As a security analyst in the Information technology environment at the Aim Higher College, I have seen many attacks from the hackers that attempt to steal the sensitive data of the college and expose it to the whole world or alter it in some way. I have seen the many threats that have existed on the college’s data and systems at one point. Furthermore, I discovered many vulnerabilities in college’s systems, I captured them before the intruders can get their hands on them and make an effort to exploit the vulnerabilities. Moreover, I gave many suggestions on how to fix and secure on many issues that were affecting the college’s network and systems. The malware threats that I saw on the campus systems stunned me when I ran an anti-virus protection
…show more content…
I used two scanning tools called Zenmap and OpenVAS that are free to the public, so anyone can use them even a hacker to scan anything that he or she wants to with just an IP address. In addition, the hacker can exploit these vulnerabilities on these systems and do some serious amount of damage to the college’s security. The results that I got back from the Zenmap scan were many open ports, such as one them being port number twenty-three, which runs a service called Telnet, it is used to enable a user to connect to a remote host using a Telnet client. If this port stays open, then hacker just need to access the port and brute-force the user’s username and password then they will have access to your whole machine. Furthermore, I found port number one thousand ninety-nine was open, this service is called Remote Administration Tool and this port could be used by hackers to produce Trojans by performing remote access to the tool crafting packets and requests upon the college’s server to infect all systems on campus. On the results of the OpenVAS scan there were many high severity vulnerabilities that can create tons of attacks towards the campuses database systems. I found a vulnerability named distcc that was found on port number three thousand thirty-two and when this is not configured properly to restrict access to the server port it will allow many remote hackers to execute arbitrary code and will execute by the server without any authorization checks. Another found open port was from the FTP port twenty-one it is a vsftpd backdoor vulnerability that can affect the source package of the application, but on this port, there is also a proFTPD server vulnerability that attacker can security bypass an authentication point because the application fails to validate the domain name in a signed certificate
I used two scanning tools called Zenmap and OpenVAS that are free to the public, so anyone can use them even a hacker to scan anything that he or she wants to with just an IP address. In addition, the hacker can exploit these vulnerabilities on these systems and do some serious amount of damage to the college’s security. The results that I got back from the Zenmap scan were many open ports, such as one them being port number twenty-three, which runs a service called Telnet, it is used to enable a user to connect to a remote host using a Telnet client. If this port stays open, then hacker just need to access the port and brute-force the user’s username and password then they will have access to your whole machine. Furthermore, I found port number one thousand ninety-nine was open, this service is called Remote Administration Tool and this port could be used by hackers to produce Trojans by performing remote access to the tool crafting packets and requests upon the college’s server to infect all systems on campus. On the results of the OpenVAS scan there were many high severity vulnerabilities that can create tons of attacks towards the campuses database systems. I found a vulnerability named distcc that was found on port number three thousand thirty-two and when this is not configured properly to restrict access to the server port it will allow many remote hackers to execute arbitrary code and will execute by the server without any authorization checks. Another found open port was from the FTP port twenty-one it is a vsftpd backdoor vulnerability that can affect the source package of the application, but on this port, there is also a proFTPD server vulnerability that attacker can security bypass an authentication point because the application fails to validate the domain name in a signed certificate