Question

Background / Scenario
Attackers have developed many tools over the years to attack and compromise networks. These attacks take many forms, but in most cases, they seek to obtain sensitive information, destroy resources, or deny legitimate users access to resources. When network resources are inaccessible, worker productivity can suffer, and business income may be lost.
To understand how to defend a network against attacks, an administrator must identify network vulnerabilities. Specialized security audit software, developed by equipment and software manufacturers, can be used to help identify potential weaknesses. These same tools used by individuals to attack networks can also be used by network professionals to test the ability of a network to mitigate an attack. After the vulnerabilities are discovered, steps can be taken to help protect the network.
This assignment provides a structured research project that is divided into two parts: Researching Network Attacks and Researching Security Audit Tools. Inform your instructor about which network attack(s) and network security audit tool(s) you have chosen to research. This will ensure that a variety of network attacks and vulnerability tools are reported on by the members of the c

In Part 2, research network security audit tools and attack tools. Investigate one that can be used to identify host or network device vulnerabilities. Create a one-page summary of the tool based on the form included within this lab.

Part 2: Researching Network Security Audit Tools and Attack Tools Step 1: Research various network security audit tools and attack tools.
Step 2: Fill in the following form for the network security audit tool/attack tool selected.
Name of tool:

Developer:

Type of tool (character-based or GUI):
Used on (network device or computer host):
Cost:


Description of key features and capabilities of product or tool:
References and info links:

Answer 1

Part 2: Research Network Security Audit Tools and Attack Tools

In this part we have to investigate one that can be used to identify host or network device vulnerabilities.

Step 1: Research various network security audit tools and attack tools.

Some of the tools that can be identified are:

• Nmap (Network Mapper) is a free security scanner, port scanner and network exploration tool. Nmap is a free and open-source network scanner which was created by Gordon Lyon. It is used to discover hosts and services on a computer network by sending packets and analyzing the responses.
• Cisco IOS AutoSecure secures a router by using single CLI command which disables common IP services also enables IP services which help in the defence of a network when under attack.
• The Cisco Security Device Manager (SDM) is a spontaneous, web based device management tool embed within Cisco IOS access routers. It makes simpler router and security arrangement all the way through intelligent wizards, allowing customers to rapidly and simply organize, configure, and monitor a Cisco access router with no extra knowledge of the Cisco IOS Software command-line interface.
• NSAT (Network Security Analysis Tool) is a security scanner which is designed to audit remote network services, check for version and security problems.
• Solarwinds Engineering toolset

Attacker tool can investigate:

• L0phtcrack: is a password auditing and recovery application produced by Mudge from L0pht Heavy Industries. L0phtcrack is used to examination password strength and to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables.
• Cain and Abel: is a password recovery tool for Microsoft Windows. It recover passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks.
• John the Ripper: is password recovery tool which combines a number of password crackers into one package, auto detect password hash types, and includes a customizable cracker.
• Netcat: is a computer networking service for reading from and writing to network connections using TCP or UDP.
• Chkrootkit: is used to detect the occurrence of rootkits on servers.
• DSniff: is a set of password sniffing and network traffic examination tools to parse different application procedures and take out related information.
• Nessus: is a remote security scanning tool, which scans computer and lifts an aware if it finds out any vulnerabilities that malicious hackers could utilize to gain access to computer connected to a network.
• AirSnort and AirCrack: is a WLAN tool which cracks encryption keys on 802.11b WEP networks.
• WEPCrack: is an open source tool for breaking 802.11 WEP secret keys.

Step 2: Fill in the following form for the network security audit tool/attack tool selected.

Name of tool: Cisco IOS AutoSecure

Developer: Cisco systems

Type of tool (character-based or GUI): Character based security analysis
Used on (network device or computer host): Router and Switch
Cost: Free


Description of key features and capabilities of product or tool:

Disable common IP services that can be exploited for network attacks

Enable IP services that can support in the defence of network when under attack.

Automates configuration of security characters on the router or switch and also disables definite features that are enabled by default and could be exploited as security holes.

References and info links:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/xe-3s/sec-usr-cfg-xe-3s-book/sec-autosecure.html

http://etutorials.org/Networking/Router+firewall+security/Part+II+Managing+Access+to+Routers/Chapter+4.+Disabling+Unnecessary+Services/AutoSecure/