section by our consulting group will help to make Utica College safe from cyber predators. These recommendations will help to educate both technical and non-technical employees on the best information security practices. The assets associated with Utica College are searchable with the open source tools. This means that anyone can use these tools to look up the schools IP addresses and DNS records. One recommendation to thwart outsiders is for Utica College to hire an outside consulting firm to perform penetration tests to find vulnerabilities in the schools systems. Utica College should update their software on a regular basis because these updates can fix previous bugs in the older version. In addition to software updates, the school should install security hardware like a firewall, which protects numerous systems within the organization from outside IP addresses. A big issue that our consultants found is the applications that had major vulnerability problems. The school needs to switch to applications that have a limited amount of serious vulnerabilities. Furthermore, the employees that run these applications need to be aware of the potential vulnerabilities that exist in these applications. One of the biggest problems concerning the human intelligence is posting the skills and applications that they use for their work. While Utica College cannot force the employees to take down this information, the college should urge employees to remove this information and explain that cyber criminals can exploit the schools systems with it. If these employees are hesitant about removing information, then suggest making their profile private to limit the amount of information on the profile. They should also be educated on Phishing techniques that these attackers use to take advantage of the employees. Furthermore, employees need to be educated on strong passwords versus weak passwords. If there is a technical job opening (i.e. System administrator), then the college should actively search for the candidate rather than post
ReconProject 8 the job on an employment website. While searching for a candidate can be time consuming, posting the job will provide a potential predator with ample information. Employees need to be mindful of the content that they post on social media. Anything posted on these websites can give cyber criminals advantage against the employee; cyber criminals can black mail them to access information from the employee. The recommendations presented in this section will only benefit the school. Implementing changes in the computer systems, employee training, and school policy will allow for a more secure network. While these recommendations are quite costly, the damage done by a cyber- attack will cost the school much more. Lessons learned: I felt that this project was both challenging and rewarding for the knowledge that I gained. One of the biggest roadblocks I came across was finding the application and version number for phase three. Whatweb.net provided the application used by the hostname, but did not provide a version number. Shodan.com was very helpful in finding the application as well as the version number, but the website set a limit on the amount of pages that I could look through for the applications. I found myself kind of lost at that point. Another roadblock for me was figuring out some of the terminology (i.e. text records, DNS, etc.). I am not the most technical person so I had to look up the terms to figure out the meaning. The easiest part of the project was the second phase. I am very active on social media as well as Linkedin. I was able to find many employees by searching through the Utica employees search on Linkedin and checked Facebook and Twitter to find out an employee’s interests. One thing I would like to be changed would be to add more resources to find the assets and vulnerabilities. At times, I felt some of the tools were not very helpful (i.e. builtwith.com and whatweb.net), but luckily most of the tools were very helpful. Overall, I really enjoyed the challenge of this project.
ReconProject 9

Recomendados

The Completion String & Accessories.pdf
The Completion String & Accessories.pdfThe Completion String & Accessories.pdf
The Completion String & Accessories.pdfAbdallahTayea99
 
Ccna1 chapitre 4
Ccna1 chapitre 4Ccna1 chapitre 4
Ccna1 chapitre 4Sabrine Chahbi
 
BOTTOM HOLE SURVEILLANCE UNIT
BOTTOM HOLE SURVEILLANCE UNITBOTTOM HOLE SURVEILLANCE UNIT
BOTTOM HOLE SURVEILLANCE UNITB. Budi Wicaksono
 
Seminar rohani diskusi alkitab apakah yahweh nama tuhan yang paling sahih
Seminar rohani diskusi alkitab apakah yahweh nama tuhan yang paling sahihSeminar rohani diskusi alkitab apakah yahweh nama tuhan yang paling sahih
Seminar rohani diskusi alkitab apakah yahweh nama tuhan yang paling sahihDavid Syahputra
 
Clinical Experience on treating infertility
Clinical Experience on treating infertilityClinical Experience on treating infertility
Clinical Experience on treating infertilityLIQIN ZHAO
 
How I Lead - Gov Exec
How I Lead - Gov ExecHow I Lead - Gov Exec
How I Lead - Gov ExecDavid Whitmer
 
Online marketing: Cost of Efficiency
Online marketing: Cost of Efficiency Online marketing: Cost of Efficiency
Online marketing: Cost of Efficiency 11ag42
 
Get started with dropbox
Get started with dropboxGet started with dropbox
Get started with dropboxandrei998877
 

Recomendados

The Completion String & Accessories.pdf
The Completion String & Accessories.pdfThe Completion String & Accessories.pdf
The Completion String & Accessories.pdfAbdallahTayea99
 
Ccna1 chapitre 4
Ccna1 chapitre 4Ccna1 chapitre 4
Ccna1 chapitre 4Sabrine Chahbi
 
BOTTOM HOLE SURVEILLANCE UNIT
BOTTOM HOLE SURVEILLANCE UNITBOTTOM HOLE SURVEILLANCE UNIT
BOTTOM HOLE SURVEILLANCE UNITB. Budi Wicaksono
 
Seminar rohani diskusi alkitab apakah yahweh nama tuhan yang paling sahih
Seminar rohani diskusi alkitab apakah yahweh nama tuhan yang paling sahihSeminar rohani diskusi alkitab apakah yahweh nama tuhan yang paling sahih
Seminar rohani diskusi alkitab apakah yahweh nama tuhan yang paling sahihDavid Syahputra
 
Clinical Experience on treating infertility
Clinical Experience on treating infertilityClinical Experience on treating infertility
Clinical Experience on treating infertilityLIQIN ZHAO
 
How I Lead - Gov Exec
How I Lead - Gov ExecHow I Lead - Gov Exec
How I Lead - Gov ExecDavid Whitmer
 
Online marketing: Cost of Efficiency
Online marketing: Cost of Efficiency Online marketing: Cost of Efficiency
Online marketing: Cost of Efficiency 11ag42
 
Get started with dropbox
Get started with dropboxGet started with dropbox
Get started with dropboxandrei998877
 
SEAT Dealer PR guide 2014-15
SEAT Dealer PR guide 2014-15SEAT Dealer PR guide 2014-15
SEAT Dealer PR guide 2014-15Jonny Sharp
 
Business proposal pp
Business proposal ppBusiness proposal pp
Business proposal pp004820526
 
NHS Warwickshire safer sex - approved - 191109
NHS Warwickshire safer sex - approved - 191109NHS Warwickshire safer sex - approved - 191109
NHS Warwickshire safer sex - approved - 191109Jonny Sharp
 
LMS_Content_Catalog_Small
LMS_Content_Catalog_SmallLMS_Content_Catalog_Small
LMS_Content_Catalog_SmallMichael Olson
 
Endomitriosis - ATCM Journal
Endomitriosis - ATCM JournalEndomitriosis - ATCM Journal
Endomitriosis - ATCM JournalLIQIN ZHAO
 
карина 13 гр
карина 13 гркарина 13 гр
карина 13 грKhasavyrt0005
 
บริการต่างๆบนอินเตอร์เน็ต
บริการต่างๆบนอินเตอร์เน็ตบริการต่างๆบนอินเตอร์เน็ต
บริการต่างๆบนอินเตอร์เน็ตkotchakornsun
 
Mc queen research / design development
Mc queen research / design development Mc queen research / design development
Mc queen research / design development Mathilde Jauny
 
meera resume(2)
meera resume(2)meera resume(2)
meera resume(2)Meera Arora
 
Astronomía
AstronomíaAstronomía
Astronomíapalaib
 
Treating Infertility with the Integration of Traditional Chinese Medicine and...
Treating Infertility with the Integration of Traditional Chinese Medicine and...Treating Infertility with the Integration of Traditional Chinese Medicine and...
Treating Infertility with the Integration of Traditional Chinese Medicine and...LIQIN ZHAO
 
slave-yellow_20180315
slave-yellow_20180315slave-yellow_20180315
slave-yellow_20180315Maarten Patteeuw
 
Get started with dropbox
Get started with dropboxGet started with dropbox
Get started with dropboxandrei998877
 
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...IRJET Journal
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
Information Security
Information SecurityInformation Security
Information SecurityMadushan Sandaruwan
 
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONPDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONIJNSA Journal
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...PROBOTEK
 
Phishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification AlgorithmsPhishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification AlgorithmsIRJET Journal
 
Detecting Phishing Websites Using Machine Learning
Detecting Phishing Websites Using Machine LearningDetecting Phishing Websites Using Machine Learning
Detecting Phishing Websites Using Machine LearningIRJET Journal
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)OllieShoresna
 

Mais conteúdo relacionado

Destaque

SEAT Dealer PR guide 2014-15
SEAT Dealer PR guide 2014-15SEAT Dealer PR guide 2014-15
SEAT Dealer PR guide 2014-15Jonny Sharp
 
Business proposal pp
Business proposal ppBusiness proposal pp
Business proposal pp004820526
 
NHS Warwickshire safer sex - approved - 191109
NHS Warwickshire safer sex - approved - 191109NHS Warwickshire safer sex - approved - 191109
NHS Warwickshire safer sex - approved - 191109Jonny Sharp
 
LMS_Content_Catalog_Small
LMS_Content_Catalog_SmallLMS_Content_Catalog_Small
LMS_Content_Catalog_SmallMichael Olson
 
Endomitriosis - ATCM Journal
Endomitriosis - ATCM JournalEndomitriosis - ATCM Journal
Endomitriosis - ATCM JournalLIQIN ZHAO
 
карина 13 гр
карина 13 гркарина 13 гр
карина 13 грKhasavyrt0005
 
บริการต่างๆบนอินเตอร์เน็ต
บริการต่างๆบนอินเตอร์เน็ตบริการต่างๆบนอินเตอร์เน็ต
บริการต่างๆบนอินเตอร์เน็ตkotchakornsun
 
Mc queen research / design development
Mc queen research / design development Mc queen research / design development
Mc queen research / design development Mathilde Jauny
 
Astronomía
AstronomíaAstronomía
Astronomíapalaib
 
Treating Infertility with the Integration of Traditional Chinese Medicine and...
Treating Infertility with the Integration of Traditional Chinese Medicine and...Treating Infertility with the Integration of Traditional Chinese Medicine and...
Treating Infertility with the Integration of Traditional Chinese Medicine and...LIQIN ZHAO
 
Get started with dropbox
Get started with dropboxGet started with dropbox
Get started with dropboxandrei998877
 

Destaque (13)

SEAT Dealer PR guide 2014-15
SEAT Dealer PR guide 2014-15SEAT Dealer PR guide 2014-15
SEAT Dealer PR guide 2014-15
 
Business proposal pp
Business proposal ppBusiness proposal pp
Business proposal pp
 
NHS Warwickshire safer sex - approved - 191109
NHS Warwickshire safer sex - approved - 191109NHS Warwickshire safer sex - approved - 191109
NHS Warwickshire safer sex - approved - 191109
 
LMS_Content_Catalog_Small
LMS_Content_Catalog_SmallLMS_Content_Catalog_Small
LMS_Content_Catalog_Small
 
Endomitriosis - ATCM Journal
Endomitriosis - ATCM JournalEndomitriosis - ATCM Journal
Endomitriosis - ATCM Journal
 
карина 13 гр
карина 13 гркарина 13 гр
карина 13 гр
 
บริการต่างๆบนอินเตอร์เน็ต
บริการต่างๆบนอินเตอร์เน็ตบริการต่างๆบนอินเตอร์เน็ต
บริการต่างๆบนอินเตอร์เน็ต
 
Mc queen research / design development
Mc queen research / design development Mc queen research / design development
Mc queen research / design development
 
meera resume(2)
meera resume(2)meera resume(2)
meera resume(2)
 
Astronomía
AstronomíaAstronomía
Astronomía
 
Treating Infertility with the Integration of Traditional Chinese Medicine and...
Treating Infertility with the Integration of Traditional Chinese Medicine and...Treating Infertility with the Integration of Traditional Chinese Medicine and...
Treating Infertility with the Integration of Traditional Chinese Medicine and...
 
slave-yellow_20180315
slave-yellow_20180315slave-yellow_20180315
slave-yellow_20180315
 
Get started with dropbox
Get started with dropboxGet started with dropbox
Get started with dropbox
 

Semelhante a Bortniker_S610_ReconProject

IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...IRJET Journal
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONPDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONIJNSA Journal
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...PROBOTEK
 
Phishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification AlgorithmsPhishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification AlgorithmsIRJET Journal
 
Detecting Phishing Websites Using Machine Learning
Detecting Phishing Websites Using Machine LearningDetecting Phishing Websites Using Machine Learning
Detecting Phishing Websites Using Machine LearningIRJET Journal
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)OllieShoresna
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docxjoyjonna282
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxmarilucorr
 
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLaticiaGrissomzz
 
unit 2 -program security.pdf
unit 2 -program security.pdfunit 2 -program security.pdf
unit 2 -program security.pdfKavithaK23
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3Education
 
IRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET Journal
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical HackingIRJET Journal
 

Semelhante a Bortniker_S610_ReconProject (20)

IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
IRJET - An Automated System for Detection of Social Engineering Phishing Atta...
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docx
 
Information Security
Information SecurityInformation Security
Information Security
 
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONPDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
 
Phishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification AlgorithmsPhishing Website Detection using Classification Algorithms
Phishing Website Detection using Classification Algorithms
 
Detecting Phishing Websites Using Machine Learning
Detecting Phishing Websites Using Machine LearningDetecting Phishing Websites Using Machine Learning
Detecting Phishing Websites Using Machine Learning
 
Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)Cyber Security DepartmentGraduation Project (407422)
Cyber Security DepartmentGraduation Project (407422)
 
Puna 2015
Puna 2015Puna 2015
Puna 2015
 
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
A4.1Proceedings of Student-Faculty Research Day, CSIS, Pa.docx
 
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docxUnit III AssessmentQuestion 1 1. Compare and contrast two.docx
Unit III AssessmentQuestion 1 1. Compare and contrast two.docx
 
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docxLab-4 Reconnaissance and Information Gathering  A hacker.docx
Lab-4 Reconnaissance and Information Gathering  A hacker.docx
 
unit 2 -program security.pdf
unit 2 -program security.pdfunit 2 -program security.pdf
unit 2 -program security.pdf
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational brief
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
 
IRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social Network
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of Lapto
 

Bortniker_S610_ReconProject

  • 1. RUNNINGHEADER: Recon Project 1 Reconnaissance Assessment of Utica College Justin Bortniker CYB-610 Performed by Bortniker Consultants Group
  • 2. ReconProject 2 Contents: 1. Executive Summary…………………………………………..3 2. Methods and Tactics………………………………………….3 2.1. Phase 1 Tactics…………………………………………..3 2.2. Phase 2 Tactics…………………………………………..4 2.3. Phase 3 Tactics…………………………………………..4 3. Results………………………………………………………..5 3.1. Asset Identification Results……………………………...5 3.2. Human Intelligence Results……………………………..6 3.2. Vulnerability Assessment Results……………………….6 4. Recommendations……………………………………………7 5. Appendix…………………………………………Excel attachment
  • 3. ReconProject 3 1. Executive Summary Businesses and organizations face the challenge of protecting their systems from cyber- attacks. While companies feel their computers are safe from attack, many of these organizations are unaware of the vulnerabilities in their systems. Utica college hired our company—Bortniker consultants—to perform a risk assessment of their organization. This report highlights the three phases of reconnaissance performed—asset identification, human intelligence and vulnerability assessment. The first phase, asset identification, lists the IP addresses and subsequent assets associated with those IP addresses. The second phase, human intelligence, displays all information on Utica College’s employees that attackers can use against the employee as well as the organization. Finally, the third phase, vulnerability assessment, lists all the vulnerabilities associated with Utica’s public facing services. The amount of information available to cybercriminals on the internet allows for potential attacks against Utica College. This report displays the results, methods employed and recommendations to mitigate the risk of attack. 2. Methods and Tactics The tools that the Bortniker Consultant group employs for reconnaissance are open source websites. These tools help to identify problems with the current security parameters and policy set in place by the college. Each phase requires specific resources to gather adequate intelligence on the target organization. 2.1. Phase 1 tactics In the first phase, the tools are centralops.net, robtex.com and pentest-tools.com. These three websites help to identify the IP range and any asset associated with that range. For example,
  • 4. ReconProject 4 centralops.net and robtex.com display the DNS records (IP addresses, Start of authority, mail exchange, nameserver, address, text, and pointer for inverse lookup records), subnet range, location, and phone number. By entering Utica’s domain name (ex. Utica.edu), the public facing information is displayed for anyone to see. While pentest-tools.com performs the same duties, this website presents all of the subdomains linked to the college. When on the pentest-tools webpage, there is a link on the left for finding subdomains. Enter Utica.edu for the list of subdomains. The next phase performs human intelligence on the employees. 2.2. Phase 2 Tactics The second phase of the reconnaissance relies heavily on social media and employment websites. The purpose of this phase is to gain insight into the employees and job opportunities of the organization. Many employment sites—Linkedin, Indeed, and Monster—gives copious information about an employee or job opportunity. By simply entering a Utica College into one of these sites, the search provides a list of employees and job positions. After searching the employees or job openings, the next step is to turn to social media, which includes Facebook, Twitter, and Instagram. Enter the employee’s name into one of these websites to find personal information. Although not every employee is a member of these websites, there are enough employees for a potential attacker to gather enough information to use it against the organization. While the second phase relies on human intelligence tools, the third phase requires the use of tools that will find vulnerabilities linked to the public facing services. 2.3. Phase 3 Tactics The vulnerability assessment phase requires the use of websites to find the server application and version, as well as the vulnerabilities associated with the applications. The tools to distinguish the applications are builtwith.com, whatweb.net, and shodan.com. By entering the domain name of the target organization into the search bar, the list of applications, appear. Shodan.com, though, is slightly different in regards to performing the search; the user can enter the domain name, IP address or range, and the city of origin. The next step for this phase is to discover the vulnerabilities in the applications by using cvedetails.com and cve.mitre.org. For finding the vulnerabilities, enter the name of the application into cvedetails.com and then look for the version to find the vulnerabilities. The vulnerabilities are listed by a scoring system that
  • 5. ReconProject 5 recognizes the most recent and serious vulnerabilities. The next section of the report describes the findings of the reconnaissance. 3. Results The results of the surveillance reveals the information that cybercriminals can use to exploit Utica College’s systems. Each phase exposes both the flaws and strengths of the security parameters that Utica has in place. This section describes the data and the correlation of the data between the three phases. 3.1. Asset Identification Results In the asset identification phase, the surveillance uncovers many of assets associated with the IP range of Utica College. The domain names associated with Utica College are Utica.edu, ecii.edu, and cimip.org. All of these domains have the same IP address, which is 72.237.4.113. Knowing the IP addresses of the domain name allows the attacker to gain access to the DNS (Domain Name System) records of the domains. Within the DNS records, our consultants found the address record, nameserver record, mail exchange record, text record, pointer for inverse lookups record, and start of authority records for all of the domains. These records give an attacker vital information regarding the organization. An attacker can use the IP address and DNS records to find the location of the domain name. The root email in the start of authority record allows cyber criminals to know the system administrator’s email, which leaves the email susceptible to attack. The mail exchange record gives an attacker information regarding the email provider that the college uses. Furthermore, knowing the email service can provide information, such as authentication questions and passwords to use against Utica College. The phone number of the college is available as well. The college needs to be aware of imposters trying to phish for information. Fortunately, our consultants were unable to retrieve Host Information Record (HINFO). These records provides the hardware and operating system that the organization is running, which allows an attacker to find vulnerabilities in the operating system. 3.2. Human Intelligence Results
  • 6. ReconProject 6 The reconnaissance of the employees and job openings at Utica College presents some issues concerning the information available on the internet. One of the common issues found is the listing of skills for the job on employee and job posting profiles. For example, the director of infrastructure services job posting requires the applicant to have knowledge of Cisco switching and routing. Another job posting requires that the applicant have experience with bannerweb software. While this information might seem innocuous, listing specific companies or software gives an attacker knowledge of the hardware and software configurations that the company uses. Another issue found is copious employees provides personal skills that are not necessarily needed by the organization. For example, one employee has knowledge of programming languages, such as pearl, python and c++. The problem with listing these skills is that the attacker knows the experience of the employee, which allows the hacker to use advanced skills against the employee. Along with the skills, many of the help desk employees post the type of operating system that they maintain or work with. As explained in the first result section, this type of information can give insight into the systems that Utica College runs. The last problem is that many employees posts their emails on Linkedin, which can lead to phishing by unknown assailants. The next section will cover the results from the vulnerabilities assessment. 3.3. Vulnerabilities Assessment Results Most of vulnerabilities that exist in the applications do pose a serious threat to the college’s systems. For example, one vulnerability—CVE-2014-0026—allows attackers to perform a denial-of-service attack as well as the possibility of obtaining sensitive information against apache/2.4.9. If students were to take an online test using this application and a denial-of-service attack occurs on the application, the students will be unable to access the test. The college will have to spend time and money eradicating the vulnerability in the application. Another vulnerability found allows for unauthorized disclosure of information and unauthorized modification. Exploiting this vulnerability can mean serious repercussions for the school. Cybercriminals can steal social security, credit card and other pertinent information from the school’s database. The attacker can also modify school records—like grades and financial reports—to wreak more havoc on the school. Again, this can cause the school immense time and money in solving the problems.
  • 7. ReconProject 7 The three phases can give an attacker all the ammunition that they need to execute a cyber- attack on the school. Knowing the IP address and mail exchange records helps to give an attacker a clearer idea of the location of the school’s servers and systems. Once the attacker obtains the IP address of the school, the assailant can decipher the experience and skill level of the employees. Then the attacker can exploit the various applications and software that Utica College uses. The final section will discuss recommendations on how to protect Utica College’s systems. 4. Recommendations The recommendations made in this section by our consulting group will help to make Utica College safe from cyber predators. These recommendations will help to educate both technical and non-technical employees on the best information security practices. The assets associated with Utica College are searchable with the open source tools. This means that anyone can use these tools to look up the schools IP addresses and DNS records. One recommendation to thwart outsiders is for Utica College to hire an outside consulting firm to perform penetration tests to find vulnerabilities in the schools systems. Utica College should update their software on a regular basis because these updates can fix previous bugs in the older version. In addition to software updates, the school should install security hardware like a firewall, which protects numerous systems within the organization from outside IP addresses. A big issue that our consultants found is the applications that had major vulnerability problems. The school needs to switch to applications that have a limited amount of serious vulnerabilities. Furthermore, the employees that run these applications need to be aware of the potential vulnerabilities that exist in these applications. One of the biggest problems concerning the human intelligence is posting the skills and applications that they use for their work. While Utica College cannot force the employees to take down this information, the college should urge employees to remove this information and explain that cyber criminals can exploit the schools systems with it. If these employees are hesitant about removing information, then suggest making their profile private to limit the amount of information on the profile. They should also be educated on Phishing techniques that these attackers use to take advantage of the employees. Furthermore, employees need to be educated on strong passwords versus weak passwords. If there is a technical job opening (i.e. System administrator), then the college should actively search for the candidate rather than post
  • 8. ReconProject 8 the job on an employment website. While searching for a candidate can be time consuming, posting the job will provide a potential predator with ample information. Employees need to be mindful of the content that they post on social media. Anything posted on these websites can give cyber criminals advantage against the employee; cyber criminals can black mail them to access information from the employee. The recommendations presented in this section will only benefit the school. Implementing changes in the computer systems, employee training, and school policy will allow for a more secure network. While these recommendations are quite costly, the damage done by a cyber- attack will cost the school much more. Lessons learned: I felt that this project was both challenging and rewarding for the knowledge that I gained. One of the biggest roadblocks I came across was finding the application and version number for phase three. Whatweb.net provided the application used by the hostname, but did not provide a version number. Shodan.com was very helpful in finding the application as well as the version number, but the website set a limit on the amount of pages that I could look through for the applications. I found myself kind of lost at that point. Another roadblock for me was figuring out some of the terminology (i.e. text records, DNS, etc.). I am not the most technical person so I had to look up the terms to figure out the meaning. The easiest part of the project was the second phase. I am very active on social media as well as Linkedin. I was able to find many employees by searching through the Utica employees search on Linkedin and checked Facebook and Twitter to find out an employee’s interests. One thing I would like to be changed would be to add more resources to find the assets and vulnerabilities. At times, I felt some of the tools were not very helpful (i.e. builtwith.com and whatweb.net), but luckily most of the tools were very helpful. Overall, I really enjoyed the challenge of this project.