Identify issues affecting Wi-Fi security and compare with what you can observe from the NMIT Wi-Fi network that is publicly available or where you have access to connect.

The NMIT provide their current students with access to their wi-fi connection so that they can have access to the Moodle website that holds all the online resources for each subject.

The library has a large number of computers that students can use to access Moodle if they do not have a digital device of their own such as a laptop.

However, to gain access to the library all that a person needs to do is walk in. as long as they look like a student they will not be stopped at the door.

Once a person has access to the computer room all they need to do is wait for a person to leave one of the computer’s unattended while being sighed in. This will allow the attacker to gain access to the network through someone else account information that could be recorded for later use on a device off site.

Based on the Documentation if a school is going to have devices publicly accessible the best step is to ensure that it uses User Authentication rather that device Authentication. This will ensure that only registered current students have access to tho wi-fi through those devices. However, to secure the Access points even further locking the computers behind a locked door accessed only by current student cards will record and restrict who has access to the computers.

1. Investigate and discuss the configuration required on a firewall for a web server providing
   1. HTTP

HTTP is a web standard to secure an encrypted link between a web server and a web client. In order to allow this connection to work correctly over a network the firewall needs to be configured to open port 80.

HTTPS

Runs on port 443 and secures sensitive information such as passwords over the network by making them hard to decrypt. You will need to make sure that the inbound rules in your firewall are set to allow port 443.

1. FTP over TLS/SSL 

Secure File transfer protocols (FTP) are send on the same port as non secure communications. There are two types of FTPS that we can have a closer look at

Explicit FTPS:

By default port 21 is used for the control channel between both the server and client. when the client connects to the server through the control channel. it will then negotiate over the SSL and TLS in order to gain access to the control or data channel.

Implicit FTPS:

this is regarded as an older form of transfer over SSL. In Implicit a SSL handshake needs to take place before communication can occur. Implicit transfer works on port 990.

1. SMTP for sending emails from the websites
   1. Remote Administration

SMTP stand for simple mail transfer protocol which is used by a websites email service to make it easier for them to send emails more reliability so that it does not get blocked or send to the spam folder for the recipient.

The administrator will need to specify which domain name is allowed through the firewalls so that the emails do not get blocked.

1. Investigate and discuss the configuration required on a firewall for a database server providing
   1. MariaDB 

Was created by the same developers of MySQL and is a popular database server that can be used to backup information from websites

In order to ensure that your firewalls are not blocking MariaDB from doing its job you will need to make sure that inbound rules on the server side allow port 3306 access.

1. Remote Administration

In order to allow access remotely to the Database server an inbound firewall rule need to allow port 1433

1. Investigate and discuss the use and function of the NAT Firewall in a security context

Network Address Translation allows devices on a network to access the internet via a shared gateway. Thanks to the NAT all devices traveling through the gateway will have the same local ip address. In regards to NAT firewalls it offers a front line defense against exposure to the internet. If any packets or connection requests come from the internet side without any approval from any device on the local network the NAT firewall discards the packets.

2.Investigate and discuss at least two uses of OpenSSH on either Windows or Linux

A)Open source of Secure shell that allows cross platform management of remote systems. On Windows OpenSSH allows for a secure approach to systems administration.

It offers a set to tools that can be used to Authenticate windows users across domains

B)sftp.exe is the service that provides the Secure File Transfer Protocol, and runs over SSH to help secure file transfer.

1. AD Certificate Services and CA Web Enrollment

Active directory service enables both users and computers to perform certificate enrollment through the HTTPS protocol. This accepts certificate requests and issue certificates as needed. This helps users that are not part of a domain to receive certificates.

1. Key Archival and Key Recovery Agent 

Is the process of saving a copy of the key to a central location for the purpose of recovery if the key is deleted or lost.

The reason for key archives is to safeguard any data loss that may occur if a user is deleted from the system and the private key is lost.

In order to backup and recover a key the user will need to run the certificates snapin fuction and export the key.

Investigate and discuss two uses of PKI in an organisation such as NMIT

As NMIt relies on Moodle for the distribution of course content for both student and lectures that access the website from their own devices both mobile and laptops NMIT will rely heavily on PKI to safeguard the content of their website and ensure that all who are connecting to the site are connected to the legitimate NMIT Moodle site via the 3 way hand shack.

As NMIT handles a large amount of their business over the web through their Moodle they rely on the PKI and CA to protect the sensitive data being exchanged over the web. NMIT has a large amount of international students that will be communicating mainly through Moodle.

1. Discuss how to use Cain & Abel to initiate a brute force attack.

from within the Cain and Abel Window select the user you wish to attack and right click and select Brute force attack. then make sure to select NTLM hashes. You will need to select the password length. You will need to decide if you are going to use the Custom or predefined tabs.

Finally click start and wait for the result.

What does NTLM hashes mean:

NT Lan Management which is a Windows Authentication protocol(Sanders, 2010)

1. Discuss the problems with using the brute force attack and compare and contrast with another password attack.

Based on the experience from the Cain and abel lab brute force attacks can take a long period to complete (days and months or even years). With the option of manipulating the password length you can extend the time taken to complete the task.

What is a Rainbow table?

Rainbow tables is a collection of passwords that have been encrypted by getting converted in a hash- which is a selection of random letters and numbers. Once a password has been hashed it cannot be converted back into plain text.

They way in which a Rainbow attack works is by preforming a cryptanalysis extremely fast. In order to try and avoid a Rainbow table attack you can add “salt”technique which is random data passed into the hash. By adding a random data both the plain text and the hash will ensure that each hash is unique making it impossible to use a predetermined Rainbow table.

Compared to a brute force attack that tries to guess each character from words in a dictionary a Rainbow table attack.(geeksforgeeks, 2018)

Bibliography

geeksforgeeks. (2018, June 10). Understanding Rainbow Table Attack. Retrieved from geeksforgeeks: https://www.geeksforgeeks.org/understanding-rainbow-table-attack/

Sanders, C. (2010, January 20). Retrieved from techgenix: http://techgenix.com/how-cracked-windows-password-part1/

MD5 hashing a method of encryption that takes a string of characters regardless of length and produces a 128bit fingerprint. MD5 hashing is commonly used in databases such as Mysql to store sensitive data. However, MD5 hashing is not trusted now days there is techniques to identify the hash. For example software known as Rainbow tables have been proven to decrypt the hash.(Rouse, n.d.)

The important thing to note is that MD5 hashing is not encryption as the results are permanent. Once a string of text has been converted into a hash it cannot be un-hashed back to its original state. For that reason alone hashing is not considered encryption.

Known attacks on relating to MD5

Back in 2016 a Video streaming service company in China known as YouKu was attacked and had 92 Million users personal information exposed along with each ones MD5 hashes.(Mooney, 2020)

Bibliography

Mooney, G. (2020, June 24). What is MD5? Retrieved from ipswitch: https://blog.ipswitch.com/what-is-md5

Rouse, M. (n.d.). MD5 . Retrieved from techtarge: https://searchsecurity.techtarget.com/definition/MD5

1. Investigate and discuss one of the more severe vulnerabilities found as a result of the OpenVAS scan. Depending on the vulnerability the Common Vulnerabilities and Exposures (CVE) database may be of use.

Before the Windows update the LDAP was potentially leaking data placing the server and site names at risk. So what is LDAP?

Lightweight Directory Access Protocol(LDAP) which is used to access directory services. If an attacker were to get hold of the information stored by the LDAP they could potentially pose as an employee and trick real staff into providing sensitive information or services to the attacker thinking that they are helping a fellow staff member. This kind of use of insider information falls under Social Engineering techniques.

2.Investigate and discuss vulnerability assessment of services on Cloud Infrastructure such as Amazon Web Services.

Intruder is a vulnerability scanner that has been designed to work with the three major cloud based provides such as AWS,GCP and Azure.

The benefit of using Intruder is that it also can scan physical networks aswell cloud based services. The difficulty with cloud based services is tracking what assets you have, what is being used and what assets are not currently being used. This problem makes it difficult for cloud services to keep track of activities. You cant monitor activity if you do not know that it is there.

Intruder has a builtin Cloudbot that is used to provide hourly checks for any new IP addresses and hostnames accessing your network