1. Homepage
  2. Homework
  3. Mini-Project 2: Network Address Identification, Network Summary, Interesting Security Findings, Identifying External Shadow IT
This question has been solved

Mini-Project 2: Network Address Identification, Network Summary, Interesting Security Findings, Identifying External Shadow IT

Engage in a Conversation
USNCSUNetwork Address Identification Network Summary Interesting Security Findings Identifying ExternalIPv6PythonComputer Networks

Mini-Project 2 CourseNana.COM

The goal of this project is to learn how to perform an audit on a network with the intention to discover interesting characteristics and phenomena. The project is mostly open-ended (that is, there is no specific correct answer, and I do not have a working “solution.”). In doing so, you will be required to be creative and learn new tools. You will turn in a project report that describe both your findings and techniques used to discover these findings. Any custom scripts or tools built for the project should also be submitted with your report. CourseNana.COM

Collaboration: Students may not collaborate. Each student must submit their own solution. CourseNana.COM

Dataset: For this assignment, we will use censys.io. Please join the team account as soon as you receive the email invite as the link expires in 2 days. If you have not received this email or receive an error that the link has expired, please contact the TA for a new invite. Once you have an account you will perform an audit on NC State’s networks using the IPv4 Hosts Search. Important: do not use tools that perform active scans on the NCSU networks, you must use censys.io, unless noted otherwise. CourseNana.COM

Censys.io API Query Limit: Your censys.io account is connected to a team account that has an API query limit shared with the rest of the class. When testing your code, please test using only a small number of queries to conserve the number of queries available for the rest of the class. We will monitor query usage and try to proactively increase the query limit before the team account runs out of queries. Please notify the TA if we have used up all queries. CourseNana.COM

Responsible Disclosure: As a result of this project, you may find a security issue within the NCSU network. We ask that you do not publicly disclose (e.g., Tweets, Snapchat, Blog Posts) any information about your findings for 90 days after the homework is due. This will allow us to report the findings to Security and Compliance and give them time to address the issue. However, you may discuss your findings with the instructor staff, or students in the class after the assignment is due. CourseNana.COM

What to submit: You should submit to Gradescope one .pdf and one .tar.gz or .zip. The first file should be a single PDF document with your report. Writeups submitted in Word or any non-PDF format will not be accepted. Consider using LATEX to typeset your report. For a good primer on LATEX, see the Not So Short Introduction to LATEX. The second file should be tarball (.tar.gz) or Zip (.zip) of any custom tools that are relevant to your report. CourseNana.COM

Part 1 (10 points): Network Address Identification CourseNana.COM

Before performing an audit you should always be sure the network addresses you plan to analyze belongs to the organization agreeing to be audited. The goal of this part is to familiarize the student with doing necessary reconnaissance and background research before performing an audit. CourseNana.COM

NC State owns multiple IPv4 network blocks. Identify at least 3 IPv4 blocks. For each block you identify, list the CIDR block, Network Name, Autonomous System Number (ASN), and Autonomous System Name. Additionally, describe your process for how you found this information, including screenshots as needed. You must start your search using censys.io, from which you will identify at least the ASN. From there, you may use other resources to identify the CIDR blocks. Reminder: Do not use any tools that perform an active scan on the NCSU Network. CourseNana.COM

Part 2 (40 points): Network Summary CourseNana.COM

Once you have a list of target IP addresses identified in Part 1, the next step is to identify hosts on the network. The goal of this part is to familiarize yourself with gathering information about the network and organizing the information into a report that helps triage potential security issues. CourseNana.COM

Using censys.io perform an IPv4 Hosts Search on the network blocks identified in Part 1. Visualize the results of the search using tables or charts (e.g., bar graph). Include a discussion that interprets your visualizations, justifies why your visualizations are useful, and describes how you obtained the data. CourseNana.COM

Note: while it may be easier to get familiar with the search functionality using the web interface, I highly recommend using the API and writing scripts to save the results locally and then process the saved results with offline tools. This reduces the number of queries you will have to perform and reduces the chance that we will run out of queries. I recommend writing the scripts in Python, but you may use any programming language. Reminder: Do not use any tools that perform an active scan on the NCSU Network. CourseNana.COM

You must appropriately visualize and discuss the following information to receive 30/40 points: (1) hosts by operating system,
(2) hosts by web server (Apache, Nginx, IIS, etc.), and
(3) hosts by protocol.
CourseNana.COM

To receive the other 10 points you must be creative and go beyond the bare minimum described above. CourseNana.COM

To build your charts you may use any software you like, below are some suggested tools: CourseNana.COM

  • Gnuplot is a command line graphing utility.
  • Spreadsheets such as Microsoft Excel, LibreOffice Calc, or Google Sheets all have the capability to create charts.
  • Plotly may be particularly useful for those using the Censys Python API to perform queries. After retrieving the data from Censys, you can easily output a Plotly chart from your script.

The following figure shows an example bar chart made with Plotly. You should use this as inspiration to create a chart using real data in your solution. CourseNana.COM

Figure 1: Sample figure showing bar chart for a limited number of Operating Systems. CourseNana.COM

Part 3 (20 points): Interesting Security Findings CourseNana.COM

The final step of an audit is to find and report security issues on the network. The goal of this part is to familiarize yourself with identifying security issues in a network. CourseNana.COM

Starting from the data you collected from censys.io, document an interesting security-related finding. Discuss why you found it interesting, background information about the finding, recommendations on how to address what you found, and a description on how you discovered the security issue. Hint: you may create an account on shodan.io and use the Shodan API to identify security issues. The free version of Shodan limits the number of queries you can do per month, but we can use our censys.io information to more efficiently use Shodan. CourseNana.COM

For example, you may find a vulnerable host on the network. Give information about the vulnerable host, what the vulnerability is (cite a CVE if possible), and a description of how you found the vulnerable host on the network. A vulnerable host is not the only kind of security-related result, be creative. Reminder: Do not use any tools that perform an active scan or probe on the NCSU Network. If you find a host that you think is vulnerable, contact the teaching staff before attempting to connect to it. CourseNana.COM

If you are unable to find anything interesting, describe your thought process for partial credit. Please be as verbose as possible, describing what you tried and why you tried it. Also include any partial successes and possible reasons to why you think your approach was not successful. CourseNana.COM

Part 4 (20 points): Identifying External Shadow IT CourseNana.COM

When performing a security assessment of an organization, it is equally important to understand the exposure due to “Shadow IT”. The concept of shadow IT is fairly broad, as it encompasses anything that is not managed by the IT group at the organization. Over the past decade, the growing pervasiveness of cloud computing and cloud services has moved technology off-premises. For the purposes of this part, we will consider “shadow IT” as any host with an ncsu.edu hostname that does not have an IP address within the CIDR blocks assigned to NCSU’s ASN. CourseNana.COM

Thus, the goal of this part is to find IP addresses outside NCSU’s ASN that can be accessed via a ncsu.edu hostname. Note that if you did not identify a complete set of CIDR ranges in Part 1, your analysis might have some false positives. Therefore, it is a good idea to confirm the IP address is not in NCSU’s ASN using censys.io. You may also want to update your response to Part 1 after performing this investigation. CourseNana.COM

There are a number of ways you can discover these IP addresses without actively scanning the network. Here are two ideas (but you may use others): CourseNana.COM

DNS Data: Censys.io can be queried via the API to retrieve forward DNS information, including A records and CNAME record responses. I expect that CNAME records are the most common way in which ncsu.edu domains are mapped to cloud services. However, it would also be interesting to find A records that point to non-NCSU IP addresses. CourseNana.COM

Certificate Data: TLS certificates include the hostname in the “Common Name” field, as well as the subjectAltName field (aka “SAN” and “Subject Alternative Name”). censys.io and Google’s Certificate Transparency report both allows you to search TLS certificates by hostname. However, the trick will be mapping those hostnames to IP addresses. CourseNana.COM

Report your findings as well as how you found them. Include any scripts you used in your .tar.gz/.zip archive. If you are unable to find anything, describe your thought process for partial credit. Please be as verbose as possible, describing what you tried and why you tried it. CourseNana.COM

Part 5 (10 points): Impact of IPv6 CourseNana.COM

Censys and Shodan continuously scan the Internet to build their host databases. Discuss how IPv6, which use 128 bit addresses rather than 32 bit addresses, may impact the effectiveness of these tools. Scanning the IPv6 Internet: Towards a Comprehensive Hitlist may be a good place to begin your research. Remember to cite any sources you use. CourseNana.COM

Get in Touch with Our Experts

WeChat (微信) WeChat (微信)
Whatsapp WhatsApp
US代写,NCSU代写,Network Address Identification代写, Network Summary代写, Interesting Security Findings代写, Identifying External代写,IPv6代写,Python代写,Computer Networks代写,US代编,NCSU代编,Network Address Identification代编, Network Summary代编, Interesting Security Findings代编, Identifying External代编,IPv6代编,Python代编,Computer Networks代编,US代考,NCSU代考,Network Address Identification代考, Network Summary代考, Interesting Security Findings代考, Identifying External代考,IPv6代考,Python代考,Computer Networks代考,UShelp,NCSUhelp,Network Address Identificationhelp, Network Summaryhelp, Interesting Security Findingshelp, Identifying Externalhelp,IPv6help,Pythonhelp,Computer Networkshelp,US作业代写,NCSU作业代写,Network Address Identification作业代写, Network Summary作业代写, Interesting Security Findings作业代写, Identifying External作业代写,IPv6作业代写,Python作业代写,Computer Networks作业代写,US编程代写,NCSU编程代写,Network Address Identification编程代写, Network Summary编程代写, Interesting Security Findings编程代写, Identifying External编程代写,IPv6编程代写,Python编程代写,Computer Networks编程代写,USprogramming help,NCSUprogramming help,Network Address Identificationprogramming help, Network Summaryprogramming help, Interesting Security Findingsprogramming help, Identifying Externalprogramming help,IPv6programming help,Pythonprogramming help,Computer Networksprogramming help,USassignment help,NCSUassignment help,Network Address Identificationassignment help, Network Summaryassignment help, Interesting Security Findingsassignment help, Identifying Externalassignment help,IPv6assignment help,Pythonassignment help,Computer Networksassignment help,USsolution,NCSUsolution,Network Address Identificationsolution, Network Summarysolution, Interesting Security Findingssolution, Identifying Externalsolution,IPv6solution,Pythonsolution,Computer Networkssolution,