DOCSLIB.ORG

Definition: What Is a Trojan Horse and What Are It's Capabilities?

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Definition: What Is a Trojan Horse and What Are It's Capabilities? Definition: What is a trojan horse and what are it’s capabilities? A Trojan Horse is a program, which appears to be a useful tool but is able to do various things hidden in the background without the computer owner knowing. Trojan Horses have been named after the “Trojan Horse” in Greek Mythology; a wooden horse was left behind by Troy’s besiegers. Not knowing that the Greek had been hiding inside the horse. The people of Troy moved the horse to the inside of the town to celebrate their victory. Once within Trojan walls, the enemies left their hiding place to conquer the city. Nowadays, virtual Trojan Horse attacks work in a similar way. Trojan Horses are often incorrectly treated like viruses. This is only true to a certain extend;as opposed to viruses, their main purpose is not to destroy any kind of information stored on a computer, but to transmit this data to the initiator of the attack for abusing purposes or to get control over infected computers. Since the amount of data transmitted to the initiator is often too unfathomable, many Trojan Horses offer much more intelligent options. These so called Backdoor Trojans enable attackers to take control of foreign computers to do whatever they desire. It’s just like as if the attacker would be sitting in front of the infected computer. Well known Trojan Horses like Sub7, Netbus or Back Orifice consist of three parts: 1. Serverfile This is the file which has to be installed on the computer, the attacker wants to control. Using this file, the attacker is able to take control of the computer. In most cases, this file is sent as an attachment via email. The attachment is an executable file appearing to be an useful program. Once started, the Trojan Horse installs itself automatically. An error message pops up to distract the user of the computer, telling them that the installation of the program was not successful. The disappointed user often deletes the program file and forgets about it. Unfortunately, they are not aware of the fact that a Trojan Horse has been installed which automatically starts on a system reboot. Everytime, the computer is turned on, the Trojan Horse loads itself into the main memory, waiting for a client to get in touch with it. 2. Configuration tool fort he serverfile This is the program used to set up certain options for the serverfile. It is possible to adjust which way the server is supposed to start itself after successful infection, or which ports to use to gain access to a computer. Usually the serverfile is being created using this kind of configuration tool, where it is possible to select which options the Trojan Horse should offer after taking over control of a computer. 3. Client After successful infection of a computer, the client tries to build up a connection to the infected computer. If everything worked out fine, it is now possible to use the client program to gain access to the serverfile on a computer. There are many different types of Trojan Seite 1 von 9 Horses using different routines. Trojans, only sneaking around in foreign systems are as likely as Trojans, gathering important or valuable information to send it to a certain address via email. Oftentimes, these Trojans are able to do their destructive work for months without being recognized. Some of them only start, when an internet connection is being built up – a fact, which makes finding Trojans on the own system a very difficult task. What is a port and why do Trojan Horses use them? Although most of the computers only have one IP-address, it is possible to run many different services. This is possible because every single service uses a specific number (port) for the exchange of information. Let’s suppose a server machine, running the services www (world wide web) and ftp (file transfer protocol); when trying to exchange information without port numbers, none of the running services is able to recognize if certain incoming data is designated to them. Ports serve the purpose of channelling certain data into an application or service. Using these port numbers every single service knows, who the recipient of the information is. Ports with the numbers 1 to 1024 are reserved for standard-programs (www, ftp,..). The maximum numeric value of a port would be 65.535. Thus, the complete port range begins with 1 and ends with 65.535. Ports are used by Trojan Horses to sneak their way into a computer system. Since most of the computer owners have no idea of which ports are ‘open’ on their system, it is easy for a Trojan to invade a system over a certain open port. Unfortunately, Trojan Horses are able to use different ports. That allows a Trojan to be able to switch onto another port, in case the used one is closed. What are Trojan Horses able to do? This depends on what the attacker wants to do. If the intention is to gather information, infliction of damage to the system can be excluded. But if the attacker intends to cause trouble, he is going to use a Trojan Horse, which offers options to take control of the infected computer. This starts with remotely opening the CD-Rom-tray to even deleting files or the entire hard-disk. This shows that a Trojan Horse can be a powerful tool, which, in the wrong hands, can cause serious damage. How can someone take control of my computer? If an attacker manages to get his server-file on a foreign computer-system, the only thing left he needs is the computer’s IP address. An IP address is a combination of numbers, which identify a computer on the internet. Computers get their IP addresses from their providers, when dialing into the internet. When using an advanced type of Trojan Horse, the server-file can be sent via email. Once installed on the foreign PC, the server sends the IP address of the infected computer to the initiator of the attack. Many Austrian internet providers (Chello, A-Online,..) offer so called static IP addresses to their customers. Static IP addresses never change when dialing into the internet, since the dialing routine itself never takes place. The advantage of a static IP address is, that it is Seite 2 von 9 much more easier to install and use an own internet-server. But on the same time it makes causing damage on a computer a whole lot easier for potential attackers. Identification: How to discover trojan horses Trojan Horses can inflict serious damage to a computer system. But how is it possible to detect an infection? There are different methods of finding out whether a Trojan Horse managed to infect a computer or not. One thing’s for sure: if your computer begins to do funny things, without you even touching the mouse, the chances of being infected are nearly 100 percent. Harmless pranks like opening and closing the CD-ROM-tray or swapping the mouse-axis might sound funny, but unfortunately serious issues like hiding or even deleting important system-files are also possible. Therefore it is very important to always have an eye on what’s going on on or off the screen. If something unordinary happens, closing the internet-connection and checking the whole system might be a good idea. Revealing Trojan Horses is an easy task, as long certain security rules were maintained. If this is not the case, tracking down Trojan Horses might be a little bit more difficult. Most of the revealing-methods use the so called „object comparison principal.” Objects would be files or folders. The objects are being compared with themselves on a sooner or later point of time. Let’s take a backup tape or a burned CD-Rom, for instance. Some of the files on the backup-media are being compared to the actual files on the computer. If those two files differ and the file on the computer has not been modified or replaced in any way, then there’s a possible infection. Since we didn’t modify it in any way, the file on the system should have the exact same file-size like the one on the backup-tape. This technique should be used on every system-file, since attackers like using them to get their Trojan Horses inside a running system. Object-comparison is an easy method to check the file-integrity, which is based on the discovery of state-modifications of files. Alternative methods variegate from simple to very difficult. The integrity of a file can be verified by checking the date of the last modification, the creation date of the file and the file-size. Unfortunately all three methods are insufficient, since the values can be easily manipulated in one way or the other. Each time a file is modified its values change. For example, if you open a file, change it and save it, a new date for the last modification is given. This date- stamp can easily be changed, by adjusting the computer’s system time, and saving the file again. Therefore using the date-stamp on files is the most unreliable method to compare objects. Another way to verify file-integrity is to check the file-size. This method too is unreliable, since this value as well can be manipulated. It’s quite easy to start with a file which has approximately 1000KB, modify it and save the same file with the exact file-size from the start.
Load more

Recommended publications
  • Cheat Sheet – Common Ports (PDF)
    COMMON PORTS packetlife.net TCP/UDP Port Numbers 7 Echo 554 RTSP 2745 Bagle.H 6891-6901 Windows Live 19 Chargen 546-547 DHCPv6 2967 Symantec AV 6970 Quicktime 20-21 FTP 560 rmonitor 3050 Interbase DB 7212 GhostSurf 22 SSH/SCP 563 NNTP over SSL 3074 XBOX Live 7648-7649 CU-SeeMe 23 Telnet 587 SMTP 3124 HTTP Proxy 8000 Internet Radio 25 SMTP 591 FileMaker 3127 MyDoom 8080 HTTP Proxy 42 WINS Replication 593 Microsoft DCOM 3128 HTTP Proxy 8086-8087 Kaspersky AV 43 WHOIS 631 Internet Printing 3222 GLBP 8118 Privoxy 49 TACACS 636 LDAP over SSL 3260 iSCSI Target 8200 VMware Server 53 DNS 639 MSDP (PIM) 3306 MySQL 8500 Adobe ColdFusion 67-68 DHCP/BOOTP 646 LDP (MPLS) 3389 Terminal Server 8767 TeamSpeak 69 TFTP 691 MS Exchange 3689 iTunes 8866 Bagle.B 70 Gopher 860 iSCSI 3690 Subversion 9100 HP JetDirect 79 Finger 873 rsync 3724 World of Warcraft 9101-9103 Bacula 80 HTTP 902 VMware Server 3784-3785 Ventrilo 9119 MXit 88 Kerberos 989-990 FTP over SSL 4333 mSQL 9800 WebDAV 102 MS Exchange 993 IMAP4 over SSL 4444 Blaster 9898 Dabber 110 POP3 995 POP3 over SSL 4664 Google Desktop 9988 Rbot/Spybot 113 Ident 1025 Microsoft RPC 4672 eMule 9999 Urchin 119 NNTP (Usenet) 1026-1029 Windows Messenger 4899 Radmin 10000 Webmin 123 NTP 1080 SOCKS Proxy 5000 UPnP 10000 BackupExec 135 Microsoft RPC 1080 MyDoom 5001 Slingbox 10113-10116 NetIQ 137-139 NetBIOS 1194 OpenVPN 5001 iperf 11371 OpenPGP 143 IMAP4 1214 Kazaa 5004-5005 RTP 12035-12036 Second Life 161-162 SNMP 1241 Nessus 5050 Yahoo! Messenger 12345 NetBus 177 XDMCP 1311 Dell OpenManage 5060 SIP 13720-13721
    [Show full text]
  • Netcat and Trojans/Backdoors
    Netcat and Trojans/Backdoors ECE4883 – Internetwork Security 1 Agenda Overview • Netcat • Trojans/Backdoors ECE 4883 - Internetwork Security 2 Agenda Netcat • Netcat ! Overview ! Major Features ! Installation and Configuration ! Possible Uses • Netcat Defenses • Summary ECE 4883 - Internetwork Security 3 Netcat – TCP/IP Swiss Army Knife • Reads and Writes data across the network using TCP/UDP connections • Feature-rich network debugging and exploration tool • Part of the Red Hat Power Tools collection and comes standard on SuSE Linux, Debian Linux, NetBSD and OpenBSD distributions. • UNIX and Windows versions available at: http://www.atstake.com/research/tools/network_utilities/ ECE 4883 - Internetwork Security 4 Netcat • Designed to be a reliable “back-end” tool – to be used directly or easily driven by other programs/scripts • Very powerful in combination with scripting languages (eg. Perl) “If you were on a desert island, Netcat would be your tool of choice!” - Ed Skoudis ECE 4883 - Internetwork Security 5 Netcat – Major Features • Outbound or inbound connections • TCP or UDP, to or from any ports • Full DNS forward/reverse checking, with appropriate warnings • Ability to use any local source port • Ability to use any locally-configured network source address • Built-in port-scanning capabilities, with randomizer ECE 4883 - Internetwork Security 6 Netcat – Major Features (contd) • Built-in loose source-routing capability • Can read command line arguments from standard input • Slow-send mode, one line every N seconds • Hex dump of transmitted and received data • Optional ability to let another program service established connections • Optional telnet-options responder ECE 4883 - Internetwork Security 7 Netcat (called ‘nc’) • Can run in client/server mode • Default mode – client • Same executable for both modes • client mode nc [dest] [port_no_to_connect_to] • listen mode (-l option) nc –l –p [port_no_to_connect_to] ECE 4883 - Internetwork Security 8 Netcat – Client mode Computer with netcat in Client mode 1.
    [Show full text]
  • A Botnet Needle in a Virtual Haystack
    ANGLIA RUSKIN UNIVERSITY FACULTY OF SCIENCE AND TECHNOLOGY A BOTNET NEEDLE IN A VIRTUAL HAYSTACK MARK GRAHAM A thesis in partial fulfilment of the requirements of Anglia Ruskin University for the degree of Doctor of Philosophy Submitted: June 2017 Acknowledgements This dissertation was prepared in part fulfilment of the requirements of the degree of Doctor of Philosophy under the supervision of Adrian Winckles and Dr Erika Sanchez-Velazquez at Anglia Ruskin University. This Ph.D. journey would not have been possible without the support that I have received from many people. In particular, I express huge gratitude to my first supervisor Adrian Winckles for his inspiration and support. Adrian has been a mentor to me for many years. A huge thank you also to my second supervisor Dr. Erika Sanchez for her encouragement and motivation. I also extend my thanks to Chris Holmes for his friendship and companionship during my years spent at Anglia Ruskin University. I gratefully acknowledge the funding I received for my Ph.D. from Anglia Ruskin University. Sincere thanks goes to my head of department, Professor Marcian Cirstea for his guidance and advice. May I express my thanks to other members of the department, especially my fellow Ph.D. students; Mohamed Kettouch and Dr. Arooj Fatima. This work is dedicated to Samantha who is always there to listen. i ANGLIA RUSKIN UNIVERSITY ABSTRACT FACULTY OF SCIENCE AND TECHNOLOGY DOCTOR OF PHILOSOPHY Abstract A BOTNET NEEDLE IN A VIRTUAL HAYSTACK MARK GRAHAM JUNE 2017 The Cloud Security Alliance’s 2015 Cloud Adoption Practices and Priorities Survey reports that 73% of global IT professionals cite security as the top challenge holding back cloud services adoption.
    [Show full text]
  • Tecnología Thin Client Sistemas Informáticos
    2010 Tecnología Thin Client Sistemas Informáticos Luis Miguel Moya Moirón G990192 25/01/2010 SSII – Tecnología Thin Clients Página 1 Indice Sistema Informático desarrollado……………………………………………………………….......3 Objetivo…………………………………………………………………………………………………………….7 Introducción: ¿Qué es un Thin Client?...................................................................7 Visión general de la tecnología Thin Client………………………………………………………..8 Arquitectura en Red………………………………………………………………………………………….9 Hardware de un Thin Client……………………………………………………………………………..15 Software Thin Client………………………………………………………………………………………..22 Fundamentos Thin Client………………………………………………………………………………...25 Arranque por red…………………………………………………………………………………….…25 Sesión Remota…………………………………………………………………………………………..29 Ventajas de los Thin Client………………………………………………………………………………35 Desventajas de los Thin Client…………………………………………………………………………39 Escenarios Thin Client……………………………………………………………………………………..41 Protocolos Thin Client……………………………………………………………………………………..44 Protocolos para el arranque por red…………………………………………………………..44 Protocolo PXE……………………………………………………………………………………….44 Protocolo DHCP…………………………………………………………………………………….45 Protocolo TFTP……………………………………………………………………………………..47 Funcionamiento del protocolo PXE……………………………………………………….49 NBP………………………………………………………………………………………………………51 Protocolos para sesiones de escritorio remoto…………………………………………..51 X-Window System / XDMCP………………………………………………………………….52 VNC………………………………………………………………………………………………………59 Terminal Services / RDP………………………………………………………………………..60 Tecnología NX……………………………………………………………………………………….63
    [Show full text]
  • BINGHE) in a Client-Server Network
    ISSN: 2319-8753 International Journal of Innovative Research in Science, Engineering and Technology (An ISO 3297: 2007 Certified Organization) Vol. 3, Issue 1, January 2014 An Integrated Framework for Detecting and prevention of Trojan Horse (BINGHE) in a Client-Server Network Ahmed Aliyu1, Sani Danjuma2, Bo Dai 3, Usman Waziri4, Abubakar Ado5 Lecturer, Mathematical Sciences, Bauchi State University, Gadau, Bauchi State, Nigeria 1 Lecturer, Computer Science, Sa‟adatu Rimi College of Education, Kumbotso, Kano State, Nigeria 2 Professor, Electrical/Electronics, Liaoning University of Technology, Jinzhou, Liaoning Province, China3 Lecturer, Mathematical Sciences, Bauchi State University, Gadau, Bauchi State, Nigeria 4 Student, Computer Science and, Liaoning University of Technology, Jinzhou, Liaoning Province, China5 Abstract: Due to the advancement of malware which gains privileges to the operating system and drops a malicious code, and allowing unauthorized access to the target computer networks. One of this malware includes a Trojan horse which has access to computer or network with the aid of a user, whether knowingly or unknowingly. This paper presents a frame work of detecting a Trojan horse in network environment (client/server) so as to tackle present kind of Trojan horses (BINGHE). The result of the experiment shows a great potential of the method in allowing the detection and analysing different behaviour and attack of Trojan horse malware in computer and client/server network. Keywords: Trojan horse, Malware, network, client server I. INTRODUCTION A Trojan horse is a non-self-replicating type of malware which gains privileged access to the operating system while appearing to perform a desirable function but instead drops a malicious payload, often including a backdoor allowing unauthorized access to the target's computer [1].
    [Show full text]
  • Hacknotes : Network Security Portable Reference
    HackNote / HackNotes Network Security Portable Reference / Horton & Mugge / 222783-4 / Color profile: Generic CMYK printer profile Composite Default screen blind folio i HACKNOTES™ “Surprisingly complete. I have found this book to be quite useful and a great time-saver. There is nothing more irritating than thrashing in a search engine trying to remember some obscure tool or an obscure tool’s obscure feature. A great reference for the working security consultant.” —Simple Nomad, Renowned Security Researcher and Author of The Hack FAQ “While a little knowledge can be dangerous, no knowledge can be deadly. HackNotes: Network Security Portable Reference covers an immense amount of information readily available that is required for network and system administrators, who need the information quickly and concisely. This book is a must-have reference manual for any administrator.” —Ira Winkler, Chief Security Strategist at HP, security keynote speaker and panelist “HackNotes puts readers in the attacker’s shoes, perhaps a little too close. Security pros will find this reference a quick and easily digestible explanation of common vulnerabilities and how hackers exploit them. The step-by-step guides are almost too good and could be dangerous in the wrong hands. But for those wearing white hats, HackNotes is a great starting point for understanding how attackers enumerate, attack and escalate their digital intrusions.” —Lawrence M. Walsh, Managing Editor, Information Security Magazine “A comprehensive security cheat sheet for those short on time.
    [Show full text]
  • Hacking Windows95/98 Andme
    Color profile: GenericHacking CMYK/ Hackingprinter profile Exposed: Network Security Secrets & Solutions / McClure, Scambray, Kurtz / 222742-7 / Chapter 4 Composite Default screen CHAPTER 4 Hacking Windows 95/98 and Me 129 P:\010Comp\Hacking\742-7\ch04.vp Thursday, January 30, 2003 10:32:23 AM Color profile: GenericHacking CMYK/ Hackingprinter profile Exposed: Network Security Secrets & Solutions / McClure, Scambray, Kurtz / 222742-7 / Chapter 4 Composite Default screen 130 Hacking Exposed: Network Security Secrets & Solutions he most important thing for a network administrator or end user to realize about Windows 95/95B/98/98SE and their updated counterpart Windows Millennium TEdition (hereafter Win9x/Me, or the “DOS Family”) is that their architecture was not designed to incorporate security from the ground up like Microsoft’s other Windows lineage, the Windows NT Family. Throughout this book, we use the phrase “NT Family” to refer to all systems based on Microsoft’s New Technology (NT) platform, including Win NT 3.x–4.x, Windows 2000, Windows XP, and Windows .NET Server (see Chapter 5). Where necessary, we will differentiate between desktop and server versions. In contrast, we will refer to the Microsoft DOS/Windows 1.x/3.x/9x/Me lineage as the “DOS Family.” In fact, it seems that Microsoft went out of its way in many instances to sacrifice secu- rity for ease of use when planning the architecture of Win9x/Me. This becomes double jeopardy for administrators and security-unaware end users. Not only is Win9x/Me easy to configure, but the people most likely to be configuring it are also unlikely to take proper precautions (such as good password selection).
    [Show full text]
  • Comparison of Remote Desktop Software - Wikipedia
    9/29/2020 Comparison of remote desktop software - Wikipedia Comparison of remote desktop software This page is a comparison of remote desktop software available for various platforms. Contents Remote desktop software Operating system support Features Terminology See also Notes References Remote desktop software https://en.wikipedia.org/wiki/Comparison_of_remote_desktop_software 1/9 9/29/2020 Comparison of remote desktop software - Wikipedia First Latest Free for Free for public Software Protocols Creator stable year, License personal commercial release version use use date AetherPal Proprietary AetherPal Inc. 2011 2016, Valet Proprietary No No Ammyy Admin Proprietary Ammyy Inc. 2007 2015, 3.5[1] Proprietary Yes No AnyDesk Software 2020-07-28, AnyDesk Proprietary 2015 Proprietary Yes No GmbH 6.0.7 Anyplace Control Anyplace Control Proprietary 2002 2012, 5.4.0.0 Proprietary No No Software AnywhereTS RDP, ICA Qzone ? 2009, 3.4 Proprietary Yes Yes Apple Remote Desktop RFB (VNC) Apple 2002 2017, 3.9[2] Proprietary No No Apple Screen Sharing (iChat) Proprietary, RFB (VNC) Apple 2007 2014, 1.6 Proprietary Yes Yes AppliDis RDP Systancia ? 2013, 4 SP3 Proprietary No No BeAnywhere Support Proprietary BeAnywhere 1996 2015, 6.00 Proprietary No No Express 2020-07-29, Cendio ThinLinc RFB (VNC) Cendio AB 2003 Proprietary Yes[a] Yes[a] 4.12.0 Chicken of the VNC RFB (VNC) ? 2002 2011-02, 2.1.1 GPL Yes Yes BSD Client, 2018, Chrome Remote Desktop Chromoting Google 2011 Proprietary Yes Yes 70.0.3538.21 Server CloudBerry Lab (CloudBerry May 25, Proprietary
    [Show full text]
  • Chapter 10 Phase 4: Maintaining Access
    Chapter 10 Phase 4: Maintaining Access Trojan Horses ♦ Software program containing a concealed malicious capability but appears to be benign, useful, or attractive to users Backdoor ♦ Software that allows an attacker to access a machine using an alternative entry method ♦ Installed by attackers after a machine has been compromised ♦ May Permit attacker to access a computer without needing to provide account names and passwords ♦ Used in movie “War Games” ♦ Can be sshd listening to a port other than 22 ♦ Can be setup using Netcat Netcat as a Backdoor ♦ A popular backdoor tool ♦ Netcat must be compiled with “GAPING_SECURITY_HOLE” option ♦ On victim machine, run Netcat in listener mode with –e flag to execute a specific program such as a command shell ♦ On attacker’s machine run Netcat in client mode to connect to backdoor on victim Running Netcat as a Backdoor on Unix Note: on attacker’s machine, run “nc victim 12345” Running Netcat as a Backdoor on WinNT/2000 Trojan Horse Backdoors ♦ Programs that combine features of backdoors and Trojan horses – Not all backdoors are Trojan horses – Not all Trojan horses are backdoors ♦ Programs that seem useful but allows an attacker to access a system and bypass security controls Categories of Trojan Horse Backdoors ♦ Application-level Trojan Horse Backdoor – A separate application runs on the system that provides backdoor access to attacker ♦ Traditional RootKits – Critical operating system executables are replaced by attacker to create backdoors and facilitate hiding ♦ Kernel-level RootKits – Operating
    [Show full text]
  • The Gateway Trojan
    THE GATEWAY TROJAN Volume 1, Version 1 TABLE OF CONTENTS About This Report ....................................................................................................................................1 Why This Malware?..................................................................................................................................2 The Basic Questions About RATs..........................................................................................................2 Different Breeds of RATs ........................................................................................................................5 Symantec’s Haley Subcategories of RATs .........................................................................................6 Dissecting a RAT .......................................................................................................................................7 Category II: Common RATs ....................................................................................................................9 Back Orifice ...........................................................................................................................................9 Bifrost ................................................................................................................................................. 10 Blackshades ....................................................................................................................................... 11 DarkTrack .........................................................................................................................................
    [Show full text]
  • The Challenges of Network Security Remediation at a Regional University
    East Tennessee State University Digital Commons @ East Tennessee State University Electronic Theses and Dissertations Student Works 5-2005 The hC allenges of Network Security Remediation at a Regional University. William R. Simons East Tennessee State University Follow this and additional works at: https://dc.etsu.edu/etd Part of the Computer Sciences Commons Recommended Citation Simons, William R., "The hC allenges of Network Security Remediation at a Regional University." (2005). Electronic Theses and Dissertations. Paper 987. https://dc.etsu.edu/etd/987 This Thesis - Open Access is brought to you for free and open access by the Student Works at Digital Commons @ East Tennessee State University. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of Digital Commons @ East Tennessee State University. For more information, please contact [email protected]. The Challenges of Network Security Remediation at a Regional University A thesis presented to the faculty of the Department of Computer and Information Sciences East Tennessee State University In partial fulfillment of the requirements for the degree Master of Science in Computer Science by William R. Simons May 2005 Dr. Qing Yuan, Chair Dr. Phillip Pfeiffer Mr. Steven Jenkins Keywords: computer, system security, network security, security audit, security hardening, vulnerability, remediation, Nessus, Nmap ABSTRACT The Challenges of Network Security Remediation at a Regional University by William R. Simons This thesis describes challenges encountered during a year-long effort to improve the security of the 3,300 node administrative computer network at East Tennessee State University. The key remediation strategies used included employing the vulnerability scanner Nessus to profile the network, analyzing the scan results, and attempting to remove the most critical vulnerabilities found.
    [Show full text]
  • Port Description Status 1024/TCP,UDP Reserved[1] Official
    Port Description Status 1024/TCP,UDP Reserved[1] Official 1025/TCP NFS-or-IIS Unofficial 1026/TCP Often utilized by Microsoft DCOMservices Unofficial 1029/TCP Often utilized by Microsoft DCOMservices Unofficial 1058/TCP,UDP nim, IBM AIX Network Installation Manager (NIM) Official 1059/TCP,UDP nimreg, IBM AIX Network Installation Manager (NIM) Official 1080/TCP SOCKS proxy Official 1085/TCP,UDP WebObjects Official 1098/TCP,UDP rmiactivation, RMI Activation Official 1099/TCP,UDP rmiregistry, RMI Registry Official 1109/TCP,UDP Reserved[1] Official 1109/TCP Kerberos Post Office Protocol (KPOP) Unofficial EasyBits School network discovery protocol (for Intel’s 1111/UDP Unofficial CMPC platform) 1140/TCP,UDP AutoNOC protocol Official 1167/UDP phone, conference calling Unofficial 1169/TCP,UDP Tripwire Official 1176/TCP Perceptive Automation Indigo Home automation server Official 1182/TCP,UDP AcceleNet Intelligent Transfer Protocol Official 1194/TCP,UDP OpenVPN Official The cajo project Free dynamic transparent distributed 1198/TCP,UDP Official computing in Java scol, protocol used by SCOL 3D virtual worlds server to 1200/TCP Official answer world name resolution client request[26] scol, protocol used by SCOL 3D virtual worlds server to 1200/UDP Official answer world name resolution client request 1200/UDP Steam Friends Applet Unofficial 1214/TCP Kazaa Official 1220/TCP QuickTime Streaming Serveradministration Official TGP, TrulyGlobal Protocol, also known as “The Gur 1223/TCP,UDP Official Protocol” (named for Gur Kimchi of TrulyGlobal) 1234/UDP
    [Show full text]