Cyber Security

Ec_Council_Press Ch01-1

Hands-On Projects

1. Perform the following steps:

 Download the data files in Chapter 1 in MindTap, or navigate to Chapter 1 of the Student Resource Center.

 Open the document titled “Analysis of a Telnet Session Hijack via Spoofed MAC Addresse.htm” and read the content.

2. Use Paros to hijack a session:

 Download the data files in Chapter 1 in MindTap, or navigate to Chapter 1 of the Student Resource Center.

 Browse the Paros directory.

 Install and launch paros-3.2.10-win.exe.

 Check to see if you have the latest version of Java Run Time Environment (JRE) installed. If not:

 Go to http://java.sun.com/j2se to download and install it.

 Open a Web browser such as IE, and configure the proxy with proxy name localhost and proxy port 8080 for both HTTP and HTTPS. Note that port 8443 is used by Paros itself and

not for the use of the Web browser.

 Read Figure 1-9 about trapping requests and responses.

 Select Trap tab and enable Trap request only (Figure 1-10).

Ec_Council_Press Ch01-2

 Open the browser and type www.eccouncil.org/certification.htm. The Paros screen should return information similar to that in Figure 1-11.

 You will see the captured GET request.

 Modify the GET http://www.eccouncil.org/certification.htm HTTP/1.1 to GET http://www.eccouncil.org/404.htm HTTP/1.1.

 Click Continue.

 Keep clicking on Continue to load other files.

 View the 404 page displayed in the browser (Figure 1-12).

Ec_Council_Press Ch01-3

3. Perform the following steps:

 Download the data files in Chapter 1 in MindTap, or navigate to Chapter 1 of the Student Resource Center.

 Open Session Management in Web Applications.pdf and read the “What Is Web-Based Session Management?” topic.