Java application

/in /by

Overview

Nearly every Java application involves multiple classes. For this assignment, you will work on a Dog application composed of three classes. The Dog and Corgi classes have been started for you; you will complete these classes and create the Driver class from scratch. The application will be used to collect and print details about specific dogs. As you can see from the UML class diagram on this page, the Corgi class (child/subclass) inherits from the Dog class (parent/superclass). In the Corgi class file definition, the “extends” keyword is used to establish that it inherits from the Dog class.

Prompt

For this assignment, you will complete the Dog application by completing the Dog and Corgi classes and creating the Driver class. Use the Uploading Files to Eclipse and the Downloading Files From Eclipse tutorials to help you with this project.

  1. Open the Virtual Lab by clicking on the link in the Virtual Lab Access module. Then open your IDE and upload the DogApp.zip folder containing the Dog and Corgi class files. You will be creating a Driver class in the same project folder. When you upload the files, you will see errors due to the classes being incomplete. As you complete each class, any errors should resolve.

  1. Complete the Dog class:
    1. Using the UML Class diagram to the right, declare the class variables. A text version is available: UML Class Diagram Text Version.
    2. Create a constructor that incorporates the type, breed, and name variables (do not include topTrick).
      Note: The type refers to what the breed typically does; for example, a corgi would be a “cattle herding dog.” A Shiba Inu would be a “hunting dog.”
    3. Create the setTopTrick() mutator method.
  2. Complete the Corgi class:
    1. Using the UML Class diagram, declare the class variables.
    2. Create the two mutator methods for the class variables.
  3. Make sure to select the Project folder, then add a new class. Name it the Driver class, then create the code:
    1. There should be no class variables.
    2. The main() method will be the only method in the class.
    3. Write three lines of code in the main() method:
      1. Instantiate a corgi object using the below syntax:
        className objectName = new className(input parameters)TIP: Refer to the constructors in the Dog and Corgi classes to ensure the input parameters are correct.
      2. Use the objectName.setTopTrick() method to set a top trick for the dog you created.
      3. Embed the objectName.toString() method in a statement that outputs to the console window.
  4. Once you have completed the code for the Dog and Corgi classes and created a Driver class, right-click the Project folder and select Run As, then Java Application. You should see output in the Console window that resembles the sample below. Your results will vary based on your input values.

Sample Output

DOG DATA
Java is a Pembroke Welsh Corgi, a cattle herding dog.
The top trick is: ringing the bell to go outside.

Module Four Assignment Guidelines and Rubric.html

Overview

Nearly every Java application involves multiple classes. For this assignment, you will work on a Dog application composed of three classes. The Dog and Corgi classes have been started for you; you will complete these classes and create the Driver class from scratch. The application will be used to collect and print details about specific dogs. As you can see from the UML class diagram on this page, the Corgi class (child/subclass) inherits from the Dog class (parent/superclass). In the Corgi class file definition, the “extends” keyword is used to establish that it inherits from the Dog class.

Prompt

For this assignment, you will complete the Dog application by completing the Dog and Corgi classes and creating the Driver class. Use the Uploading Files to Eclipse and the Downloading Files From Eclipse tutorials to help you with this project.

  1. Open the Virtual Lab by clicking on the link in the Virtual Lab Access module. Then open your IDE and upload the DogApp.zip folder containing the Dog and Corgi class files. You will be creating a Driver class in the same project folder. When you upload the files, you will see errors due to the classes being incomplete. As you complete each class, any errors should resolve.

  1. Complete the Dog class:
    1. Using the UML Class diagram to the right, declare the class variables. A text version is available: UML Class Diagram Text Version.
    2. Create a constructor that incorporates the type, breed, and name variables (do not include topTrick). Note: The type refers to what the breed typically does; for example, a corgi would be a “cattle herding dog.” A Shiba Inu would be a “hunting dog.”
    3. Create the setTopTrick() mutator method.
  1. Complete the Corgi class:
    1. Using the UML Class diagram, declare the class variables.
    2. Create the two mutator methods for the class variables.
  1. Make sure to select the Project folder, then add a new class. Name it the Driver class, then create the code:
    1. There should be no class variables.
    2. The main() method will be the only method in the class.
    3. Write three lines of code in the main() method:
      1. Instantiate a corgi object using the below syntax:
        className objectName = new className(input parameters)

        TIP: Refer to the constructors in the Dog and Corgi classes to ensure the input parameters are correct.

      2. Use the objectName.setTopTrick() method to set a top trick for the dog you created.
      3. Embed the objectName.toString() method in a statement that outputs to the console window.
  1. Once you have completed the code for the Dog and Corgi classes and created a Driver class, right-click the Project folder and select Run As, then Java Application. You should see output in the Console window that resembles the sample below. Your results will vary based on your input values.

Sample Output

DOG DATA Java is a Pembroke Welsh Corgi, a cattle herding dog. The top trick is: ringing the bell to go outside. The Corgi is 5 years old and weighs 38 pounds.

Guidelines for Submission

Attach your completed Dog.java, Corgi.java, and Driver.java files to the assignment submission page.

Module Four Assignment Rubric

Criteria Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value
Dog Class Modifies a class so that it includes all class variables, a constructor method incorporating the prescribed variables, and a mutator method Meets most “Proficient” criteria, but with minor errors; areas for improvement may include appropriate data structures or naming conventions Meets some “Proficient” criteria, but with major errors or exclusions; areas for improvement may include functionality, syntax, or logic Does not attempt criterion 35
Corgi Class Modifies a class so that it includes all class variables and mutator methods for all class variables Meets most “Proficient” criteria, but with minor errors; areas for improvement may include appropriate data structures or naming conventions Meets some “Proficient” criteria, but with major errors or exclusions; areas for improvement may include functionality, syntax, or logic Does not attempt criterion 25
Driver Class Creates a class that includes a main() method, instantiates an object, calls a method from another class, and prints output Meets most “Proficient” criteria, but with minor errors; areas for improvement may include syntax error, improper constructor, or outputting the wrong data Meets some “Proficient” criteria, but with major errors or exclusions; areas for improvement may include functionality, syntax, or logic Does not attempt criterion 40
Total: 100%

course_documents/Uploading Files to Eclipse Tutorial.pdf

 

 

Uploading Files to Eclipse This tutorial will guide you through the process of uploading a project into Eclipse via the STEM Lab.

1. Open the STEM Lab and select the Launch button for the Java Programming app. The virtual environment can take a couple of minutes to load.

 

2. Once the STEM Lab opens, be sure your browser window is in full-screen mode. Select the

upload icon on the STEM Lab tool bar.

 

3. In the File upload window, select a destination folder by clicking the Upload button. This is where the file will appear when you upload it. For this example, we will select Desktop.

 

4. Next, you are provided with a File Upload dialog box. Navigate to and select the file you want to

upload. Then, click the Open button. In this example, we’ve selected the studentproject.zip file.

 

 

 

 

 

5. Once the file uploads, it will be listed in the File Upload window and in the destination folder you selected. In this example, the studentproject.zip file appears in the File upload window, and the destination folder is the Desktop.

 

 

6. Close the File upload dialog window.

 

 

 

7. Locate the studentproject.zip folder. In this case, it is saved on the Desktop. Right-click on the folder and select Extract All…

 

 

8. This will bring up a dialog box asking you to select a destination for your extracted files. In this example, the default location is the Desktop. Click Extract, which will create an unzipped folder in the destination you have selected.

 

 

 

 

 

9. Next, open Eclipse by double-clicking the Eclipse icon located on the Desktop.

 

10. Select the Launch button in the Eclipse Launcher window to open Eclipse.

 

11. From the File menu, select Open Projects from File System. This will open up a dialog window.

 

 

 

 

12. You will use the Import dialog window to navigate to the project you uploaded. Next to the Import Source text box, click the Directory… button to browse for your project folder.

 

 

13. In the dialog box, navigate to the destination folder where you uploaded your project. In this example, the destination folder is the Desktop. Select your project folder and click the OK button.

 

 

 

 

 

14. After selecting the file to import, you should see the folder’s address in the Import Source textbox. Select the Finish button in the Import dialog window.

 

 

 

 

15. To access the project files, navigate to the Package Explorer workspace. You can view and open your project files in this workspace.

a) In the Package Explorer workspace, click on the arrow next to the project folder to view the

files. In this example, the folder is called studentproject. b) To open your files in the Package Explorer workspace and begin working, double-click on

each class file. Each file will have its own tab, so you can easily switch back and forth between them. Your project is now in Eclipse and ready for you to use!

 

 

 

course_documents/DogApp.zip

Dog.java

Dog.java

public   class   Dog   {

// class variables

// constructor

// methods

// method used to print Dog information
public   String  toString ()   {
String  temp  =   "\nDOG DATA\n"   +  name  +   " is a "   +  breed  +
", a "   +  type  +   " dog. \nThe top trick is : "   +
topTrick  +   "." ;
return  temp ;
}

}

Corgi.java

Corgi.java

public   class   Corgi   extends   Dog   {

// additional class variables

// constructor
public   Corgi ( String  type ,   String  breed ,   String  name ,   int  pounds ,   int  years )   {

// invoke Dog class (super class) constructor
super ( type ,  breed ,  name );
weight  =  pounds ;
age  =  years ;
}

// mutator methods

// override toString() method to include additional dog information
@ Override
public   String  toString ()   {
return   ( super . toString ()   +   "\nThe Corgi is "   +  age  +
" years old and weighs "   +  weight  +   " pounds." );
}

}

course_documents/Module Four UML Class Diagram.png

course_documents/IT 145 Module Four UML Class Diagram Text Version.docx

Dog
type: string breed: string name: string

topTrick: string
setTopTrick(trick:string) toString()

 

 

Corgi
weight:int age:int
setWeight(pounds:int) setAge(years:int) toString()

 

 

Arrow pointing from table labeled Corgi to table labeled Dog

Cyber Security

/in /by

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Blind Folio 1

Networking Basics: How Do Networks Work?

Know thyself.

—Oracle at Delphi

Securing a network can be a tricky business, and there are many issues to consider. We must be aware of the vulnerabilities that exist and their corresponding threats and then estimate the probability of the threat acting upon the vulnerability. Measures are implemented to mitigate, avoid, or transfer risk. However, regardless of the effort to minimize risk, there is always the possibility of harm to our information, so we must develop plans for dealing with a possible compromise of our network. Yet before we can really protect our network from attackers, we must first know our network and, ideally, know it better than they do. Hence, we need to learn about what the network does and how it does it so we can develop an understanding of our network’s abilities and limitations. Only then can we truly see our network’s vulnerabilities and do what is necessary to guard them. We cannot secure our network if we do not know how it works.

Part I will demonstrate how devices communicate on a local area connection and cover IP addressing, routing, the three-way handshake, and some of the basic network applications. It will

PART I

01-ch01.indd 1 24/07/14 5:00 PM

 

 

2

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 /

Part I: Networking Basics: How Do Networks Work?

also introduce tools that will be used throughout the remainder of the book, such as ping, arp, nslookup, and Wireshark.

This part is divided into three chapters that will discuss the different aspects of the TCP/IP protocol stack. Chapter 1 will cover exercises relating to the network access and Internet layer, Chapter 2 will deal with the transport layer, and Chapter 3 will discuss the application layer. As you go through the labs in this part, you should be constantly asking yourself one question: How is this network vulnerable to attack, and how can it be exploited? It might seem strange to think about how something can be broken when you are learning about how it works, but this is a good opportunity for you to start thinking the way an attacker thinks.

This part will also prepare you for the labs that are to come in Part II.

01-ch01.indd 2 24/07/14 5:00 PM

 

 

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1 Blind Folio 3

Workstation Network Configuration and Connectivity

Labs

Lab 1.1w Windows Client Configuration

Lab 1.1l Linux Client Configuration

Lab 1.1 Analysis Questions

Lab 1.1 Key Terms Quiz

Lab 1.2w Name Resolution in Windows

Lab 1.2 Analysis Questions

Lab 1.2 Key Terms Quiz

Lab 1.3w Windows IPv6 Basics (netsh/ping6)

Lab 1.3 Analysis Questions

Lab 1.3 Key Terms Quiz

Chapter 1

01-ch01.indd 3 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity4

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

This chapter contains lab exercises designed to illustrate the various commands and methods used to establish workstation connectivity in a network based on Transmission Control Protocol/Internet Protocol (TCP/IP). The chapter covers the basics necessary to achieve and monitor connectivity in a networking environment, using both Windows PCs and Linux-based PCs. In this chapter, you will be introduced to some basic commands and tools that will enable you to manipulate and monitor the network settings on a workstation. This is necessary as a first step toward learning how to secure connections.

The chapter consists of basic lab exercises that are designed to provide a foundation in network connectivity and tools. In later chapters of this book, you will use the skills from these lab exercises to perform functions that are necessary to secure a network from attack and investigate current conditions. Built upon the premise that one learns to crawl before walking and to walk before running, this chapter represents the crawling stage. Although basic in nature, this chapter is important because it provides the skills needed to “walk” and “run” in later stages of development.

Depending on your lab setup and other factors, you won’t necessarily be performing all the lab exercises presented in this book. Therefore, to help you identify which lab exercises are relevant for you, each lab exercise number is appended with a letter: “w” labs are built using the Windows environment; “l” labs are built using the Linux environment; “m” labs are built using a combination of Windows and Linux; and “i” labs require an Internet connection.

Lab 1.1: Network Workstation Client Configuration For two computers to communicate in a TCP/IPv4 network (IPv6 is discussed later, in Lab 1.3), both computers must have a unique Internet Protocol (IP) address. An IP address has four octets. The IP address is divided into a network address and a host address. The subnet mask identifies which

01-ch01.indd 4 24/07/14 5:00 PM

 

Mohammed Khalid

 

Lab 1.1: Network Workstation Client Configuration 5

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

portion of the IP address is the network address and which portion is the host address. On a local area network (LAN), each computer must have the same network address and a different host address. To communicate outside the LAN, using different network IP addresses, a default gateway is required. To connect to a TCP/IP network, normally four items are configured: the IP address (this is both the network portion and the host portion), the subnet mask, the IP address for a Domain Name System (DNS) server, and the IP address for the gateway machine. To communicate within a LAN only, you need the IP address and subnet mask. To communicate with other networks, you need the default gateway. If you want to be able to connect to different sites and networks using their domain names, then you need to have the address of a DNS server as well.

When communicating between machines on different networks, packets are sent via the default gateway on the way into and out of the LAN. The routing is done using (Layer 3) IP addresses. If the computer is on the same network, then the IP address gets resolved to a (Layer 2) Media Access Control (MAC) address to communicate with the computer. MAC addresses are hard-coded onto the Ethernet card by the company that made the card.

The ability to retrieve and change your IP configuration is an important skill. In this lab, you will use the ipconfig command in Windows and the ifconfig command in Linux to view the configuration information. You will then use the Local Area Connection Properties window to change the IP address in Windows and use ifconfig to change the IP address in Linux.

Computers use both MAC and IP addresses to communicate with one another across networks. In this lab, two computers will “talk” to each other via ping messages. You will then modify the Address Resolution Protocol (ARP) table of one computer to demonstrate the relationship between the IP and MAC addresses for a machine.

The ping (Packet Internet Groper) program is a basic utility that is used for testing the connectivity between two computers. This message name was derived from the sound that sonar on a submarine makes and is used in a similar way. A “signal” or request is sent out to probe for the existence of the target along a fixed “distance.” The distance between two computers can be measured using time to live (TTL). The TTL is decremented by at least one for router it passes through, also known as a hand-off point (HOP). It may be decremented by more than one if the router holds on to it for more than one second, which is rarely the case. Ping operates using Internet Control Message Protocol (ICMP) to test for connectivity; so, in cases where ICMP is restricted, the ping utility may not be useful. Ping is usually implemented using ICMP echo messages, although other alternatives exist.

When you use the ping command in this lab, you will see that although you are using the IP address as the target of the ping, it is actually the MAC address that is used to communicate with that computer. IP addresses are used to transfer data from one network to another, whereas MAC addresses are used to send information from one device to another on the same network. It is ARP that resolves IP addresses to their associated MAC addresses. ARP is a Transmission Control Protocol/Internet Protocol (TCP/IP) tool that is used to modify the ARP cache. The ARP cache contains recently resolved MAC addresses of IP hosts on the network. The utility used to view and modify the ARP protocol is also called arp.

01-ch01.indd 5 24/07/14 5:00 PM

 

Mohammed Khalid
Mohammed Khalid
Mohammed Khalid

 

Chapter 1: Workstation Network Configuration and Connectivity6

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

As you progress through the labs, you will see how a computer obtains both MAC addresses and IP addresses in order to communicate. This is the question you should be considering: How does the computer know that the information it is getting is correct?

Learning Objectives After completing this lab, you will be able to

Retrieve IP address configuration information via the command line

List the switches that can be added to the ipconfig (Windows) or ifconfig (Linux) command to increase its functionality

Use the Windows graphical user interface (GUI) to configure a network card to use a given IP address

Determine your machine’s MAC address

Determine your machine’s assigned network resources, including its DNS address and gateway address

Use the ifconfig (Linux) command to configure a network card with a given IP address

Understand how to test network connectivity between two computers

List the options that can be added to the ping command to increase its functionality

Use the arp command to view and manage the ARP cache on a computer

10 MINUTES

Lab 1.1w: Windows Client Configuration

Materials and Setup You will need the following:

Windows 7

Windows 2008 Server

Lab Steps at a Glance

Start the Windows 2008 Server and Windows 7 PCs. Log on only to the Windows 7 machine.

View the network card configuration using the ipconfig command.

Change the IP address of the Windows 7 machine.

01-ch01.indd 6 24/07/14 5:00 PM

 

 

Lab 1.1w: Windows Client Configuration 7

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

Verify the new IP address. Use the ipconfig command to verify that the IP address has changed.

Change the IP address of the Windows 7 machine back to the original address.

Ping the Windows 2008 Server machine from the Windows 7 PC.

View and modify the ARP table.

Log off from the Windows 7 PC.

Lab Steps

To log on to the Windows 7 PC, follow these steps:

1. At the Login screen, click the Admin icon.

2. In the password text box, type the password and press ENTER.

On the Windows 7 PC, you will view the network card configuration using ipconfig. This utility allows administrators to view and modify network card settings.

1. To open the command prompt, click Start; in the Search Programs And Files box, type and then press ENTER.

2. At the command prompt, type and press ENTER.

a. Observe the options available for ipconfig. You may have to scroll up to see all of the information.

b. Which options do you think would be most useful for an administrator?

c. Which option would you use to obtain an IP configuration from a Dynamic Host Configuration Protocol (DHCP) server?

3. Type and press ENTER, as shown in Figure 1-1.

a. What is your IP address?

b. What is your subnet mask?

4. Type and press ENTER.

a. Observe the new information.

b. What is the MAC address (physical address) of your computer?

c. What is your DNS server address?

5. Type and press ENTER.

01-ch01.indd 7 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity8

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

You will access the Local Area Connection Properties dialog box and change the host portion of the IP address.

1. Click Start | Control Panel | Network and Internet | Network and Sharing Center.

2. Click Change adapter settings.

3. Right-click Local Area Connection and select Properties.

4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.

5. In the IP Address text box, you will see the IP address 192.168.100.101, as shown in Figure 1-2. Change the last octet (101) to .

6. Click OK.

7. In the Local Area Connection Properties window, click Close.

8. Click Close to close the Network Connections window.

1. To open the command prompt, click Start; in the Search Programs And Files box, type and then press ENTER.

2. Type and press ENTER.

3. Observe that your IP address has changed.

4. Type and press ENTER.

FIGURE 1-1 The ipconfig command

01-ch01.indd 8 24/07/14 5:00 PM

 

 

Lab 1.1w: Windows Client Configuration 9

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

1. Click Start | Control Panel | Network and Internet | Network and Sharing Center.

2. Click Change Adapter Settings.

3. Right-click Local Area Connection and select Properties.

4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.

5. In the IP Address text box, you will see the IP address 192.168.100.110. Change the last octet (110) to as shown in Figure 1-2.

6. Click OK.

7. In the Local Area Connection Properties window, click Close.

8. Click Close to close the Network Connections window.

1. On the Windows 7 PC, click Start; in the Search Programs And Files box, type and then press ENTER.

2. To view the ping help file, type at the command line and then press ENTER.

FIGURE 1-2 The Internet Protocol (TCP/IP) Properties window

01-ch01.indd 9 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity10

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

3. To ping the IP address of the Windows 2008 Server computer, type at the command line and press ENTER, as shown in Figure 1-3.

a. Observe the information displayed.

b. What is the time value observed for all four replies?

c. What is the TTL observed?

d. What does this number refer to?

e. How can you be sure that this response is actually coming from the correct computer?

At the Windows 7 machine, you are now going to view the ARP cache, using the arp utility.

1. Close the current Command Prompt window.

2. Select Start | All Programs | Accessories and then right-click Command Prompt.

3. Click Run as administrator.

4. In the User Account Control dialog box, click Yes.

5. At the command line, type and press ENTER.

a. Observe the options for this command.

b. Which command displays the current ARP entries?

FIGURE 1-3 The ping command in Windows

01-ch01.indd 10 24/07/14 5:00 PM

 

 

Lab 1.1w: Windows Client Configuration 11

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

✔ Tip

UP ARROW

6. At the command line, type and press ENTER.

7. Observe the entry. Notice that the MAC address for the Windows 2008 Server machine is listed.

8. At the command line, type and press ENTER. (The –d option deletes the ARP cache.)

9. Observe the entries. (Do not worry if no entries are listed; you are simply deleting what is in the ARP cache.)

10. At the command line, type and press ENTER, as shown in Figure 1-4.

11. Observe that the ARP cache now has no entries.

12. At the command line, type and press ENTER.

13. At the command line, type and press ENTER.

a. Observe any entry. Notice that the MAC address is once again listed.

b. How does using the ping utility cause the machine’s MAC address to be populated in the ARP cache? (This is explored in “Lab 2.1, Network Communication Analysis,” in Chapter 2.)

c. How can you be sure that this is actually the correct MAC address for the computer?

FIGURE 1-4 The arp command in Windows

01-ch01.indd 11 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity12

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

At the Windows 7 PC, follow these steps:

1. Choose Start | Shutdown arrow | Log off.

2. In the Log Off Windows dialog box, click Log Off.

10 MINUTES

Lab 1.1l: Linux Client Configuration

Materials and Setup You will need the following:

Kali

Metasploitable

Lab Steps at a Glance

Start the Kali and Metasploitable PCs. Log on only to the Kali PC.

View the network card configuration using ifconfig.

Use the cat command to view the file resolv.conf to determine the DNS address.

Use the netstat –nr command to determine the gateway router address.

Use the ifconfig command to change the network configuration for a machine.

View the ARP table.

Ping the Metasploitable machine by IP address and view the cache.

Modify the ARP cache and view the ARP cache again.

Log off from the Kali PC.

Lab Steps

To log on to the Kali PC, follow these steps:

1. At the login screen, click Other.

01-ch01.indd 12 24/07/14 5:00 PM

 

 

Lab 1.1l: Linux Client Configuration 13

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

2. In the Username text box, type and press ENTER.

3. In the Password text box, type and press ENTER.

1. Click the Terminal icon in the menu bar at the top.

2. At the command line, type and press ENTER. (The information may scroll off the screen. To see the text, hold the SHIFT key down and press PAGEUP.)

3. Observe the different options that can be used.

✔ Tip

–h

man man ENTER

Here is how you can utilize this command:

4. At the command line, type and press ENTER.

5. Use the UP ARROW and DOWN ARROW keys to scroll through the man page.

6. When you are done looking at the man page, press to exit.

✔ Tip

UP ARROW

7. At the command line, type and press ENTER.

a. Observe the information displayed.

b. How does Linux refer to the IP address? What is your IP address?

c. How does Linux refer to the subnet mask? What is your subnet mask?

01-ch01.indd 13 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity14

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

1. At the command line, type and press ENTER.

a. Observe the information displayed.

b. What is your DNS server address?

1. At the command line, type and press ENTER.

Observe the information displayed.

Note that a default gateway is not configured. One is not needed since all the machines for the lab exercises will communicate only on the 192.168.100.0 network. If traffic needs to go to a network other than 192.168.100.0, a default gateway is needed.

1. At the command line, type and press ENTER.

2. At the command line, type and press ENTER.

Did your IP address change?

3. At the command line, type and press ENTER.

4. At the command line, type and press ENTER.

Did your IP address change?

✔ Tip

Working at the Kali machine, you are now going to view the ARP table using the arp utility.

1. At the command line, type and press ENTER.

2. Observe the options for this command.

01-ch01.indd 14 24/07/14 5:00 PM

 

 

Lab 1.1l: Linux Client Configuration 15

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

3. At the command line, type and press ENTER.

a. What do the options a and n do?

b. Do you have any entries?

From the Kali PC, you are going to use the ping utility to communicate with the Metasploitable server machine.

1. At the command line, type and press ENTER.

a. Notice that the ping replies will continue until you stop them. Press CTRL-C to stop the replies, as shown in Figure 1-5.

b. Observe the information displayed.

c. What is icmp_req?

d. Notice the time the first reply took compared with the rest of the replies. Was there a significant difference? If so, why?

e. How can you be sure that this response is actually coming from the correct computer?

2. At the command line, type and press ENTER.

3. Observe the entry. Notice that the MAC address for the Metasploitable machine is listed.

1. At the command line, type and press ENTER.

2. Observe the entries. (If you do not see an entry, do not worry; we are simply deleting what is in the ARP cache.)

FIGURE 1-5 The ping command in Linux

01-ch01.indd 15 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity16

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

3. At the command line, type and press ENTER, as shown in Figure 1-6.

4. Observe that the ARP cache now has no MAC addresses.

5. At the command line, type and press ENTER. Press CTRL-C to stop the replies.

6. At the command line, type and press ENTER.

a. Observe the entry. Notice that the MAC address is once again listed.

b. How does pinging the machine cause its MAC address to be populated in the ARP cache? (This is explored in “Lab 2.1, Network Communication Analysis,” in the next chapter.)

c. How can you be sure that this is actually the correct MAC address for the computer?

1. In the upper-right corner, click root | Shutdown.

2. In the Shut down this system now? dialog box, click Shut Down.

➜ Note

Lab 1.1 Analysis Questions The following questions apply to the labs in this section:

1. You have been called in to troubleshoot a client’s computer, which is unable to connect to the local area network. What command would you use to check the configuration? What information would you look for?

FIGURE 1-6 The arp command in Linux

01-ch01.indd 16 24/07/14 5:00 PM

 

 

Lab 1.1l: Linux Client Configuration 17

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

2. You have been called in to troubleshoot a client’s computer, which is able to connect to the local area network but unable to connect to any other network. What command would you use to check the configuration? What information would you look for?

3. If you needed to obtain a user’s MAC address as well as the user’s network configuration information, what command and switch would you enter?

4. To use the Windows GUI utility to adjust IP settings, including DNS and gateway information, what steps would you take?

5. You have just pinged a remote computer. You would now like to retrieve the MAC address of the remote computer locally. How would you obtain the remote computer’s MAC address?

6. You are about to run some network traffic analysis tests. You need to clear your ARP cache. How would you go about performing this task (for Windows and Linux)?

7. What information does ping return to the user?

8. How does a computer ensure that the replies it gets from an ARP broadcast are correct?

Lab 1.1 Key Terms Quiz Use these key terms from the labs to complete the sentences that follow:

Address Resolution Protocol (ARP)

ARP cache

cat

Domain Name System (DNS)

01-ch01.indd 17 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity18

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

Dynamic Host Configuration Protocol (DHCP)

gateway

host address

ifconfig

Internet Control Message Protocol (ICMP)

Internet Protocol (IP)

ipconfig

Media Access Control (MAC) address

network address

ping (Packet Internet Groper)

resolv.conf

subnet mask

time to live (TTL)

Transmission Control Protocol/Internet Protocol (TCP/IP)

1. The letters IP stand for ____________________.

2. The ____________________ is the physical address of your network interface card that was assigned by the company that made the card.

3. ipconfig /renew will renew an IP address obtained from the ____________________ server.

4. The four items needed to connect a machine to the Internet are the ____________________ address, the ____________________ address, the ____________________, and the ____________________ address.

5. The ____________________ is used to separate the host address and network address from an IP address.

6. ____________________ is the file that contains DNS server addresses in Linux.

7. The ____________________ command is used to display the contents of text files in Linux.

8. The command used in this lab to test network connectivity is ____________________.

Follow-Up Labs Now that you know how IP addresses resolve to MAC

addresses, find out how computer and domain names are resolved.

01-ch01.indd 18 24/07/14 5:00 PM

 

 

Lab 1.1l: Linux Client Configuration 19

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

IPv6 is the next generation of addressing and will be implemented in the not too distant future.

Nmap uses ARP in a ping sweep to discover devices on a network.

This attack exploits ARP.

Suggested Experiments 1. DHCP is designed to facilitate setting a client device’s IP settings from a host server that exists

to enable autoconfiguration of IP addresses. This is particularly useful in large networks and provides a mechanism that allows remote administration of settings such as IP address and DNS and gateway IP addresses. To experiment with DHCP, you need to set up a DHCP server and then add clients to the network, exploring how DHCP sets the parameters automatically.

2. Research stack fingerprinting. When you ping a device and get a reply, you know that a device is working on the network. Are there any clues in the ICMP replies that might reveal what kind of device is responding?

References

www.microsoft.com/resources/documentation/windows/xp/ all/proddocs/en-us/arp.mspx

www.faqs.org/rfcs/rfc826.html

www.faqs.org/rfcs/rfc2131.html

www.faqs.org/rfcs/rfc792.html

www.faqs.org/rfcs/rfc950.html

http://www.subnetting.net/Tutorial.aspx

Linux Programmer’s Manual, Section 8 (type the command

Linux Programmer’s Manual, Section 8 (type the command

www.microsoft.com/resources/documentation/windows/ xp/all/proddocs/en-us/ipconfig.mspx

Principles of Computer Security, Fourth Edition (McGraw-Hill Education, 2015), Chapter 9

01-ch01.indd 19 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity20

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

Lab 1.2: Computer Name Resolution Remembering IP addresses can be cumbersome, especially when there are many machines on many networks. One way we sort out this complexity is with the use of the Domain Name System (DNS). When one computer connects to another computer using its domain name, the DNS translates the computer’s domain name into its appropriate IP address.

The DNS will first access a local file called the hosts file. The hosts file is a listing of corresponding IPv4 addresses and host names. By default, there is only one IP address—the localhost address; it is equivalent to the loopback address 127.0.0.1. The hosts file can always be modified to accommodate additional IP addresses.

If it has not found the IP address in the hosts file, the computer will need to query the DNS cache (on Windows machines) and then the DNS server for the IP address. The DNS cache is a local copy of recently used name–IP address pairs. If the name is not in the cache, then the request is directed to a DNS server. If the DNS server does not have the IP address in its database, it can “ask” another DNS server for the information. DNS servers are organized in a hierarchical structure, ultimately ending at servers maintained by the naming authorities. This is an efficient method of resolving IP addresses to names.

The fully qualified domain name (FQDN) is a dot-separated name that can be used to identify a host on a network. The FQDN consists of the host name along with its domain name and any other subdomain names, such as www.somename.com.

In this lab, you will modify the hosts file, test connectivity using the FQDN, and then explore the functionality of the nslookup command.

Learning Objectives After completing this lab, you will be able to

Understand how the loopback address can be used to test a network card

Modify the hosts file on a computer using a basic text editor

Check the DNS cache on a computer from the command line

From the command line, resolve an FQDN to an IP address, and vice versa

Understand how names are resolved into IP addresses in a Windows environment

01-ch01.indd 20 24/07/14 5:00 PM

 

 

Lab 1.2w: Name Resolution in Windows 21

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

15 MINUTES

Lab 1.2w: Name Resolution in Windows

Materials and Setup You will need the following:

Windows 7

Windows 2008 Server

Metasploitable (acting as a DNS server)

Lab Steps at a Glance

Start the Windows 7, Windows 2008 Server, and Metasploitable PCs. Log on only to the Windows 7 machine.

Ping the Windows 7 machine from the Windows 7 machine.

View and modify the hosts file.

Ping the Windows 2008 Server machine by the FQDN.

Use the nslookup command to view name-to–IP address information.

Log off from the Windows 7 PC.

Lab Steps

To log on to the Windows 7 PC, follow these steps:

1. Click Admin at the Login screen.

2. In the password text box, type and press ENTER.

Using the Windows 7 machine, you are going to ping the machine that you are working on, using both the loopback address (127.0.0.1) and the name “localhost.” This is often done to test whether the network interface card (NIC) and TCP/IP are working before moving on to other troubleshooting methods.

01-ch01.indd 21 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity22

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

1. To ping the machine using the loopback address, choose Start | Run, type in the Open field, and press ENTER.

2. At the command line, type and press ENTER.

3. Observe the information displayed.

4. To ping the Windows 7 computer using localhost, type at the command line and press ENTER.

a. Observe the information displayed.

b. How does the computer know that localhost defaults to 127.0.0.1?

You are now going to view and modify the hosts file. The hosts file is a text file that lists host (computer) names and their IP addresses on a network. On a small network, the hosts file can be used as an alternative to DNS.

To view and modify the hosts file, follow these steps:

1. Select Start | Programs | Accessories and right-click Notepad.

2. Click Run as administrator.

3. In the User Account Control dialog box, click Yes.

4. Click File | Open. Set the extension type to All Files. Then navigate to c:\windows\system32\ drivers\etc\ and select the hosts file.

a. Observe the information displayed.

b. What entries are already there?

c. Why are they commented out?

5. Add the following lines to the end of the hosts file (refer to Figure 1-7):

6. Choose File | Save. Be sure that Save as type is set to All Files.

7. Close Notepad.

To ping the new names, follow these steps:

1. At the command line, type and press ENTER.

What IP address comes up?

01-ch01.indd 22 24/07/14 5:00 PM

 

 

Lab 1.2w: Name Resolution in Windows 23

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

2. At the command line, type and press ENTER.

a. What IP address comes up?

b. Why do you think administrative rights are required to modify the hosts file?

c. Can you think of a way that this file could be exploited?

From the Windows 7 PC, you are going to use the ping utility to communicate with the Windows 2008 Server machine. You will look at the DNS cache and see how it changes during this process.

1. To ping the IP address of the Windows 2008 Server computer, type at the command line and press ENTER.

FIGURE 1-7 Modifying the hosts file with Notepad

01-ch01.indd 23 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity24

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

2. Observe the information displayed.

3. To check the contents of the DNS cache, type at the command line and press ENTER.

a. What listings do you see?

b. Is there one for win2k8serv.security.local?

4. To ping the Windows 2008 Server computer by name, type at the command line and press ENTER.

a. Observe the information displayed.

b. Did it show the IP address of the server?

5. To check the DNS cache again, type at the command line and press ENTER.

a. Is there an entry for 2k8serv.security.local this time?

b. Where did the DNS cache get it from?

You will use nslookup to view name resolution. The nslookup command allows you to either discover the IP address of a computer from its FQDN or use the IP address to determine the FQDN.

To list the options available for the nslookup command, follow these steps:

1. At the command line, type and press ENTER.

2. At the command prompt, type and press ENTER.

➜ Note

a. Observe the information displayed.

b. Which option displays the current server/host?

3. At the command line, type and press ENTER.

4. To check the IP address for the Windows 7 computer, type at the command line and press ENTER.

Is the IP address correct?

01-ch01.indd 24 24/07/14 5:00 PM

 

 

Lab 1.2w: Name Resolution in Windows 25

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

5. To check the IP address for the Windows 2008 Server computer, type at the command line and press ENTER, as shown in Figure 1-8.

a. Is the IP address correct?

b. Note that the name of the server is win2k8serv and not 2k8serv, which you put into the hosts file.

➜ Note

At the Windows 7 PC, follow this step:

Choose Start | Shut Down arrow | Log off.

➜ Note

FIGURE 1-8 The nslookup command

01-ch01.indd 25 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity26

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

Lab 1.2 Analysis Questions 1. The following questions apply to the lab in this section:You are the administrator of a large

network. You would like to make a change that allows users to type one word into their web browsers to access a web site. For example, instead of typing , users could just type . Based on the lab you have just done, how is this accomplished for the example given?

2. What is the sequence in which domain names are resolved on a Windows machine?

3. Entering the command will provide you with what information about the IP address?

Lab 1.2 Key Terms Quiz Use these key terms from the lab to complete the sentences that follow:

127.0.0.1

DNS cache

Domain Name System (DNS)

fully qualified domain name (FQDN)

hosts file

IP addresses

localhost address

loopback address

nslookup

ping localhost

1. The command used in this lab to test and query DNS servers is called ____________________.

2. You can type ____________________ to test whether a network card and TCP/IP are working on the local machine.

01-ch01.indd 26 24/07/14 5:00 PM

 

 

Lab 1.3: IPv6 Basics 27

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

3. The letters FQDN stand for ____________________ ____________________ ____________________ ____________________.

4. Entering will provide you with all the ____________________ associated with that FQDN.

5. The ____________________ is a small space in memory that will maintain resolved names for a period of time.

6. What file maps computer names to IP addresses? ____________________

Follow-Up Labs Discover how to scan

a network for IP addresses and find open ports on each one discovered.

See how domain names are used in spoofing e-mails.

Suggested Experiment On your home computer, use nslookup to find the IP addresses for different sites that you normally go to, such as www.google.com or www.microsoft.com.

References

www.faqs.org/rfcs/rfc826.html

www.faqs. /rfcs/rfc792.html

www.faqs.org/rfcs/ rfc2151.html

Principles of Computer Security, Fourth Edition (McGraw-Hill Education, 2015), Chapter 9

Lab 1.3: IPv6 Basics The TCP/IP network that is commonly referred to as either TCP or IP seldom refers to the version of the protocol in use. Until recently, this was because everyone used the same version, version 4. One of the shortcomings of IPv4 is the size of the address space. This was recognized early, and a replacement protocol, IPv6, was developed in the late 1990s. Adoption of IPv6 has been slow because, until recently, there have been IPv4 addresses remaining in inventory for use. The impending end of the IPv4 address inventory has resulted in the move of enterprises into dual-stack operations, where both IPv4 and IPv6 are used.

01-ch01.indd 27 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity28

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

The IPv6 protocol is not backward compatible to IPv4. There are many aspects that are identical, yet some have changed to resolve issues discovered during the use of IPv4. A key aspect is the autoconfiguration features associated with the IPv6 standard. IPv6 is designed to extend the reach of the Internet Protocol by addressing issues discovered in the 30 years of IPv4. The IP address space is the most visible change, but issues such as simpler configuration of IP-enabled devices without using DHCP, deployment of security functionality, and quality of service were also designed into IPv6 as optional extensions (with limitations).

A significant change occurs in ICMPv6: ICMP messages are used to control issues associated with routing packet losses, so blocking ICMPv6 at the edge of the network would result in a system not getting delivery failure messages. ICMP is also used to convey Neighbor Discovery (ND) and Neighbor Solicitation (NS) messages to enable autoconfiguration of IP-enabled devices. ICMP becomes a complete part of the protocol set with version 6.

IPv6 supports a variety of address types, as listed in Table 1-1.

Link-local unicast addresses are analogous to the IPv4 address series 169.254.0.0/16. These addresses are automatically assigned to an interface and are used for the autoconfiguration of addresses and Neighbor Discovery. They are not to be routed. Multicast addresses are used to replace the broadcast function from IPv4. Multicast addresses can be defined in a range of scopes, from link to site to Internet. Global unicast addresses are used to send to a specific single IP address, multicast addresses are used to send to a group of IP addresses, and the anycast address, a new type in IPv6, is used to communicate with any member of a group of IPv6 addresses.

Unspecified 000…0 (128 bits) ::/128

Loopback 000…01 (128 bits) ::1/128

Link-local unicast 1111 1110 10 FE80::/10

Multicast 1111 1111 FF00::/8

Global unicast All other addresses

IPv4 mapped 000…01111111111111111 ::FFFF/96

Unique Local Unicast Address (ULA) 1111 110 FC00::/7

Assigned to RIR 001 2000::/3

TABLE 1-1 IPv6 Address Types

01-ch01.indd 28 24/07/14 5:00 PM

 

 

Lab 1.3w: Windows IPv6 Basics (netsh/ping6) 29

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

Learning Objectives After completing this lab, you will be able to

Understand the new IPv6 header

Understand different address configurations

Understand IPv6 addressing nomenclature

Identify differences between IPv6 and IPv4 traffic

40 MINUTES

Lab 1.3w: Windows IPv6 Basics (netsh/ping6)

Materials and Setup You will need the following:

Windows 7

Windows 2008 Server

Lab Steps at a Glance

Start the Windows 7 and Windows 2008 Server machines. Log on only to the Windows 7 machine.

Verify IPv6 settings.

Log on to the Windows 2008 Server machine.

Verify IPv6 settings.

Launch Wireshark on the Windows 7 PC.

Ping the Windows 2008 Server machine from the Windows 7 machine.

Change the IPv6 address of the Windows 7 machine.

Change the IPv6 address of the Windows 2008 machine.

View the IPv6 ping traffic in Wireshark.

Investigate communications between various IP addresses.

Reset all IPv6 configuration states.

Log off from both the Windows 7 and Windows 2008 Server machines.

01-ch01.indd 29 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity30

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

Lab Steps

To log on to the Windows 7 PC, follow these steps:

1. Click Admin at the Login screen.

2. In the password text box, type and press ENTER.

1. Click Start; in the Search Programs And Files box, type and press ENTER.

2. Type and press ENTER. You should get a reply similar to what’s shown in Figure 1-9.

3. Record your IPv6 address for later use.

To log on to the Windows 2008 Server PC, follow these steps:

1. At the Login screen, press CTRL-ALT-DEL.

2. Enter the username and the password .

3. Click OK.

FIGURE 1-9 IPv6 settings

01-ch01.indd 30 24/07/14 5:00 PM

 

 

Lab 1.3w: Windows IPv6 Basics (netsh/ping6) 31

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

1. Click Start; in the Search programs and files box, type and press ENTER.

2. Type and press ENTER.

3. Record your IPv6 address for later use.

➜ Note

On the Windows 7 machine, follow these steps:

1. Choose Start | All Programs | Wireshark.

2. Within Wireshark, choose Capture | Interfaces.

3. Click Start for the correct interface.

➜ Note

On the Windows 7 machine, in the command window, type [ ] and press ENTER.

The IPv6 address will look something like fe80::8cb8:89fc:bc3a:8ec9. You should get a reply similar to what’s shown in Figure 1-10.

1. On the Windows 7 machine, close the current Command Prompt window.

2. Select Start | Programs | Accessories and right-click Command Prompt.

3. Click Run as administrator.

4. In the User Account Control dialog box, click Yes.

01-ch01.indd 31 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity32

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

5. In the command window, type your interface name and press ENTER.

6. Verify address by typing and pressing ENTER.

7. Record the IPv6 addresses and types for later use.

➜ Note

1. Select Start | Programs | Accessories and right-click Command Prompt.

2. Click Run as administrator.

3. In the User Account Control dialog box, click Yes.

4. In the command window, type and press ENTER.

5. Verify the address by typing and pressing ENTER.

6. Record the IPv6 addresses and types for later use.

FIGURE 1-10 The ping -6 command

01-ch01.indd 32 24/07/14 5:00 PM

 

 

Lab 1.3w: Windows IPv6 Basics (netsh/ping6) 33

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

On the Windows 7 PC, verify the IPv6 ping by viewing the Wireshark output. You should get a reply similar to what’s shown in Figure 1-12.

➜ Note

ipv6

FIGURE 1-11 Changing and showing the IPv6 address

01-ch01.indd 33 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity34

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

For this step, experiment using Wireshark and the ping6 command on Windows 7 and using Wireshark and the ping command on Windows 2008 Server. Investigate communicating between various IPv6 addresses.

What are the differences?

On both machines, in the Command Prompt window, type and press ENTER.

1. On the Windows 7 PC, choose Start | Shutdown arrow | Log Off.

2. On the Windows 2008 Server machine, choose Start | Log Off, click Log Off, and click OK.

Lab 1.3 Analysis Questions 1. The following questions apply to the lab in this section:What are the different types of IPv6

traffic captured in Wireshark?

2. Using Wireshark, describe the differences between IPv4 and IPv6 packets observed in this lab.

FIGURE 1-12 IPv6 traffic in Wireshark

01-ch01.indd 34 24/07/14 5:00 PM

 

 

Lab 1.3w: Windows IPv6 Basics (netsh/ping6) 35

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

Lab 1.3 Key Terms Quiz Use these key terms from the lab to complete the sentences that follow:

anycast address

global unicast addresses

ICMPv6

link-local unicast addresses

multicast addresses

Neighbor Discovery (ND)

Neighbor Solicitation (NS)

1. The protocol used for Neighbor Discovery (ND) is ____________________.

2. ARP is replaced in IPv6 by ____________________ transmitted using ____________________.

3. IPv6 addresses that begin with FE80 represent ____________________.

4. In IPv6, broadcast messages are accomplished using ____________________.

Suggested Experiments 1. Get the Kali and Metasploitable to ping each other with IPV6.

2. Get all four machines to ping each other with IPV6.

3. Get all machines to use only IPv6 and get HTTP and FTP services working.

References www.getipv6.info/index.php/Main_Page

www.faqs.org/rfcs/rfc2463.html

http:// download.microsoft.com/download/e/9/b/e9bd20d3-cc8d-4162-aa60-3aa3abc2b2e9/IPv6 .doc

www.faqs.org/rfcs/ rfc2460.html

www.openwall.com/ presentations/IPv6/

01-ch01.indd 35 24/07/14 5:00 PM

 

 

Chapter 1: Workstation Network Configuration and Connectivity36

Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1

www.faqs.org/rfcs/ rfc4942.html

www.faqs.org/rfcs/rfc2461.html

01-ch01.indd 36 24/07/14 5:00 PM

 

  • h.bt0m37bilv6v

Discuss case 9.2 HSBC Combats Fraud in Split-second Decisions.

/in /by

Assignment 1: Discuss case 9.2 HSBC Combats Fraud in Split-second Decisions. 

APA Format 600 Words, 2-3 references.

pg # 329

Questions

1. Analyze the reasons to invest millions of dollars to detect

and prevent fraudulent transactions. In your evaluation,

do a cost–benefi t analysis to show why the investment

cost is worthwhile.

2. Review the two outcomes of the fraud scenario. Assess

the business implications of each of the following two

goals. Explain why these goals are confl icting.

a. To minimize rejecting legitimate purchases by authorized

customers

b. To minimize the risk of making customers victims of

fraud

3. The Fraud Management solution is based on a scoring

model. For example, assume the scores range from 1 to

10, with 10 being the highest probability that the transaction

is fraudulent. What cutoff score would you use to

decide to approve a purchase? What cutoff score would

you use to decide not to approve a purchase? If those

cutoff scores are not the same, how do you suggest

those falling between scores be treated?

4. Why are approval decisions made in a split second? Would

customers tolerate a brief delay in the approval process if

it reduced their risk of identity theft? Explain your answer.

5. Research ATM or other banking transaction fraud. How

has a fi nancial fi rm been defrauded or harmed?

Assignment 2: Discuss case 13.2 Steve Jobs’ Shared Vision Project Management Style. 

APA Format 600 Words, 2-3 references.

Pg # 436

Questions

1. Steve Jobs shows the importance of people skills. Explain

Jobs’ way of motivating people. For example, did he try

to get everyone to like him? Did he try to get everyone to

get along with each other?

2. Why did Jobs’ approach to project management work so

well for him?

3. What lessons can project managers learn from Jobs?

4. Research Steve Jobs’ management style from reputable

sources. What did you learn about how people reacted to

Jobs’ style?

5. Create a checklist of effective project management

practices.

Case Study, Stage 1: Business Environment Analysis

/in /by

Case Study, Stage 1: Business Environment Analysis

Before you begin this assignment, be sure you have read the “UR UMUC Healthy Fitness Center Case Study.”

Purpose of this Assignment

This assignment gives you the opportunity to apply the concepts of the Porter Five Forces model to a specific business, develop a strategic direction for your Fitness Center, and identify a process that could be improved with the use of technology.  This assignment specifically addresses the following course outcomes to enable you to:

  • analyze business strategy to recognize how technology solutions enable strategic outcomes
  • analyze internal and external business processes to identify information systems requirements.

Business Environment Analysis for UR UMUC Healthy Fitness Center

The UR UMUC Healthy Fitness Center has been in business since 1980 and has seen an increase in competition from small fitness centers, Cable TV and Internet Exercise channels and sites, Wii and other TV Game Console, various exercise equipment infomercials and increasing supply of Exercise DVD’s . One of your fitness instructors told you that she saw a sign announcing the construction of Gold’s Gym (a well-known national fitness franchise) a few blocks away.  Your staff is worried and is looking to you to provide reassurance that the competition will not affect the business.  In addition, you have decided to develop your strategic direction for bringing the UR UMUC Healthy Fitness Center into the 21st century.

You know that Michael Porter’s Five Forces Model is a useful tool for analyzing a business, understanding the importance of the five competitive forces and helping to develop its Generic Strategy.  It is also used to aid organizations facing the challenging decisions of dealing with changes made by existing competitors, entering a new industry or industry segment, or developing a strategy for dealing with new competition.  The Five Forces Model helps determine the relative importance of the forces affecting competitive position that could affect the future success of a business.  The Five Forces are:

  • Buyer Power
  • Supplier power
  • Threat of substitute products or services
  • Threat of new entrants
  • Rivalry among existing competitors

The Five Forces and the Generic Strategy are fully described and discussed in the textbook, and the Business Model and Competitive Advantage are covered in Module 1.  In order to analyze the Fitness Center’s current competitive position and develop a Generic Strategic direction, you have decided to use the Five Forces Model to analyze your Fitness Center business.

Assignment

 

Using the textbook and external resources, write a short paper 2-3  pages in length, not including References page and cover sheet, responding to the bulleted items below.  Remember to use the APA formatting rules and correctly cite and reference your sources with APA format.  Use the Grading Rubric to be sure you have covered everything.  Submit your paper via your Assignment Folder as a Microsoft Word document with your last name included in the filename.

 

Create a document that includes the following:

  • Brief introduction providing the background of the case, why you are writing and what is to come in your paper.  This should only be 3-5 sentences.

·         Perform a Porter’s Five Forces analysis for your UR UMUC Healthy Fitness Center, addressing each force in one or two sentences and defining the force, its impact (Positive, Negative or Neutral) on the Fitness Center and whether it should affect your strategy (Yes/No).  (See  Textbook, pp. 18-21 and Course Module 1.)  Do not identify solutions or things that you are doing that would affect the factor. (The idea is to identify how the different forces affect the UR UMUC Healthy Fitness Center and how much.) This provides you with a view of the business that will allow you to select a Generic Strategy and a Strategic Business Area on which to focus your efforts.

  • Determine which of Porter’s Three Generic Strategies (see textbook page 22) that you will use to improve your UR UMUC Healthy Fitness Center for the 21st century and explain why you selected it and tie it into the significant forces that you have identified.

·         Using your analysis of the Fitness Center’s Business Model (based on what you learned in Module 1), identify an important Strategic Business Area that needs to be improved.  The Strategic Business Area is to be selected from the direct variables (explained in Module 1 and illustrated in the Walmart Example Case Study, page 3).  The Direct Variables are:  suppliers, competition, employees, location, organizational components, owners and customers.  The Walmart Example demonstrates use of this concept, so you should review it and make sure that you are on the right track.  Explain why you have selected that Strategic Business Area and how improving it will improve operation of the Center, including how it relates to the Generic Strategy you selected.

  • Within the selected Strategic Business Area, identify and select a single daily process that is within and supports the Strategic Business Area that needs improvement.  Note:  A process is defined in your textbook as “a standardized set of activities that accomplish a specific task, such as processing a customer’s order.” (Baltzan, 2013, p. 23)   (In Stage 2 you will model the AS IS process and the TO BE Process, and propose a technology solution to improve the process you identify here, so select a process that is appropriate for a technology solution.)
  • At the end of your report with your References enter the following headings and complete the information using one concise phrase for each.  You will be starting each subsequent stage by including this information as a method to keep us focused on the objectives.

GENERIC STRATEGY:

STRATEGIC BUSINESS AREA:

PROCESS TO BE IMPROVED:

In determining which process you select for improvement, be sure to keep in mind the remaining projects within this Case Study.  You should review Stages 2-5 to get an understanding of the future projects that build on this initial stage and to aid you in selecting a process (and later proposing a technology solution) that can support the requirements of the follow-on assignments.

Do not start on Stage 2 until you receive feedback on this Stage as the Process that you select is crucial and your instructor may recommend that you change processes so that you can successfully complete the case.  You MUST incorporate the recommended changes in all subsequent Stages.

The “right” and “wrong” answers have to do with whether or not you correctly incorporated the course concepts from the textbook and addressed all parts of the assignment. You need to do some external research on at least one aspect of the assignment – your choice – and incorporate it and cite/reference it in APA format in your response. The specific strategic area you select for a technology solution is not as important as that it makes sense in light of the course content and the Case Study and is well supported with your application of the course concepts and your external research.   Use the Rubric below to be sure you have covered all aspects.

UR UMUC Healthy Fitness Center Case Study

In 1980, the UR UMUC Healthy Fitness Center was opened in a growing area of a bedroom community, by Tom Ellington, a UMUC Business Management graduate after he retired from the US Marine Corps. It has an exercise room with many different kinds of specialized equipment, rooms for various exercise and martial arts classes, and locker rooms with showers for men and women. In addition, there is a small snack area where members can buy bottled water, soda, fruit juices and snacks, with tables and chairs where people can relax. There are several part time staff members that man the counter where people check in; they also sell memberships and collect payments. There are trained exercise room attendants to assist members, and a maintenance staff to ensure cleanliness of the facility and minor maintenance of the equipment. Recently you were hired by the owner and founder as the manager, and you are very excited about this opportunity!

UR UMUC Healthy is a for-profit Fitness Center and must cover its variable costs, fund future improvements and produce a reasonable profit for the owners. Unfortunately, business has been steadily declining over the last five years. Although your predecessor did a good job at the Center, it has become out-dated. You recognize that some of the equipment really needs to be replaced, but you are not sure which equipment should be replaced first. The classes and exercise programs available have also become out-dated. There is little known about the makeup of the membership (age, sex, goals, interests, problems, complaints, etc.). You don’t know if there are long waits for particular equipment. If you had more information in these areas you feel that you could increase membership and income. For instance, if you knew which equipment was most heavily used, perhaps you would opt to replace that first, or add more similar equipment. The membership fee structure has not been reviewed in many years, and your contracts with outside firms that perform preventative and major maintenance, and those that provide cleaning supplies, vending machines, and towels have not been reviewed in a number of years. Recently, there have been weeks when the Center has run out of clean towels and the vending machines were out of the most popular items. In addition, customers have been requesting WiFi reception in the Center as well as cardio monitoring features on the cardio equipment.

The Center is open from 5 AM to 10 PM and is busy most of the day; however, the make-up of the people differs over the course of the day and each group has its own characteristics. The early group, 5 – 8 AM are the heavy workout members who speed through their exercises and head out for work or school. The next group, 8 AM -2 PM are older and take their time exercising and attending classes and spend a lot of time in social interaction; they are generally either retired or moms with their kids in school. The period from 2 – 4 PM is the least busy and is made up largely of high school students and others who like a less crowded environment. From 4 – 7 PM the group is made up of workers on their way home who want to get their workout in before dinner. The last group, 7 – 10 PM, is young single people who want show themselves off and attract the opposite sex, while exercising or taking classes.

One problem that you notice immediately is that you do not know which employees are scheduled to work each day, and there is no way to quickly get a substitute if one is needed. All employees require annual training and certifications in CPR, Safety, First Aid and the use of AED Defibrillators, while the contract trainers require various additional certifications periodically based on their specialty. All of the membership records, orders for towels and snack bar items, and financial and payroll accounts are kept on paper. The Center does not have a Web site, and uses very little marketing except word-of-mouth, and essentially still operates the same as it did in 1980.

Throughout this course you will manage the UR UMUC Healthy Fitness Center, taking advantage of business practices discussed in the class, the Course Modules and the textbook to increase revenue, keep the business running, and bring the Center into the 21st century. You will identify one area that is in need of improvement and that can be improved through the use of technology. You are not expected to solve all of the problems identified or address all improvements that could be made at the UR UMUC Healthy Fitness Center. Note: We’re looking for a technology solution. While installing a handball court may attract new customers, it is not a technology solution.

The following is an example of how you will identify a business need and a technology solution: Last year, the Fitness Center had no effective way to check its members in when they arrived. Sign-sheets were used at the front desk, and employees had to check that against their printed list of members. This caused members to have to wait at the front desk, and several had complained about this situation. To address the business need of quickly checking members in, a small system was acquired that allowed the Fitness Center to issue membership cards with a bar code; then, members swiped their card upon entry to the Center and if the card read successfully, the member would be admitted.

Note: As you approach the case study assignments, you will find it helpful to think about your own experiences with a fitness center or gym. Making a trip to a local fitness center may help you think about the processes, challenges, and opportunities.

STAGED ASSIGNMENTS

The case study and assignments address the Course Outcomes to enable you to:

· analyze business strategy to recognize how technology solutions enable strategic outcomes

· analyze internal and external business processes to identify information systems requirements

· identify and plan IT solutions that meet business objectives.

Upon completion of these assignments you will have performed an array of activities to demonstrate your ability to apply the course content to a “real world situation” to:

· Analyze the business environment and identify a strategic area for improvement  (Stage 1)

· Propose an appropriate technology solution to improve a selected business process (Stage 2)

· Evaluate various IT considerations of the proposed technology solution (Stage 3)

· Communicate your solution and the IT considerations to stakeholders using a presentation format (Stage 4)

· Identify and explain the next steps in implementing the solution (Stage 5)

The staged assignments are designed to follow the relevant course modules and chapters of the textbook in the class schedule, and are due on the dates shown in the Syllabus.

Stage 1 Project: Business Environment Analysis (Word document with analysis)

Stage 2 Project:  Business Process Models and Technology-Supported Solution Proposal (Word document with proposed solution and process diagrams)

Stage 3 Project:  Template for IT Considerations (Word table)

Stage 4 Project:  Executive Briefing Presentation (PowerPoint Presentation on proposed solution)

Stage 5 Project:  Outline of Next Steps (Word document in outline format)

The weight of the assignments is shown in the Course Syllabus. The due dates are shown in the Course Schedule.

Assignments for stages 1, 2 and 5 require external research, outside of the textbook and course modules.  The grading rubric is included with each assignment.

These assignments are designed to help you identify how to effectively analyze and interpret information to improve the business.  This is an opportunity for you to apply critical thinking skills and think like a business professional.  When you are writing a paper or developing a presentation, prepare it as if it is going to the owner, Mr. Ellington, whom you want to impress with your knowledge and abilities.  Don’t just go through the mechanics of pulling together information — think about what you are doing, why you’re doing it, whether it make sense, whether the information seems realistic, and what the results show.  Support your recommendations with your research. It’s important that you identify relevant, timely resources that specifically support the points or information you provide in your assignment. You should read the source and assimilate the information first, and then put it into your own words and incorporate it into the flow of your writing (with an appropriate in-text APA citation and a list of references at the end of your paper). Direct quotes should be used very sparingly—only when the author’s own words uniquely present a concept that would be lost if paraphrased by you.

One of the prerequisites for this course is that you have a fundamental working knowledge of word processing and presentation software. Detailed instructions for each Staged Project, 1 through 5, are posted in the designated area of the classroom. You are to prepare each assignment in the indicated format (i.e., table, outline, report, presentation or other specified format) and submit it as an attachment through your individual Assignments Folder in WebTycho.  No credit will be given for assignments submitted in file formats other than those stated in the assignment instructions.

Because these assignments require you to use Microsoft Word and PowerPoint (as indicated in the instructions), you may need to “brush up” on your familiarity with these or use functions that perhaps are new to you.  Therefore, do not wait until the last minute to begin an activity.  You should read through all the assignments in advance to ensure you (1) understand what is expected, and (2) allow enough time to effectively create the information being requested.

Additional Information 

There is a significant amount of information available to you to assist in developing your skills in using the Microsoft Office Products.  MS Word and PowerPoint are required for these exercises.  The textbook comes with access to the publisher’s website ( http://www.mhhe.com/baltzan) where there are a number of resources, including Tech Plug-Ins for Office 2003, 2007 and 2010.  Don’t hesitate to use the on-line help and wizard tools built into the MS Office applications for help as you work with the software tools.  There are also other web sites, such as www.eHow.com , and www.microsoft.com that provide tips.  Even YouTube has some useful videos demonstrating various techniques.

 

 

03/08/2013 3