April 23, 2025

10 thoughts on “TECH 581 W Computer Network Operations: Laboratory 5, Team 4

  1. The literature review was not related to the lab activities very well nor were the assigned readings related, in most cases, to each other. Each paper is evaluated in a paragraph with a summary of the content and the group’s opinions on the validity of the methodology used in the paper. For the first article, how could this be related to the activities of this lab? Aren’t we doing penetration testing? The “n.d.” for the date in the citation shows a lack of research depth. I’ll admit this paper was hard to find information on but it was out there. The third paragraph makes an attempt at relating to the lab activities but only at the exploitation level which we’ve done in previous labs. Take a step back and look at what we’re trying to accomplish in the lab and what they’re doing in these papers. By reverse engineering programs they’re finding security holes. In this lab, we’re reverse engineering a security document to find holes. The next paper you mention in your literature review mentions this principle too. In order to properly defend (or attack) something, you need to know how it’s designed.

    The methodologies section for the first section is ok, but the second section misses the point of the lab. The lab directives were to test tools that could be used to exploit the vulnerabilities we discover in the lab. While we were supposed to look at the patching process as an alternate source of vulnerabilities, this work may have been done in vain.

    In the findings, a small nitpick to start, you mention a table was create but you don’t mention it (i.e. “Figure 1” or “Table 1.”) This makes it easier for the reader to know exactly what table you’re talking about. Some of the discussion about the sections from the NIST document that were going to be handled vs. others could’ve been listed in the methodologies section instead to add more depth. The tables that were output as part of the findings were difficult to read. They could’ve been formatted to use gridlines and that would have increased the readability significantly.

    Some of the items in the table raise questions. How is “restricting access to equipment” a layer eight problem? Wouldn’t that fit better in the physical layer? Also, I noticed a duplicate immediately at the top of the table for layer eight, “enabling a logon warning banner.” Was this done intentionally or was it just a mistake?

    The issues section mentions matching vulnerabilities to exploit tools. This wasn’t mentioned at all before in the methodologies or the findings, was this part done? The conclusion statement that “settings and services that are unchanged could be used as channels of attack against the system” misses the point of these exercises. While these may be one place we could attack. What about the things we know are secured in a particular way? Do these open up other possibilities?

  2. Team four’s report shows a lack of academic discipline, no eye for detail and subpar writing skill. The abstract summarizes the lab in an uninformative and uninteresting manner. Is NIST a system to be secured, or a non-vendor organization that provides security documents?

    The team has an extremely verbose literature review that doesn’t do much to inform the reader. Each of the articles is given a perfunctory summarization, and not much else. The group mentions lab activities throughout the review, but doesn’t go far enough to tie them into the documents. This combined with the noticeably scarce evaluative content leads the reader to believe that the group either paid little attention to the literature or did not understand it. In one of the few critical statements the group makes, you claim Jajodia et al. errs by stating that a counter-attack is the only means for survival. This is not only either a misinterpretation of the article or a misquote, the group does not back their claim with any evidence. I also noted that several of the citations contain the “n.d.” notation. If the team had simply googled the article titles they would have easily been able to properly complete the academic citation. This further indicates the poor research practices used by team four.

    Your Methods section is unclear and unrepeatable. Is the lab constructing tables, or is the group? How did you determine where the vulnerabilities sit on the OSI model? On the McCumber cube? In section two, you say you used a list of patches from the NIST document, and then you mention a list of patches from Microsoft. Which one was it, or was it both? How did you determine which patches to disregard? Aren’t “bugs” potential vulnerabilities? The group mentions they used TechNet, but never properly cites it in text. You state that the site provided “other useful information.” What information was it that you found useful? Your methods section says nothing about assigning tools to exploit the vulnerabilities or testing to prove the concept, as required by the assignment. Did you attempt this?

    Your results section contains several statements that belong in the methodology. Can patches be counter-productive? Words like “most” and “a few” are not quantitative and don’t belong in a scholarly work. Especially when you fail to clarify the objects being discussed. Did you through out the section on setting windows policies? Were these in reference to group policy? If you disregarded this section, you did so in error. These are still recommended controls, technology or not, and their absence still creates exploitable vulnerabilities. I’m confused. What did you do with Packit, why did you do it, and what does it have to do with patches? Why did you not match tools with table 1? Why did you even bother with table 2? The document only dealt with service pack 2, not 3.

    In your issues section you state that it was hard to match to specific tools because they require scripts or web sites. Wouldn’t the scripts and web sites be the tools?

    The group’s conclusion restates information that should be in the results section rather then explaining what was learned or the value of the lab. I’m unclear as to why you went beyond the NIST document to cover service pack 3.

  3. While there are documents and programs that help someone harden their computer, does the fact that these items exist, make the possibility of new exploits being found? Gold Disk is a piece of software that can harden your computer, it can also make it so secure that even you can’t get into it… so can the software itself be an exploit? NIST stands for National Institute of Standards and Technology. Titles of articles or documents need to be properly put into APA 5 format, italicize them so the reading knows where the title ends and your wording starts. Why did the team choose the NIST document? Why not use Microsoft’s document? It is their product after all. N.D. is not an acceptable year for a document. Use the Internet to find the year of publication for articles that do not have it listed. While the team did answer almost all of the questions, it read like a list, “The article…” “The author…” this does not make for a cohesive literature review. Combined the sentences, do not make each one sound like a separate statement. All your sentences need to flow together and not sound like your team is only answering the required bullet points. The team never answered whether they agree with the authors or the articles or why they do not. There is no need to have a citation after the article name; you are not citing something, just stating the title.
    The second time the team stated that NIST stands for National Institute of Standards and a Technology. “This lab examines…” “This lab will construct two tables”. You should put the team not the lab. Verb tense in the methodology is in the future. The methods section is the process that the team DID to get the results, not what they will do, that is for the abstract. The team needs to utilize commas more, to better separate their ideas in one sentence. Without them, there are a lot of sentences without the pauses to separate the ideas. In your methods do not tell me what will be in the table, tell me the steps done to determine where the items are placed into the table. In the results, the team states that this lab showed how a security document can be reverse engineered. It was the team’s job to show me how and why the document could be used for harm, that parts seems to be missing. It is good that you had a hard time determining what layer the vulnerability would go into. This means it can affect more than one layer; it is your job to determine what you think was the best place to put it. Where are your lines of the table? It can make for hard reading with the lines to properly separate the items from each other. There seemed to be some duplicates in the table. I don’t know if the team did that be accident while making the table, or their document had it more than once. How are some password vulnerabilities layer 7, and others layer 8?

  4. Team 4 did a decent job with their abstract in that it detailed what they intended to do in lab 5. Their literature review was cohesive and showed a correlation between each of the articles and how they applied to lab 5’s purpose. However, there were APA 5 formatting error in those titles of articles or documents need to be properly formatted. Italicizing them helps the reader know where the title ends and your wording starts. Team did not follow the instructions to answer whether they agreed with or not agreed with what the authors were trying to convey.
    Team 4’s methods section is the process of what the team did to get results, it should not include what they plan to do, and this should be discussed up front in the abstract. The team needs to continue to improve upon their grammatical writing skills. Sentences run together making it difficult to read. Team 4’s methods section should have explained the steps performed to determine where items will be placed in their table.
    In their results section, team 4 states that this lab showed how a security document can be used for reverse engineering. I was expecting that there would be a discussion on how the document could be used to cause harm. Their table had no lines, this made it very difficult to read.

  5. Overall, I found this team’s lab to be noteworthy in depth, and to examine issues of substantial relevance. The literature review attempted to compare articles, and to point out problems found with the articles: a good move toward thoroughness. The ‘Methodology’ section was sufficient for what was presented; the ‘Results’ section had some interesting discussion. The tables presented were extensive, with the table of the issues addressed in Windows XP Service Pack 3 a nice touch: something which this team alone completed.

    That is not to say that some improvements could not be made to this team’s write-up, however. It appears that the literature review only made trivial references to application of concepts in the articles to this exercise. Additionally, at least one misrepresentation was present in the phrase “The authors… somehow concluded that such an attack would be the only way for the victim’s network to continue to function after the attack (Jajodia et al., n.d., p.264).” The article actually states: “To augment methods of avoidance and detection, TVA can be applied to attack response …While [this][sic] approach may be extreme, it ‘could’ [emphasis added] be the only available option…” Obviously, the authors’ of this article appear to be speculating, and do not assert that this necessarily is the ‘only way’ for a network to function after an attack. This is a fairly glaring error, as this team has apparently ‘put words in the mouth’ of this paper’s authors.

    Additionally, I take exception to some of the OSI layer classifications made in the first table. For instance, “Use of firewalls on services” is put in layer seven. Is not a firewall functioning at the transport layer, or level four? Additionally, “Use FIPS complaint algorithms for encryption, hashing, and signing” applies largely to encrypted connections such as a Secure Socket Layer (SSL) transaction, which despite a having ‘socket’ as part of its name, most likely belongs in layer six. Additionally, for the second table, while using the article title as a description for the service pack issues was a nice idea, for some entries it resulted in meaningless phrases; such as for article number 943055: “Description of the security update for Windows 2000, for Windows XP, for Windows Server 2003, and for Windows Vista: February 12, 2008.” Perhaps something a bit more descriptive would be in order in a case such as this. Finally, the third column in this table seemed rather meaningless: What is “Previous software update type?” I did not see this explained anywhere in the write-up; additionally, why include it in the table if ‘every’ entry in this category is “Security?” It appeared to serve no real purpose, and instead generated unneeded clutter.

    Finally, I did not see reference to any test performed with the tools this team found. While it might be somewhat unrealistic to suggest ‘all’ of the tools listed should be tested (as the group notes, some tools require user interaction, and so are likely impractical to evaluate within this exercise), a few of the ‘standalone’ attack tools put to the test would have been a nice touch for thoroughness.

  6. Team 4 begins lab 5 by introducing the topic of vendor documentation and how it is used to secure a computer. They also mention other, non-vendor specific documentation such as the National Institute of Technologies (NIST). They state the objective for this lab, which is to reverse engineer one of these documents to determine vulnerabilities that can be discovered in specific computers. They specify that the document they will be using is the NIST SP800-68 Guidance for Securing Microsoft Windows XP for IT Professionals. They further state that they will be determining the vulnerabilities associated with the document and classifying them by the OSI 7-Layer model and McCumber Cube.

    Team 4 includes a literature review of the readings assigned for this week. They begin this section by stating that the articles varied by subject, then proceed with a short description of each article. They then continue with a longer, more in-depth explanation of each article individually. They compare Vulnerability Testing of Software System Using Fault injection (Du, 1998) with Testing with Hostile Data Streams (Jorgensen, 2003) and state that the two have some similarities. They state that the two documents could be used as guides to examine ways to introducing code injection into software to compromise that target computer. Next, they review Viruses 101 (Aycock & Barker, 2005). They give an in-depth description of the article and then relate Viruses 101 to this course since both are controversial and the information presented in both courses can be misused. They include a review of the article Topical Analysis of Network Attack Vulnerability (Jajodia, Noel, O’Berry, n.d., p. 247). The article discusses attack paths from an initial network state to a predetermined attack goal. They considered it an error on the part of the author that he believed it acceptable to initiate a counter-attack against an attacker. This was a moral judgment against the author of the article, and merely the opinion of Team 4. They relate this article to the lab by stating that this technique uses Nessus to scan the network, just as we are doing. Ironically, this lab is about finding vulnerabilities without using tools.

    In the next section, Team 4 discusses the methodology used in this lab. They restate the security documentation that they will be using and the objectives of the lab as described in the abstract. In part one they listed each one of the recommended configurations, identified the vulnerability that it’s designed to protect, classified them by the OSI 7-Layer Model and then classified them by the McCumber Cube. For the second part, they located the recommended security updates, and determined the vulnerability it was designed to protect. Team 4 determined that most of the security configurations applied to the application layer of the OSI Model. They also determined that someone could use the listed of recommended security patches to exploit a system who’s security patches are not up to date. They conclude that most vulnerabilities come from malicious websites or email that run scripts on the vulnerable machine.

  7. Team begins with the abstract and described what is going to occur during the lab. They then state that they are going to be using the National Institute of Standards and Technology documentation for both Windows XP SP 2 and SP 0. They also state they will examine the service packs and software rolls. The team then goes onto the literature review section. Again this week the team splits the literature instead of creating a cohesive literature review. They provide just an abstract of each article without comparing and arguing each the main points from the articles. They did give an overview of what all the articles. But when trying to learn the information it is important to question things to find out more information and how they work. The group then goes onto the methodology section. Here they describe what they are going to do with the hands on portion of the lab. They provided the number of the NIST documentation that they used within the lab. They then go on to discuss the different steps required for the lab. Next they go onto the findings section. This section did not give a lot of detail on the different attacks that they used just that they went through the documentation. When reading the lab they did give some information for SOHO vulnerability but this was the most detail outside of explaining the purpose of the NIST documentation. They did not even discuss the tables within this portion of the lab. After the results they provide their issue section and the problem that occurred within this week’s lab. But this was information that did not seem to be a problem then more of what they found while doing the lab and could have been placed in the previous section. The team goes onto finish with the conclusion. This part of the document was an overview of what they discussed earlier and did not leave anything besides what was stated from before. They could have discussed something with reverse engineering and pick arguments from the lab. They provided there tables at the end of the document. These where well structured but at first glance it does not look like a table rather it looks more like a list. Overall this lab could have provided more information and the team could have given arguments and theories to the information gathered within this lab. When trying to review a lab that is missing items it does not give the chance think of questions, and ask why the group did what they did and why they think of what they provided.

  8. I think that group 4’s write-up for lab 5 was good. The abstract for this lab was adequate and provided a short overview of the lab. The literary review was good and adequately reviewed the material. Group 2 answered all of the required questions for each reading. All of the citing for the literary review was done well and all of the pages were included. For this lab, the group answered all of the required questions and provided a good amount of detail about the NIST document that they used. The group also included a very extensive table that indicates many vulnerabilities found in the document and how they relate to the McCumber Cube. The group also covered many patches released for Windows XP SP3 and use Microsoft’s TechNet site to research them and include them in their table. However, the group did not test their hypothesis of exploits that should work. The conclusion was adequate and summarizes what was covered. Overall, the lab had a good amount of vulnerabilities and seemed to be an improvement from last week’s lab.

  9. The team starts out with a strong abstract and they talk about they are going to use a non-vendor specific organization, such as the national institute of standards and technologies (NIST), for securing computers. The team indicates that they will be reviewing NIST document SP800-68 Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist. In the methodology section the team needed a list of patches from Microsoft’s website, however they stated that they included patches in service pack 3. Before that they indicated that the NIST document is for service pack 2, would increasing the service level effect the recommend configuration from the NIST document? Perhaps a newer service pack would fix security issues that were present before hand? There tables seem to lack organization which became difficult to read. I notice that Change the required the combination of Ctrl+Alt+Del to activate the logon screen. The exploit was Easier to gain password information. Right before that is the change to not display last user logon. The question I have is with this combination, how would one gain password information which is the exploit for not requiring Ctrl+Alt+Del? In the second table the article numbers have hyperlinks which seem to not be complete. The links will take you to Microsoft support but not to the article. Overall the team discovered the same similarity as the other teams, where most of the exploits were in layer 7 of the OSI model.

  10. Team four begins their lab report with their abstract. That abstract does a good job of giving an overview of the topic for the lab as well as what team four will be doing to complete the lab. The abstract meets the requirements of the syllabus. In lab five team four has at least tired to make an improvement into their literature review process. In previous labs, team four had trouble creating cohesion between the articles that were presented for review. In lab five they have an introduction to the literature review that shows how the articles relate to each other, and then go into the actual review. That review begins as attempting to relate the articles to each other in a cohesion attempt, but by the end of the literature review that attempt was gone. The literature still reads mostly as a list or articles and an almost entirely independent review of each one. The major benefit here being that there is no longer a heading with the name of the article. While this is an improvement for team four, more improvement could easily be made with just a little more effort to relate the articles. With only two labs remaining this will hopefully be worked out by the end of the semester. Team four does however answer the questions posted in the syllabus in regards to the literature review process. The methods section of team four’s lab starts out and reads much like the abstract. While I’m sure it was not directly copied and pasted, it does seem to be a restatement of the abstract. The entire methods section is way too short. While it explains the steps that team four will perform it is not nearly long enough to explain in enough detail the process that others could use to recreate the experiment. This does not constitute an academic or scholarly methods section. It also appears that they refer to NIST as a different organization in their methods section as opposed to their abstract. NIST stands for the National Institute of Standards and Technology. While they refer to it as such in the abstract they call it the “the national institute of standards and a technology” in the methods section. If I recall correctly NIST works with more than just ONE technology. The findings section presented by team four is rather high level and briefly glances at each of the sections of the lab design document. The tables presented by team four are very difficult to read and understand based on the lack of any grid lines to divide up the different sections. Being as I had that problem in lab one, I question teams four’s approach as adding grid lines is not difficult at all. Based on the short methods section presented by team four for lab five, the conclusions they drew, more on what they did, and less on any physical evidence from the lab are supportable. The final thing I found questionable was the lack discussion on getting instructor approval. Teams one, two, and three included at least a sentence on that topic.

Comments are closed.

Related Stories

blog_EDU23

A story about public education and outcomes

Sam September 13, 2024
CMPNG197

High-tech lay offs as an indicator of future tech companies demise or failure

Sam May 25, 2023
GNEWS095

Reading and irony

Sam February 16, 2023

You may have missed

blog_SBUS015

How High Tariffs Could Drown the Mid-Tier Yachting World and Leave American Cruisers Stranded

Sam April 5, 2025
SBUS001

The Hidden Storm: How Trump’s Latest Round of Tariffs and Economic Shifts Are Sinking the Mid-Sized Yacht Market

Sam March 29, 2025
IMG_5437

Sailing Through the Ages: How Cruising Has Changed Over the Last 20 Years

Sam March 27, 2025
IMG_8204

Plot twist: Same song second verse – chemo cycle 3

Sydney Liles March 26, 2025