CS 4351/5352 Computer Security, assignment 4. Due date: Sunday, May 18, noon.

Similar documents
Computer Security Spring Assignment 4. The purpose of this assignment is to gain experience in network security and network attacks.

SECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System

Project 3: Network Security

5. Write a capture filter for question 4.

Genie Snoop lab. Laboration in data communication GenieLab Department of Information Technology, Uppsala University

Networking Basics. Networking Fundamentals Series

Secure Communications Over a Network

ch02 True/False Indicate whether the statement is true or false.

Week Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development

COMPUTER NETWORKING LAB EXERCISES (TP) 1 BASIC CONFIGURATION AND TOOLS FOR EVERYBODY:

COMP 2000 W 2012 Lab no. 3 Page 1 of 11

Lab I: Using tcpdump and Wireshark

Computer Security II Lab Network Security

Material for the Networking lab in EITF25 & EITF45

Instituto Superior Técnico, Universidade de Lisboa Network and Computer Security. Lab guide: Traffic analysis and TCP/IP Vulnerabilities

ECE 4110 Internetwork Programming Lab 4: Network Traffic Analyzers and Other Tools. Lab Goals. Section I: Ping vs. Ethereal

TCP/IP Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Environment Setup. SEED Labs TCP/IP Attack Lab 1

1.3 Analyzing the performance of various configurations and protocols

The following virtual machines are required for completion of this lab: Exercise I: Mapping a Network Topology Using

Vulnerability Validation Tutorial

Practice Labs Ethical Hacker

Assignment 2 TCP/IP Vulnerabilities

Penetration Testing with Kali Linux

Lab 4 - Network Traffic Analyzers and Other Tools

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

What action do you want to perform by issuing the above command?

ETHICAL HACKING LAB SERIES. Lab 13: Exploitation with IPv6

Network Traffic Analysis - Course Outline

Student Lab Manual. Student Lab Manual. Network Communications Infrastructure IS3120

3) Click the Screen Sharing option and click connect to establish the session

Chapter 2. Switch Concepts and Configuration. Part II

Post Connection Attacks

Section 1 Short Answer Questions

Blue Team Handbook: Incident Response Edition

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Lab 3: Simple Firewall using OpenFlow

User Guide TL-R470T+/TL-R480T REV9.0.2

CS 716: Introduction to communication networks. Instructor: Sridhar Iyer Demo by: Swati Patil IIT Bombay

Lab 4: Network Packet Capture and Analysis using Wireshark

PreLab for CS356 Lab NIL (Lam) (To be submitted when you come for the lab)

Objectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and layering are represented in packets.

Wireshark Lab: Getting Started v7.0

CSCI4211: Introduction to Computer Networks Fall 2017 Homework Assignment 1

Practical Network Defense Labs

Computer Networks Security: intro. CS Computer Systems Security

Network Controller 3500 Quick Start Guide

Lab 1: Introduction to Linux Networking

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Lab 8: Firewalls ASA Firewall Device

IoT Vulnerabilities. By Troy Mattessich, Raymond Fradella, and Arsh Tavi. Contribution Distribution

Static routing KTHNOC/SUNET. January 18, 2004

Software Engineering 4C03 Answer Key

CIT 480: Securing Computer Systems

Lab 8: Introduction to Pen Testing (HPING)

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

CCRI Networking Technology I CSCO-1850 Spring 2014

LAB THREE STATIC ROUTING

Penetration testing using Kali Linux - Network Discovery

Lab Using Wireshark to Examine Ethernet Frames

Lab 1: Packet Sniffing and Wireshark

Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge

Networking By: Vince

Request for Comments: 2583 Category: Informational ANL May Guidelines for Next Hop Client (NHC) Developers. Status of this Memo

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

ICS 351: Networking Protocols

SYLLABUS. Departmental Syllabus. Applied Networking I. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Lab - Using Wireshark to Examine TCP and UDP Captures

Lab Using Wireshark to Examine Ethernet Frames

New York University Computer Science Department Courant Institute of Mathematical Sciences

UNI CS 3470 Networking Project 5: Using Wireshark to Analyze Packet Traces 12

Man In The Middle Project completed by: John Ouimet and Kyle Newman

How to connect to the University of Exeter VPN service

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Install and configure the DNS server. SEED Labs Local DNS Attack Lab 1

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

For Step 1, DO NOT USE IP ADDRESSES THAT WEREN'T ASSIGNED TO YOU OR SOMEONE

6.1. Getting Started Guide

This material is based on work supported by the National Science Foundation under Grant No

CCNA Exploration Network Fundamentals. Chapter 3 Application Layer Functionality and Protocols

CCNA Semester 1 labs. Part 2 of 2 Labs for chapters 8 11

Inspect a Gadget. Rafael Dominguez Vega. FIST Conference 26 th October 2007 Barcelona

On-demand target, up and running

University of Maryland Baltimore County Department of Information Systems Spring 2015

CS 326e Lab 2, Edmondson-Yurkanan, Spring 2004 Router Configuration, Routing and Access Lists

20-CS Cyber Defense Overview Fall, Network Basics

Linux Network Administration

BSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic. Topology. Objectives. Background / Scenario

NET311 Computer Network Management Tools, Systems and Engineering

Certified Penetration Testing Consultant

Lab Assignment for Chapter 1

Project 3: Network Security

Use of the TCP/IP Protocols and the OSI Model in Packet Tracer

SOURCEFIRE 3D SYSTEM RELEASE NOTES

Network security - basic attacks

Lab Capturing and Analyzing Network Traffic

TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the local terminal appears to be the

Access Switch VLAN Y Y.1 /24

Transcription:

CS 4351/5352 Computer Security, assignment 4. Due date: Sunday, May 18, noon. This assignment may be done individually, or in a group of 2. You can discuss general concepts about the assignment (e.g., about the setup, etc.) with other groups or individuals, but the answers should be your own. (This will show in your answers, output from tools, etc.) Also, be sure to cite your references. If you do this in a group, each group member will submit the assignment. Each group member must perform the tasks involving the virtual machine on their own computer and submit the required screenshots and output files as generated from their own computer. The goal of this assignment is to extend your knowledge of networks and network attacks. If you are not familiar with Linux, find a source to learn common commands. A particularly useful one is history. It lists all the commands you have typed so far with sequence numbers. If you want to execute one of the commands again, for example the command with sequence number 17, just type!17 for command. In order to avoid facing severe consequences, or simply because you follow proper rules of conduct, please do not use any of the tools or attacks mentioned in this assignment on any network (unless it is yours or if you have written consent!) [10 pts] Task 0. Preliminary Questions 1. In this assignment, you will need to enable IP Forwarding. How do you achieve this in Linux (without rebooting), and what is the purpose of enabling IP forwarding. (1-2 sentences) 2. For the following Linux command-line tools, (a) explain briefly what the tool is used for, (b) give an example one line command (including flags), (c) and explain what your example command will do in 1-2 sentences: i. Netcat ii. Ping iii. Nmap iv. Traceroute v. Arpspoof vi. Tcpkill

3. For the following applications, (a) explain what the tool is used for in 1 sentence, (b) describe a critical vulnerability associated with the application, and (c) write the port number that the application usually uses for communication: i. Telnet ii. FTP 4. What is the Wireshark tool used for? (1-2 sentences) Below are some references that may be useful to answer (4) - (6): Consult the Linux man pages. In Linux, type the command man <toolname> http://www.raditha.com/php/ftp/security.php http://www.slackbook.org/html/basic-network-commands.html http://www.cyberciti.biz/networking/nmap-command-examples-tutorials/ http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf Write your answers to this part of the assignment into a file name task0 (with proper extension, depending on editor you re using.) Make sure you mention all your sources in this document. Tasks [15 pts] Task 1. Make two emulated network PCs communicate over TCP/IP and collect traffic using Wireshark Kali-Linux is a security-focused operating system that contains many tools that are useful for security evaluation testing. The provided Kali-Linux virtual machine has the CORE (common open research emulator) software installed. CORE is a network emulator aimed at allowing users to generate network topologies in order to test performance of various communication protocols. For this homework, you will use CORE for network simulations, executing and analyzing impacts of attacks. The simulated networks can include many simulated computers, and the CORE software allows you to open a terminal on each of the computers, in effect having several virtual computer on the virtual machine. While you perform the tasks in this assignment, I suggest you disable the connection to the internet to reduce the risk that your commands interfere with entities outside the virtual machine. Look at the connection icon on the top right of the virtual machine. You can always reconnect if needed. To start CORE, open a command-line terminal from the menu on the top, and type core. This should open a graphical interface window. 5. Conduct the following steps in CORE

a. Using the GUI, create a network with 2 PCs (n1 and n2) and an intermediate device (hub or switch) connecting the 2 PCs. Note: when you create the PCs, you will see 2 IP addresses (IPv4 on top and the IPv6 below; for this assignment, ignore the IPv6 address). b. Start the emulation (click the play button) c. Double click on n1 to open a command line terminal d. Double click on n2 to open a command line terminal e. Start Wireshark on n2 (right click n2 and select Wireshark) f. Open your terminal for n2 (from step d.) and use Netcat to start a listener on port 8000. (Make sure to use the listen mode. Type man netcat and see how to run netcat in listen mode.) g. Open your terminal for n1 (from step c.) and use Telnet to connect to the listener on n2 (make sure you use the correct IPv4 address and port) and send your group member names (just type names and hit <enter>). h. You should see the traffic with your name(s) in Wireshark. Each line corresponds to a packet. Write the packet No. and the timestamp of the packet containing your name(s) in a file called task1.txt i. Stop the Wireshark capture, save the capture as task1.pcapng, and then exit Wireshark. j. Stop the emulation (click the red X button) k. Save your CORE file as task1.imn [20 pts] Task 2. Investigate Routing Start CORE and then click file->open and select /root/s14_lab4/hw_task2.imn. Answer the following questions related to the network shown in CORE. 6. What is a subnetwork? (If you don t know, you may search the internet. Mention your sources.) Explain what is the /24 at the end of the IP address. 7. List all of the subnetworks in the entire network system. How do you know this? (1-2 sentences) You can get the answers to the following questions using commands mentioned in task 1.

8. Roughly how much time does it take before 10.0.1.20 has a route to 10.0.2.10? How do you know this? (1-2 sentences) 9. List the route for traffic from 10.0.1.20 to 10.0.2.10. How do you know this? (1-2 sentences) 10. Which port(s) are open on 10.0.1.20 and 10.0.2.20? How do you know this and what applications are associated with these port(s)? (2-3 sentences) Write your answers to this part of the assignment into a file name task2 (with proper extension.) Make sure you mention all your sources in this document. [55 pts] Task 3. Conduct a simple security evaluation Start CORE and then click file->open and select /root/ s14_lab4/hw_task3.imn. Start the emulation. IMPORTANT: Assume you only have access to node n4 (10.0.0.21). This means that you should only run commands from n4 command-line terminals and only use Wireshark on n4. You can assume that you know the IP addresses of all connected devices. 11. Take the role of a security evaluator on a penetration test. Your goal is to determine the security posture of the network. You will provide your results to management, and management will give your results to the engineers and/or network architects that can fix the security issues. This means that you must convince management of the severity of the security issues (with evidence) and you must also provide your detailed steps (for reproducibility). Write a report that includes your findings, the steps in your process (include tools used and commands executed including IP addresses, etc.). For any security issues you find, you must provide evidence (tool outputs, Wireshark captures and timestamps of packets of interest). Also, briefly mention potential impacts and possible remediation for each finding. Hint. You can check which port is open on each machine in the network, and which application is associated with each port. Some applications send unencrypted passwords over the network. To observe network traffic, you may have to act as man in the middle, by spoofing the ARP table of a machine and using IP forwarding. There may be insecure sessions already in progress in the network. To capture a password, you may have to force the session to restart. Many network protocols automatically restart when the TCP connection is interrupted. You may be able to interrupt a connection from your

access point. If you capture a password, you may be able to use it on a machine and collect evidence as to the potential impact of the vulnerability. All of these actions can be done using commands we have referred to in previous tasks.

Deliverables If you are not familiar with Linux, you can use the browser within kali-linux (called Iceweasel; located next to the terminal icon at the top of the screen) to email files to yourself and then work with them in Windows (to create reports, zip, etc.) For this to work, make sure your restore the connection to the internet if you have disconnected it, and that the host machine has Internet access. If this is a submission from a group, each member must submit the assignment. Email a zip file with the subject [CS 4351/5352]Assignment4 submission. The zip file must contain the following: A writeup named task0.xxx where xxx is the appropriate extension The Wireshark capture named task1.pcapng A file named task1.txt with the timestamp of the packet containing your names The CORE file named task1.imn A writeup named task2.doc (or appropriate extension) A report named task3.doc (or appropriate extension.). Make sure this document includes issues found, steps taken, potential impacts, and remediations. Also make sure this document references tool outputs, timestamps, screenshots. In tool outputs, identify lines or packet of interest. If you do this as a group, a file named group_members_roles.txt (or appropriate extension) where you describe the contribution of each member in the group, whether you worked together on all parts or worked separately on some parts, and in general, how your group was working. Any tool output file that you collected as evidence Any other material you may want to add. Note: This assignment was derived by modifying a virtual machine setup by Jaime Acosta. The networks provided for the CORE program were also modified from versions created by Jaime Acosta. I want to thank Jaime for his permission.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback