1. Install and launch the 2 security tools in Linux terminal (a user could be created. Screenshots...

Question

1. Install and launch the 2 security tools in Linux terminal (a user could be created. Screenshots need to be provided with a brief description. 2. Evaluate 4 features of each tool. Description and screenshots need to be provided for each tool.Need cr itically analyse each tool in terms of: a) Ease of Use b) Performance c) Scalability d) Availability e) Reporting and analytics and some notes

MITS5004 MITS5004 IT Security - 2020S2 Assignment 3 Group Assignment Critical Analysis of Security Tools MITS5004 Assignment 3 Copyright © 2018-2020 VIT, All Rights Reserved. 2 Assignment 3 Group Assignment: Critical Analysis of Security Tools (Due Session 12) Objective(s) This assessment item relates to the unit learning outcomes as in the unit descriptor. This assessment is designed to improve the ability of students to critically analyse security tools and present their findings. The assignment provides an opportunity to work in a group and to achieve a joint objective. Description Each group is required to critically analyse any 2 security tools from the list and demonstrate the functionality of the tools in a video presentation. The list of tools for the assignment include: • Hydra • Maltego • NMap • Zed Attack Proxy • SqlMap • Metasploit Framework • Burp Suite • Nessus • Nikto • Snort The tools need to be launched in Linux terminal (a user could be created for any member of the group). Each group is required to: 1. Install and launch the 2 security tools in Linux terminal (a user could be created for any member of the group). Screenshots need to be provided with a brief description. 2. Evaluate 4 features of each tool. Description and screenshots need to be provided for each tool. MITS5004 Assignment 3 Copyright © 2018-2020 VIT, All Rights Reserved. 3 3. Critically analyse each tool in terms of: a) Ease of Use b) Performance c) Scalability d) Availability e) Reporting and analytics 4. Demonstrate the 5 features of the tool in a short video not more than 5 Minutes. Each student is required to demonstrate 1 feature for each tool. If a student does not demonstrate in the video, the student will not be marked for the demonstration marks Instructions These instructions apply to Assignment 3 Group Assignment – Critical Analysis of Network Security Tools. The students are required to form a group comprising of 2 to 5 students.The group is required to notify the lecturer of the students in the group and the network security tools that they have opted for by the end of week 6. Submissions Each group is required to submit a single report and a video presentation on the given link on moodle, ONE student from the group will make the submission. Each student is required to demonstrate 1 feature of each network security tool in the video presentation. Submit your report to the Moodle drop-box for Assignment 3. Note that this will be a turn-it-in drop box and as such you will be provided with a similarity score. This will be taken into account when grading the assignment. Note that incidents of plagiarism will be penalized. If your similarity score is high you can re-submit your report, but re-submissions are only allowed up to the due date. If you submit your assignment after the due date and time re-submissions will not be allowed. Please Note: All work is due by the due date and time. Late submissions will be penalized at the rate of 10% per day including weekends. Your report should be limited to approx. 2000 words (not including references). Use 1.5 spacing with a 12 point Time New Roman font. Citation of sources is mandatory and must be in the IEEE style. MITS5004 Assignment 3 Copyright © 2018-2020 VIT, All Rights Reserved. 4 Marking Guide: 75 Marks Task Description Marks Introduction This section should include a few sentences which provide an outline of the assignment. 5 Report Layout The report style, language and structure should be appropriate. 5 Tool Launch Install and launch the 2 security tools in Linux terminal (a user could be created for any member of the group). Screenshots need to be provided with a brief description. 6 Evaluation Evaluate 4 features of each tool. Description and screenshots need to be provided for each tool. 16 Analysis Critically analyse each tool in terms of: a) Ease of Use b) Performance c) Scalability d) Availability e) Reporting and analytics 20 Demonstration Each group is required to submit a video demonstration of not more than 5 minutes, each member is required to demonstrate 1 feature of each tool. 15 Conclusion Summary of the report. 4 References Follow the IEEE style 4

critical-it-sec-ola4h2bd.pdf

Sandeep Kumar · Accepted Answer

Hydra, is used for brute force attacks to crack password. Weak passwords are still a big problem in security, nowadays guessing passwords and cracking algorithms is becoming easy and brute-forcing is a major kind of attack in the boom. A general rule for making a strong password is using a combination that is long (more than 8 letters) with capitals, symbols, and numeric’s. it is installed and setup using the following steps:
Now configuring it, with additional dependencies. It will enable all the optional modules and features with the exception of Oracle, SAP R/3, NCP, and the apple filling protocol. Once it is done now we need to clone the repository from git hub, use the command:
Using make to compile it, now go to your home directory and use “hydra -help” ensure hydra is installed properly and working well. With various commands given for various different features in hydra, using -V for verbose mode
Running Hydra, now evaluating based on the four features:
1. Password cracking for specific username
Hydra is a very resourceful tool and also quite easy to use for making a brute force attack on any protocol.
Syntax: hydra [[[-l LOGIN|-L FILE] [-p PASS|-P FILE]] | [-C FILE]] [-e nsr] [-o FILE] [-t TASKS] [-M FILE [-T TASKS]] [-w TIME] [-W TIME] [-f] [-s PORT] [-x MIN:MAX:CHARSET] [-SuvV46] [service://server[:PORT][/OPT]]                                                                          
If a user wants to crack password for ftp (or any other) whose username is with them, they only seek to make a password brute force attack by using a dictionary to crack the actual password.
At that second the user should go with the following command where -l option that enables username parameter and -P options enables dictionary for the password list.
2. Username guessing for specific password
Suppose the user wants to crack username for FTP (or any other) whose password is with them, they only seek to make a username brute force attack by using a dictionary to guess the valid username. Hence it is a vice-versa situation compared to the above situation.
At that moment you should go with the following command where -L option enables dictionary for username list and -p options enables password parameter.
hydra -L user.txt -p 123 192.168.1.108 ftp
1
hydra -L user.txt -p 123 192.168.1.108 ftp
 As observed it has found 1 valid username: raj for the password: 123 FTP login.
3. Cracking login credential for ftp
Suppose a user wants to crack username and password for FTP (or any other), seek to make username and password brute force attack by using a dictionary to guess the valid combination
At that moment the user should go with the following command where -L option enables dictionary for username list and – P options enables dictionary for a password list.
hydra -L user.txt -P pass.txt 192.168.1.108 ftp
1
hydra -L user.txt -P pass.txt 192.168.1.108 ftp
As can be seen it has found 1 valid username: raj for password: 123 FTP login.
4. Reverse login attempt
Using option -e along with nsr enables three parameter null/same as login/reverse login while making brute force attack on the password field, if the user will see the given below image then he will notice that this time L=5 and automatically P=8 which means now the total number of login tries will be 5*8=40.
hydra -L user.txt -P pass.txt 192.168.1.108 ftp -V -e nsr
1
hydra -L user.txt -P pass.txt 192.168.1.108 ftp -V -e nsr
As can be seen with every username, it is trying to match the following combination along with the password list.

MITS5004 MITS5004 IT Security - 2020S2 Assignment 3 Group Assignment Critical Analysis of Security Tools MITS5004 Assignment 3 Copyright © XXXXXXXXXXVIT, All Rights Reserved. 2 Assignment 3 Group...

Answer To: MITS5004 MITS5004 IT Security - 2020S2 Assignment 3 Group Assignment Critical Analysis of Security...

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment